Principles for Electronic Authentication
A Canadian Framework

May 2004

---

PDF Version (134 KB - 26 pages)

---

To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:

• Adobe Reader
• Foxit Reader
• Xpdf
• eXPert PDF Reader

---

Contents

Introduction
Why and How to Use the Principles

About the Principles
Concepts and Terminology
Scope and Nature of the Principles

Principles
Principle 1: Responsibilities of Participants
Principle 2: Risk Management
Principle 3: Security
Principle 4: Privacy
Principle 5: Disclosure Requirements
Principle 6: Complaints Handling

Additional Information and References

---

Introduction

All Canadians – individuals, businesses and governments – share an interest in ensuring that electronic communications are secure. As our use of public electronic networks continues to evolve, from searching the Internet for information to exchanging information and money online, we need greater assurance that these messages and transactions are secure and that our privacy is protected. Authentication of electronic communications can make a significant contribution to meeting this need and to building user confidence.

The Principles for Electronic Authentication are designed to function as benchmarks for the development, provision and use of authentication services in Canada. The Principles are intended to form the basis of codes of conduct, voluntary initiatives and guidelines tailored to the requirements of specific industries and government. For individual and business users of authentication services, the Principles are intended to be a useful source of information and benchmarks against which to evaluate services offered in the marketplace.

The Principles were developed by the Authentication Principles Working Group, convened by Industry Canada and with broad representation from industry, professional associations, consumer groups and various levels of government. The following organizations participated in the Working Group and supported the development of the Principles:

• Bell Canada
• Canadian Advanced Technology Alliance
• Canadian Bankers Association
• Canadian Bar Association
• Canadian Institute of Chartered Accountants
• Canadian Payments Association
• Certified General Accountants Association of Canada
• Deloitte & Touche LLP Canada
• Digital Discretion Inc.
• Gowling Lafleur Henderson LLP
• Industry Canada (Electronic Commerce Branch and Office of Consumer Affairs)
• Information Technology Association of Canada
• Insurance Bureau of Canada
• Juricert Services Inc.
• Province of British Columbia
• Province of Ontario
• Public Interest Advocacy Centre
• RBC Financial Group
• Retail Council of Canada
• Scotiabank
• Spyrus Inc.
• Standards Council of Canada
• Teranet Inc.
• Treasury Board of Canada Secretariat
• University of Ottawa Law School
• Visa Canada Association