Privacy Management Framework overview

The Canada Revenue Agency (CRA) understands that Canadians want to know that their personal information is protected.

The CRA is one of the largest holders of personal information in the Government of Canada. Making sure this personal information is properly managed and protected is one of the Agency’s top priorities.

To demonstrate our commitment to protecting personal information, the CRA has developed the Privacy Management Framework. This report explains how the CRA manages privacy and includes: 

Our privacy guiding principles

The CRA has established five privacy guiding principles:

  1. We value and respect the client data in our possession and help our clients clearly understand how and why we are using it.
  2. We support our employees in understanding their data handling responsibilities, and we respond to our clients’ requests promptly and helpfully to drive a seamless and efficient experience.
  3. We put our clients at the heart of all changes and improvements to our service delivery by adopting innovative practices and including Privacy by Design principles into all that we do.
  4. We collaborate with our employees and integrate effective and secure client data management across the CRA to foster a holistic approach to building and maintaining client trust.
  5. We decide how we handle client data in line with legislative obligations and leading privacy practices and based on ethical standards.

Our privacy commitment

The CRA’s commitment to Canadians is to appropriately manage and proactively protect personal information through collaboration across the Agency and the adoption of Privacy by Design principles. To meet this commitment, we focus on the following measures:

  1. Embedding the privacy guiding principles and principles of Privacy by Design into the development, operation and management of all programs, processes, solutions and technologies involving personal information.
  2. Incorporating privacy protective measures in all relationships where the CRA may be required to share information to facilitate the appropriate handling and protection of personal information.
  3. Taking the necessary precautions and steps to protect personal information from external and insider threats.
  4. Supporting employees to understand their privacy responsibilities and compliance obligations.
  5. Managing existing and emerging data risks, monitoring and responding to privacy compliance issues.
  6. Assessing and managing privacy breaches in keeping with Treasury Board of Canada Secretariat policy instruments to document and evaluate potential risks to the affected individual and mitigate them.

Our privacy governance structure

The CRA has developed a strong privacy governance structure that fosters collaboration between all branches and regions and enables the incorporation of privacy considerations into all initiatives and services. The governance structure includes a senior privacy committee, operational committees, and initiative-based working groups.

We are committed to safeguarding the information that Canadians have entrusted to our organization. To meet your expectations, we take the necessary measures to protect personal information, enable the appropriate management of data, and promote employee responsibility for privacy.

To learn more about how we manage privacy at the CRA, consult our Privacy Management Framework.

Page details

Date modified: