Annex 8 - Service Canada Employees' Dos and Don'ts: Protecting the Privacy and Security of the SIN

DOs

  • Respect and follow all aspects of the Privacy Act, the Privacy Code and the Values and Ethics Code when dealing with personal information.
  • Access Social Insurance Register (the Register) information only when necessary to do your job.
  • Follow standard procedures for all clients when accessing or updating SIN records or processing any SIN-related requests.
  • Respect and follow all directions, policies and procedures presented during training related to SIN registration and authentication.
  • Do refer authorized partners and other SIN users, such as employers, to the Social Insurance Registration Office when they want SIN or Register information.
  • Protect your Register password and change it regularly.
  • Only send an e-mail containing a SIN to a HRSDC employee who requests it.
  • Remember that an e-mail containing a SIN or personal information becomes part of the client's file and must be provided when requested under the Privacy Act.
  • If you must keep SIN or personal information on a laptop, be sure to use an encryption program. Please ensure that all personal information be deleted from the computer when finished.
  • Keep personal information, including the SIN, under lock and key.
  • Use a secure fax when sending information that includes the SIN or other personal information. If a client would like to send their personal information to a HRSDC/Service Canada employee by fax, advise them that their information may be put at risk, before they proceed.

DON'T

  • Do not give preferential treatment to friends or family in your work.
  • Don't use clients' personal information, including the Social Insurance Number (SIN), for anything other than your authorized duties.
  • Never access or process requests related to your own SIN record or the SIN record of a family member or friend.
  • Never provide the SIN or a client's identity information when seeking advice or guidance from a colleague.
  • Don't collect the SIN of clients unless your program legally requires it and you are specifically authorized to do so.
  • Never leave your workstation without locking your system. Remember that you are responsible for all transactions or accesses made with your Register user code.
  • Never forward an e-mail containing SIN information to an e-mail distribution list.
  • Don't include a SIN in an e-mail unless a procedure specifies that you may do so. If so, never put the SIN in the subject line of the e-mail.
  • Don't leave a laptop containing SIN information unattended or in an unlocked location.
  • Don't forget to shred paper records containing SIN and/or personal information before disposal.
  • Do not send e-mails containing SIN information outside the Intranet system without the information being encrypted.

Navigation within the document