Vol. 147, No. 5 — February 27, 2013

Registration

SOR/2013-20 February 14, 2013

DEPARTMENT OF HUMAN RESOURCES AND SKILLS DEVELOPMENT ACT
OLD AGE SECURITY ACT
DEPARTMENT OF SOCIAL DEVELOPMENT ACT
CANADA PENSION PLAN

Regulations Amending Certain Department of Human Resources and Skills Development Regulations and Repealing the Department of Social Development Regulations

P.C. 2013-142 February 14, 2013

His Excellency the Governor General in Council, on the recommendation of the Minister of Human Resources and Skills Development, makes the annexed Regulations Amending Certain Department of Human Resources and Skills Development Regulations and Repealing the Department of Social Development Regulations, pursuant to

REGULATIONS AMENDING CERTAIN DEPARTMENT OF HUMAN RESOURCES AND SKILLS DEVELOPMENT REGULATIONS AND REPEALING THE DEPARTMENT OF SOCIAL DEVELOPMENT REGULATIONS

CANADA PENSION PLAN

CANADA PENSION PLAN REGULATIONS

1. Subsection 47(2) of the Canada Pension Plan Regulations (see footnote 1) is replaced by the following:

(2) The Minister shall determine the age and identity of a person on the basis of any information provided to the Minister by the Canada Employment Insurance Commission under subsection 28.2(5) of the Department of Human Resources and Skills Development Act.

2. The heading before section 60 and sections 60 to 60.2 of the Regulations are repealed.

3. Paragraph 76(4)(c) of the Regulations is replaced by the following:

  • (c) the irrevocable written consent of the person to the deduction and payment by the Minister has been received before the expiry of one year after the date of their signature; and

DEPARTMENT OF HUMAN RESOURCES AND SKILLS DEVELOPMENT ACT

DEPARTMENT OF HUMAN RESOURCES AND SKILLS DEVELOPMENT REGULATIONS

4. (1) The portion of section 3 of the Department of Human Resources and Skills Development Regulations (see footnote 2) before paragraph (b) is replaced by the following:

3. For the purpose of subsection 35(1) of the Act, information that is obtained, or prepared from information that is obtained, under any program other than the Canada Pension Plan or the Old Age Security Act may be made available to the following:

  • (a) the Canada Revenue Agency, for the administration or enforcement of the Income Tax Act;

(2) Subparagraph 3(h)(i) of the English version of the Regulations is replaced by the following:

  • (i) enforcing the laws of Canada or a province,

5. The Regulations are amended by adding the following after section 3:

3.1 For the purpose of subsection 35(1) of the Act, information that is obtained, or prepared from information that is obtained, under the Canada Pension Plan may be made available to the following:

  • (a) the Canada Revenue Agency, for the administration or enforcement of the Income Tax Act;
  • (b) the Correctional Service of Canada, for the purpose of the administration or enforcement of the Corrections and Conditional Release Act;
  • (c) the Department of Justice or the Royal Canadian Mounted Police, for the purpose of any investigations or prosecutions in relation to war crimes or crimes against humanity or any activities relating to extradition from Canada for such crimes;
  • (d) the Department of Veterans Affairs, for the purpose of the administration or enforcement of any of the following Acts:
    • (i) Canadian Forces Members and Veterans Re-establishment and Compensation Act,
    • (ii) Children of Deceased Veterans Education Assistance Act,
    • (iii) Civilian War-related Benefits Act,
    • (iv) Department of Veterans Affairs Act,
    • (v) Pension Act, and
    • (vi) War Veterans Allowance Act;
  • (e) the Library and Archives of Canada, for the administration or enforcement of the Library and Archives of Canada Act; and
  • (f) Statistics Canada, for the administration or enforcement of the Statistics Act.

