PACC Committee Meeting

STANDING COMMITTEE ON PUBLIC ACCOUNTS

COMITÉ PERMANENT DES COMPTES PUBLICS

EVIDENCE

[Recorded by Electronic Apparatus]

Thursday, November 19, 1998

• 1534

[English]

The Chairman (Mr. John Williams (St. Albert, Ref.)): Good afternoon, ladies and gentlemen.

I'd like to call this meeting to order pursuant to Standing Order 108(3)(e), consideration of chapter 16, management of the social insurance number, of the September 1998 Report of the Auditor General of Canada.

Our witnesses today are, from the Office of the Auditor General of Canada, the Auditor General, Mr. Denis Desautels, and Mr. David Rattray, the assistant auditor general from the audit operations branch.

From Revenue Canada we have Mr. David Miller, the assistant deputy minister of assessments and collections branch, and Ms. Kathy Turner, director general of benefit programs directorate, assessment and collections branch.

• 1535

From Human Resources Development Canada we have Mr. Hy Braiter, senior assistant deputy minister, service delivery network; Mr. Bob Nichols, director of insurance program services; and Mr. Jacques Bourdages, associate director, national services, from Bathurst, New Brunswick.

Those are our witnesses today, and we'll start with the opening statement from the Auditor General, Mr. Desautels.

Mr. L. Denis Desautels (Auditor General of Canada): Thank you very much, Mr. Chairman.

Mr. Rattray and I are pleased to have this opportunity to appear before the committee to discuss our chapter on the management of the social insurance number.

In that chapter, chapter 16 of our September report, we point out that the social insurance number, or SIN, has become the gateway to a multitude of federal and provincial programs. The SIN is used to identify and gather information on taxpayers and social program recipients, to verify entitlement to certain types of pensions and benefits, and to match and exchange data among programs.

The SIN was originally intended for use as a file number for unemployment insurance, Canada Pension Plan, and Quebec Pension Plan clients. Today, over 20 federal statutes, regulations, and programs authorize the use of the SIN. Its use has also expanded to provincial social programs and to the private sector.

Rules and responsibilities with regard to the SIN are shared among various federal departments and agencies. Human Resources Development Canada issues SINs, maintains the social insurance register, and investigates suspected abuses; the Treasury Board is responsible for the policy and guidelines that govern the collection and use of the SIN; the Office of the Privacy Commissioner investigates complaints about the SIN; and finally, the Department of Justice responds to general inquiries from the public on the private sector's use of the SIN.

The social insurance register is managed in Bathurst, New Brunswick. About one million cards are issued each year. Annual operating costs are $7 million, $2 million of which is collected from applicants for replacement cards. The remaining $5 million in costs is divided among the main users of the SIN—Revenue Canada, the Canada Pension Plan, the Quebec Pension Plan, and the employment insurance account.

[Translation]

The audit uncovered a number of weaknesses in management of the Social Insurance Number. Birth and death information on SIN holders is not always complete and accurate. For example, there are nearly four million more Social Insurance Numbers then there are Canadians aged 20 or older. Moreover, 11.8 million numbers have not been certified; valid SIN cards are held by thousands of individuals with no legal status in Canada.

Since the mid 1990s, the branch responsible for the Social Insurance Register has been receiving information from Revenue Canada, Citizenship and Immigration Canada, the Canada Pension Plan and the Quebec Pension Plan. However, these sources of information are not being fully exploited and more could be done to obtain information from vital statistics bureaus in the provinces.

The weaknesses found are detrimental to the proper management of social programs. They may lead to errors, abuse and fraud and, collectively, the impact could be sizable. There is an urgent need for action in order to protect public funds and taxpayers.

The Minister of Human Resources Development, the Honourable Pierre Pettigrew, has accepted our recommendations. He has stated that his department has already begun improving the integrity of the information contained in the Register, and that his department is working with provincial governments to improve the situation.

The committee may wish to obtain from departments commitments and timetables for implementing specific action plans to improve the integrity of the Social Insurance Register.

[English]

Another reason, Mr. Chairman, I'm concerned about the widespread use of the social insurance number is because it undermines privacy protection. I believe it's time to review the current roles, objectives, and uses of the social insurance number. The government should determine what it wants to do with the social insurance number and at the same time study other possible options. I also believe it's essential that Parliament play a major role in debating these issues and in finding a satisfactory solution.

• 1540

The committee may wish to consider recommending that Parliament clarify, through appropriate committees, the roles, objectives, and uses of the social insurance number. Parliamentarians could then debate the other possible options and clearly set out the appropriate levels of integrity of the social insurance register and of privacy protection.

Mr. Chairman, that concludes my remarks. We will be pleased to answer questions from committee members.

The Chairman: Thank you, Mr. Desautels.

We'll now turn to Mr. Miller from Revenue Canada, and I understand you have an opening statement too.

Mr. David W. Miller (Assistant Deputy Minister, Assessment and Collections Branch, Revenue Canada): Yes.

Mr. Chairman, members of the committee, I would like to thank you for inviting me to be here today.

Mr. Chairman, I believe all of us here today share a common goal. We seek to improve the reliability, security, and management of the social insurance number. Revenue Canada appreciates the scope of the review undertaken by the Office of the Auditor General. We share the concerns that major shifts have taken place in the way the SIN has been administered and applied throughout Canada within the public and private sectors. These changes point to the need to re-examine the fundamentals of SIN management within the context of the changing needs of Canadian society.

The Auditor General's report addresses one specific recommendation to Revenue Canada. It refers to a coordinated approach with Human Resource Development Canada and Citizenship and Immigration Canada in dealing with the issue of the issuance of temporary SINs. While there are other observations involving other departments, I will limit my comments to the specific actions Revenue Canada is taking.

How does Revenue Canada use social insurance numbers? First of all, the Income Tax Act requires that we record SINs as part of the administration of tax and social benefit programs. We use the SIN for limited and specific purposes, as required under the act. For Canadian income tax filers, the SIN is a unique identifier. We also use the SIN as an identifier for the tax-based benefit programs we administer, such as the child tax benefit and the GST credit programs.

The SIN is a valuable management tool that allows us to provide highly efficient and secure revenue administration to Canadians. While the SIN is recorded on millions of information exchanges with Canadians each year, Revenue Canada takes every reasonable step to ensure that personal information is protected. SIN information is collected and processed within strict guidelines under a number of federal statutes. The Income Tax Act, Canada Pension Plan Act, Employment Insurance Act, and the Privacy Act, among others, compel us to provide stringent safeguards.

The Auditor General has observed that there is increased cooperation among departments to combat SIN fraud. Mr. Chairman, we are committed to eliminating this problem. The inter-departmental task force, established four years ago, made significant progress in improving data sharing and SIN reliability. The early results have been encouraging, but represent only the first important step in addressing a highly complex issue involving all levels of government, the private sector, and individual Canadians.

The role of the SIN in serving the needs of the government and the privacy concerns of Canadians takes on greater urgency with the emergence of new forms of information exchanges such as electronic commerce and Internet delivery of services. Revenue Canada has launched new initiatives in this area.

We are redesigning our taxation and customs administration systems to prepare for electronic service delivery. Our business process re-engineering is serving as a model for other departments and other governments. Most importantly, it responds to the demands of Canadians for more responsive and cost-effective delivery of government services. As with the SIN, the challenge is to provide these services in a secure manner.

We agree with the Auditor General that, in the context of sweeping technological and social change, the timing is appropriate to consider the role of the SIN. I would like to assure the committee, Mr. Chairman, that Revenue Canada intends to do its part in addressing the challenges.

• 1545

As the Auditor General states in the report, we are participating with HRDC and Citizenship and Immigration Canada to identify the risks associated with the issuance of temporary SINs. Improved safeguards for Canadians and greater reliability in data exchange in using the SIN are our immediate goals. Ultimately, the broader question of the role of SIN, or any other unique identifier used in the administration of income tax and social benefit programs, must involve the federal government, provincial governments, the private sector, and individual Canadians.

Mr. Chairman, I would like to assure the committee that Revenue Canada is ready and willing to assist efforts to address the problems the Auditor General has identified with the management of the social insurance number system.

Revenue Canada is fully committed to enhancing the integrity and security of the system to respond to the changing social, technological, and economic circumstances facing Canadians. I look forward to responding to your questions. Thank you.

The Chairman: Thank you, Mr. Miller.

We'll now turn to Mr. Braiter of Human Resources Development Canada for his opening statement.

Mr. Hy Braiter (Senior Assistant Deputy Minister, Service Delivery Network, Human Resources Development Canada): Thank you, Mr. Chairman.

