Documents acquired by some media outlets seem to show Canada Revenue Agency employees continue to snoop on the confidential tax files of businesses, acquaintances and others, despite at least $10.5 million spent so far to try to stop them.
The media has uncovered nine significant cases reported this year in which tax workers improperly poked around the government's electronic records to extract sensitive private information about income, deductions, benefits, payments and employment.
It's a long-term, chronic problem at the agency, exposed in 2009 and again in 2013 by Canada's privacy commissioner, who was assured that managers were taking tough action to prevent the breaches.
But more than three years later, confidential tax files are still susceptible to curious workers armed with passwords and CRA-supplied computers.
On Feb. 18, for example, the agency reported that a "CRA employee made unauthorized access to the accounts of 90 acquaintances and family members, one business and his/her own account."
In another breach reported on Feb. 22, an employee improperly accessed the accounts of 227 businesses and individuals.
Federal government departments are responsible for hundreds of significant privacy breaches each year, but most are inadvertent, such as mail sent with the wrong address or misplaced memory sticks.
Most cases at CRA, on the other hand, are the result of deliberate snooping by employees.
The agency has spent $10.5 million since 2013 to make its computers more secure against its own workers, and more money is being devoted next year to complying with recommendations from the federal privacy office, including enhancing system controls so employees can only access information they need to do their jobs.
