Article content continued

I have serious concerns about the extent to which FINTRAC’s information holdings are populated with personal information

In another case, a young business person cashed three bank drafts worth almost $100,000 US, purchased from a major Canadian bank. The organization that cashed the drafts confirmed the validity of the drafts with the issuing bank but still reported to FINTRAC because it felt that the amount of money seemed “odd” considering the individual’s age.

“Given the examples we found, I have serious concerns about the extent to which FINTRAC’s information holdings are populated with personal information that should never have even been submitted,” said Privacy Commissioner.

“This is particularly disappointing, given that FINTRAC had previously indicated that it was committed to finding new ways to limit the amount of personal information it was accepting and holding.”

FINTRAC, which works co-operatively with various law enforcement agencies across Canada, was created under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in 2000.

As of March 2012, FINTRAC had a database that contained 165-million reports of potential fraudulent activity or terrorist financing. The commissioner’s audit found many of these files contain personal information that FINTRAC has no legislative authority to receive and collect, and that the department did not need or use for the purposes of fulfilling its duties.

The information includes such things as social insurance numbers, which FINTRAC does not have the authority to collect, and reports about individuals carrying cash across the border, even though these amounts did not exceed the $10,000 reporting threshold.