I welcome the opportunity to address the committee on behalf of Human Resources Development Canada and to demonstrate how we're moving forward to improve the administration of the SIN. I'd like to apologize for Mel Cappe, our deputy minister, who could not be here today.

I'm accompanied today by Jacques Bourdages, who is the manager of our social insurance number registry in Bathurst, New Brunswick; and by Bob Nichols, who is our director of insurance services and working on some of the future initiatives to improve the SIN administration.

Mr. Chairman, in our view there are really two main issues to be addressed as a result of the report. First, there needs to be improvement in the administrative processes and data integrity of the SIN. In this matter, our department, HRDC, plays the key role, and my remarks today will deal mainly with this issue. Second, there needs to be discussion and parliamentary consideration of the much broader issue, that being whether Canada needs a system that goes further than the current SIN, a system that's not a file identifier but rather a personal identifier.

On this broad issue, HRD has taken the liberty of initiating discussions with the other lead departments such as Treasury Board, Justice, Revenue Canada, and the Privacy Commissioner's office. But, as the AG has pointed out, we're only one player in this, and this issue will really require a government decision and direction.

Mr. Chairman, HRD is taking the Auditor General's report very seriously. We are and will take action on his recommendations. We issue the SIN, we control the SIN, and we maintain the register. Our department will take the lead in all of the administrative weaknesses identified in the AG's report. In doing so, however, we do recognize that there are some tough issues to look at, such as privacy issues and the cost of the improvements.

Let me talk a little bit about the history surrounding the SIN insofar as it affects administration. When the SIN was introduced in 1964, there was great debate about the efficiency versus the privacy issues, and the issue was resolved that the SIN would be a file identifier or account number and would be used only in selected federal programs, as the AG has mentioned. At that time, in 1964, there was a great rush to get everybody a SIN. The card itself was not a secure card; it was no more than a way of having people remember their social insurance number. In fact, at the beginning it was just a little paper card, and many of us still have the little paper-type cards.

We then issued plastic cards because the paper cards were getting lost and deteriorated. So we changed to plastic. But still the plastic card was just a convenient way of remembering your social insurance number, not an ID card.

Also, up until 1976 we didn't even ask people for any proof of identity when they applied for a social insurance number. They applied for a card and we gave them a card; we gave them a number. We didn't ask them for their birth certificate, passport, citizenship—nothing. They just got their number. If they lost it they applied for another one, and they got another one.

So that was for the first 12 years of the existence of the SIN. Over 18 million cards were issued during that first 12 years, and they are what we call “uncertified” now. We've never had any proof of identity on those cards.

After 1976, the government decided they needed to get a little bit stricter and started asking for proof of identity when a person applied. And over time, as the Auditor General has mentioned, the perception of the card has moved closer and closer to being a national identifier and away from being just an account number. In fact, a lot of people carry it around and a lot of people ask for it, thinking it's really an identity card, which it isn't. The current government policy still views the card as a file identifier or an account number and not as a national ID card. Certainly if it did become a national ID card officially, the way we would administer such a card would be far different from the way we administer an account number.

• 1550

With respect to the current Auditor General's report, Mr. Chairman, HRD has already developed a plan to address the AG's recommendations. We've established five working groups to deal with the different recommendations. The first group is studying the accuracy and completeness of the personal information contained on the register. The objective here is to achieve excellence and to clean up the register and make sure all the data are accurate. We have for the past few years really done quite a bit in this direction, but there's a lot more to do.

With the Auditor General's report, our resolve to do more has been strengthened and our leverage to work with other departments and provinces has actually been strengthened. So we are looking forward to doing some of the things we always wanted to do to make the database more integral.

To do this also needs the cooperation of provinces. They hold the birth, mortality, and name change records. We need that data to really go back in time and clean up some of the data we have. Mr. Pettigrew has already discussed with ministers of social services the need to get together on the SIN issue, and provincial ministers' initial reaction was quite positive. So that's good news.

Our second group is looking at proof of identity requirements for SIN applications. Today people only need one piece of identity, a birth certificate, or an immigration document, or a passport. We're looking at whether we should ask for a little bit more. That second group is looking at these types of issues.

The third group is looking at how we can prevent SIN offences or abuse. There are some real challenges here because of the fact that having a couple of SIN numbers doesn't make one a criminal. We also don't have really strong legislation in place to deter SIN fraud. In terms of the current penalties, first of all, you have to prosecute the person, and, secondly, even if you prosecute, the maximum fine is $1,000 or up to one year in jail. Successful court prosecutions of this type are very difficult, and the courts really don't like to see us coming with this kind of a case considering their other caseload. So what we're looking at is introducing administrative penalties, such as we have in the employment insurance program, that could act as a deterrent to abuse.

The fourth group is looking at the issue of SIN investigations. We did 2,700 pure SIN investigations last year. We do plan to do a lot more in the future. We do a lot of investigations of our employment and insurance program. Indirectly, we are really investigating people who might be abusing SIN numbers to claim employment insurance or Canada Pension Plan and so on. We have a really good investigative team. They return $14 for every dollar in salary. Anyone who uses a SIN fraudulently to obtain EI or CPP is very likely to be caught.

In fact, the examples in the Auditor General's report on SIN fraud were all examples that were uncovered by our investigators. But, as I say, we plan to do a lot more in this area.

The fifth team, the final team, is looking at the security features on the SIN card itself. As I mentioned to you, it's just a plastic card. It has no magnetic stripe. It has no background. It's easily copied. It does not have any security features. It's just a way of remembering your SIN. Most employers don't even ask for the card. They ask you to fill out an application for employment and enter your SIN number. Even the banks don't ask for the card. So there are really very few security features.

If we were going to continue to look at it as an account number, really you have to question whether you want to add security features, because it could cost in the hundreds of millions of dollars to reissue all the cards with the different security features. But if in fact we want to move in the direction of validating this as an ID card, then certainly we would be in a very good position to reissue cards with all sorts of security features, as was suggested in the Auditor General's report. This is something that we would need direction on.

I think in conclusion what I would like to say, Mr. Chairman, is that our overriding goal is to have accurate and complete information on the social insurance register to prevent abuse and to ensure that benefits go to only those who qualify for those benefits. We have work to do. We have a plan in place. We're confident that we'll achieve this and satisfy all of the AG's concerns on administration of the SIN. Thank you.

• 1555

The Chairman: Thank you, Mr. Braiter.

I note we have a full quorum here this afternoon, and Mr. Myers has a little bit of House business to do first.

Mr. Myers, I think you have a motion.

Mr. Lynn Myers (Waterloo—Wellington, Lib.): Thank you very much, Mr. Chairman. I would move, with the committee's agreement, that the motion regarding travel, which was passed at this committee earlier in the fall, be amended to read “four members of the government and four members of the opposition”, and the clerk be instructed to amend the budget accordingly. As you point out, Mr. Chairman, it's a housekeeping motion.

The Chairman: Thank you, Mr. Myers.

(Motion agreed to)

The Chairman: Okay, back to the business at hand.

Mr. Braiter, I notice you're taking it seriously, but when I looked at the performance report that was tabled a couple of weeks ago by HRDC, there isn't a mention of social insurance numbers anywhere in this report. We've had the Auditor General tell us how serious it is. We've had your department agree with every recommendation from the Auditor General on how to fix it. You've been telling us that this afternoon. Why isn't it in here?

Mr. Hy Braiter: That's a very good question, and I don't know the answer. It will certainly be in next year's report. Perhaps it was the timing, because the Auditor General's report was tabled just recently and the plans we started for the improvement didn't get reflected as a main priority in that document. But I can assure you it's a main priority within the department, and our work plans on what we're going to do about it are with our minister right now.

Also in the report are measures on our investigation and control, and it shows we returned almost $600 million. A lot of that is SIN fraud. It's just that we catch it at the point when somebody actually wants to defraud a benefit program, as opposed to when the person is sitting at home with two or three SIN numbers.

The Chairman: It seems to me that for the 35 years or whatever we've been issuing SIN numbers, the department has been quite slack in thinking about people ripping them off. The Auditor General pointed out that one person had 72 social insurance numbers. One person was using the identities of deceased children—believe it or not—to obtain SIN numbers.

You only investigated 2,700 cases last year, and you find out you're getting a return of $14 for every dollar spent. We've heard from Revenue Canada how much money they're losing. Why hasn't it been a high priority over the years to close this door that's been wide open for taxpayers' money to bleed through?

Mr. Hy Braiter: As I mentioned, the 2,700 are pure SIN investigations. The investigations on the other end were more like 400,000 investigations on possible EI fraud or Canada Pension Plan fraud.

