Submission to the Treasury
18 July 2014
The OAIC recommends that:
the Treasury considers the standard set by the Australian Privacy Principles when considering any amendments to laws that may require the Australian Securities and Investments Commission (ASIC) to collect, use and disclose individuals’ personal information.
the Treasury consider whether the type and amount of personal information that ASIC is required to collect and make publicly available remains appropriate.
the Treasury consider whether it is necessary that all the personal information required to be collected by ASIC for the purpose of reuniting individuals with their unclaimed money, continue to be made publicly available. In particular, whether an amendment to the Banking Act 1959 needs to be made to remove the obligation for ASIC to publish that information in the Gazette.
the Treasury consult the Tax File Number Guidelines 2011 when considering whether tax file numbers should be able to be shared between Australian Deposit-taking Institutions, ASIC and the Australian Taxation Office for the purpose of reuniting individuals with their unclaimed moneys.
the Treasury consider undertaking a privacy impact assessment in relation to any arrangements intended to help reunite account holders with their unclaimed money, including any proposal to maintain the current arrangements.
The Office of the Australian Information Commissioner
The Office of the Australian Information Commissioner (OAIC) is established by the Australian Information Commissioner Act 2010 (Cth) as an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers, the Freedom of Information Commissioner and the Privacy Commissioner.
The OAIC has three primary functions:
privacy functions, conferred by the Privacy Act 1988 (Privacy Act) and other laws
freedom of information functions, in particular, oversight of the operation of the Freedom of Information Act 1982 and review of decisions made by agencies and ministers under that Act
government information policy functions, conferred on the Australian Information Commissioner under the Australian Information Commissioner Act 2010.
The OAIC welcomes the opportunity to comment on the Treasury’s discussion paper ’Options for improving the Unclaimed Bank Account and Life Insurance Money Provisions’ (the Discussion Paper). Further, the OAIC supports the Discussion Paper’s emphasis on balancing the need to reunite individuals with their unclaimed money with the protection of individuals’ privacy.
The OAIC has limited its comments to the following questions:
whether the current arrangements for public disclosure of details of unclaimed bank accounts and life insurance moneys achieve an appropriate balance
what changes could be made to sufficiently protect privacy and still ensure that account holders can easily locate their unclaimed accounts
whether tax file numbers (TFNs) should be able to be shared between Australian deposit-taking institutions (ADIs), the Australian Securities and Investments Commission (ASIC) and the Australian Tax Office (ATO) to more efficiently reunite individuals with their unclaimed moneys, and
whether there are any alternative approaches (to using TFNs) to more efficiently reunite individuals with their unclaimed moneys while effectively balancing privacy concerns.
This Discussion Paper is seeking comment from interested stakeholders on current arrangements for managing unclaimed moneys held in bank accounts and unclaimed life insurance policies.
The OAIC understands that the Banking Act 1959 (Banking Act) and Life Insurance Act 1995 (Life Insurance Act) currently make provision for the treatment of unclaimed money in relation to bank accounts and life insurance policies. In order to effectively reunite account and policy holders with their unclaimed moneys, when ASIC receives the unclaimed funds it is required to publish certain personal information about the account or policy holder in the ASIC Unclaimed Money Gazette. This personal information also become publicly searchable on-line via ASIC’s ’MoneySmart’ website using the unclaimed money search tool.
The Australian Privacy Principles
The Australian Privacy Principles (APPs), contained in the Privacy Act, regulate the handling of personal information by Australian Government agencies and some private sector organisations (collectively referred to as APP entities). The APPs set out the minimum standards that APP entities must meet when handling individuals’ personal information.
As an Australian Government agency, ASIC is an APP entity and is therefore required to comply with the APPs when handling the personal information of account holders and persons covered by life insurance policies. However, a number of the APPs provide an exception to the obligations of the APPs if an APP entity is ‘required or authorised by or under an Australian law’ to act differently. This means that, to the extent that ASIC’s personal information handling practices are required by the Banking Act and the Life Insurance Act, ASIC may be exempted from complying with specific APPs.
