---

APPENDIX C

DRAFT

HUMAN RESOURCES DEVELOPMENT CANADA

RESPONSE TO THE AUDITOR GENERAL'S REPORT

1998-99 WORKPLAN FOR IMPROVING THE ADMINISTRATION OF THE SIN

Introduction

The following sets out key elements of a workplan for improving the administration of the SIN, which is in response to the Auditor General's report.

Background

Evolution of the SIN

The Social Insurance Number (SIN) was introduced in 1964, to provide Unemployment Insurance, Canada Pension Plan and Quebec Pension Plan clients with a file number. In 1967, it also became a file identifier for Revenue Canada. The Proof of Identity (PID) Program was established in 1976 to verify the identity and the status in Canada of individuals applying for a SIN. The program's objective was to prevent the assignment to individuals of more than one number and to ensure the integrity of the Social Insurance Registry.

Roles and Responsibilities Regarding the SIN

• HRD is the custodian of the SIN: Responsible for issuing SINs, maintaining the SIN data base, investigating abuse, and making regulations.
• The Treasury Board is responsible for the policy and guidelines that govern the collection and use of the SIN at the federal level.
• Privacy Commissioner investigates complaints about the SIN.
• Justice supports other departments in providing legal advice for SIN related questions arising under the Privacy Act and responds to general enquiries on the private sector's use of the SIN.

Auditor General's Report

In 1998 the office of the Auditor General (AG) of Canada carried out a thorough review of the Social Insurance Number (SIN). The findings of the audit are contained in Chapter 16 of the AG's report tabled on September 29, 1998.

HRDC has taken the lead on the administrative weaknesses identified in the management of the SIN and, as such, with the assistance of Income Security Programs, Statistics Canada and Revenue Canada, has identified a number of short-term action items:

• February, 1999 Assistant Deputy Minister to meet with Social Services and Vital Statistics counterparts
• March, 1999 Add OAS Mortality and certified data from active data base
• April, 1999 Revenue Canada file of all active SIN's on IDENT database
• May - June 1999 Add OAS Mortality and certified data from archived files
  Determine SIN activity from OAS archived files

Key Administrative Issues Raised by the Auditor General

• Human Resources Development has been administering the SIN in accordance with the intent of its legal framework whereby the SIN is intended to be a file identifier (account number) for certain federal government programs. However, the public often perceives the SIN to be a personal identifier or even an identity card.
• The use of the SIN outside the federal domain has evolved beyond the intent of the Treasury Board policy established in 1989, aimed at preventing it from becoming a national personal identifier. Their audit found that the SIN has become the common numerical identifier both inside and outside the federal government for a wide range of income related transactions and benefits, among other uses.
• However, the SIN program has a number of weaknesses relating to data integrity, proof of identity, SIN penalties, SIN investigations and the SIN card (For more detail, refer to Appendix "A" - actual comments from the Auditor General's Report). As the use of the SIN has become more widespread, these weaknesses have grown in importance.

HRDC Response: Key Challenges

In response to the Auditor General's report, HRDC has identified five key administrative challenges:

1. Address issues related to the integrity of the data on the Social Insurance Register.

2. Examine the Proof of Identity program and its scope.

3. Consider how best to improve the quality and number of SIN investigations.

4. How to better prevent SIN fraud including the possibility of administrative penalties.

5. Explore changes to the SIN card:

- Expiry date for temporary SINs

- More secure SIN card if government chooses to introduce a personal identifier.