That being said, your point is valid. We need to clean up this file, but over the years the history of it is that there was no government requirement for proof of ID up to 1976. There was a government decision in 1976 to start asking for proof after that date, so we did. There was no decision to go back in time, perhaps because of cost or inconvenience.

Over the years there has also been a myriad of barriers. There have been technological barriers, where even if we did get files, we had to match manually in the 1970s and 1980s. There were privacy barriers, where we couldn't get the files because various laws would not allow us to get files on deaths from other organizations.

The Chairman: We find out that people are getting birth certificates off the Internet and are sending them in and you have been accepting them. We find that we have issued temporary social insurance numbers but they have no expiry dates. These would be simple things to catch, one would think. Why haven't you been catching them?

Mr. Hy Braiter: What I can talk to you about is what we're planning to do. Why haven't we been catching them? I can give you an example.

The Chairman: The point is, now that the Auditor General has brought it to your attention, you say, gee, this is important and we'd better get after it. But why haven't you been after this for the last 10 or 15 years?

Mr. Hy Braiter: Since the 1990s we have introduced matches with Revenue Canada and the Canada Pension Plan. We've obtained files from the sickness programs and the pension plan programs in Quebec. We're using these files to start cleaning up the records.

Let me give you an example of an impediment. We manage old age security. A lot of people don't collect CPP or QPP, but everybody collects old age security. One would think the death date on that file would be a very important source for us. But the law wouldn't allow us to use that file. Even though it was housed within our own department, we couldn't use the information on that file to update the social insurance registry. When we had the opportunity last year, we changed the law, and now we're ready to go with that.

The Chairman: You said in your opening statement that your capacity to use the Criminal Code to punish people is legislatively weak, and you've known that for a long time. Why hasn't the minister brought forth legislation to increase the penalties, for example, and allow you to use files within your own department?

• 1600

You tell banks to pick up social insurance numbers so that the T-5s can be filed for Revenue Canada purposes. Now you recognize that they are a national identifier. So here you're saying we have the file in our own office, but we can't use it to detect potential social insurance number fraud, yet you know it's going on.

Where has the department been with regard to getting the millions we have lost over the years? I'm still trying to find out why it has taken the Auditor General's investigation to bring this to light.

Mr. Hy Braiter: First, on the specifics, when the act on old age security was opened, we did change the law. We had in fact to negotiate with the Privacy Commissioner to get the law changed. But we did change it. We can now use those files, and we're about to do those matches.

With regard to the provinces, we made at least four attempts with them in the mid-1980s in terms of getting all their files in, with one being successful. Since then, there have been unsuccessful attempts to get their databases in. But now there's a renewed commitment from the provinces to our minister to cooperate. Some of them have legislative barriers they'll have to overcome, but at least there's the desire to cooperate.

I could tell you about one very successful example of cooperation in New Brunswick, where the New Brunswick government has actually given us their entire vital statistics file. For every person born in New Brunswick, we check the statistics file, their vital stats file, before we issue the SIN number. In fact, we issue the SIN number within one minute, because if they were born in New Brunswick and they give us their birth certificate number over the phone, we have all the data we need, and we know what they are and who they are. This is an example of modernization.

We want to move this across the country as quickly as possible. We want to integrate the provincial files with ours so that we can improve things.

The Chairman: I'd like to continue the debate, but unfortunately I have another commitment. I'm going to pass the chair over to Mr. Myers.

Mr. Harb, you can start questioning now.

Mr. Mac Harb (Ottawa Centre, Lib.): Thank you very much.

First, I want to thank the Auditor General as well as the ADM from Revenue and the representative from Human Resources.

I wanted first to make the statement that I can understand a government department using the social insurance number as an identifier, but, frankly, I can't understand why in the private sector we have, for example, some cases of a landlord asking a potential tenant for his or her social insurance number.

To that extent I wanted to say that next week I'll be introducing a private member's bill in fact to ban the use of social insurance numbers unless you are clearly authorized by the Department of Revenue or the Department of Human Resources Development to request the social insurance number from the individual who's making the application for whatever. I think by doing that we will eliminate a whole pile of people out there who are playing around with the social insurance number, fraudulently or otherwise, and you keep the social insurance number where it belongs, in the hands of the government departments that are responsible for managing it.

I wanted to hear, first, the Auditor General's views on that as to whether he thinks that might solve part of the problem, followed by comments from Revenue and Human Resources.

The Vice-Chairman (Mr. Lynn Myers): Mr. Desautels, please.

Mr. Denis Desautels: Mr. Chairman, I'm very conscious of the issue raised by Mr. Harb. In fact, I can say that I've been receiving correspondence from private citizens who have been complaining about the exact issue you're raising of landlords requiring a SIN in order to process an application for a lease. Clearly, that is beyond the use that was envisioned by legislators for the SIN.

So I believe there is a lot of use of the SIN right now in the private sector that is not legislated in any way. I think the Province of Quebec has some legislation around these issues, but for most of Canada there's very little. There's a vacuum, and I think it's something that parliamentarians should look into. I would be very supportive of that.

Mr. Mac Harb: Right.

Could we hear a comment from Revenue and Human Resources?

The Vice-Chairman (Mr. Lynn Myers): Mr. Braiter.

Mr. Hy Braiter: I agree with you totally. There's one policy in the government, which is the official policy, and then there's the common practices that have crept in over the years. The common practice, from what I could see in the AG's report, is that people are beginning to look at it as an ID card, and it was never intended to be so.

• 1605

I think the government will have to, once again, reconfirm in which direction it wants to go. They may want to make this an ID card because everybody is using it as one. Then we'll get on with that business. Or they could say no, it's an account number. So it has to be a good integral account number, but it's not going to go beyond that. Then they would need a public awareness program to tell people they should not give out their SIN numbers. If they have no right to it, don't give it to them.

Furthermore, what's really ironic is that if this landlord came to us to say he'd like to know who or where this person is, we would never give him any information. Absolutely not. That's what makes me laugh. My wife goes to the IGA because she wants to cash a cheque. They ask for her SIN number. It's useless, but they don't know it.

The Vice-Chairman (Mr. Lynn Myers): Mr. Miller, do you wish to comment as well?

Mr. David Miller: I think from Revenue Canada's perspective, the legislation is in place to allow us to collect the information when necessary in order to maintain the integrity of the tax system. So obviously, we would love to limit its use to those legislated purposes. In fact, there are situations you would be surprised about where you think people would be required to provide SIN numbers but they're not. So it works both ways. It's time we had a general look at specific uses and the intended outcome of that system.

Mr. Mac Harb: I appreciate the comment. I would think that if we were to make it an offence for any organization to request a social insurance number unless they're authorized by law, you would see a lot fewer problems with human resources than you would see now. I would think this would make the life of the Auditor General that much easier than it is now.

Frankly, I wouldn't care, Mr. Chair, even if there were 10 million social insurance numbers out there. As long as they're useless, they can't use them for anything, so it's not a problem.

You're quite right that unless we have a strict directive by Parliament to say it's illegal to request a social insurance number except where you're authorized by law, then we are going to see those problems we're seeing now.

Would that be right, Mr. Auditor General?

The Vice-Chairman (Mr. Lynn Myers): Mr. Desautels, please.

Mr. Denis Desautels: I believe we have maybe the worst of two worlds right now. We have a registry that's not sufficiently reliable. So in terms of using it for administrative purposes, it therefore has severe limitations. At the same time, we've let it be used for all kinds of unintended uses. The privacy of people hasn't been protected sufficiently. We have a registry that's not serving the best purposes from an administrative point of view. And we have problems with protecting privacy. So we have the worst of both worlds.

The Vice-Chairman (Mr. Lynn Myers): Thank you very much, Mr. Harb.

[Translation]

Go ahead, Mr. Laurin.

Mr. René Laurin (Joliette, BQ): The Auditor General found a sizable gap between the number of Canadians, according to Statistics Canada census data, and the total number of SIN numbers in circulation. His analysis listed three factors that could account for this gap:

Firstly, the number of Canadians and non-Canadians who may have left the country; secondly, deceased SIN holders whose deaths were never brought to the attention of HRDC; and thirdly, SINs based on fraudulent identities.

This brings me to my next question. When you refer to Statistics Canada data, are you confident that the Statistics Canada census results are completely reliable? On what do you base this assumption? You say that Statistics Canada has identified 22 million Canadians aged 20 or older, whereas according to the Social Insurance Register, this figure should be closer to 26 million. You are not calling into question Statistics Canada's data. What evidence do we have that census findings are accurate and that there are indeed 22 million Canadians aged 20 or older?

Mr. Denis Desautels: Two things, Mr. Chairman. First of all, Statistics Canada has done more than one census. It does a census every 5 or 10 years. The population figures are consistent from one census to the next. Therefore, even though I may not have verified Statistics Canada's census data, I think that because this exercise is conducted on regular basis, the findings are relatively reliable.

