OTTAWA—Dozens of workers at Canada’s tax agency have been caught snooping on their ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.
Internal reports at the Canada Revenue Agency show that rogue employees are improperly reviewing the private financial affairs of taxpayers without their knowledge.
And some are using agency computers to give favoured treatment to colleagues, friends, family — and themselves.
In one egregious breach last October, a woman accessed 37,500 emails and 776 documents containing confidential financial information about ordinary Canadians. She downloaded the files onto 17 compact discs for her personal use, inexplicably helped by agency technicians.
Documents outlining the forbidden invasions into private tax data were obtained by The Canadian Press under the Access to Information Act.
In one case, a worker secretly operated a business on the side with her spouse, and between 2004 and 2009 “accessed the accounts of two creditors and the spouse of one of those creditors.”
Another worker was found to have inspected his spouse’s tax information 69 times without permission.
A woman in one unidentified office poked into the agency’s data looking for confidential information on colleagues, friends and family — apparently to give them a break on their taxes.
“The employee made unauthorized access to the tax information of three colleagues and to the tax information of a colleague’s daughter, spouse and mother,” says one report.
“She accessed her own tax information and the tax information (of) 13 relatives.... She provided preferential treatment to colleagues, relatives and acquaintances.”
Agency gumshoes then stumbled on a secret cell of snoopers in the same location.
“The investigation also determined that 13 other employees of the same office made unauthorized accesses to taxpayer information. Of the 13 employees, 10 provided preferential treatment to taxpayers, five accessed their own tax information, four received preferential treatment ...”
Another worker peeked at secret agency information about two companies she operated on the side — while those firms were undergoing tax audits.
“In addition, the employee made extensive unauthorized accesses to the taxpayer information of friends and family members and hundreds of other individuals.”
Yet another investigation found an employee peering into the electronic tax files of two of her spouse’s business partners, though the motive is not specified.
The documents show that ex-spouses are sometimes targeted, for reasons not made clear in the heavily censored material from September and October last year. Family members were also a favoured target.
Some workers who were caught claimed they were simply helping relatives file their income-tax forms.
But one worker admitted using the CRA computer system and confidential tax information to issue himself a false charitable donation receipt for $3,000, thus reducing his income-tax payable.
Agency records for 2008-2009 show there were 29 cases in which workers were caught accessing taxpayer records without authorization, about the annual average for the last five years. And there were a dozen instances in 2008-2009 in which tax records were improperly disclosed to third parties.
All information about disciplinary measures taken against staff who broke the rules is censored in the released documents. But in several cases, the agency appeared to be lenient with long-term employees.
“The employee admitted that she accessed the taxpayer information belonging to a former employer, her relatives including her mother, her father, her sister and her brother, as well as the information belonging to her former spouse,” says one report.
In deciding on discipline, “management took into consideration the employee’s years of service, her good employment record and her co-operation with the investigation.”
A spokesman for the agency said the number of breaches is relatively small, given that there are more than 40,000 employees.
“While the number of unauthorized access incidents is not large, the agency consistently continues to review its activities to enhance ... prevention, detection and deterrence,” Noel Carisse said in an email response to questions.
Carisse said taxpayers are not always informed when workers improperly access files because the breach may be judged too minor. But taxpayers whose information is improperly disclosed to third parties are almost always alerted by telephone or mail.
“The (CRA) assessment will almost always lead to the conclusion that injury to the taxpayer is likely, or has already occurred,” he said, referring to disclosures.
Carisse did not provide information on the numbers of employees suspended, fired or criminally charged for such breaches, but said the agency has a “strict and enforced Code of Ethics and Conduct.”
“While any unauthorized access is unacceptable, the agency believes that the current numbers indicate that the agency is doing a good job protecting taxpayer information.”
He declined to provide any further information on the worker who downloaded 37,500 emails and 776 documents, saying only that the investigation continues.
There have been previous reports of isolated security breaches by insiders at the tax agency.
CTV News reported last year, for example, that a tax agency worker was found to be leaking confidential information to a violent gang in British Columbia. The worker was suspended months after the agency was first alerted to the problem through a police wiretap.