How Secure Is Your Information As A Taxpayer?

The Canada Revenue Agency (CRA) takes the security of all taxpayer information very seriously. The CRA reviews internal processes continuously to prevent unlawful attempts to obtain tax information and to make sure those taxpayers’ rights are protected.

Safeguards

For the security of taxpayer information, the following policies and procedures are in place:

• Personnel screening: All prospective CRA employees undergo security screening before employment.
• Employee awareness of their responsibilities: New employees are briefed on their security obligations and security awareness information is regularly communicated to all employees. All CRA employees are subject to strict standards of conduct as defined in the CRA’s Code of Ethics and Conduct.
• All taxpayer information is protected: Depending on the information, employees may have to take special steps in handling it. For instance, taxpayer information must be kept physically secure; employees may not transmit taxpayer information by email or leave voice messages containing taxpayer information; employees have to make sure that information is shared only with the taxpayer concerned or with a third party only after the taxpayer has given written consent, except where the disclosure is authorized by law.
• Security markings on forms and documents: Some CRA forms or documents are marked Protected A or Protected B.  These markings help CRA employees ensure that sensitive information is handled in a secure manner.
• Access to taxpayer information is on a need-to-know basis: CRA employees with different levels of responsibility, such as taxpayer services personnel, auditors, investigators, or those handling income tax files, have different levels of access depending on the requirements of their work.
• Regular risk assessment: The CRA performs regular risk assessments and internal audits to ensure the security and integrity of its internal processes.
• Suspected breaches of confidentiality of taxpayer information: If a taxpayer tells the CRA about a suspected breach of confidentiality of personal information, the Agency can put a stop to any outside request concerning that taxpayer’s account. The CRA will tell the taxpayer that the Agency will disable all online access to the taxpayer’s account immediately, whether it be My Account for Individuals, Quick Access, My Business Account, Represent a Client, NETFILE, or EFILE. Online access can later be restored at the taxpayer’s request by calling the e-Services Helpdesk at 1-800-714-7257.
• Disciplinary measures: CRA officers immediately and thoroughly investigate any security breach or allegation of unauthorized access or disclosure of taxpayer information. Any employee found to have acted inappropriately is subject to disciplinary action, up to and including termination of employment.
• Network access denied to departing employees: Departing CRA employees have to return their employee ID cards, and steps are taken to end their network access.

Tips for taxpayers

CRA advises individuals to take the following precautions to protect their tax information:

• Do not communicate personal information by email.
• Send the CRA your change of address when you move.
• Use a reputable tax preparer.
• Shred unwanted documents or store them in a secure place. Make sure that documents with your name and SIN are secure.
• Do not carry your SIN card on your person and do not provide your SIN to others unnecessarily.
• Do not share your passwords, user IDs or access codes.
• Beware of scam emails and telephone calls.
• Ask a trusted neighbour to pick up your mail when you are away or ask that a hold be placed on delivery.