Directive on Social Insurance Number

Provides direction to government institutions on how the social insurance number (SIN) can be collected, used and disclosed, as well as methods to establish policy authority for a new collection or new consistent use of the SIN.
Date modified: 2023-11-15

More information

Policy:

Terminology:

Topic:

Hierarchy
View complete hierarchy

Archives

This directive replaces:

View all inactive instruments
Print-friendly XML
Expand all Collapse all

1. Effective date

  • 1.1This directive takes effect on October 26, 2022.
  • 1.2This directive replaces the Directive on Social Insurance Number dated April 1, 2008.

2. Authorities

3. Objectives and expected results

  • 3.1

    In addition to the objectives indicated in section 3.1 of the Policy on Privacy Protection, the objective of this directive are as follows:

    • 3.1.1To outline specific restrictions on the collection, use and disclosure of the Social Insurance Number (SIN) by government institutions.
    • 3.1.2To specify the process required for the authorization of a new collection or new consistent use of the SIN.
  • 3.2

    The expected results of this directive are as follows:

    • 3.2.1Government institutions collect and use the SIN only for authorized purposes.
    • 3.2.2Canadians receive consistent notification of the purposes for which the SIN is being collected by government institutions and public reporting of these uses.

4. Requirements

  • 4.1

    Heads of government institutions or their delegates are responsible for:

    Monitoring and Reporting

    • 4.1.1Monitoring and reporting on the requirements of this directive as specified in the Policy on Privacy Protection.
    • 4.1.2Notifying Treasury Board of Canada Secretariat (TBS) officials of any Acts, Regulations, programs or activities that will necessitate changes to Appendix A: List of Authorized Purposes for SIN Collection or Use.
  • 4.2

    Executives and senior officials who manage programs or activities involving the creation, collection or handling of personal information are responsible for:

    Collection of the SIN

    • 4.2.1Collecting the SIN only for the purposes authorized under specific Acts and Regulations or under programs or activities made pursuant to legal authority and approved by Treasury Board, as listed in Appendix A: List of Authorized Purposes for SIN Collection or Use.
    • 4.2.2

      Providing notification to individuals when collecting the SIN for both administrative and non-administrative purposes, so that they understand:

      • 4.2.2.1Why the SIN is being collected;
      • 4.2.2.2How it will be used; and
      • 4.2.2.3What the consequences are for not providing the SIN; for example, being ineligible for a benefit or privilege.

      The requirement to notify does not apply where the notification might defeat the purpose or prejudice the use for which the information is collected, for example, in the case of an investigation. See Appendix A: List of Authorized Purposes for SIN Collection or Use for more information on lawful investigations.

    Use and disclosure of the SIN

    • 4.2.3Ensuring that any use or disclosure of the SIN is consistent with and related to the purposes listed in Appendix A: List of Authorized Purposes for SIN Collection or Use. This means ensuring that, when disclosing the SIN, the institution collecting the SIN has legal authority to do so. This includes intergovernmental programs and activities.
    • 4.2.4Putting in place a contract, an information sharing agreement, or information sharing arrangement when the disclosure of the SIN is to occur on a routine or systematic basis.
    • 4.2.5Including specific provisions within contracts, information sharing agreements, or information sharing arrangements stipulating that the SIN will only be used for purposes which are consistent with the terms of the contracts, information sharing agreements, or information sharing arrangements. The specific provisions will also comply with this directive and the Privacy Act.

    Process required for the authorization of a new collection or a new consistent use of the SIN

    • 4.2.6

      Ensuring that any new collection or new consistent use of the SIN:

      • 4.2.6.1Is for purposes related to administering pensions, income tax, health or social programs; and
      • 4.2.6.2Is consistent with the definition of the SIN under the Department of Employment and Social Development Act.
    • 4.2.7

      Establishing legal authority for a new collection and a new consistent use of the SIN by either:

      • 4.2.7.1

        Referring expressly to the SIN in new or amended statutes or regulations:
        Government institutions follow the federal legislative process in order to have the SIN referred to explicitly in a new or existing statute or regulation. This process does not require policy approval by Treasury Board; or

      • 4.2.7.2

        Establishing implicit legal authority:
        Government institutions are to have legal authority for the program or activity for which personal information is being collected. Under the Privacy Act, personal information including the SIN can be collected only if it relates directly to such a program or activity. Government institutions are to also have a demonstrable need to collect or use the SIN under that program or activity.