HRD Workplan

HRD, aware of its responsibilities related to the issuance of Social Insurance Numbers, maintenance of the Social Insurance Register, and investigation of suspected abuse has developed a workplan based on the activities of five working groups:

Working Group 1: Data Integrity

• What: Improve integrity of data on Social Insurance Register (SIR). Not all deaths are recorded nor departures from the country.
• Who: HRD: National Services (lead), Insurance Services, Systems, Income Security, Investigation and Control; and Revenue Canada
• How:
• Reduce number of uncertified accounts through access to other programs with Proof of Identity.
• Annotate "unused" SINs e.g. no action at RC, CPP, EI etc.
• Increase number of recorded deaths through possible access to provincial data, Statistics Canada, External Affairs etc.
• Possible Outcomes:
• MOUs and Agreements to access other federal or provincial birth, death and name change data.
• Data matching to address backlog of mortality data.
• Access to EI, Income Security and Revenue data to determine if SIN remains in active use.
• Milestones:
• November, 1998 Complete formation of project team
  First draft Terms of Reference document
• December, 1998 Determine contents of SIN data base
  Letter to Statistics Canada requesting mortality data
• March, 1999 Add OAS Mortality data from active data base
  Determine SIN activity from OAS active data base
  Revenue Canada file of all active SINs on IDENT database
• April, 1999 Determine sources of additional birth and mortality data
  Implementation strategy for acquiring additional birth and mortality data
• May, 1999 Address remaining uncertified accounts
  Add OAS Mortality data from archived files
  Determine SIN activity from OAS archived files
• July, 1999 First draft report

Working Group 2: Proof of Identity

• What: Review Proof of Identity process used to support SIN application. No PID required until 1976 as SIN viewed simply as file identification number.
• Who: HRD: National Services (lead), Insurance Services, Investigation and Control, Income Security; Citizenship and Immigration and Revenue Canada.
• How:
• Review primary documents used to support SIN application.
• Review SIN application processing procedures.
• Review PID procedures used in other programs and jurisdictions.
• Recommend new PID.
• Implement tighter controls.
• Possible Outcomes:

1. Additional documentation of identity required at time of application.

2. Verification of documentation at originating source e.g. Link to Provincial Vital Statistics to verify birth data.

• Milestones:
• November, 1998 Complete formation of project team
  First draft Terms of Reference document
• December, 1999 Implement procedures to track fraudulent identities
• January, 1999 Review PID supporting other programs
• April, 1999 Consultations and analysis with Provinces and territories
• March, 1999 Revise SIN handbook and plan for implementation on the Intranet
• June, 1999 First draft of report

Working Group 3: SIN Penalties

• What: To consider how best to prevent SIN fraud including the possibility of administrative penalties for offences because there is currently no effective penalty except when defrauding other programs (EI, Income Security, Revenue Canada etc.).
• Who: HRD: Investigation and Control (lead), Benefit Entitlement, Insurance Services, Legal Services and Finance.
• How: Determine options for preventing SIN fraud; Review possible legislative changes for SIN fraud including initial recommendations and considering Legal, charter and privacy issues. Regional consultations on impact.
• Possible Outcome:

3. No change.

4. Increase public awareness.

5. Implement penalty similar to that in EI.

• Milestones:
• November, 1998 Completion of project team
  First draft Terms of Reference report
• December, 1998 Consultations NHQ
• February, 1999 Regional consultations
• March, 1999 Consultations on legislative wording
• April, 1999 Submission to the Commission
• To be determined Decision on timetable to enact new legislation

Working Group 4: SIN Investigations

• What: Consider how best to prevent SIN fraud; Consider the redesign of Investigation and Control performance indicators to encourage number and quality of SIN investigations.
• Who: HRD: Investigation and Control (lead); Consultations with Treasury Board, Revenue Canada and other departments and agencies that may be concerned with SIN fraud.
• How: Identify alternatives to the existing system and develop recommendations for Management Committee.
• Possible Outcome:

6. Increase public awareness.

7. Treasury Board recognition of value of SIN investigations.

8. More officers assigned to SIN investigations.

• Milestones:
• November, 1998 Completion of project team
  First draft Terms of Reference report
• December, 1998 Establish SIN Investigations Monitoring Unit
• January, 1999 Letter to Regions reinforcing the importance of letters of attestation
• February, 1999 Consultation and analysis
• March, 1999 First draft of report
  Implement Best Practices that would lead to successful prosecutions