• 1610

Secondly, there are fairly significant gaps between Statistics Canada data and that contained in the Register. For instance, in the case of persons aged 90 or older, even if the Statistics Canada figures were off slightly, this wouldn't account for the significant discrepancies between the information contained in the two data banks.

Therefore, it is rather obvious that there is a problem with the Register. I think that we can safely conclude this based on Statistics Canada data.

Mr. René Laurin: Therefore, Statistics Canada data is considered accurate. I was thinking in particular about older Canadians, that is those aged 90 or 100 who may have required assistance in filling out the census form. Do these persons always get the help they need? I was just wondering about that. It's not so much that I doubt the accuracy of the data, but I wondered if this question had ever crossed your mind.

Mr. Denis Desautels: Of course, there is always a certain margin of error in Statistics Canada data. However, as I said, the gap between their data and that in the Register is so significant in the case of some groups that I think it is fair to question the integrity of the Register.

Mr. René Laurin: Another question was raised regarding the quality of SIN investigations. I want to come back to this subject. You note that the quality of SIN investigations could stand to be improved. You further observe that less than 1 percent of cases are strong enough to result in charges being laid. I would like to know how these investigations are conducted. If only one percent of cases results in charges, then the procedure must be fairly basic. Briefly, could you explain to us the procedure employed to conduct investigations?

Mr. Denis Desautels: I will ask Mr. Rattray to answer your question.

[English]

Mr. David Rattray (Assistant Auditor General, Audit Operations Branch, Office of the Auditor General of Canada): Mr. Chairman, the point we were making was not primarily only the quality of the investigations, but the number of investigations that pertain to SIN. Our second point was the low administrative penalties that result from those carried further, as Mr. Braiter said earlier.

The Vice-Chairman (Mr. Lynn Myers): Thank you very much, Mr. Rattray.

The vice-chair acknowledges Mr. Laurin.

[Translation]

Mr. René Laurin: You stated that insofar as the quality of the investigations was concerned, the cases were ultimately not strong enough to lay charges.

You also stated that in certain regions, investigators were ordered to stop their SIN investigations related to income tax at the point where "the hardships caused to the legitimate taxpayers had been contained...". I don't quite understand what that means. Could you explain it to me?

The briefing notes I have here were prepared by the Research Branch. Perhaps you don't have a copy of them. Suffice to say that in some regions, investigators were ordered to stop their SIN investigations related to income tax because some taxpayers could suffer hardship. I don't quite understand what that means.

[English]

Mr. David Rattray: The answer, Mr. Chairman, if I understand the question correctly, is that we were trying to raise the matter that there was a decline in the number, probably related to the fact that the indicators for investigations were dealing more with cost-recovery or savings. In this case, the SIN investigations were given a much lower priority because they weren't resulting in direct cost savings or measures as, say, the EI account was.

I'm not sure from Mr. Laurin's briefing notes, Mr. Chairman, whether this relates more to Revenue Canada type audits, where there is concern about hardship on recoveries to individuals, but I'm not seeing the reference here. It's more with the quality and number of investigations as opposed to the hardship imposed upon individuals.

• 1615

The Vice-Chairman (Mr. Lynn Myers): I believe, Mr. Rattray, it is reference 16.69.

Mr. David Rattray: We would have taken that directly from the files of the department giving the instructions. It's no more than simply noting it was given as a directive, and that is one of the explanations where SIN investigations relating to income tax were in fact changed. That was simply from the internal files and the directions of the department. We haven't tried to analyse or explain it; we've simply noted it.

The Vice-Chairman (Mr. Lynn Myers): I want to thank you very much.

We'll now go to Mr. Mahoney.

Mr. Steve Mahoney (Mississauga West, Lib.): Thank you, Mr. Chairman.

I'd like to just spend a minute and get some clarification, particularly on Mr. Desautels' recommendations 12 and 13. I'd like someone to tell me what the original mandate or purpose of a social insurance number really was, assuming it's for all Canadians in the country. What was the real purpose of it?

I hear people say if it's used to trace an NSF cheque or something, it isn't of any use. So it's not for personal identification particularly, except maybe for the government. It's not something other organizations or the private sector are able to use. Is it strictly a government document or a government number? I don't know who wants to answer that. Maybe Mr. Braiter.

The Vice-Chairman (Mr. Lynn Myers): Mr. Braiter, do you want to begin?

Mr. Hy Braiter: Sure.

My understanding is that the original purpose of the number was as an account number for the Canada Pension Plan to keep track of all the premiums paid. There was an account number for the unemployment insurance program, again to keep track of premiums. It later also came into use for Revenue Canada so they could use it as an account number for taxation purposes. Those were the purposes of the SIN number.

Mr. Steve Mahoney: It's interesting. If you apply for just about anything in society, they ask you for the SIN number.

Mr. Hy Braiter: That's the misperception the public has come to accept about the SIN number. So the issue is, do we need an awareness campaign or do we need to reconsider what the SIN number is? If we reconfirm that the SIN number is an account number, for now it involves about 20 federal programs. For example, in the last year alone the Registered Education Savings Plan in its act said the SIN number would be the identity number as well. But those are the only programs the card is used for, other than programs to which the employment insurance commission agrees. The employment insurance commission must rule on whether it agrees that a certain program can use the card.

Mr. Steve Mahoney: Mr. Chairman, as I was listening to the witnesses I went through my wallet, and aside from too many credit cards I found my social insurance card. I then found my wonderful brand-new fancy green Ontario health card with all kinds of information on it. I found my beautiful blue Ontario driver's licence and my old birth certificate that tells me I've been spelling my name wrong for 51 years. I have to call my mother.

Then I also realized that something I don't have in my wallet is my hunting and fishing licence I get from Ontario, which is another card issued in a similar format in the province of Ontario. I'm not familiar with what other provinces do. I'm sure there are other things people would have as identification. The driver's licence would be something easily traceable. The driver's licence number is there and your address, so for anyone in the private sector who wanted to know who they were dealing with, it's probably a more effective document than anything.

Every Canadian would have some form of health card identification, I assume, in every province in the country, and most of us would have birth certificates. Can we not seriously look at one card, one system, in this incredible day of technology? It wouldn't eliminate a SIN number, because there may be some purpose and value in terms of Revenue Canada or something else, or perhaps it has some significance, but it would all be rolled into one. Is there not some way we could pursue that? Maybe the Auditor General could respond, because he makes a recommendation somewhat like that.

• 1620

The Vice-Chairman (Mr. Lynn Myers): Mr. Desautels, do you want to tackle that question?

Mr. Denis Desautels: I can offer a quick answer. There is a case to be made for looking at the possibility of a single national identifier. Other countries have been looking into that, but to my knowledge nobody has really adopted one yet, although there may be some that are closer than others.

Having a sort of single card to identify you in everything you do may run into difficulty with those defending privacy issues. So you're back at the tension between having something that's simple to administer and very useful versus the privacy protection. We are where we are today with the SIN because we've had this tension and we haven't resolved it as such. We've taken the position that the SIN is supposed to be an account number for a set number of purposes and no more, but de facto it has become over time much more than that.

In addition to the 24 federal programs we list in our report, there are a number of programs the provinces run themselves where they use the SIN, and private sector organizations use it as well. I think Revenue Canada has probably encouraged financial institutions to use it because they require it on certain T-5s.

Over time it has evolved a little bit toward a single national identifier, but we haven't made any decision that that's what it should be.

Mr. Steve Mahoney: It could be a microchip in your ear one day, probably. We do it for dogs.

I wonder if you could suggest how we might proceed to at least investigate that. It seems like a cumbersome thing to start, but maybe either this committee or a subcommittee of this committee could talk to others to see if we could get that ball rolling.

I understand the privacy issues. Yet it seems to me with all these different cards, the chances of abuse and fraud are even greater when you have so many of them in the mix.

Maybe Mr. Braiter could also tell me what the penalty is for fraud with a SIN number and if we have any recent examples of that.

Mr. Hy Braiter: The penalty is $1,000 maximum or one year in prison. The problem with that is you have to take a person to court and the court system is not all that efficient. They really don't like to see this kind of thing brought to court when they have murderers and everyone else being brought before the courts.

We'd like to do something similar to what we did in employment insurance, where we have administrative penalties and our officials are able to impose an administrative penalty up to three times the amount collected in employment insurance. That is quite a deterrent.

Similarly, we have administrative penalties on employers who hand out false records of employment. They would have to pay us back an equivalent amount to all of the fraud committed using the false documents they handed out. These are significant deterrents. They bypass the court system and have been used quite successfully.

