Politics

Tax agency staffer gone after taxpayer data leaks to CSIS

No one's saying much about what happened and who's been held accountable for several breaches of taxpayer privacy at the Canada Revenue Agency.

Agency provides few details about who's been held accountable for data leaks to CSIS

A sign of the Canada Revenue Agency.
Canada Revenue Agency has confirmed that an employee implicated in a leak of taxpayer information to CSIS is no longer with the tax agency. (Sean Kilpatrick/The Canadian Press)

No one's saying much about what happened and who's been held accountable for several breaches of taxpayer privacy at the Canada Revenue Agency.

The privacy breaches came to light last week in the annual report of the watchdog for CSIS, Canada's spy agency. The report described how intelligence officers, repeatedly and without a warrant, improperly obtained taxpayers' information.

The Security Intelligence Review Committee found there were "multiple instances of a particular CSIS office obtaining information."

The review committee also learned CSIS told the public safety minister and federal court that all of the taxpayer information obtained without a warrant had been deleted from its operational database when, in fact, it wasn't.

But answers about who was responsible for these breaches and who has been held accountable and how have been hard to come by.

In response to a query from CBC News, CSIS spokesperson Tahera Mufti wrote in an email, "While I cannot confirm or deny any internal disciplinary measures that might have been taken, CSIS maintains robust policies and procedures, defining our roles and responsibilities clearly."

A hint of what had happened appeared later in the email, when Mufti added that none of the "information received from the CRA" was shared outside the spy agency and that the data has since been expunged.

When CRA was asked what happened on its side, and whether anyone has been fired or disciplined, spokesman Philippe Brideau responded, "The employee is no longer with the agency (...) For more information about the incident, please contact CSIS."

A follow-up question about whether the former employee had taken the well-worn path of resigning or retiring before being fired, prompted a politely worded response from Brideau that the agency won't be able to provide such details.

The public may learn more if Canada's Privacy Commissioner decides to investigate.

SIRC instructed CSIS to report the breaches to the commissioner. In response to a request for comment, the commissioner's office said it was aware of the incidents and was "examining" the situation.