Informal Disclosure Guidelines

Key messages

• Informal disclosure supports the public's "Right to Know" and open government. It is timely, cost effective, and the preferred method of the Canada Revenue Agency (CRA) to provide information.
• Generally, you can disclose information in response to an informal request if the information would otherwise be disclosed under a formal access to information and privacy (ATIP) request.
• Taxpayers may obtain access to their information through My Account, My Business Account, or Represent a Client, or request their information over the telephone, in person during an audit, in writing, or other approved method (for example, email communication introduced under COVID-19 circumstances in the Compliance Programs Branch). The preferred method of providing confidential information is through one of the secure portals.
• Informal disclosures are discretionary. You must exercise discretion reasonably and fairly. You must also use professional judgment and caution, while considering and balancing several factors. These factors include the overall intent of section 295 of the Excise Tax Act and section 241 of the Income Tax Act that protect the privacy of taxpayers, the interests protected under the exemptions and exclusions in the Access to Information Act and the Privacy Act, and the risk of possible injury to the administration and enforcement process.
• The section What not to disclose sets out information that must not be released under informal disclosure requests, such as information protected by solicitor-client privilege, information that could jeopardize the Minister of National Revenue's position with respect to ongoing or future litigation with a taxpayer, and information that interferes with or jeopardizes active audit or other compliance activities. See the section What may be disclosed for specific guidance on information that can be released.
• Only respond to an informal disclosure request that relates to one of your open audits, or to a case you closed within the 12-month period preceding the request, provided the taxpayer has not filed a notice of objection or notice of appeal.
• All responses, whether verbal or written, to informal disclosure requests must be documented in accordance with the section Documenting a request.
• Your supervisor and that person's supervisor must review and approve the information to be released in response to an informal disclosure request.
• Headquarters will provide support and advice on information to release, or remove (known as the severing or redacting exercise), but administrative functions, such as communicating with the requester and retrieving and providing the information, generally remain the responsibility of the area which received the request for information. See section HQ support.

Introduction

Taxpayers and the public can informally obtain public information using Info Source ^{Footnote 1} on the Canada.ca website. Taxpayers can access Canada Revenue Agency (CRA) Audit Manuals through the Compliance Manuals, Policies and Committees ^{Footnote 2} web page. Taxpayers can also search through the Government of Canada's Open Government Portal and the Canada.ca website for information such as CRA statistics, charities listings, and benefit program guidelines. These avenues provide opportunities for the CRA to give requesters additional options for obtaining information that are cost-effective and sustainable to both parties.

The confidence and trust that individuals and businesses place in the CRA is a cornerstone of Canada's voluntary tax system. The CRA takes the protection of taxpayer information very seriously. The CRA is subject to the legislative requirements of the Access to Information Act and the Privacy Act and provides Canadians with access to thousands of documents every day, both formally and informally.

While taxpayers have access to much of their own information through My Account, My Business Account, and Represent a Client, there are times when the requested information may not be available through these means or the taxpayer may prefer another option for accessing the information. In these situations, a taxpayer may make either a formal or an informal request for information.

The CRA's preferred method of disclosing information is to do so informally where possible; however, this does not mean that all information can be disclosed. You must exercise caution and judgment, and redact any information that could cause injury to the administration and enforcement process.

This document provides information and guidance about responding to informal requests for the disclosure of confidential information and taxpayer information.

Definitions

In this document:

• The term taxpayer includes a GST/HST registrant, a GST/HST claimant, a Scientific Research and Experimental Development (SR&ED) claimant, and a Film and Media Tax Credits (FMTC) claimant.
• The term auditor includes an examiner and a reviewer^{Footnote 3}.
• The term supervisor includes a team leader, a section manager, a case manager, a large file coordinator, and an assistant director of audit.
• The term audit includes an examination and a review (including the process that the CRA undertakes to obtain information on behalf of a treaty partner that has requested the information), but does not include a compliance action that is part of a criminal investigation.
• The term taxpayer information means "confidential information" as defined in subsection 295(1) of the Excise Tax Act (ETA) and "taxpayer information" as defined in subsection 241(10) of the Income Tax Act (ITA).

