EFILE Online Services

Individual Returns Directorate
Assessment, Benefit, and Service Branch

On this page

Overview & Privacy Impact Assessment Initiation (PIA)

Government institution

Canada Revenue Agency

Government official responsible for the PIA

Frank Vermaeten
Assistant Commissioner
Assessment, Benefit, and Service Branch

Head of the government institution or Delegate for section 10 of the Privacy Act

Steven Morgan
Director General
Access to Information and Privacy Directorate

Name of program or activity of the government institution

Tax Services and Processing

Standard or institution specific class of record:

EFILE Online services
CRA ABSB 216

Standard or institution specific personal information bank:

EFILE Online Services
CRA PPU 211
TBS Registration Number: 20170136

Legal authority for program or activity

The legislative authority to evaluate prospective and existing electronic filers is subsection 150.1(2) of the Income Tax Act (ITA).

The legislative authority regarding mandatory electronic filing of individual income tax returns is subsection 150.1(2.3) of the ITA.

The legislative authority for the declaration for electronic filing is subsection 150.1(4) of the ITA.

Personal information is collected under the authority of section 220 of the ITA and the social insurance number (SIN) of each electronic filing applicant is collected pursuant to section 237 of the ITA and is used for identification purposes.

Summary of the project, initiative or change

Overview of the Program or Activity

EFILE is an automated web service that allows approved tax preparation service providers and discounters to send income tax return information to the CRA directly from EFILE-certified tax preparation software. The certification of software products takes place every year. Software products that will be used by electronic filing applicants to transmit returns using the EFILE web service are verified and tested to ensure they are compatible with the EFILE service, as well as to ensure any legislative changes are included in the final certified products.

Taxpayers may take their tax slips and supporting documents to a registered tax preparer and for a fee, the tax preparer will prepare their return and send it to the CRA electronically using the EFILE web service. In addition, taxpayers can use the services available through the CRA’s Community Volunteer Income Tax Program to have their return prepared and sent to the CRA for free.

Any firm, organization, or individual providing tax preparation services who has met the definition and requirements of an applicant and who has successfully met all the suitability screening criteria will be given access to the full suite of EFILE Online services. The current list of electronic services is as follows:

Access to all of the electronic services above is granted via the use of an EFILE number and password through EFILE-certified tax preparation software.

Suitability screening is the process of verifying the reliability of prospective and existing electronic filing applicants. It is conducted by the CRA every year before applicants are permitted to electronically file income tax returns on behalf of their clients. We evaluate all applicants before, during, and after the filing season to:

For EFILE purposes, an applicant can be:

An applicant, or any person having management and control of the applicants, must meet the following requirements:

An applicant/participant who meets and continues to meet the following screening criteria may electronically file returns provided the applicant has:

We also monitor the activities of electronic filers to ensure that they comply with our requirements. This maintains a high standard of quality for electronic returns and transmissions. If an electronic filer does not comply with these requirements during the program, we will issue warning letters as required and can suspend EFILE privileges. We monitor such items as the following:

Scope of the Privacy Impact Assessment

This PIA excludes the following:

Risk identification and categorization

A) Type of program or activity

Administration of Programs/Activity and Services 

Level of risk to privacy: 2

Details:

The annual Screening of prospective and existing electronic filing applicants involves ensuring certain requirements are met and criteria are passed before access to EFILE Online services is granted. We use personal information, such as, SIN and if applicable, Business Number (BN), provided by the electronic filing applicants on their online EFILE registration, account renewal and/or maintenance requests to determine if they meet these requirements and pass the Screening criteria. When the requirements are not met and/or the criteria are not passed, the CRA employee will discuss these issues directly with the electronic filing applicant. If the issues can be resolved, the electronic filing applicant will be granted access to EFILE Online services. If the issues cannot be resolved, the electronic filing applicant will be denied access to EFILE Online services.

The annual Monitoring of selected electronic filing applicants involves ensuring they are complying with our requirements and when there are deficiencies noted, we may issue a warning or suspend access to EFILE Online services, if the deficiency is serious in nature.