If we had those kinds of penalties—and one of our teams is looking at introducing those kinds of penalties—people would think twice about starting to gather two, three, four, and five SIN numbers, and our investigators would be more than anxious to find these people because you could actually do something when you found them.

We pay an investigator, for example, $50,000 a year. He can bring us back over $500,000 if we focus on EI, but he will beat his head against the wall sometimes if we focus on chasing people who might have multiple SINs. Instead we're trying to catch the situation at the point where the person tries to abuse the program, as opposed to just the fact that he has these SINs, because when you bring him to court and he has these SINs, you have to prove intent and all sorts of stuff before anything is done. Then they might give him a fine of $400.

The Vice-Chairman (Mr. Lynn Myers): Thank you, Mr. Braiter.

We'll move on now to Mr. Grose, please.

• 1625

Mr. Ivan Grose (Oshawa, Lib.): Thank you, Mr. Chairman. I had one of the old green cards that got so worn out you couldn't even read the number on it. Then when I got to be a certain age, they sent me a nice blue one. It was about the same time I was first elected here. It has a nice picture of the Parliament buildings on it, and I thought it was so I would know where to go to work every day. Obviously, it has my SIN on it.

Mr. Steve Mahoney: It doesn't work, does it?

Mr. Ivan Grose: It seems like déjà vu all over again. We've gone up this road once before. I can't remember exactly in what context it was, but at that time we were having a problem with the provinces with death notices. I got a hint today that we're still having the same problem. Someone was going to install new computers but they weren't compatible. Is this still the situation?

Mr. Hy Braiter: First of all, that card is an old age security card.

Mr. Ivan Grose: You had to say it, didn't you.

Mr. Hy Braiter: I won't say what the requirements are to get it.

Mr. John Finlay (Oxford, Lib.): You and I are the only two who have them and they're not signed.

Mr. Hy Braiter: The old Department of Health and Welfare, in about 1977, contracted with the private sector to give people who applied for old age security a nice card. We then took over the administration of that in Bathurst and started printing these cards for seniors. We recently held a focus group to see if they still want them, and they really do, because it's handy to use the number when they want to make inquiries about their cheques and so on. They don't lose that card if they've already lost the little paper one.

Mr. Ivan Grose: Are you emphasizing this senior thing?

Mr. Hy Braiter: No. Secondly, they get a lot of benefits, such as discounts in theatres and whatnot, so they don't want to give up that card. There's another example of a card that has just come into use. It has the social insurance number on it.

Mr. Ivan Grose: Getting back to the provincial thing, are you getting any better cooperation from the provinces?

Mr. Hy Braiter: We have a tremendous example in New Brunswick where they actually gave us the whole file. Because we have the file, people in New Brunswick don't even have to show us any paper. They call in, we access the file over the computer and double-check who the person is—because they would have to know a lot of stuff to get all the answers right. Then we give them the number right over the phone and mail them the card.

Here we're absolutely sure who's dead, who's not dead, and so on. With this lever we're going across the country, and many provinces have said they'd like to do that too. Suddenly there's a service incentive to their citizens for them to give us their databases. Some of them may still have to see if they have any privacy legislation impediments. The latest discussions between Minister Pettigrew and the ministers of the provinces would indicate they want to cooperate.

Having an Auditor General's report like this helps to give us leverage. As the auditor has said, a lot of provinces have begun to use the SIN as well in administration, so they have an interest in letting us know. The biggest problem really—it's not an overwhelming problem—is for people to let us know when a person dies and report it to the provincial government. That way we can clean up our SINs in terms of marking people dead.

Even Statistics Canada have the numbers, but their legislation prohibits them from giving us individual data. They promise to use it only for statistics. Notwithstanding that, we've made a real concerted effort at the ministerial level and at the bureaucratic level. There's a will now to get this data together and at least update the accuracy of deaths on the social index file, and at the same time dates of birth and so on. There are a lot of inaccuracies dating back to 1964, and we'd like to clean them up. It doesn't mean people are using these SINs to create fraud. It would just be nice to clean up the file so we have an integral file.

If we can't get a lot of these data, we're going to match all of the files of Revenue Canada to CPP/OAS. If we see a person 80 years old not collecting OAS who hasn't filed an income tax return in five years, is not collecting CPP and we haven't seen any economic activity, we might just mark that card dormant. We wouldn't mark them dead because it would be pretty embarrassing for the government to officially make somebody dead who's alive. But we might mark it dormant, and if anybody uses that card for benefits, the flag will come up and we'll call the person in and verify what's going on. That's what we're doing. We're thinking of creative ways of cleaning up the files without bothering people.

Mr. Ivan Grose: Why do you issue these temporary cards that seem to go on forever?

Mr. Hy Braiter: First of all, if a person has an investment in Canada, Revenue Canada would like us to issue a SIN to that person so they can declare the interest, capital gains, and everything else. So there you have a SIN of somebody who is not even in Canada but has investments in Canada.

• 1630

Secondly, you have hockey players, musicians, acrobats, and circus workers. They come in. They earn money in Canada. We issue them a temporary card so they can report against the card. The card is called the 900 card. The trouble is when they leave, we don't knock the card off, mark it “left”. We don't have those data. We're looking at putting an expiry date on now, so we'll say to this person, you're in for three months; that's all this card is good for. The worry is these cards will then be used for other things—sold on the black market or what have you.

Mr. Ivan Grose: Have you any thought of issuing cards every three years on your birthday, the same as your Ontario driver's license? If anyone doesn't apply, the card dies.

Mr. Hy Braiter: That would be a good idea if the government took the position that this card is really going to become an identity card, a card that's meaningful, so the landlord can ask for it. If that's the case, we would have to periodically call people in, take a photograph, thumbprint them—all of the suggestions the Auditor General made in the report if the card becomes used as a.... Just as with your driver's license, they make you come in every four or five years to get a new picture and renew your driver's licence. But if the card's only an account number, you have to balance bothering the public, making them come in, spending taxpayers' money on this whole rigmarole...for what?

Mr. Ivan Grose: What bothers me is all these cards that never seem to die.

Mr. Hy Braiter: We'd like to make them die through the technology that's available today and cooperation among all the people who hold the data.

The Vice-Chairman (Mr. Lynn Myers): Good. Thank you very much, Mr. Grose.

Mr. Mayfield, please.

Mr. Philip Mayfield (Cariboo—Chilcotin, Ref.): I was particularly interested in what Mr. Mahoney had to say. I can certainly sympathize with the number of cards he has in his pocket.

I'm also reminded of some statements made by the Privacy Commissioner three, four, or five years ago, when he was very, very concerned about the accumulation of financial information, private information, and health information, and that this information is generally available to a wide variety of institutions. The figure of speech he used is this stuff goes in waves across the continent four or five times a day. He was extremely concerned about the privacy issue.

While I have the thought in my head, Mr. Chairman, I would like to suggest to our committee and the planning committee that if we want to dig into this issue of the cards and privacy, we should invite the Privacy Commissioner to meet with us and discuss it from his point of view.

I must say his point of view ranks pretty high in my thinking. I'm aware that people are not only asked to provide information and card numbers, but if you go to a bank or apply for a credit card, if you don't give them the information, you simply get a nice letter saying your request is denied for insufficient information. People who apply for mortgages are over the barrel too. It becomes very coercive in regard to giving this information.

I have a great reluctance to go down the path you're suggesting for the sake of convenience, Mr. Mahoney. My questioning was much more along the opposite line. I was wanting to ask our witnesses today, as you're developing a strategy and a plan, I'm wondering if you are thinking about how you might disassociate the number you use for each individual and restrict it only for that use. What kinds of problems would it cause to our community, to our business community, to people who have other needs to be identified—for health, personal, financial reasons, etc.? Would you be able to isolate this number so it would be strictly for use within the government departments?

The Vice-Chairman (Mr. Lynn Myers): Mr. Braiter, do you want to begin on this?

Mr. Hy Braiter: I could try. I certainly would like to say that anything we will be doing will be cleared with the Privacy Commissioner's offices, including all data matches, file matches, and so on. We have to get his approval that we're doing it according to policy.

We certainly could restrict the use of SIN numbers to that which it was originally and is currently legislated and approved for, but we would have to create a public awareness program telling people not to give the number for anything else. This is what it's for.

• 1635

Mr. Philip Mayfield: Is that one of the parts of the plan being developed now?

Mr. Hy Braiter: I think it will be part of the plan to take a look at that sort of thing, and also to have penalties, as was mentioned, which is an excellent suggestion. When we're looking at the legislation to provide our ability to impose administrative penalties, there perhaps should also be penalties on people who withdraw service or deny mortgages or whatever just because you didn't want to give them your social insurance number. So I think one of the groups working on this will put these types of recommendations together.

