Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Exposure Draft - Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 and Explanatory Memorandum; Submission to the Commonwealth Treasury (April 2009)

Exposure Draft- Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 and Explanatory Memorandum Submission to the Commonwealth Treasury April 2009

pdfsub_tax_laws_amendment

Submission to the Commonwealth Treasury

April 2009

Key recommendations

1. The Office of the Privacy Commissioner (the ‘Office’) supports the consolidation and standardisation of existing taxation secrecy provisions in the exposure draft Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (the ‘draft Bill’). In the Office’s opinion this will assist individuals to be confident that the information they provide under the taxation laws is being handled appropriately. It will also assist government agencies and private sector organisations to more easily identify the circumstances in which this information may be collected, used and disclosed.

2. The Office makes the following specific recommendations in relation to the draft Bill and the corresponding Explanatory Memorandum (the ‘draft Explanatory Memorandum’):

  1. The draft Explanatory Memorandum should clarify whether a record or disclosure made under an exception to the draft Bill, is ‘authorised by or under law’ for the purposes of Information Privacy Principles 10.1(c) and 11.1(d) and National Privacy Principle 2.1(g) of the Privacy Act 1988 (Cth).
  2. The draft Explanatory Memorandum should provide further clarity about what constitutes a ‘serious’ threat for the purposes of paragraph 355-90(b) of the draft Bill. In particular, the Office considers that the relative likelihood of a threat eventuating (including the imminence of the threat) and the gravity of the potential outcome,should be taken into account in assessing whether a threat is ‘serious’.
  3. Paragraph 355-80(4) of the draft Bill should provide that regulations need to identify the purposes of a prescribed taskforce and the agencies in a prescribed taskforce.
  4. Paragraphs 355-40 and 355-170 of the draft Bill, should not override the protections afforded to publicly available personal information under Information Privacy Principles 10, 11 and National Privacy Principle 2 of the Privacy Act.
  5. Paragraph 1.17 of the draft Explanatory Memorandum should indicate that there are a number of factors relevant in considering whether the public benefit of a proposed use or disclosure outweighs taxpayer privacy, which include, among other things, whether the proposed disclosure will be exempt from the Information Privacy Principles or the National Privacy Principles.

Office of the Privacy Commissioner

3. The Office of the Privacy Commissioner (‘the Office’) is an independent statutory body whose purpose is to promote and protect privacy in Australia.

4. The Privacy Act 1988 (Cth)(the ‘Privacy Act’) contains eleven Information Privacy Principles (‘IPPs’) which apply to Australian and ACT Government agencies. It also includes ten National Privacy Principles (‘NPPs’) which generally apply to all businesses with an annual turnover of more than $3 million (and some small businesses), but which do not apply to certain exempt organisations including political parties[1].

5. The coverage of the Privacy Act is limited to ‘personal information’. This is defined in section 6 (1) of the Act as information or an opinion, whether true or not, about an individual whose identity is apparent or can be reasonably ascertained from that information.

Background

6. The Office welcomes the opportunity to provide comments on the exposure draft Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009[2] (the ‘draft Bill’) and the corresponding Explanatory Memorandum[3] (the ‘draft Explanatory Memorandum’). The Office previously provided a submission on the Treasury Discussion Paper for the Review of Taxation Secrecy and Disclosure Provisions in September 2006[4].

7. The Office understands that the main purpose of the draft Bill is to consolidate the existing secrecy and disclosure provisions found in 18 taxation laws, and standardise the provisions into a single framework[5].The draft Bill also introduces some new disclosures.

8. The draft Bill establishes three offences which prohibit taxation officers[6], other entities[7] and entities that obtain taxpayer information in breach of a taxation law[8], from making a record of, or disclosing taxpayer information (referred to as ‘protected information’ in the draft Bill). It also provides exceptions to these offences.

9. In this submission references to paragraphs of the draft Bill refer to paragraphs in schedule 1, item 1 of the draft Bill.

Relationship between the Privacy Act and Secrecy Laws

10. The Privacy Act provides an overarching framework for how personal information should be handled by agencies and organisations. In contrast, secrecy laws, such as the draft Bill, focus on protecting the secrecy and confidentiality of information, by providing criminal penalties for those who mishandle it[9].

11. Where information protected under secrecy laws also contains personal information, it may not be clear to what extent an entity bound by the secrecy laws, also needs to comply with the Privacy Act. In its report For Your Information: Australian Privacy Law and Practice (ALRC 108), the ALRC recommends that where a secrecy provision regulates personal information, that provision should address how the requirements under the provision interact with the privacy principles in the Privacy Act.[10]The Office supports this recommendation, on the basis thatit could remove uncertainty for agencies regarding their obligations under both secrecy and privacy legislation.

12. The draft Explanatory Memorandum partly addresses this by indicating that ‘personal information is also protected by the Privacy Actand the work of the Office of the Privacy Commissioner’[11].

13. However, the Office believes it is still not clear whether an exception to the secrecy provisions in the draft Bill, overrides the use and disclosure principles in IPPs 10.1, 11.1 and NPP 2.1.