Guiding principles

In general, the CRA principles for the informal disclosure of taxpayer information are:

1. The CRA will facilitate taxpayers' access to their information through informal disclosure.
2. The main method for taxpayers to obtain access to their information should be through a secure online portal: My Account, My Business Account (MyBA), or Represent a Client (RAC). Taxpayers may also request their information over the telephone, in person during the course of an audit, in writing, or other approved method.^{Footnote 4}
3. The CRA will verify the identity of the requester to make sure that they have the authorization to access the information being requested.
4. Information that a taxpayer provides to the CRA about themselves should be made available informally to that taxpayer, their authorized representative, or any other person with the taxpayer's written consent upon request under the legislation and CRA program procedures.
5. Subject to exceptions outlined in the section What not to disclose, a taxpayer is entitled to information such as reports and working papers that the CRA has created using information provided by the taxpayer.
6. Informal disclosure is a service that the CRA provides to taxpayers in a timely manner consistent with the Taxpayer Bill of Rights.
7. There will be no cost to the taxpayer for obtaining their information informally.

Meaning of the term informal request

A request for information is informal, unless it identifies the Access to Information Act or Privacy Act, or is made on one of the prescribed Treasury Board Secretariat forms (TBS 350-57, TBS 350-58), or Form RC378. Formal requests for information should be made via the Access to Information and Privacy (ATIP) Online Request.

The CRA considers the informal method of asking for access to information to be the preferred method. You should provide a response to an informal request for information, subject to the provisions of section 295 of the ETA or section 241 of the ITA, when received. See the section Legislative Requirements below for more information.

Such requests may be for information related to a taxpayer, for public information that is not readily available, or information that is not about the person making the request but is still suitable for informal disclosure. See the section Information about third parties for more guidance related to the disclosure of third-party information.

Although there are no legislated deadlines for responding to informal requests for information, consistent with the Government of Canada's transparency and open government commitments and the Taxpayer Bill of Rights, the CRA will endeavour to respond to these requests in a timely manner.

If you receive a request made on TBS 350-57, TBS 350-58, or Form RC378 or that identifies the Access to Information Act or Privacy Act directly from a taxpayer or their representative, it is considered a formal request. These requests must be sent to the ATIP Directorate for processing. The ATIP Directorate has 30 calendar days to respond to formal requests (with the possibility of an extension), which starts on the date the CRA received the formal request. The ATIP Directorate can be reached by telephone at 1-866-333-5402 or 613-960-5393, and by email at ATIP-PAB (CRA).

If you believe a formal request should be processed informally, inform the ATIP Directorate (in consultation with your team leader for procedures at the local level), who will contact the requester or their representative and ask whether the request can be responded to informally. The ATIP Directorate will then inform your branch ATIP contact how the taxpayer wants to proceed. If the requester prefers to follow the formal process, then an informal request for the same information should not be considered or pursued.

Benefits of informal requests

Informal disclosure requests are mutually beneficial to the taxpayer and the CRA compared to formal requests.

Making an informal request is more convenient for the taxpayer, as they can make their request either verbally or in writing, instead of having to complete and submit a form. Also, if it is clear what information is being requested and it is not overly voluminous, the taxpayer may often be able to receive the information sooner than if they went through the formal process.

Informal disclosure requests also provide benefits to the CRA. It is more efficient for the CRA to respond to informal requests than to formal requests because there is greater flexibility. For example, it is easier to engage with the requester to clarify the request and to identify the specific information requested. The CRA can also use e-services to receive informal requests and respond to them.

Methods of receiving requests

a) Secure portal – My Account, MyBA, or RAC^{Footnote 5}

Taxpayers or their authorized representatives can make an informal request through a secure portal in two ways. When an audit is in progress, the Audit Enquiries feature in My Account, MyBA, or RAC is the preferred option.

1. The Audit Enquiries feature in My Account, MyBA, or RAC allows taxpayers or their authorized representatives to make an enquiry related to an in-progress audit by selecting the "Submit an audit enquiry" link, and entering their audit case number. If such a request is made for one of your cases, you will be notified by email that you have an enquiry. You can read the enquiry by going to Enquiries Summary in Integras. To respond, click on the "Initiate Response" button to process the response in the CRA Enterprise Personalized Correspondence (EPC) system. The taxpayer or authorized representative will be notified via a system-generated email that you have responded.
2. The Enquiries service allows a business or their authorized representative to make an online request related to a GST/HST or T2 account, including requesting copies of notices and statements. Where the enquiry relates to a case selected for GST/HST audit, the Assessment, Benefit, and Services Branch (ABSB) will refer the enquiry by encrypted email to the GST/HST System Development Section of the GST/HST Directorate, and close the MyBA case. If necessary, that section will forward the request to the applicable tax services office. Where the enquiry relates to a case selected for T2 audit, and ABSB can determine the name of the auditor, they will send the auditor an encrypted email with a screen shot of the enquiry and close the MyBA case.

b) Directly from the taxpayer

You may receive a verbal or written request directly from the taxpayer or their authorized representative, in person, by mail, by telephone, or other approved method. If you receive a request by telephone, exercise professional judgment. If a taxpayer who is currently under audit, or their authorized representative, contacts you, you may recognize their voice and be assured they are authorized to receive the requested information. However, if you do not recognize the caller, never provide taxpayer information over the telephone without first verifying the caller's identity.