However, the OAIC recommends that the Treasury consider the standard set by the APPs when considering any amendments to those laws that may require ASIC to collect, use and disclose individuals’ personal information. In particular, the Treasury should consider APP 3 and APP 6. Under APP 3 an APP entity should only collect personal information that is reasonably necessary, or directly related to one of its functions or activities. Further, under APP 6 an APP entity may only use and disclose personal information for the purpose for which it was collected, unless an exception applies.
Whether the type and amount of personal information disclosed is appropriate
The OAIC recommends that the Treasury consider whether the type and amount of personal information that ASIC is required to collect and make publicly available remains appropriate given advances in technology, such as the ability to search unclaimed money records online.
ASIC’s MoneySmart unclaimed money search tool allows any person to search for unclaimed moneys under any name. If there is a record under that the name, the search tool will display:
- the full name of the account (and/or policy) holder
- the last known address of the account (and/or policy) holder
- the amount in the account or owing under the policy
- the policy number
- the name and address of the institution at which the account was held, and
- the State or Territory for which the policy is registered.
The OAIC notes that, while the ability to electronically search records of unclaimed money more efficiently reunites individuals with their unclaimed funds, it also makes that information more accessible to persons other than the account or policy holder. Furthermore, once the information is in the public domain it is difficult to destroy, even after the account or policy holder has been reunited with their unclaimed money and ASIC no longer needs the personal information.
The OAIC queries whether the publication of a large amount of personal information, combined with new electronic search tools, may expose affected account and policy holders to an increased risk of identity fraud. The OAIC also notes that the risk of identity fraud is increasing with the evolution of technology and the expansion of online services.
With this in mind, account and policy holders’ privacy interests may be enhanced by ensuring that only the minimum amount of personal information — that is, the minimum necessary to ensure that account and policy holders can easily reclaim their unclaimed money — is published.
This might be achieved by a two-stage approach. For example, individuals might first complete a search on MoneySmart using only a subset of the information collected by ASIC (such as, name and date of birth). Importantly, the results of that search would only display those limited types of personal information. In the event of a positive name match, the individual can then provide further identifying information to establish whether they are entitled to the unclaimed funds. The OAIC notes that, even under the current arrangements, an individual would be required to provide this information to establish their entitlement to the money. A similar approach has been taken by the ATO in relation to their SuperSeeker search tool.
Whether the methods of publication remain appropriate
The OAIC suggests that the Treasury consider whether it is necessary that this information continue to be made publicly available through:
- the hard copy ASIC Unclaimed Money Gazettes,
- the soft copy (pdf. format) ASIC Unclaimed Money Gazette, and
- the searchable database on the ASIC MoneySmart website.
The OAIC understands that currently any unclaimed funds are held in consolidated revenue until a claim is made. Further, that there is no expiry date restricting when a claim can be made. If a claim is made (and the money returned) the relevant personal information is removed from ASIC’s unclaimed moneys database, but remains publicly available in pdf format. This means that the personal information associated with records of unclaimed funds may remain publicly available and searchable (using the pdf reader search tool) in perpetuity.
With this in mind, the OAIC suggests that the personal information is made publicly available, and searchable, through the MoneySmart database alone. This would enable the information to be permanently removed once the money is returned to the account or policy holder.
The OAIC acknowledges that this approach would require an amendment to the Banking Act to remove the requirement for ASIC to publish the information it collects from ADIs in the Gazette. However, the OAIC notes that this would be consistent with the Life Insurance Act, which only requires ASIC to maintain a register containing details of unclaimed life insurance.
Consistent with the recommendation that Treasury consider the standard set by the APPs, the OAIC suggests that the ability for this personal information to be destroyed once it is no longer needed (because the account holder has been reunited with their unclaimed money) would be consistent with the obligation in APP 11.3.
Use of tax file numbers to more effectively reunite individuals with their unclaimed moneys
The Discussion Paper suggests that individuals could be more efficiently reunited with their unclaimed moneys by allowing ADIs to report TFNs to ASIC, who could then use that information to obtain up-to-date contact details from the ATO’s tax lodgement information. Further, the Discussion Paper notes that this approach is already being used by the ATO to reunite individuals with their unclaimed superannuation. 
The OAIC understands that information about unclaimed superannuation is made searchable by the ATO using its SuperSeeker website.