3.2 For the purpose of subsection 35(1) of the Act, information that is obtained, or prepared from information that is obtained, under the Old Age Security Act may be made available to the following:

  • (a) the Canada Revenue Agency, for the administration or enforcement of the Income Tax Act or Part 1 of the Energy Costs Assistance Measures Act;
  • (b) the Correctional Service of Canada, for the purpose of the administration or enforcement of the Corrections and Conditional Release Act;
  • (c) the Department of Justice or the Royal Canadian Mounted Police, for the purpose of investigations or prosecutions in relation to war crimes or crimes against humanity or any activities relating to extradition from Canada for such crimes;
  • (d) the Department of Veterans Affairs, for the purpose of the administration or enforcement of any of the following Acts:
    • (i) Canadian Forces Members and Veterans Re-establishment and Compensation Act,
    • (ii) Children of Deceased Veterans Education Assistance Act,
    • (iii) Civilian War-related Benefits Act,
    • (iv) Department of Veterans Affairs Act,
    • (v) Pension Act, and
    • (vi) War Veterans Allowance Act;
  • (e) the Library and Archives of Canada, for the administration or enforcement of the Library and Archives of Canada Act; and
  • (f) Statistics Canada, for the administration or enforcement of the Statistics Act.

OLD AGE SECURITY ACT

OLD AGE SECURITY REGULATIONS

6. Subsection 18(2) of the Old Age Security Regulations (see footnote 3) is replaced by the following:

(2) The Minister shall determine the age and identity of an applicant on the basis of any information provided to the Minister by the Canada Employment Insurance Commission under subsection 28.2(5) of the Department of Human Resources and Skills Development Act.

7. The heading before section 28.2 and sections 28.2 to 28.4 of the Regulations are repealed.

DEPARTMENT OF SOCIAL DEVELOPMENT ACT

DEPARTMENT OF SOCIAL DEVELOPMENT REGULATIONS

8. The Department of Social Development Regulations (see footnote 4) are repealed.

COMING INTO FORCE

9. These Regulations come into force on March 1, 2013.

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the Regulations.)

Background

Human Resources and Skills Development Canada (HRSDC) is the steward of large repositories of personal information, including sensitive data, such as bank account and medical information, and has a responsibility to protect this information. Canadians rely on HRSDC to effectively manage and protect this information.

The Privacy Act protects the privacy of individuals with respect to personal information held by a government institution and provides individuals with a right of access to that information.

Currently, HRSDC is governed by five “Privacy Codes” that apply to the protection and making available of personal information by the Department. They are found in the following five separate statutes:

  • Department of Human Resources and Skills Development (DHRSD) Act;
  • Department of Social Development (DSD) Act;
  • Canada Pension Plan (CPP);
  • Old Age Security (OAS) Act; and
  • Employment Insurance (EI) Act, which applies to the Social Insurance Register (SIR).

Human Resources and Skills Development Canada’s Privacy Codes go beyond the basic requirements of the Privacy Act with respect to the disclosure of personal information, in that they contain additional statutory rules, such as provisions placing conditions on the further release of information to third parties, and specific conditions that apply to the disclosure of information from the SIR.

Under these Codes, the federal institutions with which, and associated federal laws under which, HRSDC is authorized to share information vary depending on the program for which the information was obtained or prepared. They are listed in four regulations and two laws: (1) DHRSD Regulations; (2) DSD Regulations; (3) CPP Regulations; (4) OAS Regulations; (5) CPP; and (6) OAS Act.

Because the Codes vary somewhat across the five statutes and regulations, they require attention to manage the risk of inadvertent release of personal information to an unauthorized institution or in connection with an unauthorized law. The Jobs, Growth and Long-term Prosperity Act (JGLP Act) did not change the Codes but ratheramalgamated them under the DHRSD Act to allow HRSDC to be in a continued position to manage effectively the large repositories of personal information under its control. This amalgamation will come into force on a day or days to be fixed by order of the Governor in Council to coordinate with the coming into force of the consequential regulatory amendments.

Issues and objectives

When the legislative changes made by the JGLP Act come into force, the authority to make privacy-related regulations will be repealed from several acts and consolidated under the DHRSD Act. As a result, the privacy-related regulations made under the CPP and OAS will no longer be valid and there will be a regulatory void to fill.

The objectives of these regulatory amendments are to

  • support the amalgamated HRSDC Privacy Codes under the DHRSD Act;
  • proactively manage the risk of inadvertent release of personal information;
  • ensure that the privacy-related components of the regulations made under affected acts will continue to have a legal foundation by amalgamating them into the DHRSD Regulations made under the consolidated regulation-making authority of the DHRSD Act;
  • avoid confusion regarding the applicable regulatory framework by repealing regulations that are no longer valid; and
  • update the names of federal institutions to which information may be disclosed.