But you have to realize that what we're talking about here is government policy. Ultimately it will be the parliamentarians who will have to set the stage for the appropriate policy in the future for the SIN number, whether they ratify current policy or augment it a little bit. But we'll put together the options.

Mr. Philip Mayfield: I'd like to come back to the privacy issue with the Auditor General in just a moment. But just following through on your strategy, I'd like to ask.... I really congratulate you for the speed at which you've gotten into this issue. I'd like to know when your strategy will be completed, what plans are coming out, when you anticipate having it completed, and whether you're going to be willing to share that with the committee.

Mr. Hy Braiter: I'll answer your last question first. Yes, we will share it with the committee. As I mentioned before, it's currently with our minister's office, and as soon as he's fine with it, we will send a copy to the clerk of the committee, if that's all right with you.

But I'm going to ask Bob Nichols, who's coordinating the planning, to speak to your questions.

Mr. Bob Nichols (Director, Insurance Program Services, Human Resources Development Canada): Yes, sir. We have five work teams in place now dealing with issues of data integrity, proof of identity, penalties, SIN investigations, and the SIN card itself. Each of these teams is focusing solely on the recommendations of the Auditor General and is looking at the various options that could be brought forward to improve the situation. They are working to timeframes and milestones that they think are practical. They are included in the draft work plan that is presently before our minister.

Mr. Philip Mayfield: Can you put some limits on that? Is it going to take a year, two years? How long do you think it'll take?

Mr. Bob Nichols: I was just going to suggest, sir, that subject to the minister's approval, this draft work plan calls for some options to come forward for consideration by the spring of 1999.

Mr. Philip Mayfield: How am I doing for time?

The Vice-Chairman (Mr. Lynn Myers): You're fine. Continue.

Mr. Philip Mayfield: I'd like to get back to the Auditor General on the issue of privacy then, Mr. Chairman. I'd like to discuss with the Auditor General and his officials whether you and your people have had a look at this privacy issue. You mentioned we sort of have the worst of both worlds here, and I'm inclined to agree with you. Once the water has been poured into the ocean, it's pretty hard to get the fresh water back again.

I'm wondering if you've given any thought to how the system we have informally adopted with banks, health departments, and so many institutions who depend on this could be separated in a way that would not cause a major dislocation in the economic or health processes.

Mr. Denis Desautels: Well, Mr. Chairman, that's really a tough technical question to answer. I think it would require a certain amount of study to really identify all of these different uses and to find out how many do make use of the SIN and what would happen if you pulled away that possibility.

Without having made an inventory of all of these uses around the country, I think it's safe to say you would find quite a number of organizations and businesses using the SIN number in one way or another. That's why I said de facto it has become almost a single, national identifier. So if you pulled it away, you probably would cause some of these people certain problems. But it's doable.

• 1640

There may be consequences to doing that. I think it's worth a feasibility analysis of some kind. I'm not sure who's best placed to do that. But I think if the government is to look at alternatives at this point in time then part of the feasibility study should look at these various uses and whether or not they could manage on their own without the use of the SIN.

I may just add one other point, Mr. Chairman, in reference to privacy issues. In carrying out our work, we did have close consultations with the Privacy Commissioner. I think the Privacy Commissioner, without telling tales out of school, is concerned about the lack of integrity of the current system as well. He's concerned about extending the uses of the SIN when in fact, at this point in time, it lacks the accuracy and integrity it should have. So it would be extending a flawed system and causing further privacy concerns.

The Vice-Chairman (Mr. Lynn Myers): Thank you very much.

Mr. Philip Mayfield: Perhaps I could just finish this with a brief statement, Mr. Chairman.

The Vice-Chairman (Mr. Lynn Myers): Proceed very quickly, Mr. Myers.

Mr. Philip Mayfield: I'll go very quickly.

It does concern me, sir, that in having a credit check made, they get your health record, the number of driving offences, and perhaps your criminal record. So many things come up under this single identifier here that I think it's a matter we should approach with great caution if we are to care for the privacy of individual Canadians.

Thank you, sir.

The Vice-Chairman (Mr. Lynn Myers): Thank you.

Mr. Pickard.

Mr. Jerry Pickard (Chatham—Kent Essex, Lib.): Thank you very much, Mr. Chairman.

I think I'm going to direct my question to the departmental officials as well as to the Auditor General.

I'm really baffled that, in a modern society like the one we have, we don't have a single lifetime identifier. You can say we can't tag on a whole lot of different things. We can't tag on a person's driver's licence. We can't tag on a health card. We can't tag on all of the other services for which we carry that wallet full of cards. But it seems to me that in our society we should be able to have an identifier card with your fingerprint, eye print, or photo. All of these things would be on a card. I don't care if we call it a SIN card or something different. I think an ounce of prevention is worth that pound of cure.

I hear we've done 400,000 investigations. We have all kinds of fraud in the system. We have people who are collecting benefits who are gone from the country. We have all kinds of different issues that do arise.

As for the Privacy Act, I understand where the privacy people are coming from as well. If you punch up a card, you'll have a myriad of information along with that card.

But why don't we have a card that really identifies the person? It doesn't do a great deal else except clearly identify who that person is.

Then if you apply for health service, the only area that information comes from and goes to is health in the Ontario government. As for a driver's licence, after you get approval for a driver's licence, that identifier card can act as that. Anyone with a computer—police officers or whoever may be checking your driver's licence—could plug into the driver's licence using that identifier card. But that's the only information that would come in that source.

Why can't we separate all the sources just as we have separate departments and separate people who keep everything on a different statistical base? Why is it that we have to say everything has to be one big accumulative record tied to a SIN number? I think that in itself does violate privacy.

At the same time, can't we separate the concept of identifier card and service? Then you use the card to work into whichever service you're moving into, and that service doesn't cross-reference every other department you get service from.

If someone applies for CPP, makes CPP payments, or whatever, all of that information is on that card. It goes through that person's file, and that's all that department deals with. It identifies that person pretty clearly. If there are violations, they can be identified through that identifier card.

• 1645

But it seems to me that we've got a pretty haphazard system. In today's society, it seems to me that simplistic identification is something that has to be done. Second, if each department or each service-giver in the government wishes to maintain that information separate from everyone else, that's exactly something that could be done while not meshing the two and getting into a major privacy dispute.

Why on earth can't the Canadian government, the Government of Ontario, and governments everywhere else really put their heads together to come up with a system that's going to serve the Canadian public, get rid of a lot of fraud, and at the same time prevent violations of privacy?

Maybe I'll just ask the Auditor General if he would tackle that one first, and then we'll go to the department people.

The Vice-Chairman (Mr. Lynn Myers): Mr. Desautels, do you want to begin, please?

Mr. Denis Desautels: Mr. Chairman, I'll start, and then my colleague, Mr. Rattray, may want to add to what I say.

I think there could be a technological solution that might accomplish something close to what you're suggesting of having a single identifier while having a way of segregating information in order to protect different types of information. It's not obvious, but in this day and age, there could very well be a technological solution that someone might be able to come up with whereby you would be able to achieve both objectives, the single identifier and protection of privacy.

My colleague, Mr. Rattray, may want to add to that.

Mr. David Rattray: Mr. Chairman, we referred to an internal study done on behalf of HRDC in exhibit 16.10. We simply tried to summarize a study that deals with seven international jurisdictions.

If memory serves me correctly, there's a model that begins to go down that road somewhat. That's the one that's being used currently in Belgium, which relies on a multiple set of databases and access to those versus a single common client identifier. That's probably the only one I know of on the international scene that might have staged or incremental accessing depending on where you wish to go for information or where you wish to allow that information to be shared. But as the Auditor General said, there are technological ways that perhaps one might study to see whether it's feasible.

Mr. Jerry Pickard: I guess what I'm trying to say is that there may not be an international model. There may not be a model in another country. But tell me the reasoning why, as a very advanced technological country, we can't use a single identifier for everyone in this country and then separate that identifier service by service by service by service and overcome the privacy question at the same time?

I hear that millions upon millions upon millions of dollars could be saved if this were put together properly. Nobody could have two cards, because using fingerprints or whatever would throw the whole problem into a real difficulty for anyone if they tried to commit fraud. The computer would spit out two identities that were the same.

Mr. David Rattray: I think, Mr. Chairman, it would be an interesting case or model to hear about from people who think they could build such a technological system or create such a number. At the same time, this would satisfy the concerns of the privacy people, not just the Privacy Commissioner, but those who are very concerned about privacy. This might be demonstrated by the technological advances of people who think they can do the very thing you're speaking of. That's the challenge. That's the group you need to talk to or have before you to convince you it can be done.