      In the case of a new consistent use, the new use must have a reasonable and direct connection to the original purpose(s) for which the information was obtained or compiled.

    • 4.2.8

      Seeking policy approval from Treasury Board Ministers prior to implementing a new collection or a new consistent use of the SIN based on implicit legal authority. Details on the process for obtaining policy approval for a new collection or a new consistent use of the SIN are outlined in Appendix B: Obtaining Policy Approval.

      Note: the SIN may still be used or disclosed in a manner consistent with subsection 8(2) and paragraphs 8(2)(b) to 8(2)(m) of the Privacy Act. There is no need to seek special policy approval for such uses and disclosures. The original collection must nevertheless have been in compliance with this directive.

    Identification of SIN use

    • 4.2.9

      Identifying the SIN use in Personal Information Bank (PIB) descriptions by citing:

      • 4.2.9.1The legal authority under which the number is collected; and
      • 4.2.9.2The purposes for which it is used.

5. Roles of other government organizations

  • 5.1The roles and responsibilities of government institutions with respect to this directive are identified in section 5 of the Policy on Privacy Protection.
  • 5.2This section identifies additional roles of other key government organizations in relation to this directive. In and of itself, this section does not confer any authority.
  • 5.3

    TBS is responsible for the following:

    • 5.3.1Updating Appendix A: List of Authorized Purposes for SIN Collection or Use following notification under 4.1.2 and publishing any updates on an annual or as needed basis; and,
    • 5.3.2Releasing in an accessible format, a repository of programs and activities that collect or use the SIN via Government of Canada websites and any other services designated by TBS pursuant to the Directive on Open Government.
  • 5.4Employment and Social Development Canada is responsible for issuing SINs and maintaining the Social Insurance Registry, including disclosure of information from the Social Insurance Registry under subsection 28.2(5) of the Department of Employment and Social Development Act.

6. Application

  • 6.1This directive applies as described in section 6 of the Policy on Privacy Protection.
  • 6.2This directive does not apply to the use of the SIN by the provinces or territories or in the private sector.
  • 6.3The directive does not apply to a government institution whose head has been delegated, under subsection 71(6) of the Privacy Act, the authority to approve new personal information banks or substantial modifications to existing personal information banks that include the SIN. The head of such a government institution will, however, be required to comply with the specified terms and conditions related to the handling of the SIN outlined in the delegation.

7. References

8. Enquiries

Appendix A - List of Authorized Purposes for SIN Collection or Use

Current as of November 8, 2023

The SIN can only be collected or used for administrative or non-administrative purposes expressly authorized under specific Acts and Regulations, or under programs or activities authorized by Parliament and as approved by Treasury Board. The Acts and Regulations that explicitly refer to the SIN, and the specific programs and activities that are authorized are listed below.

This appendix is current to the date of publication and is subject to change based on the evolution of program and activities. While it does not confer authority, it does provide an accurate representation of current Acts and Regulations that have express references to the SIN and programs and activities that are authorized to collect and use the SIN. Refer to www.open.canada.ca/en for a repository of all activities and programs authorized to use the SIN with registered Personal Information Banks, including those authorized by the following Acts and Regulations in the list below.

