From: canadarevenue.agency@hotmail.com   
      
   Canada Revenue Agency mailed SIN numbers to wrong people -- twice: MP  : CRA   
   SOTW   
      
      
   OTTAWA -- A New Democrat MP says the Canada Revenue Agency twice mailed   
   batches of private information -- including names and social insurance numbers   
   -- to the wrong people in his riding.   
      
      
   Charlie Angus has asked the office of federal privacy commissioner Daniel   
   Therrien to investigate the apparent violations.   
      
      
   In a letter to the commissioner's office, Angus says the revenue agency mailed   
   a package April 6 to several constituents in Kirkland Lake, Ont., containing   
   the names, SINs, addresses and phone numbers of five people.   
      
      
   Five days later, the same constituents were mailed a second package with   
   similar personal information about 11 people.   
      
      
   "They were pretty stunned when they received them," said Angus, who has often   
   criticized the federal agency over privacy lapses.   
      
      
   He called the latest incidents completely unacceptable, saying they involved   
   the sort of information that -- if it fell into the wrong hands -- could lead   
   to fraud and identity theft.   
   "Why would you be sending this out to anybody? This is the kind of breach that   
   makes no sense," Angus said.   
      
      
   "I think what's really disturbing is, when it comes to data breaches, CRA is a   
   repeat offender."   
      
      
   The revenue agency had no immediate comment.   
      
   In his latest annual report, Therrien urged federal agencies to put more   
   rigorous safeguards in place to protect sensitive personal information.   
      
      
   The commissioner underscored a record-high number of federal government data   
   breaches disclosed to his office.   
      
      
   Federal institutions reported 256 breaches in 2014-2015, up from 228 the year   
   before. It marked the first time institutions were required to report   
   significant data breaches to the commissioner.   
      
      
   As in previous years, the leading cause of breaches was accidental disclosure,   
   a risk Therrien said can often be managed by following proper procedures.   
      
      
   In 2013 the privacy commissioner's office audited the Canada Revenue Agency,   
   focusing on its access controls to personal information.   
      
      
   The privacy watchdog made 13 recommendations in areas including monitoring of   
   employee access rights, threat and risk assessments for information-technology   
   systems and ensuring the privacy impacts of new programs are assessed.   
      
      
   The agency agreed with the commissioner's recommendations, and the watchdog   
   made plans to follow up on progress this year.   
      
      
   Angus said the revenue agency needs to implement better training of personnel   
   and impose stricter controls over information.   
      
      
   Follow @JimBronskill on Twitter   
   Jim Bronskill, The Canadian Press   
      
      
   ----------------------------------------------------------   
   Miss a Tax Tale Miss a lot!   
   Visit the CRA SOTW Library at http://canada.revenue.agency.angelfire.com   
      
   ------------------------------------------------------------   
   Alan Baggett - http://www.taxcollectorsbible.com/ - Tax Collector's Bible   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)