It is not an objective of these regulatory amendments to change the type or quantity of personal information that is collected, or the manner in which that information is stored and shared. These regulatory amendments merely move existing privacy-related requirements from several regulations and legislation into one regulation.

Description

Amendment #1: To consolidate the list of prescribed federal institutions and prescribed purposes in the DHRSD Regulations

Currently, for the purposes of subsection 35(2) of the DHRSD Act, the DHRSD Regulations list eight federal institutions with which HRSDC may share individuals’ personal information for prescribed purposes, subject to certain conditions being met. These are the following:

  • (i) the Canada Customs and Revenue Agency for the administration or enforcement of the Income Tax Act;
  • (ii) Statistics Canada for the administration or enforcement of the Statistics Act;
  • (iii) the Department of Citizenship and Immigration for the administration or enforcement of the Immigration and Refugee Protection Act;
  • (iv) the Public Service Commission for the administration or enforcement of the Public Service Employment Act;
  • (v) the Canadian Security Intelligence Service for the administration or enforcement of the Canadian Security Intelligence Service Act;
  • (vi) the Department of Justice for the administration of activities conducted with respect to legal proceedings and activities related to the mutual legal assistance under an agreement;
  • (vii) the Library and Archives of Canada for the administration or enforcement of the Library and Archives of Canada Act; and
  • (viii) the Royal Canadian Mounted Police (RCMP) for the administration of the following activities, namely (a) enforcement of the laws of Canada or a province; (b) carrying out a lawful investigation; or (c) exercising mutual legal assistance under an agreement.

Going forward, the list of institutions and purposes will remain the same (although wording changes will be made to reflect the new name of the Canada Revenue Agency) but will now apply to all programs (e.g. Employment Insurance Program, Canada Student Loans Program) except CPP and OAS, including programs formerly under the DSD Act.

Moreover, the lists of prescribed federal institutions with prescribed purposes currently found in the CPP and CPP Regulations will be consolidated in the DHRSD Regulations to support the amalgamation of the HRSDC Privacy Codes. The lists currently found in the CPP Regulations and CPP will be re-established in one place under the regulation-making authority provided by the DHRSD Act without effectively changing the scope of the existing authority to disclose information. As a result, the DHRSD Regulations will now include a list of seven prescribed federal institutions with prescribed purposes governing when HRSDC may share personal information obtained under the CPP:

  • (i) the Canada Revenue Agency for the purpose of the administration or enforcement of the Income Tax Act;
  • (ii) the Correctional Service of Canada for the purpose of the administration or enforcement of the Corrections and Conditional Release Act;
  • (iii)/(iv) the Department of Justice and the RCMP for the purpose of investigations and prosecutions in relation to war crimes and crimes against humanity and activities relating to extradition from Canada for such crimes;
  • (v) the Department of Veterans Affairs for the purpose of the administration of any of the listed acts of Parliament (see Amendment #2 below);
  • (vi) the Library and Archives of Canada for the administration or enforcement of the Library and Archives of Canada Act; and
  • (vii) Statistics Canada for the administration or enforcement of the Statistics Act.

Similarly, the lists of prescribed federal institutions with prescribed purposes currently found in the OAS Regulations and OAS Act will be consolidated in the DHRSD Regulations to support the amalgamation of the HRSDC Privacy Codes. The lists currently found in the OAS Regulations and OAS Act will be re-established in one place under the regulation-making authority provided by the DHRSD Act without effectively changing the scope of the existing authority to disclose information. As a result, the DHRSD Regulations will now include a list of seven prescribed federal institutions with prescribed purposes governing when HRSDC may share personal information obtained under the OAS Act:

  • (i) the Canada Revenue Agency, for the purpose of the administration or enforcement of the Income Tax Act or Part I of the Energy Costs Assistance Measures Act;
  • (ii) the Correctional Service of Canada, for the purpose of the administration or enforcement of the Corrections and Conditional Release Act;
  • (iii)/(iv) the Department of Justice and the RCMP for the purpose of investigations and prosecutions in relation to war crimes and crimes against humanity and activities relating to extradition from Canada for such crimes;
  • (v) the Department of Veterans Affairs for the purpose of the administration of any of the listed Acts of Parliament (see Amendment #2 below);
  • (vi) the Library and Archives of Canada for the administration or enforcement of the Library and Archives of Canada Act; and
  • (vii) Statistics Canada for the administration or enforcement of the Statistics Act.
Amendment #2: To explicitly list the prescribed federal acts administered by the Minister of Veterans Affairs

For the purposes of the CPP and OAS, the Department is currently authorized to share information with the Department of Veterans Affairs for the purposes of the administration of any act of Parliament that is administered by the Minister of Veterans Affairs. The acts of Parliament are not explicitly listed in the legislation.