Express reference in Acts or Regulations

  • Apprentice Loan Regulations (Apprentice Loans Act and Canada Student Loans Act)
  • Canada Disability Savings Act and Canada Disability Savings Regulations
  • Canada Education Savings Act
  • Canada Elections Act
  • Canada Emergency Response Benefit Act
  • Canada Emergency Student Benefit Act
  • Canada Labour Standards Regulations (Canada Labour Code)
  • Canada Pension Plan and Canada Pension Plan Regulations 
  • Canada Recovery Benefits Act
  • Canada Student Financial Assistance Act and Canada Student Financial Assistance Regulations
  • Canada Student Loans Regulations (Canada Student Loans Act)
  • Canada Worker Lockdown Benefit Act
  • Canadian Forces Members and Veterans Re-establishment and Compensation Act
  • Citizenship Regulations (Citizenship Act)
  • Criminal Code
  • Denial of Licences for Family Orders and Agreements Enforcement Regulations (Family Orders and Agreements Enforcement Assistance Act)
  • Dental Benefit Act
  • Dental Care Measures Act
  • Department of Employment and Social Development Act
  • Department of Veteran’s Affairs Act
  • Employment Insurance Act, Employment Insurance Regulations and Employment Insurance (Fishing) Regulations
  • Excise Tax Act (Part IX - Goods and Services Tax) and Social Insurance Number Disclosure Regulations
  • Farm Income Protection Act
  • Family Support Orders and Agreements Garnishment Regulations (Family Orders and Agreements Enforcement Assistance Act)
  • Gasoline and Aviation Gasoline Excise Tax Application Regulations (Excise Tax Act)
  • Greenhouse Gas Pollution Pricing Act
  • Immigration and Refugee Protection Act and Immigration and Refugee Protection Regulations
  • Income Tax Act and Income Tax Regulations
  • Injured Military Members Compensation Act
  • Labour Adjustment Benefits Act
  • Main Point of Contact with the Government of Canada in case of Death Act
  • Old Age Security Regulations (Old Age Security Act)
  • Pension Act and Pension Diversion Regulations
  • Radiation Protection Regulations
  • Release of Information for Family Orders and Agreements Enforcement Regulations (Family Orders and Agreements Enforcement Assistance Act)
  • Social Insurance Number Regulations
  • Support Orders and Support Provisions (Banks and Authorized Foreign Banks Regulations (Bank Act)
  • Support Orders and Support Provisions (Retail Associations) Regulations (Cooperative Credit Associations Act)
  • Support Orders and Support Provisions (Trust and Loan Companies) Regulations (Trust and Loan Companies Act)
  • Tax Rebate Discounting Regulations (Tax Rebate Discounting Act)
  • Veterans Well-being Act
  • Wage Earner Protection Program Act and Wage Earner Protection Regulations
  • War Veterans Allowance Act

Programs or activities

  • Aboriginal Programs (Employment and Social Development Canada)
  • Apprenticeship Incentive Grant (Employment and Social Development Canada)
  • Claims and compensation for damages related to the Phoenix Pay System (Treasury Board of Canada Secretariat)
  • Ice Assistance Emergency Program (Fisheries and Oceans Canada)
  • Canadian Benefit for Parents of Young Victims of Crime (Employment and Social Development Canada)
  • Immigration Resettlement Assistance Program (Immigration, Refugees and Citizenship Canada) including the Immigration Program Accounts Receivable (IPAR).
  • Income and Health Care Programs (Veterans Affairs Canada)
  • Labour Adjustment Review Board (Employment and Social Development Canada)
  • Monitoring Electronic Access to Taxpayer Information (Canada Revenue Agency)
  • National Dose Registry for Occupational Exposures to Radiation (Health Canada)
  • Opportunities Fund for Persons with Disabilities (Employment and Social Development Canada)
  • Federal pensions administration (Public Services and Procurement Canada)
  • Social Assistance and Economic Development Program (Indigenous Services Canada)
  • Tax Case Appeals (Canada Revenue Agency)
  • Universal Child Care Benefit Program (Canada Revenue Agency)
  • Wage Earner Protection Program (Employment and Social Development Canada, Canadian Institutes of Health Research)
  • Workforce Development Agreements (Employment and Social Development Canada)
  • Youth Employment Strategy (Employment and Social Development Canada)

Standard Personal Information Banks

Members of the public as well as current and former federal employees may have their SIN collected and used in support of common internal services provided by government institutions, as follows:

  • Access to Information Act and Privacy Act Requests (collection limited to programs or activities specified within Appendix A of this directive)
  • Accounts Payable
  • Accounts Receivable
  • Employee Personnel Record Governor in Council Appointments
  • Members of Boards, Committees and Councils
  • Pay and Benefits
  • Professional Services Contracts

Authorized activities

The following is a list of uses of the SIN that are appropriate given the historical and legislative context. The SIN is not systematically, but rather, is incidentally collected as part of the requirements of administering these programs or activities.

