Tax file numbers are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, corporations and others who lodge income tax returns with the ATO.
While individuals cannot be required to provide their TFN, there may be consequences if they don’t. For example, if individuals do not quote their TFN to employers and financial institutions then they may have tax deducted from their income or interest payments at the highest marginal rate.
Quotation of TFNs is also a condition of receipt of most Australian Government assistance payments.
The Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under s 17 of the Privacy Act 1988 (Privacy Act) regulate the collection, storage, use, disclosure, security and disposal of individuals' TFN information. The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal entities such as corporations, partnerships, superannuation funds and trusts.
The TFN Rule is legally binding. A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Office of the Australian Information Commissioner (OAIC).
TFN guidance material
The OAIC has published the following pieces of guidance about TFN rights and obligations:
- For individuals in relation to their own TFNs: Privacy fact sheet 6: Protecting your tax file number information
- For agencies who receive TFNs: Privacy agency resource 5: The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
- For organisations and other entities that receive TFNs, including investment bodies: Privacy business resource 23: The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
Privacy fact sheet 6, Privacy agency resource 5 and Privacy business resource 10 should be read in conjunction with the TFN Rule and the advisory 'Classes of lawful tax file number recipients' document that the ATO and the Australian Prudential Regulation Authority (APRA) have released. This document is not part of the TFN Rule and is not legally binding. It is a joint ATO and APRA document and constitutes part of the obligations the ATO and APRA's have under the TFN Rule to publish information on the classes of persons or bodies who are authorised by law to request an individual quote their TFN.
The obligations relating to the handling of TFNs under the TFN Rule are in addition to responsibilities under other laws, including:
- the Australian Privacy Principles
- the Taxation Administration Act 1953, including offences for the unauthorised use, disclosure, collection, or requests for TFNs
- Part VA of the Income Tax Assessment Act 1936, which contains provisions related to the handling of TFNs
- Part 25A of the Superannuation Industry (Supervision) Act 1993 and Part 11 of the Retirement Savings Accounts Act 1997, which provide for the collection of TFNs by the trustees of superannuation funds and retirement savings account providers
- the Data-matching Program (Assistance and Tax) Act 1990 which provides for, and regulates, the matching of records between the ATO and assistance agencies (ie DHS, DSS, DET and DVA) that use the TFN in a data-matching process.
TFN related functions
Under s 28A the Australian Information Commissioner has the following monitoring functions in relation to TFNs:
- examining the records of the Commissioner of Taxation to ensure that the Commissioner
- is not using TFN information for purposes beyond his or her powers (s 28A(1)(c)(i))
- is taking adequate measures to prevent the unlawful disclosure of the TFN information that he or she holds (s 28A(1)(c)(ii))
- evaluating compliance with the TFN Rule (s 28A(1)(d))
- monitoring the security and accuracy of TFN information kept by TFN recipients (s 28A(1)(e)).
Under s 28B(1)(d) the Australian Information Commissioner may provide advice to TFN recipients about:
- their obligations under the Taxation Administration Act 1953 in relation to the confidentiality of TFN information; or
- any matter relevant to the operation of the Privacy Act.
Under s 33C(1)(c) the Australian Information Commissioner may conduct an assessment as to whether TFN information held by a TFN recipient is being maintained and handled in accordance with the TFN Rule.