At a glance
This protocol has been prepared to meet requirements of the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) (the Guidelines).
The share transactions data matching program has been conducted since 2006 to ensure compliance with taxation obligations on the disposal of shares and similar securities. There are taxation implications on the disposal of shares, especially in relation to capital gains tax (CGT).
As taxpayers can hold shares for many years before disposal, the collection of transaction history data dating back to 20 September 1985 (the introduction of the CGT regime) is necessary to enable cost base and capital proceeds calculations. Collecting data back to 1985 does not change our general compliance approach of reviewing share disposals within the standard period of review.
In the 2013–14 Federal Budget, the government announced it would legislate to make the reporting of share transaction data to the ATO mandatory. Legislation was enacted in the Tax and Superannuation Laws Amendment (2015 Measures No. 5) Bill 2015, requiring reporting from the Australian Securities and Investments Commission (ASIC) from 1 July 2016. Share registries, brokers and trustees and fund managers were required to report from 1 July 2017.
The legislative reporting regime gathers share transaction information and has done so since its commencement. The regime doesn't gather information retrospectively.
The information acquired under this data matching program will continue to be required until all shares have been transferred within the legislative reporting regime.
This data matching protocol has been amended from the original version published in October 2016 to:
- include ASIC as a data provider
- seek an exemption from the Information Commissioner to vary the usual data destruction requirements, now to be reviewed on a rolling basis at intervals of no longer than seven years. Each review will determine whether a new request to extend the exemption is required.
Program objectives
The purpose of this data matching program is to ensure that taxpayers are correctly meeting their taxation obligations in relation to share transactions. These obligations include registration, lodgment, reporting and payment responsibilities.
How the data will be used
Sales and purchase data will be obtained from share registry service providers and ASIC, and compared with information included in income tax returns. We will match this data against ATO records and other data we hold to identify taxpayers that may not be meeting their registration, reporting, lodgment and/or payment obligations. The program supports client engagement and voluntary compliance through initiatives such as education and pre-filling information in tax returns.
Learn more about what we will do before amending a return.
Previous programs
This is an ongoing data matching program that we have conducted since 2006.
Pre-fill and associated digital service messages are made available to approximately 240,000 taxpayers each year to prompt them to include the disposal of shares at the appropriate capital gains tax labels in their income tax returns.
Data has been used for compliance activity however due to the broad use of this data combined with other third party data we hold it is not possible to provide specific shares results.
Data related matters
Data matching and user agency
We are the matching agency and, in most cases the sole user of the data obtained during this data-matching program. The data matching program will be conducted on our secure systems in accordance with approved policies and procedures.
In very limited and specific circumstances we may be permitted by law to disclose individual records to other government agencies.
Learn more about our on-disclosure provisions.
Data providers
Data will be obtained from the following share registries:
- Link Market Services Limited
- Computershare Limited
- Australian Securities Exchange Limited
- Boardroom Pty Ltd
- Advanced Share Registry Services Pty Ltd
- Security Transfer Registrars Pty Ltd
- Automic Registry Services (Automic Pty Ltd).
Data will also be obtained from ASIC.
Data elements
We will obtain the following information from the share registries listed above for the period 20 September 1985 to 30 June 2018:
- full name
- full address
- holder identity number
- shareholder registry number
- entity name
- entity ASX code
- purchase date and price
- sale date and price
- quantities of shares acquired or disposed of
- corporate actions affecting shareholders (eg corporate reconstructions)
- broker identity
- transaction codes
- entity type
- direction indicator (buy or sell).
ASIC will provide the Australian Market Regulation feed for all products (apart from options and futures) quoted on the Australian Securities Exchange or Chi-X Australia markets to the ATO. We are acquiring this data under legislative reporting from 1 July 2016. This additional data collection goes back to the start of the market surveillance system in July 2014.
