We are constantly being warned about putting our personal information online. Yet at the same time as Canadian tax payers we are being encouraged to do our filing electronically to the CRA. This raises the question as to how safe is our tax information when it is being submitted this way?
The Canada Revenue Agency has certainly had its problems with security breaches over the years. The argument to this is that no online organization could be perfectly secure. That in itself should raise some concerns with information that is as sensitive as the taxpayers information is.
Probably what brought these concerns of many to the forefront was the heart bleed virus that attacked the CRA not long ago. It is the privacy commissioner that keeps track of these types of security breaches. The CRA does not have a very good track record. Indications are that 14% of the security and privacy breach that took place amongst all of the Federal government agencies last year were related to the CRA. Records indicate that in total there were 218 breeches throughout the various agencies and about 30 of those belonged to the CRA.
The Heartbleed bug was due to a flaw in the Open SSL cryptography. While this particular bug hit a lot of additional websites, the big complaint was that that the tax department did not move fast enough to stop the leak of information. The outcome of this breach was approximately 900 social insurance numbers of Canadians were stolen.
It isn’t as though the CRA has not been warned of potential security weaknesses. They were told in 2013 by the Federal privacy commissioner that there were potential problems. Some of these problems were with employees that had been hired by the CRA. This perhaps is more disturbing than a virtual security breach. Individuals working for the CRA are privy to a lot of personal information. The cases that were indicated as security breaches by employees were more than 50 case covering a two year. In the past few years indications are that there have been about 40,000 employees of the CRA that were caught manipulating taxpayer information.
The steps that the CRA have taken to try and correct some of these issues are to basically set up a hotline within the agency, which is basically a whistleblower.
There will be no getting away from eventually having to go electronic with your tax matters, but the security issues should be something that you may want to bring up with your local MP, especially during the next election.