Canada Revenue Agency
Symbol of the Government of Canada

Common menu bar links

Security

Security requires a partnership between two parties—in this case, you and the CRA.

Security tips

To help ensure that your NETFILE income tax information remains confidential, remember the following:

  • Do not let someone else file your tax return using NETFILE.
  • If you leave your computer on after completing activities in an encrypted area of the website, clear the cache, close and re-open your browser to eliminate copies of webpages that may have been stored on your computer's hard drive.
  • Never send confidential information—such as your social insurance number (SIN)—via email. Our email does not have secure transmission capabilities.
  • Important Security Information! Software developers whose products are certified for NETFILE are not representatives of the CRA. Canadian taxpayers are not obliged to submit personal information directly to the software developer when requesting software support. The CRA would like to remind you that email is not a secure method of communication. Sending personal information by email is especially a concern with the increased risk of identity theft.

The CRA

At the CRA, we're responsible for providing NETFILE access only to clients who give us their SIN and date of birth. We'll provide security at our website and guarantee that your personal and financial information is securely stored in our computers.

We're also responsible for ensuring that your personal and financial information is transmitted in an encrypted format between your computer and our web servers. This ensures that computer hackers and other Internet users can't alter or view data being transmitted between you and us.

We use sophisticated security techniques to protect this website. State-of-the-art encryption technology and security procedures protect your personal information at all times.

Note
While every possible effort has been made to ensure the safety and integrity of transactions at our website, the Internet exists as a public network and therefore is outside of our control.

Your part

You'll need to give us two pieces of identification (social insurance number and date of birth) to access our NETFILE transmission service. These two pieces of identification create your electronic signature. Make sure that you keep each piece of your identification confidential so that your electronic signature can't be used by others.

There is a separate service for tax preparers to use to file your tax return electronically called EFILE. The tax preparers sign in using their own user id and password. Prior to filing on your behalf, your authorization is required. Please ensure you sign Form T183, Information Return for Electronic Filing of an Individual's Income Tax and Benefit Return to give authorization. This form does not give authorization for someone to file on your behalf using NETFILE. See Security of Taxpayer Information.

You have to use approved security protocols to access our website. Although some websites will allow you access with 40-bit encryption, we limit access to browsers supporting 128-bit secure sockets layer (SSL) encryption. For more information, see the Your browser webpage.

Information stored in the browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information. After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of session cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser. If you are using Netscape Navigator, you should clear both your browser’s disk cache and memory cache before you close and reopen your browser.

To ensure your tax information is protected, we suggest you remove your tax--related files from your hard drive and store them on diskette or CD. Files left on a hard drive are vulnerable to hackers.

What does 128-bit SSL encryption really mean?

SSL encryption enhances the privacy of the information passing between your browser and our web servers. SSL protocol provides a safe passage for the transmission of data and authentication processes by encrypting the information. Data can't be compromised when SSL is in use. This is the most secure form of encryption commonly available in North America.

In simple terms, your income tax return information is broken down into small separate packages of information called packets, and SSL encrypts each packet. These encrypted packets are sent into the Internet separately, like pieces of a puzzle, each individually addressed. Once they've all reached the safety of our secure web server, they're reassembled and decrypted.

This is a typical requirement for web -based services—such as online banking or shopping—where securing personal information is a priority. When you access our NETFILE transmission page, our server will verify your browser's encryption capability and verify your session cookie is set (no other information will be accessed).

Confidentiality

We're taking precautions to ensure the confidentiality of the data transmitted using the NETFILE service. Using 128-bit SSL encryption protects information by verifying the identity of the parties on both ends of the Internet connection before confidential information is exchanged. Your electronic signature is identified when you log on to the transmission webpage. Throughout the session, extensive measures maintain security.

General computer security

Anti-virus software

Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses. Your anti-virus software helps protect the data on your computer software and your operating system.

Email

Although email is common and widely used today, it is not secure. You should never send us confidential information by unsecured email, as the unsecured email can be intercepted and the name of the originator can be changed. We do not trust personal information received through unsecured email.

Firewalls

A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.