We will obtain the following information from ASIC:
- Record Type
- Record Number
- Trade ID
- Transaction Type
- Date
- Time
- Symbol
- Price
- Volume
- Value
- Market Platform ID
- Indicators
- Buy Broker
- Buy Capacity
- Buy Client OOO
- Buy Account ID
- Buy Secondary Account ID
- Buy Intermediary
- Sell Broker
- Sell Capacity
- Sell Client OOO
- Sell Account ID
- Sell Secondary
- Account ID
- Sell Intermediary
- Manual Indicator.
Number of records
It is estimated that the total number of records that will be obtained from share registries will be more than 25 million. The number of unique individuals expected to be involved is around 2.1 million.
Over 500 million records will be obtained from ASIC. We are acquiring data from the start of their market surveillance system in July 2014 for use with the legislative provision of this data from 1 July 2016.
Data quality
We have worked extensively with data providers and are confident the data will be of high quality as it has been in the past. The data will be supplied in accordance with reporting specifications including record layout, file and data format for each record.
Data will be transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our analytical systems.
Find out about:
- How we undertake data matching
- How we protect your personal information
- Our quality assurance framework
- Why we undertake data matching
- The costs and benefits of data matching
Data retention
The collection of data under this program is expected to occur progressively on a biannual basis during the 2016–17 and 2017–18 financial years.
In June 2018 we asked then acting Information Commissioner to exercise her discretion and allow us to vary from the data destruction requirements contained in the Guidelines. This is further to the exemption sought in October 2016.
We sought to extend the timeframe for retention of this data, with a review on a rolling basis at intervals of no longer than seven years. The retention of this data is required for the protection of public revenue. We had previously sought a single exception of five years.
Destroying the data earlier than requested would put public revenue at risk as we would be limited in our ability to determine capital gains tax liabilities for shares purchased prior to the commencement of the legislative reporting regime (1 July 2016).
See the Submission to the Information Commissioner setting out the basis for seeking the variation to the data destruction guidelines and its impacts on individual privacy. We destroy information that is no longer required in accordance with the Guidelines and the National Archives of Australia's General Disposal Authority 24 - Records Relating to Data Matching Exercises (GDA 24).
Public notification of the program
To support public notification of our data matching program we have:
- published an original program notice in the Federal Register of Legislation - Gazettes on 26 October 2016
- publishing this amended data matching program protocol on Data matching protocols
- advising the data providers they
- should notify their clients of their participation in this program
- should update their privacy policies to note that personal information is disclosed to us for data matching purposes.
Gazette notice content
Commissioner of Taxation
Notice of a data matching program – Share transactions - 20 September 1985 to 30 June 2018 (amended)
The Australian Taxation Office (ATO) will continue to acquire details of share transactions. Data will be acquired for the period 20 September 1985 to 30 June 2018 from the following sources:
- Link Market Services Limited
- Computershare Limited
- Australian Securities Exchange Limited
- Boardroom Pty Ltd
- Advanced Share Registry Services Pty Ltd
- Security Transfer Registrars Pty Ltd
- Automic Registry Services (Automic Pty Ltd).
- Australian Securities and Investments Commission (ASIC).
The data items that will be obtained are:
- full name
- full address
- holder identity number
- shareholder registry number
- entity name
- entity ASX code
- purchase date and price
- sale date and price
- quantities of shares acquired or disposed of
- corporate actions affecting shareholders (e.g. corporate reconstructions)
- broker identity
- transaction codes
- entity type
- direction indicator (buy or sell).
- record type
- record number
- trade ID
- transaction Type
- time
- symbol
- volume
- value
- market platform ID
- indicators
- buy broker
- buy capacity
- buy client OOO
- buy account ID
- buy secondary account ID
- buy intermediary
- sell broker
- sell capacity
- sell client OOO
- sell account ID
- sell secondary
- account ID
- sell intermediary
- manual indicator
It is estimated that the number of unique individuals expected to be involved is around 2.1 million.
The objective of this data matching program is to ensure that taxpayers are correctly meeting their taxation obligations in relation to share transactions. These obligations include registration, lodgment, reporting and payment responsibilities.
A document describing this program has been prepared in consultation with the Office of the Australian Information Commissioner. A copy of this document is available at Data matching protocols.