B) Type of personal information involved and context

SIN, medical, financial or other sensitive personal information and/or the context surrounding the personal information is sensitive. Personal information of minors or incompetent individuals or involving a representative acting on behalf of the individual.

Level of risk to privacy: 3

Details:

Personal information collected during the EFILE Online registration, renewal or account maintenance processes includes sensitive personal informal information such as the name, contact information, SIN, user name and passwords, and program screening criteria such as, bankruptcy, convictions, and outstanding balances owed to the CRA.

If the electronic filing applicant successfully completes the EFILE Online registration form, an EFILE number and password will be issued and displayed on the web page during the online registration session. If the electronic filing applicant has an existing EFILE number and password from a prior EFILE program year, they are invited to renew that EFILE account annually through an online renewal process using their existing EFILE credentials. If that process is completed successfully, a newly assigned password will be displayed on the web page during the online renewal session. Electronic filing applicants are also permitted to update certain information on an existing EFILE account using an online account maintenance option.

The information above is stored in the EFILER Information System (EIS) by EFILE number when the registration, renewal or account maintenance is completed successfully by the electronic filing applicant. Access to the EIS is only available, on a need to know basis to CRA employees who have the applicable profile. 

Some of this information is also stored in the Electronic filer list Program (ELP), a web-based intranet application that provides statistical summaries, detailed lists and three search options for electronic filing applicants. This application is for internal use only as it resides on the CRA’s intranet site. It is accessed using a User ID and Password that is assigned to each Helpdesk by the Electronic Filing Services Section (EFSS).

The email address that is collected from electronic filing applicants is required as the CRA uses it to communicate via email with a large number of electronic filing applicants using a ‘Listserver’ software, known as the Lyris system, using automated processes. Emails sent through the Lyris system do not contain any confidential information and the content of these emails are published on the EFILE website.

C) Program or activity partners and private sector involvement

With other or a combination of federal/provincial and/or municipal government(s) 

Level of risk to privacy: 3

Details:

Information regarding electronic filing applicants may be solicited from and/or shared with other programs within the CRA, identified under the following Personal Information Banks:

As per signed information sharing agreements, limited personal information regarding electronic filing applicants located in the province of Québec may be shared with the province of Québec. 

D) Duration of the program or activity

Long-term program 

Level of risk to privacy: 3

Details:

The EFILE Online Services program is a long-term well-established program and thus has no expected end date in the foreseeable future.  

E) Program population

The program affects certain individuals for external administrative purposes.

Level of risk to privacy: 3

Details:

This program affects those individuals or businesses that wish to access various EFILE Online services. It could also impact clients of these individuals or businesses should they not be granted access to these EFILE Online services.

F) Technology & privacy

  1. Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?

    Risk to privacy: No

  2. Does the new or modified program or activity require any modifications to IT legacy systems and/or services?

    Risk to privacy: No

  3. Does the new or modified program or activity involve the implementation of one or more of the following technologies?

    Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc.) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).

    Risk to privacy: No

    Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices, RFID, surreptitious surveillance/interception, computer aided monitoring including audit trails, satellite surveillance etc.

    Risk to privacy: No

    Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

    Risk to privacy: Yes

    Details:

    We have the ability to track activities of electronic filing applicants with regard to the registration, renewal or account maintenance functions. Furthermore, when account maintenance is performed by electronic filing applicants, the EFILE Helpdesk responsible for the EFILE account is notified by email what field(s) was modified. We also have the ability to track certain transmissions submitted to the CRA using the EFILE number and password for the various EFILE Online services. 

    Also, as part of the CRA security program, CRA employees who have access to personal information are monitored through the Internal Affairs and Fraud Control Program which includes the use of the Enterprise Fraud Management (EFM) solution. The EFM solution records information, such as user logon ID, date and time of logon, logout, user location, terminal identity, name and ID of client records accessed, including edits or changes made during each user session, etc.

    The information is used to verify that only authorized users have accessed personal information and to ensure that access can be linked to specific individuals to support the investigation of suspected or alleged misuse.

