Canada Revenue Agency
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

 

Institutional links

Security of Taxpayer Information

The Canada Revenue Agency (CRA) takes the security of all taxpayer information very seriously. The CRA reviews internal processes continuously to prevent unlawful attempts to obtain tax information and to make sure that taxpayers’ rights are protected.

This Web page:

  • summarizes the safeguards in place at the CRA to ensure the security and privacy of taxpayer information;
  • provides tips for taxpayers on what to do if they suspect their personal information has been compromised; and
  • provides information on the legislative framework that protects personal information at the CRA.

Safeguards

For the security of taxpayer information, the following policies and procedures are in place:

  • Personnel screening: All prospective CRA employees undergo security screening before employment.
  • Employee awareness of their responsibilities: New employees are briefed on their security obligations and security awareness information is regularly communicated to all employees. All CRA employees are subject to strict standards of conduct as defined in the CRA’s Code of Ethics and Conduct.
  • All taxpayer information is protected: Depending on the information, employees may have to take special steps in handling it. For instance, taxpayer information must be kept physically secure; employees may not transmit taxpayer information by email or leave voice messages containing taxpayer information; employees have to make sure that information is shared only with the taxpayer concerned or with a third party only after the taxpayer has given written consent.
  • Access to taxpayer information is on a need-to-know basis: CRA employees with different levels of responsibility, such as taxpayer services personnel, auditors, investigators, or those handling income tax files, have different levels of access depending on the requirements of their work.
  • Regular risk assessment: The CRA performs regular risk assessments and internal audits to ensure the security and integrity of its internal processes.
  • Suspected breaches of confidentiality of taxpayer information: If a taxpayer tells the CRA about a suspected breach of confidentiality of personal information, the Agency can put a stop to any outside request concerning that taxpayer’s account. The CRA will tell the taxpayer that the Agency will disable all online access to the taxpayer’s account immediately, whether it be My Account, NETFILE, TELEFILE, or EFILE. Online access can later be restored at the taxpayer’s request by calling the e-service Helpdesk at 1-800-714-7257.
  • Disciplinary measures: CRA officers immediately and thoroughly investigate any security breach or allegation of unauthorized access or disclosure of taxpayer information. Any employee found to have acted inappropriately is subject to disciplinary action, up to and including termination of employment.
  • Network access denied to departing employees: Departing CRA employees have to return their employee ID cards, and steps are taken to end their network access.

Tips for taxpayers

  • Have you been a victim?

If you think your personal information has been compromised, you should immediately contact your local police force and, if you believe your tax information may be affected, contact your local CRA tax services office at 1-800-959-8281.

If the CRA has confirmed that a taxpayer's information has been compromised, the Agency will act to prevent the fraudulent use of the information involving systems and processes for which the CRA is responsible.

If your social insurance number (SIN) has been stolen, you should contact Service Canada at 1-800-206-7218 (Option 3). For more information, see Social Insurance Number (Service Canada Web site).

If you think your epass user ID or the password you use in personal dealings with government departments or agencies has been compromised, contact the Government of Canada epass helpdesk, at 1-866-372-7742. For more information, see CRA epass services.

You may also want to visit the following Web sites where you will find information on how to protect your personal identity and credit standing:

Office of the Privacy Commissioner of Canada

Royal Canadian Mounted Police

Equifax and TransUnion Canada are two services that keep credit information on almost all individuals. At your request, these services can place an indicator or flag on your credit file to alert you of any changes. You can reach these services at the following telephone numbers and Web sites:

Equifax
1-800-465-7166

TransUnion Canada
1-800-663-9980

General security information

  • Online security for taxfilers: See The CRA and Internet Security.
  • Do not communicate personal information by email.
  • Physical security:
    • Send the CRA your change of address when you move.
    • Use a reputable tax preparer.
    • Shred unwanted documents or store them in a secure place. Make sure that documents with your name and SIN are secure.
    • Do not provide your SIN to others unnecessarily.
    • Beware of scam emails and telephone calls.
    • Ask a trusted neighbour to pick up your mail when you are away or ask that a hold be placed on delivery.

Legislative framework

The CRA’s legal obligation to safeguard the confidentiality and integrity of taxpayer information for which it is responsible flows from the following legislation:

Under the Income Tax Act, the Excise Tax Act, and the Excise Act, 2001, no employee can share taxpayer information with any party except for the taxpayer concerned or with a third party only after the taxpayer has given written consent. Similarly, both the Privacy Act and the Access to Information Act prohibit the disclosure of personal information except under circumstances as stated in the legislation.

Date Modified: 2007-03-26

Top of Page
Important Notices