Login
iscover
Accountants who fail to comply with new data breach laws can now face significant sanctions by the Tax Practitioners Board (TPB), including possible termination of registration.
Newsletter
New laws can trigger TASA breaches for accountants, TPB confirms
23 February 2018
•
9 minute read
The Notifiable Data Breaches (NDB) scheme came into effect on 22 February, requiring agencies, organisations and certain other entities to provide notice to the Office of the Australian Information Commissioner (OAIC) and affected individuals of a data breach.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The NDB scheme has significant application to tax professionals as it covers individuals who receive and handle tax file numbers (TFN), as well as entities covered by the Privacy Act.
While the TPB does not administer the new provisions, it has announced that tax practitioners who fail to comply with the NDB scheme will face possible sanctions from the body, on top of severe penalties issued by the OAIC.
“If tax practitioners fail to comply with the new NDB scheme there may be implications in relation to the Tax Agent Services Act 2009 (TASA),” the TPB said in a statement.
“Such a failure may be considered by the TPB in determining whether you have breached the TASA, including the Code of Professional Conduct (Code).
“If a practitioner has been incompetent or reckless regarding IT controls, and this has resulted in a breach of confidentiality because of a cyber incident, the TPB may impose one or more administrative sanctions for breach of the Code.”
According to TASA, the TPB may issue a written caution, issue an order, suspend a registration, or terminate a registration, for failure to comply with the Code of Professional Conduct.
“Head in the sand”
The Tax Institute senior tax counsel Professor Robert Deutsch says practitioners can no longer afford to be oblivious or deliberately ignore the security of their information.
“In a practical sense, what it means is that first you have to take reasonable care to ensure that information is appropriately protected,” said Mr Deutsch.
“[Also], as a result of the new legislation, a practitioner who knows that there has been a compromise of the privacy of the information, or who recklessly fails to discover such a compromise in circumstances where by taking reasonable steps it would have been discovered, is likely to be in breach of the legislation.
“In most cases, there will be no problem unless an agent either deliberately ignores what is a clear breach of the privacy of the individual concerned, or sticks their head in the sand and, by so doing, deliberately sets about not detecting a breach.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.