The Canadian Security Intelligence Service (CSIS), Canada’s intelligence service, collected information on Canadian taxpayers from the Canada Revenue Agency (CRA) without first obtaining a warrant, an oversight committee has found.

The Security Intelligence Review Committee (SIRC), which is charged with reviewing CSIS’s activities, has tabled its annual report for fiscal 2014–15 in Parliament. The report includes the results of the committee’s investigation into the warrantless collection of taxpayer information from the CRA.

According to the report, the SIRC was notified of an incident involving a CSIS intelligence officer obtaining tax information from the CRA in 2014 without a federal warrant. At the request of CSIS, the SIRC then investigated the incident and found that this was not an isolated incident — and management follow-up was not adequate.

The SIRC reports that it found “multiple instances of a particular CSIS office obtaining information from [the] CRA” without a warrant. The committee also found that CSIS management improperly assumed that the incident was an isolated event.

In addition, both the Federal Court and the Minister of Public Safety were told that the information obtained without a warrant was deleted from the operational database when, “In fact, most of the information remained within the database until brought to CSIS’s attention by [the] SIRC.”

The SIRC reports that it has made several recommendations as a result of its findings, including that CSIS conduct its own post-mortem of the incident; that its audit unit address any managerial and communication issues at the office in question; that CSIS should explain the incident to the court and the minister; and that it should notify the Privacy Commissioner.

However, the SIRC also concluded that it could not make recommendations aimed at preventing future incidents “because SIRC was not provided with any explanation to account for the full scope of the improper collection of taxpayer information.”

The committee does call for more training for officers to ensure they understand the need for judicial authorization for certain activities. The SIRC also suggests that CSIS conduct “an internal review of the flow of information from [the] CRA every five years to ensure proper conduct regarding the sharing of taxpayer information.”

The report indicates that CSIS has reviewed the adequacy of its policies and whether employees followed those policies. The intelligence agency also has agreed to conduct a post-mortem of the incident and to report to the committee. Furthermore, CSIS has taken steps to ensure that management is made aware of compliance issues more quickly. It also pledged to explain the incident fully to the court and CSIS has informed the Privacy Commissioner, the report says.