ato logo
Search Suggestion:

Submission to the Information Commissioner

Details considered for variation to the Guidelines.

Last updated 7 December 2022

We are seeking approval for the Private Health Insurance Statement Data-Matching Program 2014–15 to 2027–28 to vary from one or more of the conditions detailed in Guideline 6 of the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian government administration (2014) (the Guidelines). We welcome your comments.

We are seeking you exercise your discretion and allow us, in limited circumstances, to take administrative action in response to a match without immediately notifying the individual concerned.

A small number of taxpayers can misunderstand their private health insurance statement and incorrectly fill their return. When these errors are identified at lodgment, the ATO may amend the tax return with the correct PHI statement data that we hold, to help these taxpayers get their reporting obligations right.

The degree of accuracy, quality, completeness, and relevance of the PHI statement data means it is highly reliable for these corrections because:

  • the Private Health Insurance Act 2007 was amended in 2018 to remove the requirement for private health insurers to provide their members a private health insurance statement
  • PHI statement data provided for pre-fill is now the main and more accessible data source for individuals and their tax agents to complete current and prior year tax returns.

The data is reported to the ATO by 15 July each year, and updates are reported twice yearly in October and April for the following 2 years.

The ATO is obligated under section 166 of the Income Tax Assessment Act 1936 to use the available information to make an accurate assessment. We would not be in a position to issue an incorrect assessment ignoring our PHI statement data, or to delay processing that return and potential refund to wait for a response, when we hold high quality PHI statement data.

This deviation from the normal notification conditions in this circumstance is in the public interest, as these adjustments:

  • help ensure taxpayers correctly meet their tax reporting obligations
  • avoid unnecessary contact from the ATO
  • avoid unfair and unreasonable delays on processing a tax return and issuing a refund
  • have a very small impact on assessments compared with the detrimental impacts a delayed return can create.

The ATO values transparency, and our use of PHI statement data in pre-fill is outlined in the Private Health Insurance Statement Data-Matching Program 2014–15 to 2027–28.

This program is subject to an evaluation within 3 years consistent with the requirements of Guideline 9.

Additional information justifying this variation is included in the tables below:

Table 1: Matters considered in accordance with Guideline 10.2 in seeking this variation

Table 2: Consistency with requirements of the other guidelines issued by the Office of the Australian Information Commissioner.

Table 1: Matters considered in seeking this variation to the Guidelines

This section outlines matters considered against the requirements of Guideline 10.2 in seeking this variation.

Matter considered

Consideration

10.2.a

The effect that not abiding by the Guidelines would have on individual privacy
  • We have in place very secure processes for handling and storing data. Once acquired, all data will be stored on our secure computer systems where access is strictly controlled, and full audit logs maintained.
  • The ATO operates under stringent taxpayer confidentiality and privacy legislation that prohibits the improper access to or disclosure of protected information. These obligations are supported by significant penalties, including imprisonment. This substantially mitigates the risks of breaches of privacy.  

 

10.2.b

The seriousness of the administrative or enforcement action that may flow from a match obtained through the data-matching program
  • The administrative action is minor, serving to assist the taxpayer to get their tax reporting obligation right. Where we propose to take administrative action where a taxpayer may have reported falsely, we differentiate between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model will be followed to ensure fairness and consistency.  

 

10.2.c

The effect that not abiding by the Guidelines would have on the fairness of the data-matching program – including its effect on the ability of individuals to determine the basis of decisions that affect them, and their ability to dispute those decisions
  • There will be no effect on the fairness of the program or the ability of taxpayers to find out the basis of decisions that impact them or their ability to dispute those decisions and this is outlined in our data matching program.
  • In the limited circumstance when we correct a mistake, taxpayers are notified of the adjustment in their notice of assessment. This approach is to avoid unfair and unreasonable delays for processing a tax return and delaying a refund.
  • Other discrepancies require verification. Taxpayers will be given up to 28 days to verify the accuracy of the information that has been derived from this data matching program before administrative action is undertaken.
  • Where administrative action is to be undertaken, we will adhere to the principles established in the Taxpayers’ Charter and compliance model to ensure an equitable balanced and consistent approach is taken.
  • If a taxpayer does not agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through the courts and tribunals.  

