Compliance note 1/89
Tax file number security
Tax file number security
Employers and other tax file number (TFN) recipients are reminded of
their responsibilities for the security of TFN information.
Back to Top
Background
The Taxation Laws Amendment (Tax File Numbers) Act 1988
and the Privacy Act 1988 together lay down a number of requirements governing
the privacy of TFN information. These laws came into effect on 1 January
1989. As from 1 February 1989 new employees, or those changing jobs, will
be asked to supply their TFNs on new employment declaration forms. This
requirement will also apply to certain pension recipients and superannuation
fund participants. Detailed information on these bligations has been circulated
widely and is available from the Australian Taxation Office. Brochures
are available at all Post Offices.
Back to Top
TFN interim guidelines
The Privacy Act 1988 contains in Schedule 2 a set of
Interim Guidelines concerning the collection, storage, use and security
of tax file number information ("TFN Interim Guidelines"). These Guidelines
are binding on all TFN recipients: see Privacy Act 1988, section 17.
Back to Top
Enforcement
An individual may complain of interference with privacy
to the Privacy Commissioner on the basis that another individual or organisation
has breached an interim guideline or has made an unauthorised requirement
or request for disclosure of a TFN. The Commissioner's powers include
the power to determine complaints (sections 52, 60) and to declare that
a complainant is entitled to receive compensation and expenses from the
individual or organisation complained against (section 61). In addition,
the Taxation Laws Amendment (Tax File Numbers) Act 1988 creates a number
of criminal offences in relation to improper collection or use of TFN
information. The offences carry severe penalties.
Back to Top
Security obligations
The main purpose of this note is to draw the attention
of employers and other TFN recipients to the security aspects of the TFN
Interim Guidelines. Clause 3.2 requires TFN recipients holding TFN information
to take all reasonable steps in the circumstances to ensure that security
safeguards and procedures are in place to prevent unauthorised access
to, modification or disclosure of, and loss of such information, whether
the information is stored in physical or electronic form. Clause 3.3 requires
TFN recipients to take all reasonable steps in the circumstances to ensure
that access to records which contain TFN information for authorised purposes
is confined to persons who have a need for access to such information
for the purpose of carrying out tax-related functions of the TFN recipient.
In light of these guidelines the Privacy Commissioner
encourages employers and other TFN recipients to establish prior to, or
soon as possible after, 1 February 1989, internal management systems which
ensure that TFN information is held securely and is only capable of use
and access by authorised staff and others with tax-related responsibilities.
For example, in the case of systems where TFN information is computer-stored,
a practical approach to this responsibility might be to ensure that TFN
information is held in a secure field separate from other more general
payroll information.
Similarly, audit trails should be designed so that it
is possible to detect whether TFN information has been improperly accessed
or disclosed.
31 January 1989
For further information please contact
Privacy Commissioner
GPO Box 5218
Sydney NSW 1042
Privacy Hotline: 1300 363 992
Telephone: (02) 9284 9800
Fax: (02) 9284 9666
E-mail: privacy@privacy.gov.au
Back to Top
|
HOME > Compliance note 1/89
