Visa data overview
The Australian Taxation Office (ATO) visa data-matching program has been operating since 2009. This protocol outlines our intention to continue collecting data on visas granted in the period 2023–24 to 2025–26 financial years.
For this program we collect information from the Department of Home Affairs on active and newly granted visas. The data is matched against our records to ensure visa holders, visa sponsors and migration agents are meeting their tax and super obligations.
The data collected under this program enables us to identify candidates for administrative action. This program will help to improve our existing risk detection models and treatment systems through the identification of entities controlling or exploiting potentially new or emerging approaches to fraud.
Visa data is made available to ATO compliance staff to support our risk profiling and trend analysis of the visa population. Smarter use of data helps improve our decisions, services and voluntary compliance. We have a responsibility to protect public revenue and to maintain community confidence in the integrity of the tax and super systems. Undertaking the Home Affairs visa data-matching program will assist us in investigating and taking steps to mitigate fraud against public revenue.
Previous related programs
The most recent data-matching protocol for this program was published on 3 November 2020 and covered data from 2015–16 to 2022–23 financial years.
Visa data for 1 March 2020 to 28 March 2021 was used to assist in confirming eligibility for the government's novel coronavirus (COVID-19) economic response, JobKeeper measure. The data supported pre-issue and post-issue compliance checks enabling us to follow-up potentially false or misleading declarations.
This protocol outlines our intention to also collect visa data from the 2023–24 to 2025–26 financial years.
Our previous data-matching programs have helped us fulfil our responsibility to protect public revenue and maintain community confidence in the integrity of the tax and super systems. We achieved this by:
- helping to ensure that individuals and businesses are fulfilling their tax and super reporting obligations
- identifying and educating individuals and businesses who may be failing to meet their registration or lodgment obligations
- identifying candidates for review and audit who may be failing to meet their registration or lodgment obligations and assisting them to comply.
We also conduct the following data-matching programs:
- Passenger Movements Program
- Higher Education Loan Program (HELP)
- Vocational Education and Training Student Loans (VSL)
- Australian Apprenticeship Support Loan (AASL) – previously known as Trade Support Loan (TSL).
Data providers
The visa data is provided by the Department of Home Affairs. We are the matching agency and, in most cases the sole user of the data obtained during this data-matching program.
Our formal information gathering powers
To ensure statutory requirements are met, we obtain data under our formal information gathering powers. These are contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.
This is a coercive power and the data provider is obligated to provide the information requested.
We will use the data for tax and super compliance purposes.
Privacy Act
Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act and in particular:
- APP6.2(b) – the use of the information is required or authorised by an Australian law
- APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.
Data elements we collect
We will collect data from Home Affairs for visa holders.
We negotiate with Home Affairs to obtain data held within their systems. The collected data may contain all or a selection of the fields listed below.
Client identification details – individuals
We collect data from the Department of Home Affairs for visa holders.
- Address history for visa applicants and sponsors.
- Contact history for visa applicants and sponsors.
- Address history for migration agents.
- Contact history for migration agents.
- Active visas meeting the criteria.
- All visa grants.
- Visa grant status by point in time.
- Migration agents (visa application preparer who assisted or facilitated the processing of the visa.)
- All international travel movements undertaken by visa holders (arrivals and departures).
- Sponsor details (457 visa).
- Visa subclass name.
Number of records
We expect to collect data on approximately 9 million individuals each financial year for this program.
Data quality
We anticipate that the data quality will be of a high standard based on our prior visa data matching.
Data retention
We collect data under this program for all financial years from 2017–18 to 2025–26. We collect this data each quarter of the financial year.
We destroy data that is no longer required in accordance with the Archives Act 1983, and the records authorities issued by the National Archives of Australia, for both general and ATO-specific data.
We will retain each financial year’s data for 5 years from receipt of the final instalment of verified data files from the data provider.
The data is required for this period for the protection of public revenue:
- Retaining data for 5 years enables protection of public revenue.
- Travel frequently covers periods longer than one financial year. The data enhances our ability to identify taxpayers who may not be complying with their tax and super obligations, which is integral to protecting the integrity of the tax and super systems.
- Retaining the data for 5 years supports our general compliance approach of reviewing an assessment within the standard period of review and aligns with the requirements for taxpayers to keep their records.
- The data is also used for multiple risk models, including models that establish retrospective profiles over multiple years aligned with the period of review.
While increased data retention periods may increase the risk to privacy, we have a range of safeguards to appropriately manage and minimise this. Our systems and controls are designed to ensure the privacy and security of the data we manage.