Appendix A – Confidentiality questions sets out questions that can be asked to conduct this verification.

Exercise professional judgment if, during a call, a taxpayer, whose identity you have verified, asks you to provide information to a third party. Generally, you should request written authorization to do so.

There could be situations where you have verified the taxpayer's identity, and due to language or other concerns, the taxpayer wants to hand the telephone over to a third party who will discuss the request with you on the taxpayer's behalf. Although in such cases it may be reasonable to speak to the third party, if you are uncomfortable in doing so, you may still request written authorization. If you accept the verbal authorization to speak to the third party, follow these steps:

• ask the taxpayer to provide you with the name of the third party they would like you to speak to;
• ask what type of information is to be discussed with the third party;
• ask the taxpayer to verbally state that they are authorizing you to discuss their information with the third party; and
• on the T2020, document the name of the third party and the verbal authorization.

This verbal authorization applies only to the topic of the informal request. It cannot be used to provide authorization to change system information, such as an address.

A taxpayer may have an authorized representative. In the case of dealing with an authorized representative, be careful to only disclose information based on the level and type of authorization they have. See Authorize a Representative on the CRA website for more information, as well as the confidentiality questions found in the document Confidentiality questions in Appendix A – Confidentiality questions.

Before answering a written request relating to a taxpayer:

• for an individual, verify that the name, address, and account number of the person correspond with those on file with the CRA;
• for a business, confirm that the person who has signed the request is an authorized representative for the account; or
• if the written request was received from a third-party representative, check for authorization on file for the third party, and confirm the third party's name and address.

Legislative requirements

Taxpayer information cannot be disclosed, unless there is legal authority to make the disclosure.

For informal disclosures where a taxpayer consents to releasing their information, an official may, under subsection 295(6) of the ETA and subsection 241(5) of the ITA, provide the information relating to the taxpayer to that taxpayer; and with the consent of that taxpayer, to any other person.

For informal disclosures where a taxpayer has not consented, an official may, under paragraph 295(5)(b) of the ETA and paragraph 241(4)(b) of the ITA, provide taxpayer information to a person in situations described within those provisions. The topic of informal disclosure where a taxpayer has not consented is discussed in more detail in the section Information about third parties. The tax rules in section 295 of the ETA and section 241 of the ITA provide for other situations in which taxpayer information can be released, however those situations are not discussed in this document.

All of the legal authorities for informal disclosure of taxpayer information are discretionary, as the legislation uses the word may and not the word shall. This means that the disclosure provisions do not contain an express requirement to informally disclose taxpayer information. CRA officials must exercise their discretion reasonably and fairly. They must use professional judgment and caution, while considering and balancing several factors. These factors include the overall intent of the tax rules to protect the privacy and confidentiality of all individuals, as well as the interests protected by the exemptions and exclusions to the right of access found in the Access to Information Act and the Privacy Act.

Excise Tax Act

Subsection 295(2) of the ETA states that you cannot knowingly provide confidential information, or knowingly allow it to be provided, to any person except as authorized by section 295 of the ETA.

In general terms, subsection 295(1) of the ETA defines confidential information as being any type of information, in any form, relating to one or more persons, that the CRA obtains to administer Part IX of the ETA or has prepared from such information. This means that publicly available information that identifies the person, once collected by the CRA, becomes confidential information and must be treated as outlined in section 295 of the ETA. Information that does not directly or indirectly reveal the identity of the person is excluded from the definition of confidential information in subsection 295(1).

Income Tax Act

Subsection 241(1) of the ITA states that you cannot knowingly provide taxpayer information, or knowingly allow it to be provided, to any person except as authorized by section 241 of the ITA.

In general terms, subsection 241(10) of the ITA defines taxpayer information as being any type of information, in any form, relating to one or more taxpayers, that the CRA obtains to administer the ITA or has prepared from such information. This means that publicly available information that identifies the taxpayer, once collected by the CRA, becomes taxpayer information and must be treated as outlined in section 241 of the ITA. Information that does not directly or indirectly reveal the identity of the taxpayer is excluded from the definition of taxpayer information in subsection 241(10).