The OAIC understands that the superannuation fund can take steps to try and contact the account holder before a superannuation account is considered inactive. One of these steps involves using the individual’s TFN to obtain up-to-date contact details from the ATO’s tax lodgement information. This was made possible by the Tax Laws Amendment (2011 Measures No. 2) Act 2011 which extended the use of TFNs to superannuation fund trustees and retirement savings account providers in certain circumstances.
In addressing the suggestion that the use of TFNs be extended for the purpose of reuniting individuals with their unclaimed money in relation to bank accounts and life insurance policies, the OAIC has considered whether that extension would be consistent with the Tax File Number Guidelines 2011 (the TFN Guidelines).
A TFN is a unique number (an identifier) issued by the ATO to identify individuals, companies and others who lodge income tax returns with the ATO. As outlined in the OAIC’s Privacy Fact Sheet 6:
The purpose of the TFN is to facilitate the effective administration of taxation law and certain aspects of personal assistance and superannuation law and, importantly, not to assist with the identification of individuals for other purposes.
The TFN Guidelines regulate the handling of individuals’ TFNs. The Guidelines are legally binding and are issued by the Information Commissioner under s 17 of the Privacy Act. A breach of the Guidelines is an ‘interference with privacy’ of an individual. An individual who considers that their TFN information has been mishandled may make a complaint to the Commissioner under the Privacy Act.
The primary purposes of the TFN Guidelines are:
- to permit the use and disclosure of individuals’ TFNs where it is specifically authorised by taxation law, personal assistance law or superannuation law, and
- to prevent TFNs from being used for unintended purposes.
Should the use of TFNs be extended for this purpose
The OAIC (and former Office of the Privacy Commissioner) has previously made submissions relating to the extension of the use of TFN information for specific purposes.
Drawing on the recommendations made in those submissions, the OAIC recommends that the Treasury consider:
whether the use of TFN information is necessary, after considering the utility of any other tools that could be used to obtain up-to-date contact details for account holders
the extent of the benefits to individuals of extending the use of TFN information for this purpose, and
whether a proposal to extend the use of TFN information for this purpose is (or could be considered) an extension of a current authorised TFN use.
Importantly, if after considering these issues the Treasury considers that the extension of the use of TFNs for this purpose is justified, that extension would still need to be consistent with the TFN guidelines.
If the use of TFNs is extended, would the TFN Guidelines need to be amended
Any extension of the use of TFNs for the current purpose of reuniting individuals with money held in unclaimed bank accounts and life insurance policies, must be consistent with the TFN Guidelines.
Under Guideline 5 of the TFN Guidelines, a TFN recipient (a person in possession of a record containing a TFN, including ADIs) must not use or disclose that information except for a purpose authorised by taxation law, personal assistance law or superannuation law. This means that an ADI that holds information about an individual’s TFN would not be permitted to disclose that information to ASIC unless it was authorised under a relevant law.
Accordingly, the OAIC recommends that the Treasury take into account the following matters when considering any proposal to extend the use of TFN information for the purpose of reuniting individuals with their unclaimed moneys:
if the use could be authorised by taxation law, personal assistance law or superannuation law, and
if not, whether the benefits to the individual of extending the use of TFN information are significant enough to justify a variation being made to the TFN guidelines, and
how to ensure that any extension of the use of TFN information is subject to appropriate privacy safeguards. This may assist the Treasury to identify and mitigate any privacy impacts of extending the use of TFNs.
If the Treasury considers that an amendment to the TFN Guidelines is justified, further consultation with the OAIC will be necessary.
Accessing information held in the credit reporting system
The OAIC notes that in 2013 the Treasury conducted a similar consultation process in relation to unclaimed superannuation accounts. While the OAIC did not make a submission as part of that consultation process, one stakeholder proposed amending the Superannuation Industry (Supervision) Act 1993 to authorise superannuation funds to access, use and disclose certain identity information (including last known address information) held in the Australian credit reporting system.
The OAIC notes that there is currently no legal provision that provides for access to information held in the consumer credit reporting system for the purpose of reuniting individuals with their unclaimed money. This includes information about individuals’ last known address. This is consistent with the purpose of the consumer credit reporting system — namely, to balance protecting individuals’ personal information with the need for credit providers to have enough information to help them assess an individual’s suitability to be provided with credit.
