Security

Security requires a partnership between two parties—in this case, you and the CRA.

Security tips

To help ensure that your NETFILE income tax information remains confidential, remember the following:

• Keep your access code a secret! The NETFILE transmission service can only be accessed with your access code. Do not let someone else file your tax return using NETFILE.
• If you leave your computer on after completing activities in an encrypted area of the Web site, clear the cache, close and re-open your browser to eliminate copies of Web pages that may have been stored on your computer's hard drive.
• Never send confidential information—such as your social insurance number (SIN) or access code—via email. Our email does not have secure transmission capabilities.
• Important Security Information! Software developers whose products are certified for NETFILE are not representatives of the CRA. Canadian taxpayers are not obliged to submit personal information directly to the software developer when requesting software support. The CRA would like to remind you that email is not a secure method of communication. Sending personal information by email is especially a concern with the increased risk of identity theft.

The CRA

At the CRA, we're responsible for providing NETFILE access only to clients who give us their SIN, date of birth, and access code. We'll provide security at our Web site and guarantee that your personal and financial information is securely stored in our computers.

We're also responsible for ensuring that your personal and financial information is transmitted in an encrypted format between your computer and our Web servers. This ensures that computer hackers and other Internet users can't alter or view data being transmitted between you and us.

We use sophisticated security techniques to protect this Web site. State-of-the-art encryption technology and security procedures protect your personal information at all times.

Note
While every possible effort has been made to ensure the safety and integrity of transactions at our Web site, the Internet exists as a public network and therefore is outside of our control.

Your part

You'll need to give us three pieces of identification to access our NETFILE transmission service. These three pieces of identification create your electronic signature. Make sure that you keep each piece of your identification confidential so that your electronic signature can't be used by others.

If your tax return is being prepared and filed by someone other than yourself, ensure you do not provide him or her with your access code. There is a separate service for tax professionals to use to file your tax return electronically called EFILE. This service does not require your access code. The tax professionals sign in using their own user id and password. Prior to filing on your behalf, your authorization is required. Please ensure you sign Form T183, Information Return for Electronic Filing of an Individual's Income Tax and Benefit Return to give authorization. This form does not give authorization for someone to file on your behalf using NETFILE. See Security of Taxpayer Information.

You have to use approved security protocols to access our Web site. Although some Web sites will allow you access with 40-bit encryption, we limit access to browsers supporting 128-bit secure sockets layer (SSL) encryption. For more information, see the Your browser Web page.

Information stored in the browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information. After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of session cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser. If you are using Netscape Navigator, you should clear both your browser’s disk cache and memory cache before you close and reopen your browser.

To ensure your tax information is protected, we suggest you remove your tax--related files from your hard drive and store them on diskette or CD. Files left on a hard drive are vulnerable to hackers.

What does 128-bit SSL encryption really mean?

SSL encryption enhances the privacy of the information passing between your browser and our Web servers. SSL protocol provides a safe passage for the transmission of data and authentication processes by encrypting the information. Data can't be compromised when SSL is in use. This is the most secure form of encryption commonly available in North America.

In simple terms, your income tax return information is broken down into small separate packages of information called packets, and SSL encrypts each packet. These encrypted packets are sent into the Internet separately, like pieces of a puzzle, each individually addressed. Once they've all reached the safety of our secure Web server, they're reassembled and decrypted.

This is a typical requirement for Web-based services—such as online banking or shopping—where securing personal information is a priority. When you access our NETFILE transmission page, our server will verify your browser's encryption capability and verify your session cookie is set (no other information will be accessed).

Confidentiality

We're taking precautions to ensure the confidentiality of the data transmitted using the NETFILE service. Using 128-bit SSL encryption protects information by verifying the identity of the parties on both ends of the Internet connection before confidential information is exchanged. Your electronic signature is identified when you log on to the transmission Web page. Throughout the session, extensive measures maintain security.

General computer security

Anti-virus software

Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses. Your anti-virus software helps protect the data on your computer software and your operating system.

Email

Although email is common and widely used today, it is not secure. You should never send us confidential information by unsecured email, as the unsecured email can be intercepted and the name of the originator can be changed. We do not trust personal information received through unsecured email.

Firewalls

A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.