 |
Compliance note 1/89Tax file number securityTax file number securityEmployers and other tax file number (TFN) recipients are reminded of their responsibilities for the security of TFN information. BackgroundThe Taxation Laws Amendment (Tax File Numbers) Act 1988 and the Privacy Act 1988 together lay down a number of requirements governing the privacy of TFN information. These laws came into effect on 1 January 1989. As from 1 February 1989 new employees, or those changing jobs, will be asked to supply their TFNs on new employment declaration forms. This requirement will also apply to certain pension recipients and superannuation fund participants. Detailed information on these bligations has been circulated widely and is available from the Australian Taxation Office. Brochures are available at all Post Offices. TFN interim guidelinesThe Privacy Act 1988 contains in Schedule 2 a set of Interim Guidelines concerning the collection, storage, use and security of tax file number information ("TFN Interim Guidelines"). These Guidelines are binding on all TFN recipients: see Privacy Act 1988, section 17. EnforcementAn individual may complain of interference with privacy to the Privacy Commissioner on the basis that another individual or organisation has breached an interim guideline or has made an unauthorised requirement or request for disclosure of a TFN. The Commissioner's powers include the power to determine complaints (sections 52, 60) and to declare that a complainant is entitled to receive compensation and expenses from the individual or organisation complained against (section 61). In addition, the Taxation Laws Amendment (Tax File Numbers) Act 1988 creates a number of criminal offences in relation to improper collection or use of TFN information. The offences carry severe penalties. Security obligationsThe main purpose of this note is to draw the attention of employers and other TFN recipients to the security aspects of the TFN Interim Guidelines. Clause 3.2 requires TFN recipients holding TFN information to take all reasonable steps in the circumstances to ensure that security safeguards and procedures are in place to prevent unauthorised access to, modification or disclosure of, and loss of such information, whether the information is stored in physical or electronic form. Clause 3.3 requires TFN recipients to take all reasonable steps in the circumstances to ensure that access to records which contain TFN information for authorised purposes is confined to persons who have a need for access to such information for the purpose of carrying out tax-related functions of the TFN recipient. In light of these guidelines the Privacy Commissioner encourages employers and other TFN recipients to establish prior to, or soon as possible after, 1 February 1989, internal management systems which ensure that TFN information is held securely and is only capable of use and access by authorised staff and others with tax-related responsibilities. For example, in the case of systems where TFN information is computer-stored, a practical approach to this responsibility might be to ensure that TFN information is held in a secure field separate from other more general payroll information. Similarly, audit trails should be designed so that it is possible to detect whether TFN information has been improperly accessed or disclosed. 31 January 1989 For further information please contact Privacy Commissioner Privacy Hotline: 1300 363 992 E-mail: privacy@privacy.gov.au |