Working Group 5: SIN Card

• What: To consider expiry date on temporary SIN cards and to investigate upgrading the security features.
• Who: HRD: Insurance (lead), National Services, Income Security, Investigation and Control; Revenue Canada and Citizenship and Immigration.
• How:
• Determine scope.
• Consultations and partnerships.
• Impact analysis.
• Implementation strategy
• Possible Outcome:
• No change to SIN card - confirm that it is a file identifier.
• Add an expiry date to temporary SIN cards only.
• Issue smart card.
• Will depend on government decision about future of SIN.
• Milestones:
• November, 1998 Compete formation of project team
  First draft Terms of Reference report
• December, 1998 Consultation with Citizenship and Immigration
• January, 1999 Consultations with authorized SIN users
• February, 1999 Consultations with partners (e.g. provinces)
• March, 1999 Consultations with employers, advocacy groups,
  Privacy and Human rights proponents
  Consultations with HRD Systems
• April, 1999 First draft report

Project Co-ordination:

• What: To coordinate the activities of all five working groups to ensure coherence and efficiency. To develop overall approach/plan to administrative issues related to the SIN. Examine possible awareness campaign.
• Who: Five chairs of working groups; selected participants of other departments (Revenue Canada, Treasury Board Secretariat, Industry Canada, Citizenship and Immigration).
• How: Multi-lateral meetings between HRDC, provinces, other government departments; ADM/DM meetings with HRDC and with other departments.
• Outcome: Consultation and plan with provinces involving social services departments, vital statistics and privacy coordinated approach and horizontal management of file.
• Milestones:
• Aug. 1998 Presentation to Provincial/Territorial Information Technology directors
• Sep. 1998 Presentation to F/P/T Directors of Social Services
• Dec. 1998 ADM level inter-departmental meeting followed by DM level meeting
• Jan. - Mar 1999 Negotiations on MOU with New Brunswick Human Resources on access to the SIR
• Spring 1999 Discussions with officials and Deputy Ministers of Social Services, Vital Statistics and Privacy
• March, 1999 Review of draft SIN Investigations report
• April 1999 Review of draft SIN Penalties report
• May, 1999 Table SIN Investigations and SIN Penalties reports with Project Steering Committee
• Summer, 1999 Review of draft Data Integrity, PID and SIN Card reports
  Table Data Integrity, PID and SIN Card reports with Project Steering Committee for decision.

Appendix "A": Actual Comments from the Auditor General's Report

Data Integrity:

1. Significant gap between number of living SIN holders and the size of the Canadian population, a gap of about 3.8 million for those 20 or older:

• The number of unrecorded deaths is one of the biggest factors in the gap;
• The number of living Canadians registered in the SIN data base in 1998 remains significantly higher than in Statistics Canada data;
• Without additional efforts to record deaths, the gaps will continue to grow, along with the potential for confusion and inefficiency and the risk that the identities of deceased individuals could be used for fraudulent activities.

2. Existing sources of information are not fully exploited and more could be done to develop new sources:

• Data matching with the provinces, territories and in foreign jurisdictions are potential sources of information which could potentially reveal hundreds of thousands of unreported deaths;
• Even though CPP, Revenue Canada and SIR are sharing more data, the problem of reconciling the various sources remains. For example, Revenue Canada does not provide SIR with corrections it makes to taxpayer files when it notes discrepancies in date of birth, name, etc.

3. Millions of SINs are not certified for identity. There are approximately 11.8 million accounts in the SIR that because of potential for error, misuse and abuse, could cause major concerns to those who make significant use of the SIN.

4. Birth Information is not easily validated with the issuing organization:

• SIR does not generally confirm the validity of information shown on documents accepted for SIN application with the organizations that issued them;
• Section 6(2) of the Privacy Act requires government institutions to ensure that personal information being used for administrative purposes is as accurate, complete and up-to-date as possible.