Mr. Jerry Pickard: Consider the provincial government. For instance, I'll just use Ontario as an example. The Ontario provincial government decided that a person applying for a driver's licence has to use their ID. They've got this single ID. They go through the driver's licence. That material remains with that department. Next is the health card. It's the same thing. You use your ID, but that material remains in the health department. For Revenue Canada, it's the same thing. For HRDC, it's the same thing.

You could compartmentalize all statistical information so that it doesn't pass, yet it does preserve the privacy of an individual, and at the same time, you make sure you've got the right people and there's no duplication of service and fraud.

• 1650

Maybe the departments could answer some of that as well. I'd like some feedback there.

The Vice-Chairman (Mr. Lynn Myers): Mr. Braiter, do you want to begin? Then we'll go to Mr. Miller.

Mr. Hy Braiter: I think what you're talking about is certainly technically feasible. There have been quite a few discussions over the past year or so between provinces and the federal government on something called a common client identifier. I believe they've recently issued their report, which recommends against it because of privacy issues, because they don't think they need it and because of technological issues.

My view is that you certainly could have such a card. Smart card technology and embedded chips in cards are possible. Biometric identification, whether it's handprint, voice print, eye print, or whatever, would certainly make administration and the use of technology easier because you'd have a common client identifier and you'd be sure you're dealing with the person you think you're dealing with.

I think the fear in the past—and I'm not sure if this fear was justified—was that if everybody had this common identifier on their files, even though the files were separate—for example, provincial licences were separate, medical records were separate, and so on—it would make it easy for whoever wanted to do it to pull all this data together because all you needed to know was that one number and you were able to pull medical records, criminal records, driver's records, everything together on the one number.

The prevailing wisdom in the past was that if you have separate numbers, if you make it difficult for techno-people to do this, it won't happen. But the probability is that if people want to bring the data together, with the technology that exists today they can use names or anything else and they'll be able to do so.

But primarily, I don't think it's a technological issue as much as a policy issue. Once the Government of Canada decides that this is the direction in which they want to move, you'll have a lot of technology companies lining up and offering to develop the technology and administer it, and we in Bathurst will also line up to suggest that we can administer it.

The Vice-Chairman (Mr. Lynn Myers): Mr. Miller, please.

Mr. David Miller: Just to add to Mr. Braiter's comments, I think one of the problems we have in Revenue Canada is the assumption that we already have a lot of information and do a lot of things, which certainly isn't true.

If we developed a system like that, someone would have to maintain it, not on behalf of the individual components but on behalf of the issuance and maintenance of that card. So in effect we would have some agency or group—it shouldn't be Revenue Canada, and it probably shouldn't be HRDC—that's actually responsible for the issuing and maintaining, and that database would then provide the kind of access many people are afraid of.

One interesting thing in Revenue Canada is that there's a section of the act that every employee knows about, section 241, which deals with what information can be shared, and it's very clear. It's not the social insurance number, the name, the address, some things that are available through phone books. It's information obtained as a result of gathering tax data. It's very clear under that section who can get that information and for what purposes. That's where we get back to those agencies that can share, or perhaps in some cases some provincial agencies, although that's very restricted as well. So our concern is not just with social insurance numbers but with any information we obtain through the submission of tax data and what happens to that.

Although administratively it would make our lives much easier, it might be very difficult to convince people it was in their best interest to have a super system of identification.

The Vice-Chairman (Mr. Lynn Myers): Mr. Pickard, you may ask a very quick question.

Mr. Jerry Pickard: I'll ask one real quick question and then end it.

I was suggesting a separate identification card having to do with no government department that exists today but something that identifies people.

Who has access to Revenue Canada's records? Through a phone call or anything, if you don't identify yourself, who has access to your records? I don't think it is easy to get records from Revenue Canada if you don't have the proper identification. I don't think it's easy to get to HRDC and do what has been suggested as the caution. I don't think you can get into those departments and get that information without the proper identification. So in my opinion, to say somebody could go through everybody's file just because there's a number in existence is wrong. I think through a smart card, through proper identification, we can prevent that from happening.

The Vice-Chairman (Mr. Lynn Myers): We'll take that as a comment. Thanks very much.

I wanted to follow up on that, if I could, Mr. Braiter and Mr. Miller. Are you aware of any studies being done in the provinces with regard to single identification numbers, and if so, are there consequences for what we're talking about here today?

• 1655

Mr. Hy Braiter: I'm aware of this common client file review between the federal government officials and provincial officials. They have written a report. I haven't read it, but my understanding is they're rejecting the need for such a common client identifier.

I'm also aware that Treasury Board has a major review, one of their major projects, on something called public key infrastructure, PKI. This would be the identifiers that would be used for allowing the public to do electronic business with the government through the Internet. There will have to be a whole new secure structure put in place for people who want to file their tax returns over the Internet to make sure we're absolutely sure it's that person who is dealing with us and no other person, and vice versa. This will require also giving out certain sophisticated public keys, as they call them.

Basically, it will be software packages used at either end that scramble the data coming in and descramble it coming in, with some pin numbers and so on, which would be used by the federal government. Again, there will have to be an issuing agency, whether it's us, Revenue Canada, or whoever, that would be managing and issuing this public key infrastructure. So the development of such a public infrastructure of numbers that would be used to access the government and do business with the government over the Internet is in progress right now in the federal government.

The Vice-Chairman (Mr. Lynn Myers): Mr. Miller, do you wish to comment on that?

Mr. David Miller: Mr. Chairman, in my opening remarks I tried to indicate that we are trying to address some of these issues. One of the things with Revenue Canada is we hope that in most instances people don't have to deal with us more than once a year, but there is a focus on corporations and companies and the number of times they have to report information both to us and at a provincial level. And certainly, as Mr. Braiter said, the whole idea of doing things over the Internet and the security requirements associated with that are our largest problem. It's not the technology and it's not the system acceptance. It's ensuring the data that are transmitted as well as the identification of the individual sending it are correct. We're working with the Department of Industry quite actively on trying to resolve that.

The Vice-Chairman (Mr. Lynn Myers): Thank you very much.

Mr. Braiter, I was interested in paragraph 16.70, specifically where the Auditor General said that HRDC's performance indicators in fact discourage SIN investigations. I wonder if you could comment on that and whether or not you thought the department should move to correct it. And while you're thinking about that, in 16.71 as well I think the reference was made to the fact that investigations in fact are given very low priority. Perhaps you could tell us a little bit about what your thinking is along those lines.

Mr. Hy Braiter: I think what the Auditor General is referring to is that, first of all, we obtain our resources through Treasury Board approvals, as do all departments, and in negotiating resources with Treasury Board we have to of course give them the business case. In negotiating resources for investigation with Treasury Board, the business case is usually based on a return on that investment. In other words, if we spend $1, how much are we going to get back? They often compare us with Revenue Canada. In fact, they've argued with me sometimes, saying why should I spend $1 on employment insurance when, sure, you're getting 10:1 back—in fact, now we're getting 14:1 back—but Revenue Canada gets 20:1 back?

So we go through this sort of thing. At the end of the day we do get x number of people to do investigations and we do have a commitment to come back and show our results, and an estimate of what the results might be, whether they're a $600 million return or a $700 million return on employment insurance for the resources we get.

Naturally, within the department we try to focus on those activities that give us the greatest return for our dollar. We don't want to run around and just call people and investigate them, so we call people in who we have reason to suspect of abusing us. We have techniques that we use. We have file matches we use. We know for sure when a person has been working and collecting EI simultaneously because of what we call a post-audit program. So we focus on those people because we know we have a 2:1 hit there. For every two people we call in, we stop one person from collecting benefits inappropriately.

So in that sense, of course it does motivate our officers to deal with those situations that give a return. When dealing with SIN numbers, as we discussed earlier, the returns are very low. You can spend a lot of an officer's time trying to figure out if a person has two or three SIN numbers, and at the end of that time you have to go to court and prosecute the person. The court may give them a fine of up to $1,000, but it's probably more like $200 or $300.

• 1700

So if you look at it as strictly a business case, the return on investment is much better if you still have cases to investigate on EI as a post-audit or the customs match, which you might have read about in the newspaper, or what have you, than just chasing around and looking for the people who might have multiple SINs. That's why I was trying to say that what we try to do is catch abuse at the time they're trying to use the SIN to obtain benefits invalidly.

