With regard to the Canada Revenue Agency (CRA) seeking sensitive information about Canadian businesses from independent online service providers without particular suspicion of non-compliance or confirmed tax obligations: (a) did the CRA begin this practice following any directive from the Minister of National Revenue; (b) if the answer to (a) is affirmative, what was the directive and on what date was it issued; (c) if the answer to (a) is negative, why did the CRA decide to act in such a manner; (d) what specific data protections, if any, beyond routine CRA practices, are in place for the CRA in their request to access sensitive information about Canadian businesses from independent online service providers, to ensure data is maintained and secured against breaches; (e) how many privacy breaches occurred at the CRA during the last year in which statistics are available and how many (i) individuals, (ii) businesses, had their information involved in those breaches; (f) has the Minister of National Revenue provided any directives which permit the CRA to obtain over six years of personal information about Canadian businesses from independent online service providers, and, if so, on what date was the directive issued and what was the directive; (g) if the answer to (f) is negative, why is the CRA conducting such activities; and (h) what specific protections, if any, are in place to ensure the sensitive personal information of businesses, collected by the CRA from independent online service providers, is not used for other purposes?
In the House of Commons on December 5th, 2023. See this statement in context.