Responding to an informal disclosure request

There is no set or legislated timeline to respond to informal requests; however, under the Taxpayer Bill of Rights, there is an expectation that the CRA will provide complete, accurate, and timely information in plain language explaining the laws and policies that apply to the situation. Generally, informal requests should be addressed on a first-come, first-served basis, unless there is a compelling reason for the request to be prioritized. If there are multiple informal requests by the same requestor, for example during the course of an audit, consideration should be given to providing a consolidated response to the requests if appropriate. All responses to an informal disclosure request must be documented. For more details, see the section Documenting a request.

Only respond to a request if it relates to an open audit case, or to a case you closed within 12 months before the request date, provided the taxpayer has not filed a notice of objection or a notice of appeal. If the case was closed more than 12 months ago or if a notice of objection or a notice of appeal has been filed, you must advise the requester that an informal request cannot be accepted and that a formal request is needed. This communication must be documented, as discussed in the section Documenting a request.

Information to confirm if a notice of objection or a notice of appeal has been filed may be available through a mainframe application^{Footnote 6}. Otherwise, the local Appeals Division may be contacted.

If you have changed programs since the time the audit was completed, your former area will respond to the request. For example, if you currently work in Large Business Audit and you receive a request related to a Medium Business Audit case, there will be a mechanism to redirect the request to your former division to respond. The redirect mechanism will vary by office, depending on the coordination process. In general, when a request is received relating to a closed audit, the person or area coordinating the process will confirm if the original auditor still works in the same area. Depending on the office's policies, the request may be assigned to another auditor or handled by a central area.

If an informal request relates to information from another compliance program that is included within the audit case, as appropriate, refer it to the other program or consult with the program for direction on what can be released. For example, if the request relates to an income tax charity audit, forward the request to the director of the Compliance Division of the Charities Directorate at Headquarters. Always discuss the request with your supervisor first, and where appropriate, your supervisor should consult with Headquarters as discussed in the section HQ support.

Information about third parties

Third-party information is information about anyone other than the requester. Information that does not directly or indirectly reveal the identity of the other party is not considered to be third-party information.

The CRA needs written, informed consent to disclose third-party information, unless an exception is specifically provided in section 295 of the ETA or section 241 of the ITA. Consent can be given on Form AUT-01 or through one of the portals. See Authorize a Representative: Overview on the CRA website for more information. Form AUT-01 does not include RC161 Authorization for Parliamentarians.

The most common situation where third-party information may be disclosed without consent is described in paragraph 295(5)(b) of the ETA and paragraph 241(4)(b) of the ITA. An official may provide taxpayer information to a person only if it is reasonably regarded as necessary for the following purposes:

• under paragraph 295(5)(b) of the ETA, determining any liability or obligation of the person or any refund, rebate, or input tax credit to which the person is or may become entitled to under the ETA; and
• under paragraph 241(4)(b) of the ITA, determining a tax, interest, penalty, or other amount that is or may become payable by the person, or any refund or tax credit to which the person is or may become entitled under the ITA or any other amount that is relevant for the purposes of that determination.

For example, the net worth audit of an individual involves examining the change in assets and liabilities of the individual (the taxpayer) and all contributing members of the household (third parties) over time. This means that it may be necessary to disclose some taxpayer information about the contributing members of the household to the taxpayer, so that the taxpayer can understand how the auditor arrived at the net worth discrepancy.

This criterion must be narrowly interpreted because it is an exception to the rules in the legislation protecting taxpayer information. It includes only the minimum amount of third party information necessary to understand the determination of the amount in question.

All disclosures of third-party information require considerable judgment. Never provide third-party information where:

• the requester has not asked for third-party information;
• the requester has been provided with sufficiently detailed information or reports with respect to the basis for an assessment, reassessment, or denial of a tax credit that will allow them to understand how the amount was determined;
• the requester has not adequately explained why they need the information or what purpose it would serve (it is not enough for the requester to simply assert they need it); or
• the information is proprietary or of a protected nature, such as competitive information, social insurance numbers, and business numbers, or the name of the third party, unless the name is necessary to understand the assessment.

Consider these factors when making a decision to disclose the identity of a third party:

• Is there any way to help the taxpayer understand how the amount was determined without disclosing the third party's identity or information? For example, could you redact some information and provide a description of the nature of the records and of the redacted information? Could you provide other information that does not reveal the third party's identity or information?
• Is there a close commercial relationship between the taxpayer and the third party, such that the taxpayer would normally already have a record of the third party and the nature of the information involved? For example, the third party may be the taxpayer's customer or vice versa.

