Auditor General's opening statement

Press Conference—February 2009 Report of the Auditor General—Managing Identify Information - 12 February 2009

I am pleased to present our report on managing identity information in four federal organizations. Our report is being tabled in the House of Commons today, together with a report on how the same organizations manage the privacy of identity information, issued by the Privacy Commissioner of Canada, Jennifer Stoddart, who will speak in a moment.

These reports are products of a collaboration between our two Offices. We worked together because the topics of our audits are related, and we believed that a fuller picture would emerge from this approach. We each conducted our own audit consistent with our respective mandates. The work was done concurrently and involved appropriate information sharing between our teams. This collaboration represents a historic first for Officers of Parliament.

Many federal programs that deliver services and benefits to Canadians require identity information to confirm that their clients are the people they claim to be. And confirming a person’s identity every time he or she deals with government is a complex challenge  The identity information needed to meet this challenge has to be managed well in the departments and agencies that collect it and across the government as a whole. Several recent audits by our office found that federal organizations collecting identify information face similar challenges.

In light of this, our office audited four federal institutions with some of the largest databases of identity information to determine whether they work together to manage the information efficiently while respecting legal and policy requirements. We also examined whether they collect only the information that is relevant to their program needs and how they ensure the quality of the information.

Our audit found that, for the most part, the four organizations—the Canada Revenue Agency, Elections Canada, Passport Canada, and Service Canada—collect only the identity information they are authorized to collect. Most have adequate practices to manage the quality of the identity information in their databases. Service Canada in particular has made considerable progress in addressing quality problems in managing the Social Insurance Register that we have reported in previous audits. However, Passport Canada needs to improve its practices in this regard.

Most of all, we were disappointed to find that the institutions included in the audit have not integrated their approaches to managing identity information. The Report notes that these government organizations have begun many initiatives in the last decade to jointly use and manage identity information, but these initiatives have not produced the expected results. For example, 10 years after the first electronic links to provincial systems were established, organizations still have their own separate arrangements with provinces and territories.  Each obtains and pays for the same death information, which they then exchange with each other.

We also looked at the Treasury Board Secretariat’s role of providing central guidance and leadership for the management of identity information in the federal government. Our audit concluded that in the government as a whole, there are two main barriers to a more efficient solution: first, there are problems such as unclear roles and responsibilities and different priorities among programs and jurisdictions; and second, there is a lack of policy direction from the central agencies of government.

Federal institutions can do a better job of managing the personal information they need for their programs. But without stronger leadership from the Treasury Board Secretariat, they will likely continue independently to develop incomplete solutions to their common challenges.

And now we will hear from my colleague Jennifer Stoddart, the Privacy Commissioner of Canada.