AI and client data: is your firm exposed?

Regulation

As TPB enforcement of AI guidelines tightens, one question is keeping Australian accounting firms up at night: do your client permissions cover how you're actually using AI?

25 June 2026 • By ElfWorks • 8 minutes read

Share this article on:

Facebook X LinkedIn

With AI use on the rise amongst Australian accountants, many practitioners are now turning their minds to the serious issue of data security and asking the uncomfortable question “Do my current client permissions match my firm’s current use of AI?”

According to Ian Youngman, co-founder and Managing Director of Elfworks, there is a mismatch between client permissions regarding AI and the way Australian accounting firms are using AI. “Through their client engagement letters, most accounting firms have client permission to share client information with third parties in Australia. More often than not, these permissions do not extend to overseas information processing and/or sharing client information with parties overseas,” he explains.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Accountants Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Firms looking to use AI have three choices, they can:

Obtain the required permissions by updating and having clients re-sign engagement letters
Ignore the issue and risk Tax Practitioners Board sanctions and Privacy Act breaches.
Use an AI solution that matches their current permissions i.e., use a solution that keeps client information safely in Australia.

We asked Youngman for a detailed analysis of the potential data security pitfalls in regard to a common use of AI models during the Australian year-end tax planning season.

Question 1: Professional conduct and privacy law breaches

Scenario: An Australian accountant uploads a client’s family Trust Deed into Claude (a paid version) to summarize the distribution clauses and draft the income distribution resolution minute. The accountant did not discuss this workflow with the client or obtain prior consent, relying on the fact that they pay for a premium subscription where data is not used for model training.

Which of the following correctly identifies the violations (if any) of the Tax Agent Services Act 2009 (TASA) Code of Professional Conduct and Australian privacy laws?

A) No violation has occurred because a paid version of Claude does not use inputs for training, meaning the data remains private and secure under Australian law.
B) This act violates Code Item 6 (Confidentiality) under the TASA Code of Professional Conduct because entering client data into an external third-party AI tool constitutes "disclosing" client information without explicit permission, and it may breach Australian Privacy Principle (APP) 8 regarding cross-border data disclosures.
C) It only violates the Code of Professional Conduct if Claude generates an incorrect or hallucinated summary; if the summary is 100% accurate, no ethical breach has occurred.
D) It violates Code Item 3 (Honesty and Integrity) because using AI to draft documents is considered plagiarism and misleads the client about the origin of the work.

Correct Answer: B

‘According to the Tax Practitioners Board (TPB) exposure draft TPB(I) D62/2026, tax practitioners must obtain explicit permission from each client prior to disclosing client information to a third party, which includes inputting client data into an external AI platform. This is the case even for paid or commercial AI tools. If the servers are located overseas, this action can also trigger breaches of APP 8 under the Privacy Act 1988,’ Youngman notes.

Question 2: Obtaining proper informed consent

Scenario: The accounting firm wants to update its processes so that its team can legally and ethically use Claude to analyse client documents (like trust deeds, financial statements, and contracts) and assist in drafting resolutions.

According to TPB guidance and best practice, which of the following is the most appropriate method for the firm to obtain valid "informed consent" from their clients?

A) A verbal agreement recorded during an informal onboarding phone call, followed up with a generic internal file note.
B) A silent update to the privacy policy on the firm's website, as clients are legally deemed to have accepted the terms by continuing to use the firm's services.
C) An explicit, written disclosure clause in the signed Letter of Engagement (or a specific AI-consent addendum) detailing exactly what client data will be inputted, the third-party AI platform being used (e.g., Claude), how data is handled/stored, and the risks involved.
D) A blanket "third-party outsourcing" clause in the standard engagement letter that does not mention AI, technology platforms, or data processing locations.

Correct Answer: C

‘Under TPB(I) D62/2026, client permission should be clear and informed. The way to achieve this is via a signed letter of engagement, signed consent form, or explicit written communication. Vague or generic outsourcing clauses are insufficient because they do not provide the "informed" consent required for this overseas processing,’ says Youngman.

Question 3: Regulatory and professional penalties

Scenario:

A disgruntled client discovers that their Trust Deed, which contains the names of beneficiaries, the settlor and appointors, was loaded into Claude without their knowledge or consent, and lodges a formal complaint with the Tax Practitioners Board (TPB).

If the TPB investigates and finds the accountant breached Code Item 6 (Confidentiality) and failed to maintain proper professional standards, what administrative or legal penalties can apply?

A) The accountant can only be issued an informal verbal warning, as the TPB has no statutory power over a firm's internal software choices.
B) The firm will be fined a flat fee of $25,000 under the Privacy Act, but no action can be taken against the accountant's individual registration.
C) The TPB can impose sanctions under section 30-15 of the Tax Agent Services Act 2009, which may include a written caution, an order to complete further education, suspension of registration, or termination of their registration.
D) The Australian Taxation Office (ATO) will automatically issue a 75% "intentional disregard" penalty on all of the firm’s clients' tax returns.

Correct Answer: C

“Under section 30-15 of the TASA, the TPB has the legislative power to enforce disciplinary actions for breaches of the Code. In correspondence with the Tax Practitioners Board, we confirmed that loading client information into a paid, US-based LLM will result in a breach of the Code and will likely lead to sanctions against the firm,” Youngman adds.

A local answer to a global problem

“The problem with the scenario above is the client information being processed overseas without informed client consent. This problem goes away if the client information stays in Australia and is not controlled by US companies,” says Youngman.

Elfworks now has over 640 accounting firms on the platform, including 15 of Australia’s Top 50 accounting firms as paying customers, and while productivity and accuracy were the initial drawcard, the key emerging point of difference for Elfworks is becoming the security of client information.

Elfworks has in place a three-tiered approach to data security:

Client Data Anonymisation. Sensitive client data is systematically redacted prior to LLM processing and securely re-populated upon completion, meaning even if data were compelled under foreign law, there is nothing identifiable to hand over.
Sovereign Language Models. Elfworks utilises Australian-hosted AI models managed by Australian companies. They do not store your data, do not train on your data, and are not obligated to provide data to any foreign government or agency.
Enterprise-Grade Frontier Models. For tasks requiring the deepest knowledge base, Elfworks uses enterprise-grade subscriptions to leading global LLMs, but only after client data has been anonymised.

This three-tiered approach to data security is crucial as AI accounting solutions move into firm workflows through the development of agentic AI. AI Agents in the accounting context are designed to handle client information for example the first wave of Elfworks agents including the Client Structure Builder, Trust Resolution Drafter, and Year-End Tax Planner which perform complex, linked tasks using sensitive client information such as individual and entity names, trust deed information, details of trust financial performance for the year and distribution plans to beneficiaries. As Elfworks uses an anonymisation process and sovereign, Australian-hosted models as part of the agentic AI processes, client data does not leave the Australian jurisdiction. Accountants can use these tools without needing client permission for data to be stored overseas or to be subject to foreign laws that could compel disclosure.

The bottom line for Australian practitioners

As the TPB transitions from consultation to enforcement of its new AI guidelines, the stakes for Australian accounting firms have never been higher. It is only a matter of time before the Tax Practitioners Board starts to actively hold accountants to the standards in TPB(I) D62/2026.

Ultimately, it all starts with one simple question: Do you really know what happens to client information when you click submit?

See how Elfworks keeps your client data in Australia. Book a demo at elfworks.ai

Want to see more stories from trusted news sources?
Make Accountants Daily a preferred news source on Google.

Tags:

MENU

MORE