Historical file retrieval

Library and Archives Canada and the Department of National Defence are authorized to use the SIN for retrieval of historical files in instances when the SIN is the only identifier available for former government employees and former military personnel. This is because the SIN was the identifier used before the conversion to an employee identifying number or military service number was made. Also, Canada Mortgage and Housing Corporation is authorized to use the SIN for file retrieval and enquiries associated with the Rural and Native and Housing program, which was terminated in 1993. The Canadian Government Annuities Program is authorized to use the SIN in the administration of their program. Other government institutions may have similar requirements; however, the use of the SIN would be limited to historical file retrieval only.

Lawful investigation and SIN collection and use

Entities are to limit their collection of the SIN to specific circumstances when the SIN is relevant and directly related to investigative activities or when it is collected or provided as part of the evidence gathering process. This may also include the activities of government institutions involved in investigations and intelligence gathering with respect to suspected money laundering and terrorist financing.

Other purposes related to administration of legislation

The Canada Deposit Insurance Corporation (CDIC) may collect and use the SIN:

  • When a member institution’s future viability is in doubt or its failure is imminent and the CDIC needs to conduct preparatory examinations in anticipation of having to make timely deposit insurance payments under the Canada Deposit Insurance Corporation Act; and
  • When a member institution fails and the CDIC needs to make deposit insurance payments under the Canada Deposit Insurance Corporation Act, in addition to fulfilling its other obligations under that Act.

Finance Canada is authorized to share the SIN with the Canada Revenue Agency as per the Income Tax Act and the Excise Tax Act.

The Public Service Commission is authorized to collect the SIN from Public Services and Procurement Canada for the purpose of creating a client service number.

Non-administrative purposes only

Statistics Canada, Library and Archives Canada and the Auditor General of Canada are authorized to use the SIN for non-administrative purposes in a manner consistent with the administration of the Statistics Act, the Library and Archives of Canada Act and the Auditor General Act, respectively.

Appendix B: Obtaining Policy Approval

B.1 Initial assessment

  • B.1.1

    Government institutions seeking to determine whether policy approval for a new collection or new consistent use of the SIN is appropriate have to assess the following:

    • B.1.1.1The necessity of the SIN in the administration of the program or activity. This means establishing that the collection of the SIN is more than simply advantageous but, rather, is integral to the program or activity and is demonstrably necessary. It also means establishing that non-use of the SIN would have significant detrimental impacts.
    • B.1.1.2The reasons for not proceeding with legislative amendments to expressly authorize the new collection or new consistent use of the SIN.
  • B.1.2

    An institution that wishes to pursue policy approval through Treasury Board, after considering the necessity of using the SIN and the reasons for not obtaining new express legal authority, must take into account:

    • B.1.2.1The authorities provided under the institution’s enabling legislation(s);
    • B.1.2.2The relation of the proposed new SIN use to an existing SIN use or other legislative uses of the SIN;
    • B.1.2.3The Privacy Act and possible considerations related to the Charter of Rights and Freedoms; and
    • B.1.2.4The Policy on Privacy Protection and its relevant directives and standards.

Note: It is imperative that institutions establish legal authority for the collection, which will form the basis for denying access to a right, benefit or service if an individual does not provide the SIN. It is to be noted that requesting consent from the individual as a way of obtaining the SIN does not replace the requirement to demonstrate legal authority as outlined in this directive.

B.2 Analysis and consultation

  • B.2.1

    Before seeking approval from Treasury Board Ministers, the following process is required:

    • B.2.1.1Submit a completed Privacy Impact Assessment (PIA) report related to the new collection or new consistent use to TBS’ Privacy and Data Protection Division for review; and
    • B.2.1.2Notify the Privacy Commissioner in compliance with section 4.2.2 of the Policy on Privacy Protection and subsection 9(4)(a) of the Privacy Act.

B.3 Seeking approval

  • B.3.1

    Obtain approval from Treasury Board Ministers:

    • B.3.1.1Government institutions are required to either prepare a submission requesting approval of a new collection or new consistent use of the SIN or include the request as part of a broader submission for the program or activity. The considerations assessed under B.1 of this appendix are to be reflected in the body of the submission.

© Her Majesty the Queen in Right of Canada, represented by the President of the Treasury Board, 2017,
ISBN: 978-0-660-09688-9

Expand all Collapse all
Report a problem or mistake on this page
Date modified: