Our powers of administration
The ATO is the Australian Government’s principal revenue collection agency. The Commissioner of Taxation has responsibility for ensuring taxpayers meet their tax and super obligations.
We follow the Office of the Australian Information Commissioner's (OAIC) Guidelines on data matching in Australian Government administration (2014) in our data-matching activities.
Our data-matching programs help to ensure that Australians are fulfilling their tax and super obligations.
This information forms part of all data-matching program protocols.
We take our obligations seriously. Failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the tax and super systems and our capability to administer those systems.
We carry out our legislated functions through general powers of administration contained in but not limited to:
- section 3A of the Taxation Administration Act 1953
- section 8 of the Income Tax Assessment Act 1936
- section 1-7 of the Income Tax Assessment Act 1997
- section 43 of the Superannuation Guarantee (Administration) Act 1992
- section 356-5 in Schedule 1 of the Taxation Administration Act 1953.
Data matching is one of the strategies used to provide assurance that taxpayers are meeting their obligations. It helps us to identify and deal with non-compliant behaviour.
Data-matching guidelines we follow
Our data-matching programs follow the OAIC Guidelines on data matching in Australian Government administrationExternal Link (2014).
These guidelines help us and other government agencies use data matching as an administrative tool in a way that:
- complies with the Australian Privacy PrinciplesExternal Link (APPs)
- complies with the Privacy Act 1988External Link (Privacy Act)
- is consistent with good privacy practice.
The Privacy Act
The Privacy Act 1988External Link (Privacy Act) regulates how personal information is handled by certain entities, such as companies and government agencies.
Schedule 1 of the Privacy Act lists the 13 Australian Privacy Principles (APPs). The principles cover the collection, use, disclosure, storage, and management of personal information.
Data will only be used within the limits prescribed by the APPs and the Privacy Act.
The Australian Government Agencies Privacy CodeExternal Link, embeds privacy in all government agency processes and procedures. It ensures that privacy compliance is a priority in the design of our systems, practices, and culture.
The ATO complies with all the code's requirements, and we are transparent and open about what information we collect, hold and disclose. We train our staff to keep personal information safe, and all our systems and offices are protected and secure.
Our data stewardship model upholds our data governance practices and embeds 6 ethical standards that guide how we collect, manage, share and use your data:
- Act in the public interest, be mindful of the individual.
- Uphold privacy, security and legality.
- Explain clearly and be transparent.
- Engage in purposeful data activities.
- Exercise human supervision.
- Maintain data stewardship.
Find out more about how we protect your privacy.
How we protect your personal information
Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.
Keeping data safe
The data-matching program will be conducted on our secure systems that comply with the requirements of:
- the Australian Government Information Security ManualExternal Link produced by the Australian Signals Directorate, which governs the security of government information and communication technology (ICT) systems
- the Australian Government Protective Security Policy FrameworkExternal Link, which provides guidance on security governance, personnel security, physical security and information security.
All ATO computer systems are strictly controlled according to Australian Government security standards for government ICT systems, with features including:
- system access controls and security groupings
- login identification codes and password protection
- full audit trails of data files and system accesses.
For more information see Online security.
Data destruction
All information and records are managed in accordance with the provisions of the Archives Act 1983External Link.
The requirement to retain data is reviewed on an ongoing basis in accordance with the timeframes and requirements of the OAIC guidelines. We destroy data that is no longer required, in accordance with the Archives Act 1983 and the records authorities issued by the National Archives of Australia, both general and ATO-specific.
Under section 24 of the Act, records can be disposed of where it is approved by the National Archives; required by another law, or a normal administrative practice that the Archives approves of.
Approval from National Archives is normally provided through records authorities, which are used in the process of sentencing to make decisions about keeping, destroying, or transferring particular information and records.
General or ATO-specific records authorities issued by National Archives apply to our processes of verifying and assuring taxpayer compliance with tax, super and other laws administered by the ATO.
Our record management practices allow us to satisfy the OAIC guidelines and Australian Privacy Principle 11 (APP11) contained in Schedule 1 of the Privacy Act 1988 and in particular:
- APP11.1 – An APP entity must take reasonable steps to protect information from
- misuse, interference, and loss
- unauthorised access, modification, or disclosure
- APP11.2 – APP entity must take reasonable steps to destroy or de-identify information it no longer needs.
Our on-disclosure provisions
In very limited and specific circumstances, we may be permitted by law to disclose individual records to other government agencies.
Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the government agencies we can disclose taxpayer information to, and the circumstances in which we are permitted to make those disclosures. These include agencies responsible for:
- state and territory revenue laws
- payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
- overseeing super funds, corporations and financial market operators to ensure compliance with prudential regulations
- determining entitlement to rehabilitation and compensation payments
- law enforcement activities to assist with specific types of investigations
- policy analysis, costing and effectiveness measurement.
Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances, on-disclosures may include de-identified datasets for statistical analysis.