New documents show that the private information of tens of thousands of people was mishandled by the federal government last year, including hundreds of taxpayer files inappropriately accessed by employees of the Canada Revenue Agency, which was the worst offender.

The documents tabled in Parliament this week show:

  • 5,670 privacy breaches involving 45,797 people were reported by federal departments in 2015
  • 305 breaches involving 17,059 people were serious enough to report to the privacy commissioner
  • 24 of the cases involved CRA employees accessing 677 taxpayer files they weren’t authorized to access

Data breaches

Individuals affected

Privacy Commissioner Daniel Therrien said the documents suggest “there's reason to be concerned.”

The CRA responded that it has "extensive internal systems" in place to protect taxpayer information and that breaches of its “strict” Code of Ethics lead to disciplinary action, including dismissal.

The agency also noted that it has more than 40,000 employees and handles approximately 115 million pieces of mail annually with misdirected mail the most common privacy mistake.

Other privacy breaches documented include lost USB drives, stolen laptops, emails with sensitive information sent to the wrong people, and one case where a hard drive with more than 500,000 student loan receipts went missing.

Lawyer Ted Charney, who is working on a class action lawsuit for those affected by the lost student loan receipts, said the government loses information every day and that, “until there is some kind of catastrophe … things don’t change quickly.”

With a report from CTV National News Senior Political Correspondent Glen McGregor