The Tax Practitioners Board has now released draft Practice Note D42/2020, setting out guidance for tax practitioners to understand their obligations when using and disclosing tax file numbers (TFNs) and TFN information in email communications.
TFN information is protected by a number of legal frameworks including the TFN Rule, the Privacy Act and the Tax Administration Act, and while the TPB is not responsible for the administration of these laws, it notes that practitioners who fail to protect client TFNs may come into breach of item 6 of the Code of Professional Conduct.
In its draft practice note, the TPB points out that the inclusion of a client’s TFN in an email by a registered tax practitioner does not necessarily give rise to a breach of a law regulating the use and disclosure of TFNs.
However, if the practitioner has not taken reasonable steps to safeguard the TFN information, they could find themselves in breach of obligations under the Privacy Act and TFN Rule.
As such, the regulator has now provided practitioners with a non-exhaustive list of measures they can take to protect TFN information.
These include restricting access to staff who are not required to handle such information and implementing information and communication technology (ICT) security measures such as sending such information as an encrypted or password-protected attachment.
Other ICT security measures include deploying anti-virus software and firewalls on workplace computers and networks, regularly changing passwords, and encrypting client records or files.
The TPB notes that its lists of measures are neither prescriptive nor exhaustive and that practitioners may wish to seek advice from an ICT security provider, while referring to guidance published by the Office of the Australian Information Commissioner (OAIC).
The latest OAIC Notifiable Data Breaches Report for the first half of the year found that TFN data breaches featured in 17 per cent of all data breaches.
Human error accounted for 34 per cent of all data breaches, with malicious or criminal attacks responsible for 61 per cent of breaches.
The accounting industry also featured as the fifth most prevalent industry sector to be susceptible to data breaches.
The TPB’s draft practice note is now open for feedback.
Jotham Lian is the editor of Accountants Daily, the leading source of breaking news, analysis and insight for Australian accounting professionals.
Before joining the team in 2017, Jotham wrote for a range of national mastheads including the Sydney Morning Herald, and Channel NewsAsia.