Legal matters
Find out about:
- Your privacy
- Making a privacy complaint
- Our lawful role
- Our legal authority to undertake a data matching program
Submission to the Information Commissioner
Varying from the data destruction requirements
In correspondence during June 2018 we sought approval for the share transactions 20 September 1985 to 30 June 2018 data matching program to vary from one or more of the conditions detailed in Guideline 10 of the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian government administration (2014) (the Guidelines).
We sought to extend the retention period to seven years, from the original five year extension request to the Information Commissioner in October 2016. We outlined our intension to undertake a review by the seven year anniversary to determine whether the extension should be renewed. This data will be necessary until all shares contained in the dataset have been transferred within the mandatory reporting regime. We will conduct a rolling review of the ongoing data requirements at intervals of no longer than seven years, where we will seek further exemption from the Information Commissioner should it be required.
We consider that a variation from the usual retention periods for this data matching program is in the public interest (10.1(c) of the Guidelines) as:
- the ATO is responsible for the administration of the capital gains tax regime.
- capital gains tax legislation requires the establishment of a cost base to determine an individual’s taxation liability on disposal of shares and other securities in certain circumstances.
- although recently enacted legislation makes reporting of share transaction information mandatory from the commencement date, the historical data captured under this program will be required on an ongoing basis for cost base and capital proceeds calculations.
- individuals may retain shareholdings for many years, at times for their whole life, before disposing of them and potentially triggering a capital gains event.
- destruction of the data earlier than requested would inhibit our ability to identify taxpayers who may be subject to administrative action and therefore result in loss of public revenue.
- it enhances our analytics capability and the ATO's ability to assist individuals to comply with their taxation obligations through prefilling alert services.
Whilst increased data retention periods may increase privacy risks, we have implemented a range of safeguards to appropriately manage and minimise any increased risk.
This program will continue to be subject to an evaluation within three years and every three years after, which remains consistent with the requirements of Guideline 9.
Every second evaluation cycle will include an assessment of whether the data is no longer required and can be destroyed or whether the exemption to retain the data should be renewed.
Additional information justifying this variation is included in the tables below:
- Table 1 – matters considered in accordance with Guideline 10.2 in seeking this variation
- Table 2 – consistency with requirements of the other guidelines issued by the Office of the Australian Information Commissioner.
Table 2: Matters considered in seeking this variation to the Guidelines
This section outlines where we are being consistent with the requirements of the Guidelines.
Paragraph/Guideline |
Action taken/To be taken |
|
---|---|---|
Paragraph 6 |
Status of the Guidelines |
Our commitment to complying with the Guidelines is embedded in our data management policies and principles and clearly stated in the chief executive instruction. |
Guideline 1 |
Application of the Guide |
We apply the guidelines for all data matching programs where it is anticipated the program will include records of 5,000 or more individuals. We recognise that programs where there are multiple data sources but with common objectives and algorithms are treated as a single data matching program. |
Guideline 2 |
Deciding to carry out or participate in a data matching program |
We conduct a cost-benefit analysis and consider alternate methods prior to proposing to conduct a data matching program. Further, we have rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals. |
Guideline 3 |
Prepare a program protocol |
Prior to conducting a data matching program, we prepare a data matching program protocol, submit this to the Office of the Australian Information Commissioner and make a copy publicly available on the ATO website When elements of a data matching program change, the protocol is amended, a copy of the amended protocol is provided to the Office of the Australian Information Commissioner and updated on our website |
Guideline 4 |
Prepare a technical standards report |
Documentation is prepared and maintained so as to satisfy the requirements of a technical standards report. |
Guideline 5 |
Notify the public |
We publish notification of our intention to undertake a data matching program in the Federal Register of Legislation - Gazettes prior to the commencement of the program. This notice will include the following information as required by the Guidelines:
Notification of the program is also published on our website and data providers are advised they can advertise their participation in the data matching program. |
Guideline 6 |
Notify individuals of proposed administrative action |
Prior to taking any administrative action as a result of the data matching programs, individuals and other entities are given at least 28 days to verify the accuracy of the information provided to us by third parties. |
Guideline 7 |
Destroy information that is no longer required |
We are seeking to vary from this requirement. |
Guideline 8 |
Do not create new registers, data sets or databases |
We do not create new registers or databases using data obtained in the course of a data matching program. |