Proof of Identity:

1. More rigour needed in the Proof of Identity program:

• Generally, the SIN application process asks for only one identity document and does not have other means to confirm identity such as those of other HRDC programs as well as Passport Canada;
• In general, mailed applications represent somewhat of a greater risk than in-person applications, because certified photocopies are accepted - which themselves could have been certified fraudulently - and applicants who raise suspicion cannot be questioned;
• About 20 per cent of total SIN cards issued annually are to replace cards that owners have reported lost, stolen or broken. Controls on this activity need to be improved.

2. Relying mainly on the birth certificate as the foundation of identity has major drawbacks. The birth certificate has the following limitations:

• Relatively easy to forge or alter;
• Paper-based so it deteriorates rapidly making information harder to verify;
• Not linked to the bearer through any special security features;
• Widespread reliance on documents issued by various agencies creates an inter-dependence. This makes all parties more vulnerable;
• For the SIN, the extent to which the identity document is validated depends on the ability of HRDC clerks and agents to recognize fraudulent or falsified documents;
• Design changes in documents, lack of photographs, the mobility of individuals who may be carrying identification produced in many different jurisdictions, all make it increasingly difficult for program staff who review documents to identify forgeries or altered information;
• The reliability of these documents is not given a rating and so the Department's approach is not tailored according to the quality of identify documents provided by issuing organizations.

SIN Penalties

Penalties resulting from successful SIN investigations are minimal

• The Employment Insurance Act states that the penalty for committing any offenses related to the SIN is a fine of up to $1,000 and/or imprisonment for up to one year. Charges under the Criminal Code can also be pressed;
• Very few perpetrators are caught and, even then, the Department rarely brings criminal charges;
• Such low fines do not appear to warrant the considerable time and effort that prosecution entails and their deterrent effect is doubtful. Thus, there is effectively no penalty for activities that could cause considerable damage to social programs, tax collection, commercial activities and the privacy and security of individual Canadians

SIN Investigations

1. Minimal effort is dedicated to SIN investigations:

• Since HRDC is responsible for controlling the SIN, it is vital that it conduct proactive and effective investigations in order to prevent, detect and deter abuses that could potentially cost taxpayers many millions of dollars and cause hardship;
• Identity theft - the illegal use of a person's identity information, including the SIN - is a growing phenomenon in North America;
• The already small number of SIN investigations continues to decline;
• The Income Security Programs Branch conducted even fewer Sin-related investigations than the Employment Insurance investigators. Certain Income Security programs may be very vulnerable to fraud.

2. SIN investigations could provide substantial results:

• There are many types of SIN investigations that lead to investigations. SIN abuses are reported by Revenue Canada, Employment Insurance, Canada Pension Plan, and by provinces. Others are reported by financial institutions.

3. The quality of SIN investigations needs to be improved:

• In the AG's estimation, fewer than one percent of investigations ultimately generate a strong enough cases to lay charges;

4. Existing performance indicators discourage SIN investigations

• The savings to other programs that are generated through SIN investigations are not attributed by HRDC to Employment Insurance investigators;
• The end result of the performance measurement model is that EI investigators give SIN investigations a very low priority;
• The decline in the number and quality of SIN investigations can also affect the integrity of the SIN data base;

SIN Card

1. Valid SINs are held by thousands of individuals with no legal status in Canada.

• Since 1976, when the 900-series began, 1,242,000 temporary SINs have been issued. In 1998, some 680,000 temporary SINs remain active and 66 percent of these are over five years old, a long period of time for a number considered temporary;
• The gap could represent SIN holders who are residing here illegally.

2. The SIN card was not designed to identify the bearer. Thus, the SIN card has no security features that are unique to the bearer (photograph, description etc.) and that could serve to prevent and deter falsification and improper use of the card.