Digital services and applications

Canadians expect secure sign-in, accessible design, notifications they can trust, and APIs that power third-party tax software or banking apps. Behind each feature sits identity proofing, privacy impact assessment, official languages parity, WCAG conformance, and 24/7 operations.

Web, mobile, and offline resilience

GC-branded mobile apps publish through verified developer accounts with controlled release channels. Offline modes must fail safely—show read-only receipts rather than stale balances that look authoritative.

Deep links from email and SMS are high-risk phishing vectors; teach users to confirm domains and to prefer app switches from known bookmarks.

Notifications, messaging, and consent

Push and SMS should be opt-in with plain-language frequency and revocation paths. Payment and security alerts need different copy than marketing nudges.

Cross-channel consistency matters: if the web says “submitted” but the app still says “pending,” trust erodes.

APIs, My Account integrators, and third parties

Authorized representatives, tax filers, and fintech aggregators consume APIs under strict scopes. Rate limits, audit logs, and breach notification duties apply.

Sandbox keys and production keys must never share environments—train DevOps students on configuration drift.

Social media and crisis communications

Institutional accounts coordinate with health and public-safety agencies during wildfires, disease outbreaks, or travel advisories.

Moderation policies, archiving, and accessibility of threaded posts are legal records problems, not “marketing details.”

Digital channel — security and privacy ties

Link two-factor authentication, active sessions, and trusted devices for the full trust story.

Link Privacy and Terms of use for consent screens students will write.

Verify current GC digital standards and program rules on Canada.ca.