Tax Season Brings Privacy Risks

March 2, 2015

A popular commercial describes the pain associated with filing taxes, but tax season also brings privacy risks. The Office of the Information and Privacy Commissioner (OIPC) is reminding organizations to ensure tax statements are ending up in the right hands.

Last year, there were five breach reports related to misdirected tax slips which affected 15 individuals. The causes of the breaches include mistakes in automated mailing,  envelope stuffing processes or human error.

“This is a recurring issue dealing with highly sensitive personal information, such as a person’s social insurance number,” said Brian Hamilton, OIPC’s Director of Compliance and Special Investigations. “Providing awareness that these errors can and do happen when sending tax slips can limit the risks of fraud or identity theft.”

The OIPC offers the following tips to organizations at tax season:

  • Maintain and check the performance of your envelope stuffing machines
  • Carry out quality assurance checks on envelopes before they are sent
  • If subcontractors are hired for envelope stuffing and mail outs make sure your contract includes clauses requiring proper machine maintenance and quality assurance before envelopes are sent
  • If employees are able to download T4 slips via an internet portal, conduct regular security tests of the application and maintain change controls
  • Have a tested plan in place to respond to any privacy breaches resulting from misdirected T4 slips.

For more information on breach reporting, please visit the Breach Notification page under the PIPA (Personal Information Protection Act) tab at