For more information about who may access the credit reporting system and for what purposes, please see the OAIC’s credit reporting fact sheet series, ’Know your rights’.
Privacy impact assessment
The OAIC recommends that the Treasury consider undertaking a privacy impact assessment (PIA) in relation to any arrangements intended to help reunite account holders with their unclaimed moneys, including any proposal to maintain the current arrangements. A PIA may also assist the Treasury in considering the issues raised above in relation to any extension of the use of TFNs for this purpose.
The OAIC has recently published a revised PIA Guide that describes the purpose and process of undertaking a PIA.
 See The Treasury, Options for improving the Unclaimed Bank Account and Life Insurance Money Provisions, available at: <http://www.treasury.gov.au/ConsultationsandReviews/Consultations/2014/Unclaimed-Moneys-Discussion-Paper>, p3.
 See also Australian Securities and Investments Commission (ASIC) Unclaimed Money Gazettes, available at: <http://www.asic.gov.au/asic/asic.nsf/byheadline/ASIC+Gazette+-+Unclaimed+Moneys?openDocument#UM_List>; see also Banking Act 1959, s69(4); Life Insurance Act 1995, s216; Life Insurance Regulations 1995, reg. 10.05A(2)(b).
 See The Treasury, n1, p11; see also ASIC MoneySmart: Find unclaimed money website <https://www.moneysmart.gov.au/tools-and-resources/find-unclaimed-money>.
 See Banking Act 1959, s69(4); Life Insurance Regulations 1995, reg. 10.05A(2)(b).
 See Office of the Australian Information Commissioner (OAIC), OAIC Community Attitudes to Privacy survey Research Report 2013, OAIC’s website <http://www.oaic.gov.au/privacy/privacy-resources/privacy-reports/oaic-community-attitudes-to-privacy-survey-research-report-2013>; for more information about identity crime in Australia, see Attorney General’s Department (AGD), Identity crime in Australia, AGD website <http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Pages/Trends-in-Identity-Crime.aspx>.
 Australian Taxation Office (ATO), SuperSeeker, ATO website <https://www.ato.gov.au/Calculators-and-tools/SuperSeeker/>; see also the Treasury, n1, p13.
 See the Treasury, n1, p13.
 See ATO, n16.
 See, for example, Superannuation Industry (Supervision) Act 1993 ss 299LA and 299LB.
 See OAIC 2012, Privacy fact sheet 6: The binding Tax File Number Guidelines 2011 and the protection of tax file number information, available at: <http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-6-the-binding-tax-file-number-guidelines-2011-and-the-protection-of-tax-file-number-information/all-pages>; see also ATO, Tax file numbers, ATO website <https://www.ato.gov.au/Individuals/Tax-file-number/>.
 See Privacy Act, s 13(4).
 See OAIC, n10.
 See the Office of the Privacy Commissioner (OPC) 2009, Review into the Governance, Efficiency, Structure and Operation of Australia’s Superannuation System: Submission to the Review Panel on the Phase Two: Operation and Efficiency - Issues Paper, available at: <http://www.oaic.gov.au/privacy/privacy-archive/privacy-submissions-archive/review-into-the-governance-efficiency-structure-and-operation-of-australias-superannuation-system-submission-to-the-review-panel-on-the-phase-two-op#_ftn11>; OAIC 2011, Exposure Draft –Using Tax File Numbers as an identifier and to facilitate account consolidation, available at <http://www.oaic.gov.au/news-and-events/submissions/privacy-submissions/exposure-draft-using-tax-file-numbers-as-an-identifier-and-to-facilitate-account-consolidation#_ftn5>.
 See OPC, n13, Para 19.
 For example, the use of TFN information for the purpose of reuniting individuals with their unclaimed superannuation was judged to be consistent with the TFN Guidelines; See Explanatory Memorandum Tax Laws Amendment (2011 Measures No. 2) Bill 2011, available at: <http://www.comlaw.gov.au/Details/C2011B00066/Explanatory%20Memorandum/Text>, Para3.23.
 See Explanatory Memorandum Privacy Amendment (Enhancing Privacy Protection) Bill 2012, p91.
Was this page helpful?
If you would like to provide more feedback, please email us at email@example.com