    Every time CRA employees log in on their computers, a notice pops up requiring employees to acknowledge that they are aware that all access to CRA networks is monitored and that access is on a need-to-know basis. This information is described in the CRA personal information bank Monitoring of Electronic Access to Taxpayer Information, CRA PPU 718.

    Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.

    Risk to privacy: Yes

    Details:

    Existing electronic filing applicants must use their EFILE number and current password in order to log in to renew or maintain their EFILE account. This information is checked against the EFILE credentials in the EFILER Information System and if it is validated, the electronic filing applicant is presented with the option to renew or maintain their EFILE account. The web page that is displayed will populate the existing information from the EFILE account, present it to the electronic filing applicant, who is then required to check the information and if necessary, make any changes before submitting the request to renew or update the account. The SIN on EFILE accounts is masked during renewal and account maintenance sessions to protect confidential information and a message shows to explain why the SIN is masked. 

    If an existing electronic filing applicant submits a new registration instead of renewing their existing EFILE account, the new EFILE account may be ‘flagged’ if certain conditions are met. These EFILE accounts are shown with a symbol displayed next to them in the List of Accounts Requiring Review screen in the EFILER Information System. This is a type of matching that is used to identify situations where the electronic filing applicant may be trying to gain access to EFILE Online services using a different EFILE account, where they may have been denied access to or suspended from the EFILE Online Services program under another EFILE account.

    The Electronic filer list Program can be used by CRA employees with approved access to search that database using a variety of personal information items, such as SIN, BN, Discounter number, postal code (business and mailing), telephone number, facsimile number, email address, applicant name, contact name, owner name, official name, business name and Internet Protocol (IP) address. The results of the various searches can be downloaded into an Excel spreadsheet or viewed on a web page. The download option allows the user to manipulate the information, as required. Statistical summaries and detailed lists can also be viewed on a web page or downloaded.

G) Personal information transmission

The personal information is transmitted using wireless technologies. 

Level of risk to privacy: 3

Details:

Electronic filing applicants must register for, and/or renew and maintain their account information online.  The system will verify the submitted information and will generate error messages, if necessary. For example, if a mandatory field is not completed, a message will advise the user of the error and that must be corrected and the request resubmitted. Once the request (new registration, account renewal or modification) is accepted, the system will display a confirmation page that will tell the electronic filing applicant that their request was successful, as well as contain the EFILE number and password. These two pieces of identification make up an electronic signature required to access our confidential areas and services.

Information received from electronic filing applicants during one of the available online options is stored securely in our computers and can only be accessed by CRA employees who have the approved access to those databases.  We also use encryption technology and sophisticated security techniques to protect the EFILE Login site at all times.

Electronic filing applicants may access our EFILE Login site using wireless technologies, such as a WIFI connection, however, the information is sent to the CRA using encryption technologies (such as Transport Layer Security (TLS)) and sophisticated security techniques to protect the information during the transfer process.

EFILE passwords are automatically reset upon EFILE renewal.

CRA employees working with the following areas can work remotely or in the office:

Employees working remotely access the CRA system using a secure VPN connection and in most cases, this connection is done wirelessly. These employees have access to the same CRA systems they would use if they were working from their normal work location in a CRA office building.

H) Potential risk that in the event of a privacy breach, there will be an impact on the individual or employee

Details:

Since the personal information collected during the EFILE registration, renewal and account maintenance processes includes SIN and name, the electronic filing applicants could be impacted with various types of loss should a privacy breach occur. One such impact might be financial loss, for example: if identity theft or fraud occurred. Another impact might include loss of reputation, for example: if information about outstanding screening issues (such as bankruptcy or convictions or outstanding balances owed to the CRA) was shared with others in the business about one of the electronic filing applicants for the business.

If a CRA employee was involved in causing a privacy breach related to an electronic filing applicant, there could be financial or legal impacts for the employee. There might also be impacts to the employee’s health or reputation. 

The level of risk associated with any of the impacts discussed above would be either unlikely or rare. This is due, in part, to the measures in place (see information in Section G above) to keep the probability of any privacy breaches from happening.

Page details

Date modified: