Opening Statement to the Standing Committee on Human Resources Development and the Status of Persons with Disabilities

Integrity of the Social Insurance Number
(Chapter 1 - 2002 Status Report of the Auditor General of Canada)

Madam Chair, thank you for this opportunity to present the results of our audit on the integrity of the social insurance number (SIN). With me today are Peter Simeoni and Suzanne Therrien who are responsible for this audit work.

Since its creation in 1964 the SIN has systematically become one of a handful of personal identifiers that are used in Canadian society. Several of the federal government's largest programs use it. For example, in 2000-01 the SIN was the key account number for about $53.6 billion in payments under Employment Insurance, the Canada Pension Plan, and Old Age Security.

Many businesses are also using the SINs of employees and clients for a variety of purposes—anything from serving as file numbers to making a loan to renting a video. Some provincial ministries and city governments also appear to be using it. In short, many organizations collect SINs from Canadians for a variety of uses.

The widespread use of the SIN gives it more value than the government intended. As a result, it is particularly important that it only be used by its rightful owner. When it is not, government benefits, tax refunds, or consumer credit may go to the wrong person.

Focus of the Audit

We carried out this audit to determine whether the government was safeguarding and strengthening the integrity of the SIN. Our work followed up on the concerns we raised in our 1998 report on SIN management. It was also based on reports to the House of Commons on the SIN by the standing committees on Public Accounts and on Human Resources Development. These reports were very useful to us in the course of our work.

What we found

When we began we expected to find that the problems reported in the past would be largely resolved. Instead, we found that while there had been progress on certain issues since 1998, many others had not been addressed.

On one hand, the government has reaffirmed its policy that the SIN is to be used only as an account number for authorized federal programs. To help protect personal information, (including the SIN), outside the federal government, it is implementing the Personal Information Protection and Electronic Documents Act. In addition, HRDC has examined the use of the SIN in the private sector and has made modest efforts to raise public awareness about how the SIN should be used.

On the other hand, we again found serious weaknesses in the control and issuing of SINs, which lead us to conclude that HRDC has not done enough to safeguard and strengthen the integrity of the SIN.

In our view, HRDC is not meeting the intent of the Employment Insurance Act and Regulations in issuing SINs. HRDC asks applicants for one document as proof of both identity and citizenship. Since a single piece of identification is usually insufficient to check both, we are concerned that for the majority of the SINs issued since 1998, the applicant's identity and citizenship status were not checked properly.

We question the reliability of some of the documents that HRDC accepted as proof of eligibility for a SIN. For example, we found that HRDC would accept expired passports, baptismal certificates, and photocopies of these and other documents. We are also concerned because HRDC did not check the validity of most documents it accepts with the authorities responsible for issuing them.

We found that there is inadequate control over SINs issued to people who are not Canadians or permanent residents—the 900 series. Like regular SINs, these SINs do not expire, although they are likely needed only temporarily. And, again, like regular SINs, HRDC did not take adequate steps to establish the identity of applicants. Nor did it ask these applicants to show why they needed a SIN, even though it is required to by regulation. Over time, HRDC has issued close to 1.6 million of these SINs in the 900 series, and more than 900,000 of them are still usable.

Since 1998 the Department has stepped up the number of SIN-related fraud investigations. However, there is little basis to judge whether the new level of effort is adequate because the Department has not done a comprehensive risk assessment as a basis for its investigations.

The reliability and completeness of information in the Social Insurance Register, the database of all SIN records, also remains a problem. While HRDC made some improvements after 1998, there are still several issues that it has not dealt with adequately. For example, the number of usable SINs for people over 20 years old exceeds the related census figure by 5 million. Although HRDC has declared 2.6 million SINs dormant, these SINs can still be used to access federal benefits programs without triggering an investigation.

Madam Chair, I am pleased to note that the department accepted all of our recommendations. Minister Stewart has announced several measures which, if implemented fully, should address a number of our concerns. While I am encouraged by the department's commitment to manage the SIN better, we have not seen the details. I think that it's important that the department develop a complete action plan addressing all of the issues we raised. To do that well, the department should assess what risks there are in managing the SIN, and devise appropriate program controls. It is equally important that controls, while effective, not become excessive or unreasonable.

Issues the Committee may wish to pursue

Madam Chair, it is clear that HRDC has to make a better effort to strengthen the integrity of the social insurance number. While HRDC recognizes there are problems and has taken some steps to address them in the past, we are here today because it did not follow through.

The first order of business is making sure that HRDC respects the intent of the Employment Insurance Act and Regulations. The Committee may wish to ask officials from HRDC how they plan to determine the identity and citizenship status of SIN applicants and to obtain proof that applicants for 900-series SINs actually require them.

The Committee may also wish to ask the officials from HRDC what their plans are for:

• increasing public awareness of how to use the SIN;
• addressing the risks of the 900-series SIN;
• assessing the reliability of documents it accepts as support for applications and checking their validity with the authorities that issued them;
• providing staff with the training and tools they need;
• improving the Social Insurance Register; and
• doing risk-based investigations on SIN-related fraud.

The Committee may also wish to ask the department to provide it with an action plan, against which the department would report its progress regularly.

Madam Chair, that concludes my opening statement. We would be pleased to answer the Committee's questions. Thank you.