 

10.2.d

The effect that not abiding by the Guidelines would have on the transparency and accountability of agency and government operations
  • There will be no adverse effects on the transparency and accountability of government operations. Our pre-fill experiences are designed to make it easier for individuals to comply with their tax reporting obligations. Publishing our data matching program provides education and awareness of how we use data.
  • ATO data matching is conducted to address compliance more efficiently. A comprehensive description of the data providers is included in the program protocol. The description also identifies the principles and criteria for selecting the data providers. Our practice is to raise awareness of the data we hold, why it is necessary for our operation and ensure all participants are made aware of their obligations and impacts for the application of the Medicare Levy Surcharge and the private health insurance rebate.
  • The program protocol is submitted to the Office of the Australian Information Commissioner, and we will strictly adhere to the commitments in that document.
  • We will publish a notice with general information about the program in the Federal Register of Legislation - Gazettes before administrative action commences. We will also make a copy of the program protocol available on our website.  

 

10.2.e

The effect that not abiding by the Guidelines would have on compliance of the proposed data-matching program with the Australian Privacy Principles in the Privacy Act 1988 and the Australian Government Privacy Code
  • The data is collected for the stated objectives established in the data-matching program protocol.  

 

10.2.f

The effect that complying with the Guidelines would have on the effectiveness of the proposed data-matching program
  • The effectiveness of the program would be reduced if we were not able to use PHI statement data for correction then to issue an incorrect assessment when we hold high quality PHI statement data for pre-fill.  

 

10.2.g

Whether complying fully with the Guidelines could jeopardise or endanger the life or physical safety of information providers or could compromise the source of information provided in confidence
  • Not abiding by all the requirements of the Guidelines would not influence or affect the personal safety of any individual identified as part of the program or compromise the source of the information provided in confidence.  

 

10.2.h

The effect that complying fully with the Guidelines would have on public revenue – including tax revenue, personal benefit payments, debts to the Commonwealth and fraud against the Commonwealth
  • Not allowing the exemption under the current program may impact our ability to provide a level playing field for taxpayers. We aim to assist those trying to correctly meet their obligations while identifying breaches of taxation laws and subsequent non-payment of tax. Equally not allowing the exemption can impact the taxpayer’s experience by facing unnecessary contact from the ATO or unreasonably delayed processing and refunds.
  • There are risks to the integrity of taxation system when people fail to comply with their obligations. Abiding by all the requirements of the guidelines will reduce the effectiveness of the proposed compliance activity. We would miss the opportunity to assist those taxpayers trying to do the right thing, and deter those that are non-compliant from repeating the behaviour
  • The effect of abiding by all of the requirements in the guidelines could negatively impact both public revenue and the confidence the public and government have in the ATO as an administrator of the taxation system. People not complying with their taxation obligations, including those operating outside the system, set a bad example to compliant taxpayers and may encourage their non-compliance. Maintaining community and government confidence in the taxation system is critical to our ongoing role.  

 

10.2.i

Whether complying fully with the Guidelines would involve the release of a document that would be an exempt document under the Freedom of Information Act 1982
  • Upon receipt of a freedom of information request only information relating to the taxpayer’s own affairs will be released to the taxpayer concerned.  

 

10.2.j

Any legal authority for, or any legal obligation that requires, the conduct of the proposed data-matching program in a way that is inconsistent with the Guidelines.
  • There is no specific legislative power authorising the conduct of this program inconsistent with the Guidelines
  • The Commissioner of Taxation, or his authorised representative, has formed the opinion that this data is required to enable us to effectively and efficiently carry out its legislated functions under the general powers of administration contained in:  
    • Section 3A of the Taxation Administration Act 1953
    • Section 8 of the Income Tax Assessment Act 1936
    • Section 1-7 of the Income Tax Assessment Act 1997
    • Section 356-5 in Schedule 1 of the Taxation Administration Act 1953.
     
  • In these limited circumstances where errors are corrected the high quality of the PHI statement data with the supporting reasons detailed in this request align with the Commissioner of Taxation’s obligation under section 166 of the Income Tax Assessment Act 1936 to use the available information to make an accurate assessment and supports the proposal to operate outside requirements of the Guidelines.  

