This document has been archived and is no longer in use by the Office.

Tax file number security

• Tax file number security
• Background
• TFN interim guidelines
• Enforcement
• Security obligations

Tax file number security

Employers and other tax file number (TFN) recipients are reminded of their responsibilities for the security of TFN information.

Back to Top

Background

The Taxation Laws Amendment (Tax File Numbers) Act 1988 and the Privacy Act 1988 together lay down a number of requirements governing the privacy of TFN information. These laws came into effect on 1 January 1989. As from 1 February 1989 new employees, or those changing jobs, will be asked to supply their TFNs on new employment declaration forms. This requirement will also apply to certain pension recipients and superannuation fund participants. Detailed information on these bligations has been circulated widely and is available from the Australian Taxation Office. Brochures are available at all Post Offices.

Back to Top

TFN interim guidelines

The Privacy Act 1988 contains in Schedule 2 a set of Interim Guidelines concerning the collection, storage, use and security of tax file number information ("TFN Interim Guidelines"). These Guidelines are binding on all TFN recipients: see Privacy Act 1988, section 17.

Back to Top

Enforcement

An individual may complain of interference with privacy to the Privacy Commissioner on the basis that another individual or organisation has breached an interim guideline or has made an unauthorised requirement or request for disclosure of a TFN. The Commissioner's powers include the power to determine complaints (sections 52, 60) and to declare that a complainant is entitled to receive compensation and expenses from the individual or organisation complained against (section 61). In addition, the Taxation Laws Amendment (Tax File Numbers) Act 1988 creates a number of criminal offences in relation to improper collection or use of TFN information. The offences carry severe penalties.

Back to Top

Security obligations

The main purpose of this note is to draw the attention of employers and other TFN recipients to the security aspects of the TFN Interim Guidelines. Clause 3.2 requires TFN recipients holding TFN information to take all reasonable steps in the circumstances to ensure that security safeguards and procedures are in place to prevent unauthorised access to, modification or disclosure of, and loss of such information, whether the information is stored in physical or electronic form. Clause 3.3 requires TFN recipients to take all reasonable steps in the circumstances to ensure that access to records which contain TFN information for authorised purposes is confined to persons who have a need for access to such information for the purpose of carrying out tax-related functions of the TFN recipient.

In light of these guidelines the Privacy Commissioner encourages employers and other TFN recipients to establish prior to, or soon as possible after, 1 February 1989, internal management systems which ensure that TFN information is held securely and is only capable of use and access by authorised staff and others with tax-related responsibilities. For example, in the case of systems where TFN information is computer-stored, a practical approach to this responsibility might be to ensure that TFN information is held in a secure field separate from other more general payroll information.

Similarly, audit trails should be designed so that it is possible to detect whether TFN information has been improperly accessed or disclosed.

31 January 1989

For further information please contact

Privacy Commissioner GPO Box 5218 Sydney NSW 1042

Privacy Hotline: 1300 363 992 Telephone: (02) 9284 9800 Fax: (02) 9284 9666

E-mail: privacy@privacy.gov.au

Back to Top