What not to disclose

Your program area may have identified information that should not be disclosed, for example information outlined in a program-specific audit manual, such as section 3.4.7 of the Income Tax Audit Manual. If that is the case, please continue to refer to such material, in addition to these guidelines.

In addition to information outlined in any existing guidelines or material published by your program, information that must not be disclosed includes:

• information protected by solicitor client privilege, including legal opinions and advice given to the CRA by legal counsel;^{Footnote 7}
• information that could jeopardize the Minister's position with respect to ongoing or future litigation with the taxpayer, such as internal debates and discussions regarding the strengths and weaknesses of an assessing position;
• information that interferes with or jeopardizes active audits, collections, criminal investigations, or other compliance activities, which includes:
  • information providing details of how the CRA selects or risk assesses cases (such as algorithms, risk scores, risk rankings, risk indicators selection criteria, individual thresholds, or cumulative thresholds) and risk assessment reports (such as COMPASS, Integrated Risk Assessment System (IRAS), Integras, Revenue Allocation Framework reports, SR&ED Risk Assessment Forms, Electronic Fund Transfer Requests, Referrals from the High Net Worth Compliance Directorate, or Related Party Audit Screening Reports forms)^{Footnote 8};
  • certain audit and administrative thresholds (for example, information that the CRA considers immaterial if the amount involved is below a certain threshold);
  • sensitive information related to international transactions, aggressive tax planning, tax avoidance, high net worth individuals, and third-party penalty audits;
  • discussions and deliberations including any emails and T2020s between the TSO and HQ or the Department of Justice on possible taxing positions, or notes relating to an audit strategy, including the merits of the technical positions that, in the end, are not pursued;
  • information on audit procedures or planned tests, including the detailed Audit Plan before the procedure, test, or audit is completed, and where doing so, could decrease its effectiveness;
  • information about referrals to Criminal Investigations, including correspondence with an official of the Criminal Investigations Program (such as a T134 form or T2020 notes); and
  • reports, such as the Audit Report or Penalty Recommendation Report, before they are finalized;
• informant or confidential source information, which includes:
  • information from an informant or confidential source;
  • the name of an informant or confidential source; and
  • information which may directly or implicitly reveal the identity of an informant or confidential source;
• information from another government institution or third party;
• information received from another tax administration through an exchange of information, including information protected by Treaty or Tax Information Exchange Agreement;
• information of third parties protected by copyright;
• information protected by a court order, written collaborative agreements, or memoranda of understanding^{Footnote 9};
• any determinations of materiality for purposes of an audit;
• tools developed for internal use that would reveal risk assessment criteria or would jeopardize the results of compliance actions if they were released; and
• information, documents, or comments considered to be internal deliberations or feedback in respect of audit quality, such as comments, internal communications, and reports from Audit Quality Review, Continuous Program Integrity Review, or other quality review programs.

The courts have stated that, on a case-by-case basis, the CRA may redact certain information from disclosure to the taxpayer or their representative based on what is known as public interest privilege, as recognized in the Canada v. Chad^{Footnote 10} decision. Where the disclosure of sensitive information – such as internal technical discussions as well as the strengths and weaknesses of possible assessing positions – could guide the taxpayer in reformulating their responses to audit inquiry and adversely affect the outcome of the audit (and by extension, overall compliance and tax fairness), then the information should not be disclosed, as it would not be in the public interest to do so.

You should consult with the Department of Justice and with Headquarters, as discussed in the section HQ support for these types of situations.

Appendix B contains a checklist that will help you determine whether information should be disclosed. It is intended only to provide guidance in identifying any potential injury to the administration and enforcement process before releasing particular pieces of information. You must always exercise professional judgment and consider the facts of the situation before reaching a decision that information can be released.

What may be disclosed

As part of the normal audit process, you should be proactively and regularly communicating with the taxpayer, and updating them during the course of the audit, subject to certain exceptions, for example as outlined in the preceding section. Furthermore, your audit case should be complete and should be of a quality that would meet the standards developed for the purposes of the Audit Quality Review Program, the Continuous Program Integrity Review, or other program-specific quality review functions with respect to risk assessment, audit planning, conducting the audit, and closing the audit. This means that, subject to the legislative provisions and other considerations identified in these guidelines for redacting certain information, especially related to an ongoing audit, the auditor, with the approval of their supervisor and that person's immediate supervisor, should be in a position to give the taxpayer or the authorized representative the requested information in response to an informal disclosure request.

The substance of the exemptions and exclusions under the Access to Information Act and Privacy Act is a relevant factors to use in applying discretion as to whether information should be disclosed and how much to disclose. Generally, if the information would otherwise be disclosed under a formal ATIP request, you can disclose it in response to an informal request.

