Prevent Fraud: Protect Your Employees’ SINs and Personal Information

As an employer, you have a responsibility to safeguard your employees’ personal information. That means you play a leading role in preventing Social Insurance Number (SIN) fraud and protecting your employees if their information is at risk.  

Prevent SIN fraud 

Only ask for a SIN once someone has been hired. SINs are confidential and should only be used for income-related information.  

Your employees’ SINs and personal information should not be easily available. Store all sensitive employee information in a secure area or on an encrypted computer system and only allow access to that information on a need-to-know basis. 

Protect your employees 

If you become aware of a breach in security that affects your employees’ personal information, you must act immediately to minimize the impact and protect your employees.  

Step 1: Assess the damage 

Determine the type and extent of personal information that was put at risk. Estimate what time it happened. If electronic files were involved, find out whether the data was encrypted. The more information you can gather, the more you can help your affected employees.  

Step 2: Contact the police 

If any criminal activity occurred, such as theft or fraud, contact the police immediately.  

You can also contact the Canadian Anti-Fraud Centre for advice and assistance related to identity theft.  

Step 3: Contact Service Canada 

If your employees’ SINs have been impacted, contact Service Canada’s Social Insurance Registration Office. Our officers can help you determine what can be done to address the situation and minimize the damage to your employees.  

Step 4: Contact credit bureaus 

Speak to fraud specialists at Canada’s two national credit bureaus for advice on how to handle the incident appropriately. 

• Equifax: 1-800-465-7166 
• TransUnion: 1-800-663-9980 (or 1-877-713-3393 for residents of Quebec)  

Step 5: Inform impacted employees 

Inform your employees in writing as soon as possible. The letter should include: 

• a brief summary of the incident; 
• a description of the measures taken;  
• advice on what the affected individual should do; 
• an explanation of the type of information that may have been put at risk; and 
• contact information for further assistance. 

By storing your employees’ SINs and personal information securely and following the above steps if your employees’ information is at risk, you can protect your employees and join the fight against fraud!