Currently, HRSDC discloses personal information to the Department Veterans Affairs to administer six acts of Parliament. In order to clearly outline which specific acts, they are now being included in the Regulations. The list of the six acts of Parliament is as follows:

  • (a) Canadian Forces Members and Veterans Re-establishment and Compensation Act;
  • (b) Civilian War-related Benefits Act;
  • (c) Department of Veterans Affairs Act;
  • (d) Pension Act;
  • (e) War Veterans Allowance Act; and
  • (f) Children of Deceased Veterans Education Assistance Act.
Amendment #3: To repeal the provisions prescribing federal institutions and associated federal acts in the CPP Regulations and OAS Regulations

Currently, section 60.2 of the CPP Regulations and section 28.4 of the OAS Regulations contain part of the aforementioned list of prescribed federal institutions and associated federal laws or activities (excluding those lists found in the CPP and OAS Act) to be included under the DHRSD Regulations as part of Amendment #1 and Amendment #2.

To support the alignment of the regulatory changes with the legislative changes in such a way that clarifies HRSDC’s privacy rules on the disclosure of personal information to other federal departments and minimizes the risk of inadvertent release of this information, these sections will be repealed.

Amendment #4: To repeal sections 60 and 60.1 of the CPP Regulations and 28.2 and 28.3 of the OAS Regulations

Currently, sections 60 and 60.1 of the CPP Regulations and sections 28.2 and 28.3 of the OAS Regulations govern access to personal information ensuring that the Department only makes available information to an individual or their representative after having received a written request signed within the year.

The requirement for written consent, which meets the basic Privacy Act requirements, exists in the DHRSD Act. As a result of the legislative changes, this requirement will continue to apply to the CPP and OAS programs; however, the regulation-making authority in the CPP and the OAS Act to prescribe conditions regarding when information with respect to an individual may be shared with that individual or representative is repealed. Sections 60 and 60.1 of the CPP Regulations and sections 28.2 and 28.3 of the OAS Regulations, which effectively describe the condition for a one-year expiration date on the written consent, will be in policy guidelines.

Amendment #5: To remove the reference to subsection 104.01(2) of CPP in paragraph 76(4)(c) of the CPP Regulations

Currently, paragraph 76(4)(c) of the CPP Regulations refers to subsection 104.01(2) in the CPP, which is being repealed as part of the legislative changes to amalgamate HRSDC’s Privacy Codes.

While these provisions are still required and authorized under other sections of the CPP, the reference to the repealed section will be removed as a consequence of the amalgamation of HRSDC’s Privacy Codes.

Amendment # 6: To change the reference to subsection 139(5) of the EI Act in subsection 18(2) of the OAS Regulations and subsection 47(2) of the CPP Regulations

Currently, subsection 18(2) of the OAS Regulations and subsection 47(2) of the CPP Regulations refers to subsection 139(5) of the EI Act. This subsection is being repealed from the EI Act and added as a new subsection 28.2(5) of the DHRSD Act, as part of the legislative changes to amalgamate HRSDC’s Privacy Codes.

The reference to the repealed section will be removed and a reference to the new subsection 28.2(5) of the DHRSD Act will be added to subsection 18(2) of the OAS Regulations and subsection 47(2) of the CPP Regulations in its place, as a consequence of the amalgamation of HRSDC’s Privacy Codes.

Amendment #7: To update the names of federal institutions in the DHRSD Regulations

To add clarity to the current list of federal institutions in the DHRSD Regulations, the DHRSD Regulations will be updated to replace the name “Canada Customs and Revenue Agency” with “Canada Revenue Agency” to reflect the current name of the Agency. Similarly, the word “enforcement” will be changed to “enforcing” in order to be consistent in verb tense.