That having been said, the Auditor General has a valid point. We're going to go back to Treasury Board. We have already put together a team. Notwithstanding the great other work they could do and the great returns they can get, the preventative work of making the public know that we're there looking and making sure that people don't abuse, sell, or produce false SIN numbers is worthwhile for all programs, not just EI. We're going back to Treasury Board to try to renegotiate some of the ways in which we're going to use our resources. We'll acknowledge that if we use them one way, you won't see the returns on the EI program, but it will be a worthwhile thing to do, especially in light of the AG's concerns.

The Vice-Chairman (Mr. Lynn Myers): Well, Mr. Braiter, I think it's important that you do that and assemble your team.

Mr. Hy Braiter: We will.

The Vice-Chairman (Mr. Lynn Myers): I listened with great interest to the fact that you're putting in place five working groups and all the kinds of things I think Canadians would expect you to do.

I'm wondering about something, though. We're talking a lot about studying and examining and going forward. What are the specific timetables? Are there performance indicators that have been set? Are there things in place in terms of interdepartmental relations? For example, what can you do to ensure this gets on expeditiously?

Mr. Hy Braiter: As I said, we will send the committee our work plans and timetables. I know you've heard about the studies.

But as well as doing the studies, we're going to move immediately to use our new authority, our new laws, to use the old age security files—everybody at a certain age is entitled to OAS—so that eventually, when they do pass away, OAS is notified. We're going to use those files first to clean up our files. We're going to go after the provinces and use those files. We're going to try to see what we can do with Statistics Canada.

We're going to look at activity on SINs. Some of these aged people have no economic activity. We're going to maybe flag them differently so that everybody's aware that if such a person shows up, we'll take a look at who he is because he hasn't been active economically for a while.

So we have a three-pronged approach. One is to study things like what we talked about around this table. The other is to get on with doing some of things to clean up the validity of our records. The third one is to discuss with our other partners what the future should be for the SIN in terms of the broader issue and how we might advise our ministers in the broader debate as to whether this is an identity card or whether it is just an account number.

But of course, as the Auditor General pointed out, this requires parliamentary consideration and debate. But the departments have an obligation to put forward the analysis to their ministers in this debate. So we've taken the liberty of calling the departments together and getting rolling on that.

So there are really several tranches. One is action. One is studying what action should be taken. One is looking at the whole concept of the SIN number for the future.

The Vice-Chairman (Mr. Lynn Myers): Very good. Thank you very much.

Mr. Laurin.

[Translation]

Mr. René Laurin: My question is for Revenue Canada officials. The briefing notes we received report that in the 1993 tax year, Revenue Canada received 73,000 returns on which the SIN could not be linked to identified taxpayers. In 1994, Revenue Canada still had 47,000 taxpayers who did not match with the SIR. What does this mean? Is it possible that persons filed a tax return without including their SIN number, or listed their SIN number without giving their name? What happened in these instances?

[English]

Ms. Kathy Turner (Director General, Benefit Programs Directorate, Assessment and Collections Branch, Revenue Canada): If a taxpayer files a tax return without a social insurance number on it, we handle it in one of two ways. First, we do contact the client to try to determine who they are and get an accurate social insurance number for them. During this process, if the taxpayer is filing a return that says he owes us money, we set up an account and accept his declaration that he owes us money. We then do the normal assessment.

If he files a return asking for a refund, we do not give a refund until we have satisfied ourselves who this person is and that we have their social insurance number.

[Translation]

Mr. René Laurin: Therefore, the problem was first noted some time ago. Was it discovered when the Auditor General paid you a visit? How did you come to notice that there were too many cards or SIN numbers in circulation? Perhaps I should put that question to HRDC officials.

• 1705

[English]

Mr. David Miller: Well, we have always had a problem, not only with not being able to match them, but effectively, when they file, they put down the wrong number. This requires our manual intervention to find out who they were and what they've done in the last twenty years. We verify it's the same person. It's just that they've copied down their social insurance number incorrectly. Then we go from there.

So it's an ongoing program in identification. It's very labour-intensive for us when people simply report the wrong file identifier to us. In this case, it's the wrong social insurance number. We have to figure out who they are. As Ms. Turner said, if we can't identify them, we'll go outside, through our own systems, to try to contact them directly.

[Translation]

Mr. René Laurin: Did you have any idea of the extent of the problem before the Auditor General brought this to light in his report?

[English]

Mr. David Miller: Yes, this has been an ongoing problem for us in the identification and correct matching of individuals' names, addresses, social insurance numbers, and other income data. So it's not a new thing. But when we have 22 million people filing tax returns, and 600,000 new returns coming in each year, identification and matching become more and more difficult each year.

[Translation]

Mr. René Laurin: Why did we not hear about this problem before? If the Auditor General hadn't decided to do this audit, would we still be completely in the dark?

[English]

Mr. David Miller: Well, it's just one of those ongoing difficulties we have in matching people with returns. It does not mean there are any revenues at risk or that people will not end up with the benefits or entitlements they should have. It's a question of us having to make phone calls, send letters, or do whatever it is to eventually match up a tax return or tax information with an individual. So there are clerical errors we have to straighten out.

[Translation]

The Vice-Chairman (Mr. Lynn Myers): Is that all, Mr. Laurin?

Mr. René Laurin: No, it isn't, Mr. Chairman. You say that you are now taking steps to address the problem. You spoke about setting up committees to deal with certain situations. What area will receive your priority attention so that we can avoid a recurrence of these errors? What area have you targeted first? Would it be Human Resources Development?

[English]

Mr. Hy Braiter: As I mentioned, this is a clean-up of the central index of social insurance numbers. It's one of our top priorities now. We'd like to come back in a year and say that all of the dead people are on the file. We'll verify all of the 18 million that were issued before we asked for proof of identity. It's a very high priority for us because we have other departments relying on a good registry.

[Translation]

Mr. René Laurin: Could the millennium bug affect these operations?

[English]

Mr. Hy Braiter: Yes, it does. Many of our computer systems people on whom we will rely to do a lot of the matching and clean-up are busy getting the current systems ready for the year 2000 issue. So in that respect, we may have a little difficulty getting some of these people to work on this issue instead of on the government's top priority for technology, which is to be ready for Y2K. Our department will have all its mission-critical systems ready for Y2K in about a month or two. So in that sense, we can be back to business as usual in a few months.

I have just been told by Mr. Bourdages that the social insurance number system is already year 2000 compliant. We finished the job there for Y2K. So that's good news. We can now clean it up for other reasons.

[Translation]

Mr. René Laurin: One final question, Mr. Chairman. When will we know if the situation has improved? When do you plan to report on your efforts to correct these problems?

• 1710

I would imagine that you could have a report ready within one year. If we don't get together again before one year has elapsed, we won't be able to note any progress any time soon. Could we reasonably hope to get a report within the next few months or has the Auditor General already planned to do this?

Mr. Denis Desautels: Certainly we plan to follow up on this situation. It is customary for us to release a second report two years after filing our initial one to report on how successful an organization has been in resolving the problems that we identified.

However, in this particular instance, I think it would be important for the department to submit a detailed action plan to the committee along with a specific timetable. This would ensure proper follow-up of any corrective action taken.

Mr. René Laurin: Mr. Chairman, I'd like us to ask the department to submit such a plan and to let us know how much time it would need to comply with our request.

[English]

The Vice-Chairman (Mr. Lynn Myers): Merci, Monsieur Laurin. That's a reasonable request, and we'll do precisely that. We'll ask for a detailed plan as well as timelines with regard to implementation.

By way of wrap-up, since there appear to be no more questions, in light of what was said here today and in light of the responses given to your audit by the departments, I wondered, Mr. Desautels, if you have a degree of confidence more so than you had at the outset in terms of where we're heading and what we're doing here.

Mr. Denis Desautels: Mr. Chairman, I am quite encouraged by the breadth of the action plan that the representatives of HRDC have talked about today. It seems to cover all the fronts on which we raised administrative issues relating to the SIN number. The plan itself seems to be very thorough. All I would suggest is if the plan could be submitted to the committee, we could all then use it as a point of reference in order to monitor progress ultimately against that plan. I think that would be the right way to go. I would be quite interested in seeing the whole other side of the question explored further, the privacy issues and all of the other possibilities we've discussed today.

Obviously, this is a subject that is a policy issue in which parliamentarians have to be deeply involved, so I'm not sure who has to start the ball rolling. It could be the department looking at and presenting alternatives to parliamentarians that they can then discuss among themselves, or there could also be a general discussion among parliamentarians to orient the work of the departmental officials.

In closing, I would welcome further involvement of this committee and maybe other committees in this whole question.

The Vice-Chairman (Mr. Lynn Myers): I think what we'll do is note and highlight that for future subcommittee business. I think that's an important flag, especially since it came up in a number of questions with regard to the issue of privacy. We'll note that and pursue it further.

Having said that, this meeting is adjourned. Thank you very much.