Guideline 9 |
Regularly evaluate data matching programs |
Programs are evaluated within three years of the commencement of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner on request. |
Guideline 10 |
Seeking exemptions from Guideline requirements |
When we intend to vary from the requirements of the Guidelines, we seek the approval of the Office of the Australian Information Commissioner and provide documentation to support the variance. |
Guideline 11 |
Data matching with entities other than agencies |
We undertake our own data matching programs. This function is not outsourced. Where data is obtained from an entity other than an individual, we usually do so using our formal information gathering powers. In these instances the entities are advised they are able to notify their clients of their participation in the data matching program. |
Guideline 12 |
Data matching with exempt agencies |
We do not usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the Guidelines (i.e. any data matching undertaken with an exempt agency would usually be for fewer than 5,00 individuals). In the event a data matching activity would otherwise be subject to these Guidelines except for the exemption status, we still adhere to the principles of the Guidelines and prepare a program protocol, seeking to vary from the Guidelines by not publicly notifying of the program and publishing the protocol. We would still lodge a copy of the protocol with the Office of the Australian Information Commissioner. |
Guideline 13 |
Enable review by the Office of the Australian Information Commissioner |
We would not prevent the Office of the Australian Information Commissioner from reviewing our data matching activities and processes. These activities and processes have been reviewed by the Australian National Audit Office and Inspector-General of Taxation. |
During July 2018 the then acting Information Commissioner approved our request to retain information collected during our data matching program for a period longer than 90 days. On the understanding that the information will not be retained beyond seven years from the receipt of all data files from source entities, unless a further exemption is approved.
More information
What we will do before we amend a return
Where we detect a discrepancy that requires verification we will contact the taxpayer by telephone, letter or email.
Before any administrative action is taken, taxpayers will be provided with the opportunity to verify the accuracy of the information obtained by us. Taxpayers will be given at least 28 days to respond before administrative action is taken.
For example, where discrepancy matching identifies that a taxpayer is not reporting all of their income, but in fact they are reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.
The data may also be used to ensure that taxpayers are complying with their other taxation and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.
In cases where taxpayers fail to comply with these obligations, even after being reminded of them, escalation for prosecution action may be instigated in appropriate circumstances.
Where a taxpayer is correctly meeting their obligations, the use of the data will reduce the likelihood of contact from us.
Our on-disclosure provisions
Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the other government agencies we can disclose taxpayer information to, and the circumstances we are permitted to make those disclosures. These include agencies responsible for:
- state and territory revenue laws
- payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
- overseeing superannuation funds, corporations and financial market operators to ensure compliance with prudential regulations
- determining entitlement to rehabilitation and compensation payments
- law enforcement activities to assist with specific types of investigations
- policy analysis, costing and effectiveness measurement.
Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances on-disclosures may include de-identified datasets for statistical analysis.
How we undertake data matching
We use sophisticated identity matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple details to obtain an identity match. For example, where a name, address and date of birth are available, all items are used in the identity matching process. Very high confidence matches will occur where all fields are matched.
Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision taken to destroy the data with no further action. Our manual identity matching process involves an ATO officer reviewing and comparing third party data identity elements against ATO information on a one-on-one basis, seeking sufficient common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting.
Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.
Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance officers for actioning.
Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity, or to destroy the data.
Destruction of data is conducted in accordance with the timeframes and requirements of the Guidelines and the General Disposal Authority 24 (GDA24) or an extension of time is sought from the Information Commissioner.
How we protect your personal information
Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.
All ATO computer systems are strictly controlled, with features including:
- system access controls and security groupings
- login identification codes and password protection
- full audit trails of data files and system accesses.
We will utilise our secure internet-based data transfer facility to convey the data from source agencies.
Our quality assurance framework
Quality assurance processes are integrated into our procedures and computer systems and are applied throughout the data matching cycle.
