You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

TPB releases draft guidance on tax file number usage


Tax practitioners who include a client’s tax file number in email correspondence without taking reasonable security measures could find themselves breaching the law, according to new guidance from the regulator.

Sponsored by Jotham Lian 12 minute read

The Tax Practitioners Board has now released draft Practice Note D42/2020, setting out guidance for tax practitioners to understand their obligations when using and disclosing tax file numbers (TFNs) and TFN information in email communications.

TFN information is protected by a number of legal frameworks including the TFN Rule, the Privacy Act and the Tax Administration Act, and while the TPB is not responsible for the administration of these laws, it notes that practitioners who fail to protect client TFNs may come into breach of item 6 of the Code of Professional Conduct.

In its draft practice note, the TPB points out that the inclusion of a client’s TFN in an email by a registered tax practitioner does not necessarily give rise to a breach of a law regulating the use and disclosure of TFNs.


However, if the practitioner has not taken reasonable steps to safeguard the TFN information, they could find themselves in breach of obligations under the Privacy Act and TFN Rule.

As such, the regulator has now provided practitioners with a non-exhaustive list of measures they can take to protect TFN information.

These include restricting access to staff who are not required to handle such information and implementing information and communication technology (ICT) security measures such as sending such information as an encrypted or password-protected attachment.

Other ICT security measures include deploying anti-virus software and firewalls on workplace computers and networks, regularly changing passwords, and encrypting client records or files.

The TPB notes that its lists of measures are neither prescriptive nor exhaustive and that practitioners may wish to seek advice from an ICT security provider, while referring to guidance published by the Office of the Australian Information Commissioner (OAIC).

The latest OAIC Notifiable Data Breaches Report for the first half of the year found that TFN data breaches featured in 17 per cent of all data breaches.

Human error accounted for 34 per cent of all data breaches, with malicious or criminal attacks responsible for 61 per cent of breaches.

The accounting industry also featured as the fifth most prevalent industry sector to be susceptible to data breaches.

The TPB’s draft practice note is now open for feedback.

Jotham Lian

Jotham Lian


Jotham Lian is the editor of Accountants Daily, the leading source of breaking news, analysis and insight for Australian accounting professionals.

Before joining the team in 2017, Jotham wrote for a range of national mastheads including the Sydney Morning Herald, and Channel NewsAsia.

You can email Jotham at: This email address is being protected from spambots. You need JavaScript enabled to view it. 

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.