CRA Terms of Service Email

Hello INSERT MP HERE, I hope this email finds you well.

I’m writing to raise a very important issue of data security and liability to your attention in the hopes that the current decisions by the Gov. of Canada’s CIO and the digital team at the CRA can be reviewed. The recent Terms of Service for the CRA include a clause that voids the government of any liability for damages suffered due to any data breaches:

10. The Canada Revenue Agency has taken all reasonable steps to ensure the security of this Web site. We have used sophisticated encryption technology and incorporated other procedures to protect your personal information at all times. However, the Internet is a public network and there is the remote possibility of data security violations. In the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result.”

The use of the CRA online portal is all but a requirement for all Canadians and Canadian businesses to submit their taxes, contains personal and financial information on all Canadian citizens, and as is indicated by numerous breaches in the past two years (1,2,3,4) is far from being secured against cyber attacks. You can read more about this issue here.

Simply put, it is unacceptable to put the liability for the CIO and CRA’s failure to do their job on the Canadian people. Particularly in an era where the impacts of such hacks and breaches can have drastic effects on an individual’s financial and personal lives, the Government is unethical and unfounded in trying to dump this liability on it’s people. This clause protects no one but the CRA… not the Canadian people.

Thank you in advance for your help for giving this issue the attention it deserves.