Amendment #8: To repeal the DSD Regulations

The DSD Regulations will be repealed as a consequence of the repeal of the DSD Act. The privacy regulations made under the DSD Act will be amalgamated with the departmental regulations.

Consultation

The key stakeholders are the Office of the Privacy Commissioner (OPC), as well as 11 federal departments: the Canada Revenue Agency, Statistics Canada, the Department of Citizenship and Immigration, the Public Service Commission, the Canadian Security Intelligence Service, the Department of Justice, Heritage Canada (the Library and Archives of Canada), the RCMP, the Department of Veterans Affairs and Correctional Service of Canada.

The mission of the OPC is to protect and promote the privacy rights of individuals. The annual report of the OPC is tabled in Parliament annually. The OPC is a public advocate for the privacy rights of Canadians. In the past, the OPC was consulted on HRSDC’s Privacy Codes, including Part 4 of the DHRSD Act 2005. Since then, HRSDC has been meeting with the OPC on a regular basis in its efforts to proactively manage the risks of inadvertent or unauthorized release of personal information.

As recently as spring 2012, HRSDC consulted with the OPC regarding the legislative changes to amalgamate the five HRSDC Privacy Codes under the DHRSD Act. These legislative changes were tabled in the House of Commons and then subsequently discussed at the House of Commons Standing Committee on Finance as part of Bill C-38, the JGLP Act. Similarly, these legislative changes were discussed at the Senate Standing Committee on National Finance. Both members of these House of Commons and Senate standing committees were reassured that the OPC had been consulted on the amalgamation of the HRSDC Privacy Codes under the DHRSD Act.

In its most recent meeting with the OPC in December 2012, HRSDC highlighted that the current regulatory proposal is consequential to the amalgamation of HRSDC’s Privacy Codes. The OPC recognized efforts by HRSDC to proactively manage the disclosure of information with individuals or their representatives upon request and with federal institutions for specified purposes by enhancing the clarity of the administration of such HRSDC’s disclosure policies. There was an open and direct dialogue between HRSDC and the OPC with respect to the common approach taken to enhancing efforts to support the administration of privacy legislation and regulations.

The federal departments are expected to be supportive, as there are no changes to the authorities outlining with whom and for what purpose HRSDC may disclose information. The federal department (e.g. Canada Revenue Agency) is consulted, if an informationsharing agreement needs to be updated.

“One-for-One” Rule

The “One-for-One” Rule applies to this proposal because one regulation is being repealed. There are no administrative costs or savings to business associated with this repeal because these regulations are spent. There are no changes in administrative costs or savings to business as a result of the amendments.

Small business lens

The small business lens does not apply, as there are no costs to small business.

Rationale

These regulatory amendments are required to create a consolidated privacy regulatory framework that supports the amalgamated HRSDC Privacy Codes.

The benefit of this proposal is to allow HRSDC to be in a continued position to manage the large repositories of personal information under its control. HRSDC will operate under a single, solid legislative and regulatory privacy framework that will continue to go beyond the basic Privacy Act requirements. HRSDC will continue to be able to proactively manage the risk of inadvertent release of personal information.

There are low administrative costs (less than $100,000 in 2012–2013 and 2013–2014, combined) to ensure that the transition to the new regulatory framework is smooth and does not negatively impact program delivery and services. There are neither administrative savings nor administrative costs to the repeal of the DSD Regulations.

Implementation, enforcement and service standards

The implementation of the proposal involves changing policy guidelines, as well as updating information-sharing agreements (for example with the Canada Revenue Agency), and training manuals for HRSDC and Service Canada staff across various programs, such as CPP and OAS, that are administered by HRSDC. Similarly, CPP/OAS policy guidelines to disclose information on request of an individual or their representative will require updating. Consolidating these policy guidelines will also require training of HRSDC and Service Canada officials.

Contact

Jackie Holden
Director
Access to Information and Privacy
Human Resources and Skills Development Canada
140 Promenade du Portage, Phase IV, 1st Floor
Gatineau, Québec
K1A 0J9
Telephone: 819-934-8879
Fax: 819-934-8871
Email: jackie.holden@hrsdc-rhdcc.gc.ca