With regard to the Canada Revenue Agency's (CRA) response to the Privacy Commissioner of Canada's special report to Parliament on February 15, 2024, indicating that a major privacy breach at the CRA involved "vast amounts of sensitive personal information" and that the CRA needed stronger security safeguards: (a) does the CRA accept the conclusions of the Privacy Commissioner that the current process and procedures that govern the handling of sensitive personal information are inadequate; (b) what steps is the CRA undertaking to rectify this lack of safeguards and due diligence to give Canadians confidence that their personal, sensitive and private information is secure with the CRA; (c) what steps is the CRA taking to limit collection until it can be confident that information can be properly secured; and (d) does the CRA take the position that seeking sensitive information from businesses with no sales or confirmed tax obligations would be a misuse of the Universal Periodic Review provisions, and, if not, why not?
In the House of Commons on June 14th, 2024. See this statement in context.