Login
iscover
Tax practitioners who include a client’s tax file number in email correspondence without taking reasonable security measures could find themselves breaching the law, according to new guidance from the regulator.
Newsletter
TPB releases draft guidance on tax file number usage
02 September 2020
•
9 minute read
The Tax Practitioners Board has now released draft Practice Note D42/2020, setting out guidance for tax practitioners to understand their obligations when using and disclosing tax file numbers (TFNs) and TFN information in email communications.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
TFN information is protected by a number of legal frameworks including the TFN Rule, the Privacy Act and the Tax Administration Act, and while the TPB is not responsible for the administration of these laws, it notes that practitioners who fail to protect client TFNs may come into breach of item 6 of the Code of Professional Conduct.
In its draft practice note, the TPB points out that the inclusion of a client’s TFN in an email by a registered tax practitioner does not necessarily give rise to a breach of a law regulating the use and disclosure of TFNs.
However, if the practitioner has not taken reasonable steps to safeguard the TFN information, they could find themselves in breach of obligations under the Privacy Act and TFN Rule.
As such, the regulator has now provided practitioners with a non-exhaustive list of measures they can take to protect TFN information.
These include restricting access to staff who are not required to handle such information and implementing information and communication technology (ICT) security measures such as sending such information as an encrypted or password-protected attachment.
Other ICT security measures include deploying anti-virus software and firewalls on workplace computers and networks, regularly changing passwords, and encrypting client records or files.
The TPB notes that its lists of measures are neither prescriptive nor exhaustive and that practitioners may wish to seek advice from an ICT security provider, while referring to guidance published by the Office of the Australian Information Commissioner (OAIC).
The latest OAIC Notifiable Data Breaches Report for the first half of the year found that TFN data breaches featured in 17 per cent of all data breaches.
Human error accounted for 34 per cent of all data breaches, with malicious or criminal attacks responsible for 61 per cent of breaches.
The accounting industry also featured as the fifth most prevalent industry sector to be susceptible to data breaches.
The TPB’s draft practice note is now open for feedback.
You are not authorised to post comments.
Comments will undergo moderation before they get published.