accountants daily logo

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Data breach response plan critical for tax practices: ATO

The ATO has encouraged tax practices to look into their cyber-security measures as a key priority moving forward, noting they’re among the most at risk of falling victim to data breaches.

Tax&Compliance Emma Ryan 22 February 2022
— 1 minute read

In a recent update, the ATO flagged the importance of tax practices preparing for a cyber-security incident.


“Cyber criminals will often target tax practices because they hold large amounts of client information. That’s why it’s important to have a data breach response plan in place,” the ATO said.

The ATO recommended employers look into guidance directed by the Office of the Australian Information Commissioner (OAIC) and ensure they have an appropriate data breach response plan in place that includes the following:

  • Clear escalation procedures and reporting lines for suspected breaches
  • Processes that outline when and how affected individuals are notified
  • A record-keeping policy to ensure breaches are documented
  • Strategies to identify and address any data-handling weaknesses that could have contributed to the breach

“You should regularly review and test your plan and make improvements as necessary,” the ATO flagged.

“A plan like this will help you act quickly and minimise harm in the unfortunate event that a data breach does occur.

If you are governed by the Privacy Act 1988, you should also know your obligations under the Notifiable Data Breaches Scheme. This scheme requires regulated entities to notify the Office of the Australian Information Commissioner and specific individuals about any data breaches that are likely to result in serious harm.”

Data breach response plan critical for tax practices: ATO
image intro
accountantsdaily logo
Emma Ryan

Emma Ryan

Emma Ryan is the deputy head of content at Momentum Media and editor of the company's legal publication, Lawyers Weekly.

Emma has worked for Momentum Media since 2015 and has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.

A journalist by training, Emma has spent her career connecting with key industry stakeholders across a variety of platforms, including online, podcast and radio. She graduated from Charles Sturt University with a Bachelor of Communications (Journalism).