Specific guidance on what may or may not be released in relation to particular portions of an audit are discussed below.

a) Screening package and risk assessment information

For those programs (such as those within the GST/HST Directorate, High Net Worth Compliance Directorate, and the Small and Medium Enterprises Directorate) that prepare a screening package when the case is screened, most of the information in the package indicates potential risk areas; disclosing it too early in the audit could impact the information the taxpayer chooses to provide and the audit result. This means that until you issue your proposed adjustments (proposal) to the taxpayer, do not release any part of the screening package, except for the screener's comments which explain why the case was selected. Make sure the screener's comments do not include any risk indicators or criteria that should not be released.

Typically, once the proposal has been issued, it means that the audit work has been completed and either the information in the screening package has been used, or you decided that it does not indicate a material risk. At this point, it is likely that no injury will result from releasing the information, with the exception of risk indicators, criteria, and specific information that should not be released.

Never release risk assessment reports (such as COMPASS, IRAS, Integras, Revenue Allocation Framework), SR&ED Risk Assessment forms, tax centre risk grids, or informant lead information. As well, if the case was selected based on an internally generated lead, do not release any information about the audit from which the lead was generated, including the particular taxpayer's name.

Any information relating to risk indicators used for identifying taxpayers for audit, or any information relating to risk scoring of taxpayers including but not limited to screening cases and risk assessment templates should not be released. To disclose the results of risk scoring and ranking of the taxpayer population based on automated systems could reveal to the taxpayer the CRA's risk assessment methodologies and allow the taxpayer to manipulate their tax filings to attempt to avoid detection, which would be injurious to the CRA's compliance and enforcement process.

Generally, risk indicators are analyzed and validated at the beginning of an audit and form the basis of the audit issues in the case. To help expedite the audit case, and in the spirit of transparency, the outstanding audit issues identified over the course of the audit should be communicated with the taxpayer and can be released as part of an informal disclosure request.

b) Referrals

Referrals to other compliance programs, such as Non Filer, Business Equity Valuations, Real Estate Appraisal, Technical Guidance, Rulings, and the SR&ED's National Technology Specialist Section, are predominantly based on facts and information provided by the taxpayer, and may be disclosed.

This is not the case for referrals to Criminal Investigations, which could cause evidence to be destroyed, altered, or relocated if the referral were released prematurely. For more information on how making contact with a taxpayer should be handled while Criminal Investigations is reviewing a referral, see section 28.2.12 of the GST/HST Audit and Examination Manual or section 10.11.8 of the Income Tax Audit Manual. If you receive an informal request for a case you have referred to Criminal Investigations, immediately contact the investigator in charge of the case.

For GAAR referrals, do not release the referral until after the position is finalized and approved by the Tax Avoidance Division.

For referrals to Collections, do not release any information about jeopardy assessments under subsection 322.1(2) of the ETA or subsection 225.2(2) of the ITA, or a "leaving Canada" issue under subsection 322(1) of the ETA or subsection 226(1) of the ITA.

c) Working papers and correspondence

While you can disclose most information in your working papers, if you have not completed an audit test, do not release information about your audit procedures when you release the working paper, because disclosing what you plan to do could decrease its effectiveness. This consideration also applies to information in your Audit Plan. Once the test has been conducted, you may release the procedures.

If the conclusion of a completed working paper indicates the need for another audit test and disclosing that information would lessen the effectiveness of the other test, then until you have completed the second test, do not release the conclusion when you release the working paper. For example, the bank deposit analysis (a supporting indirect verification of income test) concludes the test indicated unreported revenue and that the assessing net worth technique should be used. Disclosing the bank deposit analysis and its conclusion before the assessing net worth technique is completed, could affect the information the taxpayer makes available to perform the net worth audit.

Generally, when you are conducting an audit, you must explain your adjustments to the taxpayer and include calculations to support them. The taxpayer should have enough information to allow them to fully understand the adjustment and the underlying factors, so they can refute or mitigate the adjustment and properly exercise their right to object or appeal.

You must exercise judgment if a working paper contains taxpayer information about someone other than the requester. For guidance on the disclosure of third-party information, see the section Information about third parties.

Subject to the discussion about the Chad^{Footnote 11} decision and the discussion about not releasing the strengths and weaknesses of CRA technical positions^{Footnote 12} in the section What not to disclose, generally you can give a copy of correspondence sent to the taxpayer or their representative, and the final response received from internal technical areas of the CRA. If you are not certain whether the response could be disclosed, consult with the appropriate area. Do not release discussions or deliberations on possible taxing positions or notes relating to audit strategies, as they contain information that could be used by taxpayers to circumvent the audit strategy.

