Security requires a partnership between two parties—in this case, you and the CRA.
To help ensure that your NETFILE income tax information remains confidential, remember the following:
At the CRA, we're responsible for providing NETFILE access only to clients who give us their SIN and date of birth. We'll provide security at our Web site and guarantee that your personal and financial information is securely stored in our computers.
We're also responsible for ensuring that your personal and financial information is transmitted in an encrypted format between your computer and our Web servers. This ensures that computer hackers and other Internet users can't alter or view data being transmitted between you and us.
We use sophisticated security techniques to protect this Web site. State-of-the-art encryption technology and security procedures protect your personal information at all times.
While every possible effort has been made to ensure the safety and integrity of transactions at our Web site, the Internet exists as a public network and therefore is outside of our control.
You'll need to give us two pieces of identification (social insurance number and date of birth) to access our NETFILE transmission service. These two pieces of identification create your electronic signature. Make sure that you keep each piece of your identification confidential so that your electronic signature can't be used by others.
There is a separate service for tax preparers to use to file your tax return electronically called EFILE. The tax preparers sign in using their own user id and password. Prior to filing on your behalf, your authorization is required. Please ensure you sign Form T183, Information Return for Electronic Filing of an Individual's Income Tax and Benefit Return to give authorization. This form does not give authorization for someone to file on your behalf using NETFILE. See Security of Taxpayer Information.
You have to use approved security protocols to access our Web site. Although some Web sites will allow you access with 40-bit encryption, we limit access to browsers supporting 128-bit secure sockets layer (SSL) encryption. For more information, see the Your browser Web page.
Information stored in the browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information. After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of session cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser. If you are using Netscape Navigator, you should clear both your browser’s disk cache and memory cache before you close and reopen your browser.
To ensure your tax information is protected, we suggest you remove your tax--related files from your hard drive and store them on diskette or CD. Files left on a hard drive are vulnerable to hackers.
SSL encryption enhances the privacy of the information passing between your browser and our Web servers. SSL protocol provides a safe passage for the transmission of data and authentication processes by encrypting the information. Data can't be compromised when SSL is in use. This is the most secure form of encryption commonly available in North America.
In simple terms, your income tax return information is broken down into small separate packages of information called packets, and SSL encrypts each packet. These encrypted packets are sent into the Internet separately, like pieces of a puzzle, each individually addressed. Once they've all reached the safety of our secure Web server, they're reassembled and decrypted.
This is a typical requirement for Web-based services—such as online banking or shopping—where securing personal information is a priority. When you access our NETFILE transmission page, our server will verify your browser's encryption capability and verify your session cookie is set (no other information will be accessed).
We're taking precautions to ensure the confidentiality of the data transmitted using the NETFILE service. Using 128-bit SSL encryption protects information by verifying the identity of the parties on both ends of the Internet connection before confidential information is exchanged. Your electronic signature is identified when you log on to the transmission Web page. Throughout the session, extensive measures maintain security.
Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses. Your anti-virus software helps protect the data on your computer software and your operating system.
Although email is common and widely used today, it is not secure. You should never send us confidential information by unsecured email, as the unsecured email can be intercepted and the name of the originator can be changed. We do not trust personal information received through unsecured email.
A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.