Can The CRA Find Out about Your Online Business?
With the CRA becoming more electronically intent it raises the concerns for privacy of the taxpayer. In order to determine whether a program could in fact breach the privacy of its users there is a Privacy Impact Assessment that is supposed to be carried out.
There is a lot of public information available regarding the CRA for those that are interested in researching it. The problem is either the average person really doesn’t care, or it is not known where to go to find specific information.
So how many Privacy Impact Assessments have really been carried out by the CRA? Actually there have been quite a few over the years. In fact since 2006 there have been 23.
There is a directive that must be followed in regards to Privacy Impact Assessment. This directive lays out the rules when the Federal departments and agencies must do a Privacy Impact Assessment.
To give you a couple of examples of a Privacy Impact Assessment lets look at the….
Xenon Website Crawler:
The PIA for this took place in 2010. The Xenon is a program that is comprised of a web spider that can crawl your website. Its purpose is for identification purposes. It is said that the Xenon does not do any type of risk assessments, or capture transaction. It is not used for the purpose of detecting tax fraud.
In this PIA assessment the CRA was indicating that they intended to use the Xenon Web Crawler. This was to be used to identify eCommerce businesses that are not reporting income from the internet sales. They type of information to be identified was the url, web page contact data and WHOIS data.
We have talked in the past about being up front with the CRA regarding your web business. All too often people figure the internet is so huge and the tax department is over burdened as it is that it simply won’t have time to go after the web businesses. This is a clear indication that this is the wrong way to think.
The PIA for the telephone inquiries system:
A ton of people call the CRA for advice and answers to questions constantly. A PIA was also required for this. Sometime these enquiries are handled through interactive voice response or with direct contact with an agent. The telephone system monitors calls for quality assurance. Due to the nature of the information that is shared between the caller and the CRA it evokes the need for a Privacy impact assessment.
If you are ever concerned about the level of privacy that you are being subjected to at the CRA at least you now know that there are specific measures and criteria that they must adhere to by way of the Privacy impact assessments.