You may release a copy of the taxpayer's information that was or should have been part of the taxpayer's books and records, such as bank statements you obtained from the bank through a requirement.

d) Reports

Do not release your Audit Report or any position paper until it is finalized.

Releasing reports, such as the Pursuit of Profit Report, Restricted Farm Loss Report, Capital Gain vs. Income Report, Penalty Recommendation Report, or Third-Party Penalty Recommendation Report, before they are signed by all applicable parties could impact the information the taxpayer chooses to provide and the audit result.

Consult your supervisor if you are not certain whether a particular report should be released.

e) Other

Queries or review notes from your supervisor are considered to be part of the audit case. They may reveal audit strategies that could affect the outcome of the audit if disclosed. If this is the case, do not release them until the audit test has been completed.

For requests related to internally published material, your supervisor must contact the responsible area for guidance:

• GST/HST learning products – the GST/HST Training Section at Compliance Programs GST/HST Training (CRA).
• GST/HST Audit and Examination Manual, communiqués, policy, or memorandum – the GST/HST Policy Section at GST/HST Audit Manual (CRA).
• Income tax learning products – the Income Tax Training Section at Training-ITA Small and Medium (CRA).
• Income tax policy, memoranda, and communiqués – to the specific functional HQ Program area that issued the document.
• Income Tax Audit Manual (ITAM) – there is no protected information contained within the ITAM; all of the information may be disclosed and is available on the CRA Compliance Manuals, Policies and Committees web page. If a substantial amount of information from the ITAM has been requested, email the Policy Section, Medium Business Audit Division, at Income Tax Audit Manual (CRA).
• International and Large Business Audit Manual (ILBAM) – available on the CRA Compliance Manuals, Policies and Committees web page.

Removing protected information from a document

Based on the criteria discussed above, you may need to redact certain information from a document before giving it to the taxpayer. You may also need to hold back a complete document.

When redacting a portion of the information in a specific document, it must be obvious to the recipient that some information has been removed. You do not need to leave a blank space equivalent to the size of the information removed. It is sufficient to leave a few blank lines. The information removed from the document must not be readable. To make sure this is the case, you can remove the information electronically and save the document with the information removed as a new document (properly named) and included in your audit case.

If it is not possible to remove the information and leave a blank space, black out the information to be redacted using the highlight function, covering the information with a separate text box filled in black, or striking it out using a marker on a printed document. Be aware that it is possible to separate and remove both highlighting and text boxes from electronic documents, and for printed documents with information struck out by marker, it is possible to read the blacked out text by holding the document up to a bright light. To prevent disclosing blacked out information in hard copy documents, make a photocopy of the document after the black out has been applied. For electronic documents, print the document after the black out has been applied and scan it as a new document.

If you decide to not release an entire document, there is no need to inform the requester that a document has been omitted from the result.

Documenting a request

a) Open audit cases

Any information released to a taxpayer in relation to an open audit case should be documented in the T2020, Memo for File. The T2020 should include details of any conversations you have with the requester, your supervisor, other areas, or the ATIP liaison officer. It should also include a detailed list of the documents (such as working papers or reports) you gave to the requester, when the item was made available, and the method by which it was provided.

The T2020 must be clear as to what factors were considered in making the decision to release the information, what information (if any) was redacted, and why the information was redacted. If releasing the T2020, you should redact all entries that relate to information that was not released.

For requests received on open audit cases, make sure to include informal disclosures as a listed item on your working paper index. For example, under Correspondence, include a subsection for informal disclosures.

b) Closed audit cases

When an informal request for information is received for a closed case, create a new T2020, Memo for File, specifically to document the request. This would include disclosure requests that were not accepted, such as an informal request for an audit case closed more than 12 months before the request date.

The request, the T2020, and a copy of all documents given to the requester in hardcopy must be sent to Recall after responding to the request. If the documents were given to the requestor electronically, as discussed in the section Format of information, the T2020 must include a list of the documents and details of how they were made available to the requestor. For current information on sending documents to Recall, see the KnowHow pages Information and Tax records and RC467 Transmittal slip. When completing the RC467, it is important that you choose the correct tax program from the drop down list for the field "Select applicable records inventory," then select Informal disclosure of information from the drop down list for the field of "Select applicable records series description."