These assurance processes include:
- registering the intention to undertake a data matching program on an internal register
- obtaining approval from the data matching gatekeeper and relevant Senior Executive Service (SES) officers prior to any activity being undertaken
- conducting program pilots or obtaining sample data to ensure the data matching program will achieve its objectives prior to full data sets being acquired
- notifying the Office of the Australian Information Commissioner of our intention to undertake the data matching program and requesting permission to vary from the data matching guidelines (where applicable)
- access to the data is restricted to approved users and access management logs record details of who has accessed the data
- quality assurance processes embedded into compliance activities include:
- review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
- ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
- regular independent panel reviews of samples of case work to provide assurance of the accuracy and consistency of case work.
These processes ensure data is collected and used in accordance with our data management policies and principles, and complies with the Information Commissioner's data matching guidelines.
Why we undertake data matching
We have considered a range of alternatives to this data matching program to ensure entities are complying with their taxation and superannuation obligations. Relying only on data already held by the ATO is of limited value for the following reasons:
- the taxation system operates on willing participation so our data is derived from taxpayers that are correctly registered and meeting their lodgment obligations
- we have no other data to cross-reference to ensure taxpayers are reporting their obligations correctly other than by directly contacting every taxpayer.
This data matching program will allow us to identify taxpayers who are not fully complying with their obligations, as well as those that may be operating outside the taxation and superannuation systems. It will also reduce the likelihood of the ATO unnecessarily contacting taxpayers who are complying with their taxation obligations.
Data matching is an effective method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations that would otherwise be a resource-intensive exercise.
Data matching also assists us in effectively promoting voluntary compliance by notifying the public of areas and activities under scrutiny.
Costs and benefits of data matching
Costs
There are some incidental costs to us in the conduct of this data matching program, but these will be more than offset by the total revenue protected. These costs include:
- data analyst resources to identify potential instances of non-compliance
- compliance resources to manage casework and educational activities
- governance resources to ensure that the Guidelines and the Privacy Act 1988 are complied with, and quality assurance work to ensure the rigour of the work undertaken by analysts and compliance staff
- storage of the data.
Benefits
Benefits from conducting this data matching program include:
- maintaining community confidence in both the taxation and superannuation systems by creating a level playing field, as well as maintaining community confidence in the ATO’s capacity to fairly administer those systems
- maintaining integrity of the taxation and superannuation systems – there are inherent risks in taxpayers not complying with their obligations, including those that deliberately abuse these systems – this program will assist the ATO in detecting, dealing with and deterring those that are not meeting their obligations
- enabling enforcement activity and recovery of taxation revenue – without undertaking this data matching program and subsequent compliance activity, there are no assurances that a wider risk to revenue does not exist.
Making a privacy complaint
If a taxpayer is not satisfied with how we have collected, held, used or disclosed their personal information, they can make a formal complaint by:
- using the online Complaints form
- phoning our complaints line on 1800 199 010
- phoning the National Relay Service on 13 36 77 (if you have a hearing, speech or communication impairment)
- sending us a free fax on 1800 060 063
- writing to us at:
ATO Complaints
PO Box 1271
ALBURY NSW 2640
If a taxpayer is not satisfied with the outcome of the privacy complaint, they can contact the Office of the Australian Information Commissioner.
See also:
- How do I make a privacy complaintExternal Link – details on the complaint process
- Privacy
Our lawful role
The Commissioner of Taxation has responsibility for ensuring taxpayers meet their taxation and superannuation obligations. Compliance with these obligations is a matter we take seriously and failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the taxation and superannuation systems and our capacity to administer those systems.
Our data matching program is one of the strategies used to identify and deal with non-compliant behaviour. Data matching programs also provide a degree of assurance that taxpayers are meeting their obligations.
Our legal authority to undertake a data matching program
ATO legislation
The data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.
This is a coercive power that obligates the data providers to give the information requested. We will use the information for taxation and superannuation compliance purposes.
Privacy Act
Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act 1988 and in particular:
- APP6.2(b) – the use of the information is required or authorised by an Australian law
- APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.