You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

TPB drills in code breach potential with new data laws


The Tax Practitioners Board (TPB) has reminded tax agents on the significance of the new data breach laws, noting that failure to comply may be considered a breach of the Code of Professional Conduct.

By Jotham Lian 12 minute read

The Notifiable Data Breaches (NDB) scheme came into effect on 22 February, requiring agencies, organisations and certain other entities to provide notice to the Office of the Australian Information Commissioner (OAIC) and affected individuals of a data breach.

Entities that are already covered by the Privacy Act must comply with the NDB scheme. This includes Australian Privacy Principle (APP) entities, as well as tax file number (TFN) recipients to the extent that TFN information is involved in a data breach.

Last month, the TPB released guidance announcing that tax practitioners who failed to comply with the NDB scheme could face possible sanctions from the body, on top of severe penalties issued by the OAIC.


“If tax practitioners fail to comply with the new NDB scheme there may be implications in relation to the Tax Agent Services Act 2009 (TASA),” the TPB said in a statement.

“Such a failure may be considered by the TPB in determining whether you have breached the TASA, including the Code of Professional Conduct (Code).

“If a practitioner has been incompetent or reckless regarding IT controls, and this has resulted in a breach of confidentiality because of a cyber incident, the TPB may impose one or more administrative sanctions for breach of the Code.”

The TPB also notes that each situation will be considered on a case-by-case basis, including the circumstances of the data breach and the steps taken to report and rectify the problem.

Factors considered by the TPB will include if the tax practitioner had taken reasonable steps to have sufficient IT controls in place, and if the practitioner was reckless in their approach to cyber security.

According to the TASA, the TPB may issue a written caution, issue an order, suspend a registration, or terminate a registration, for failure to comply with the Code of Professional Conduct.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Jotham Lian

Jotham Lian


Jotham Lian is the editor of Accountants Daily, the leading source of breaking news, analysis and insight for Australian accounting professionals.

Before joining the team in 2017, Jotham wrote for a range of national mastheads including the Sydney Morning Herald, and Channel NewsAsia.

You can email Jotham at: This email address is being protected from spambots. You need JavaScript enabled to view it. 

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.