Format of information

The preferred method to send information is electronically through one of the secure portals discussed in the sections Guiding principles and Methods of receiving requests. If information cannot be provided through one of the secure portals, the information can be made available to the requester by registered mail, by mail, or other approved method. When information is sent through mail to a taxpayer, you must follow the published Information Security Policy, Secure Mailing of Information Procedures, and any related communications. The provision and transmission of any information provided should be done in accordance with applicable guidelines in effect at the time of response (for example, guidelines with respect to email communication).

The default format for all files provided to the taxpayer is PDF (not Word or Excel), as viewers are available across digital platforms at no cost. Before converting a document to PDF, make sure to add a watermark that states "Copy provided on YYYY-MM-DD by the CRA – Informal request" to the PDF.

If another electronic format is requested, discuss potential options with your supervisor first, and where appropriate, your supervisor should consult with Headquarters, as discussed in the section HQ support.

Materials should be provided in the official language on file for the requester. In rare situations (for example, high volume of materials to translate or a different official language requested than is on file) consult with Headquarters, as discussed in the section HQ support.

Review and approval

Before you send the requested information to the requester, your supervisor and their supervisor must review and approve the information in the format in which it is to be provided. Evidence of the approval must be documented. For current audit cases, the approval can be documented through the use of the Review function within Integras, or a T2020 entry along with a copy of the email from the reviewer stating they approve the release of the information (specify what is approved). For closed cases, the approval must be documented in the T2020.

Time recording

Use indirect activity code 139 for the time spent responding to informal disclosure requests related to closed audit cases or information not related to an audit case, such as a request for a copy of a communiqué.

Internal order number 722684 is to be used when the requested information relates to an open audit case. This would generally include requests for all information prior to issuing your proposal, and requests for administrative documents, such as the T20 Audit Report or penalty reports.

HQ support

Headquarter functions will support the field with respect to the redaction of information that is requested under an informal disclosure, and before the information is released. Supervisors should contact their specific program area in the Compliance Programs Branch.

• Criminal Investigations Directorate, Workload Development and Intelligence Section, at T134 Referrals-Criminal Investigations (CRA)
• GST/HST Directorate, Leads and Voluntary Disclosures Division, at GST/HST ATIP
• High Net Worth Compliance Directorate at OCD ATIP Requests (CRA)
• International and Large Business Directorate, Large Business Audit Division, Continuous Program Integrity Review, at CRA.O CPIR-NON VISIT
• Small and Medium Enterprises Directorate, Compliance Service Division, at Issues Management-CPB-SMED (CRA)
• SR&ED Directorate, Program Guidance and Stakeholder Relations Division, at SR&ED-ATIP (CRA)

Administrative functions, such as communicating with the requester, retrieving information, and responding to the requester, remain the responsibility of the area who initially received a request for information.

Resources

KnowHow

• Informal Disclosure – for employees
• Informal Disclosure – of taxpayer information

Training

• HQ1195-001 Informal Disclosure
• HQ1705-000 Access to Information and Privacy
• Canada School of Public Service, Access to Information and Privacy Fundamentals (I015) – a one-hour online course all employees are encouraged to take

Appendix A – Confidentiality questions

The confidence and trust that individuals and businesses place in the CRA is a cornerstone of Canada's voluntary tax system. The CRA takes the protection of taxpayer information very seriously. Privacy and confidentiality is one of the sixteen rights outlined in the Taxpayer Bill of Rights.

All CRA employees have a responsibility to protect taxpayer information at all times. It is critical that you make sure the people you are dealing with are properly authorized. Any person you speak with, must have the correct level of authority before you can discuss the details of an informal disclosure request with that person.

As appropriate, tailor your confidentiality questions to the program account related to the taxpayer's enquiry and the person you are speaking with. For example, when speaking with an authorized representative of the taxpayer, follow the procedures discussed in this appendix for authorized representatives.

The confidentiality questions can be found in document Confidentiality questions. This document has been added to the Integras Template Library.

If you are unsure of the person's identity, never disclose any information.

Appendix B – Checklist for releasing information

Prior to releasing information in response to an informal disclosure request, you should determine if the information is sensitive or if its release could cause injury to the administration and enforcement process. In making your determination, you should consider the series of questions detailed in the document Checklist for releasing information. This checklist has been added to the Integras Template Library.

This checklist is only for purposes of responding to informal disclosure requests. If you receive a formal disclosure request from a taxpayer, it must be sent to the ATIP Directorate for processing, as discussed in the section Meaning of the term informal request.

If you answer yes to any of the questions, in most cases, the requested information should not be informally disclosed.

Many of the questions use the term record, which is defined in section 3 of the Access to Information Act. For purposes of that Act, record means any documentary material, regardless of its medium or form. Software is not a record, but an item used to generate, view or edit a record.