 

Table 2: Matters considered in seeking this variation to the Guidelines

This section outlines where we are being consistent with the requirements of the Guidelines.

Paragraph / Guideline

Action taken / To be taken

Paragraph 6

Status of the Guidelines

Our commitment to complying with the Guidelines is embedded in our data management policies and principles and clearly stated in the chief executive instruction.

Guideline 1

Application of the Guidelines

We apply the guidelines for all data matching programs where it is anticipated the program will include records of 5,000 or more individuals.

We recognise that programs where there are multiple data sources but with common objectives and algorithms are treated as a single data matching program.

Guideline 2

Deciding to carry out or participate in a data-matching program

Cost-benefit analysis considers alternate methods against the conduct a data matching program.

Further, we have rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals.

Guideline 3

Prepare a program protocol

Prior to conducting a data matching program, we prepare a data matching program protocol, submit this to the Office of the Australian Information Commissioner and make a copy publicly available on the ATO website.

When elements of a data matching program change, the protocol is amended, a copy of the amended protocol is provided to the Office of the Australian Information Commissioner and updated on our website.

Guideline 4

Prepare a technical standards report

Documentation is prepared and maintained to satisfy the requirements of a technical standards report.

Guideline 5

Notify the public

We publish notification of our intention to undertake a data matching program in the Federal Register of Legislation – Gazettes prior to the commencement of the program.

This notice will include the following information as required by the Guidelines:

  • a brief description of the objectives of the data matching program
  • the matching agency and (where appropriate) source entities involved in the data matching program
  • a description of the data contained in the data set involved in the data matching program
  • the categories of individuals about whom personal information is to be matched
  • the approximate number of individuals affected
  • reference to our privacy policy.

Notification of the program is also published on our website and data providers are advised they can advertise their participation in the data matching program.

Guideline 6

Notify individuals of proposed administrative action

In limited circumstances, where we take administrative action to correct private health insurance information in a taxpayer’s income tax return based on the data we hold, we are seeking to notify individuals in the notice of assessment. This notification occurs after the administrative action.

When considering administrative action, we take a differentiated approach between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model, will be followed to maintain taxpayer rights and obligations.

When we identify a discrepancy that requires verification, taxpayers will be contacted by phone, data matching letter or email. Taxpayers will be given up to 28 days to verify the accuracy of the information that has been derived from this data-matching program before administrative action is undertaken.

If a taxpayer does not agree with an assessment, they retain the right to dispute the decision. They also have the legal right to appeal against those decisions through the courts and tribunals.

Guideline 7

Destroy information that is no longer required

We regularly review our requirement to retain data and destroy those datasets no longer reasonably required.

Guideline 8

Do not create new registers, data sets or databases

We do not create new registers or databases using data obtained during a data matching program.

Guideline 9

Regularly evaluate data-matching programs

Programs are evaluated within three years of the commencement of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner on request.

Guideline 10

Seeking exemptions from Guideline requirements

When we intend to vary from the requirements of the Guidelines, we seek the approval of the Office of the Australian Information Commissioner and provide documentation to support the variance.

Guideline 11

Data matching with entities other than agencies

We undertake our own data matching programs. This function is not outsourced.

Where data is obtained from an entity other than an individual, we usually do so by using our formal information gathering powers. In these instances, the entities are advised they may notify their clients of their participation in the data matching program.

Guideline 12

Data matching with exempt agencies

We do not usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the Guidelines (i.e. any data matching undertaken with an exempt agency would usually be for fewer than 5,000 individuals).

In the event a data matching activity would otherwise be subject to these Guidelines except for the exemption status, we still adhere to the principles of the Guidelines and prepare a program protocol, seeking to vary from the Guidelines by not publicly notifying of the program and publishing the protocol. We would still lodge a copy of the protocol with the Office of the Australian Information Commissioner.

Guideline 13

Enable review by the Office of the Australian Information Commissioner

We would not prevent the Office of the Australian Information Commissioner from reviewing our data matching activities and processes. These activities and processes have been reviewed by the Australian National Audit Office and Inspector-General of Taxation.

QC71014