14. IPPs 10.1 and 11.1 limit how agencies may use and disclose personal information. NPP2.1 limits how organisations covered by the Privacy Act[12], may use and disclose personal information. There are exceptions to each of these principles, which, in each case, include where the use or disclosure is ‘required or authorised by or under law’ (see IPP 10.1(c), IPP11.1(d) and NPP2.1(g).The Office considers that it may not be clear whether exceptions in the draft Bill that allow the making of a record or disclosure of taxpayer information containing personal information, are ‘authorised by or under law’ for the purposes of IPPs 10.1(c) and 11.1(d) and NPP2.1(g).

15. The Office would therefore suggest that the draft Explanatory Memorandum clarify whether making a record or disclosure under an exception to the draft Bill, is ‘authorised byor under law’ for the purposes of the Privacy Act. This would be consistent with the approach taken in section 56 (12) of the Australian Prudential Regulation Authority Act 1998[13].

Serious threat to health or safety

16. The Office notes that paragraph 355-90(b) of the draft Bill provides an exception to the secrecy offence provisions, where a taxation officer makes a record for, or discloses taxpayer information to an Australian government agency for the purpose of preventing or lessening a serious threat to an individual’s health or safety, or a serious threat to public health.

17. The draft Explanatory Memorandum generally provides that ‘what is a ‘serious’ threat depends on the circumstances but would certainly include a threat of murder’[14].

18. The Office understands that paragraph 355-90(b)is based on IPP 11.1(c)[15].However, unlike IPP 11.1(c), there is no requirement for the threat to an individual’s life, health or safety to be ‘imminent’. The Office notes the reasons given in the draft Explanatory Memorandum for this distinction- under the Privacy Act, if a threat is not imminent, an individual’s consent may be obtained before disclosing their personal information, while under the draft Bill, obtaining a taxpayer’s consent before disclosing their taxpayer information is not an exception to the offence provisions[16].

19. The Office is concerned that the draft Explanatory Memorandum may not clearly describe what is meant by a ‘serious’ threat. This could potentially lead to taxpayer information being disclosed where there is only a suspicion of unlawful conduct occurring at an indeterminate future time.

20. The Office suggests that the draft Explanatory Memorandum provide further clarity about what constitutes a ‘serious’ threat.In particular, the Office suggests that the relative likelihood of a threat eventuating and the gravity of the potential outcome should be taken into account when assessing whether a threat is ‘serious’. This is consistent with the ALRC’s comments in relation to IPP11.1(c) in ALRC 108[17].

21. Further, in its submissions to the ALRC’s review of Australian privacy law, the Office noted the importance of assessing the imminence of a ‘threat’ before disclosing personal information under IPP11.1(c). This ensures agencies will consider the timeframe in which the threat may occur, and recognises that a non-imminent threat may be mitigated other than by disclosing an individual’s personal information[18].

22. Accordingly, the Office suggests that the imminence of a threat should be taken into account when assessing itsrelative likelihood.

Project Wickenby and prescribed taskforces

23. The Office notes that under the draft Bill,the Commissioner of Taxation (or an authorised officer) may make a record for, or disclose taxpayer information to a Project Wickenby Officer, for or in connection with any purpose of the Project Wickenby taskforce[19]. The draft Bill also permits a Project Wickenby Officer to make a record of, or disclose taxpayer information for any purpose of the Project Wickenby taskforce[20].

24. The Office supports the draft Bill specifically defining the purposes of the Project Wickenby taskforce. It also supportsthe draft Bill identifying agencies (and supporting agencies)in the taskforce. In the Office’s view, this appears to closely reflect the policy objective behind such disclosures, and minimises the extent to which secrecy protections for taxpayer information are reduced.

25. The draft Bill contains similar provisions applying to prescribed taskforces[21]. However, when a taskforce is prescribed by regulation the draft Bill only provides that the regulations ‘may’ deal with the purposes of that taskforce and the agencies in the taskforce[22].

26. The Office is concerned that this may result in a lack of clarity about the purposes of a prescribed taskforce and the agencies in that taskforce and, if the purposes of a prescribed taskforceare not identified by regulation, it may be difficult to interpret paragraph 355-175(3) of the draft Bill which refers to ‘a purpose of a prescribed taskforce’.

27. Accordingly, the Office suggests consideration be given to requiring any regulations made under paragraph 355-80(4) of the draft Bill, to identify the purposes of the taskforce and the agencies in the taskforce.

28. The Office also suggests that to assist in formulating these purposes, the Treasury should consider developing criteria for determining whether a disclosure to the taskforce is reasonably necessary to facilitate the operations of that taskforce. This may depend on the nature and seriousness of the offences investigated by the taskforce.

Publicly available information

29. The Office understands that under current taxation secrecy laws, it is not an offence for the ATO to disclose taxpayer information collected from a public source[23].However, where a taxation officer collects taxpayer information from another sourcein the course of administering the taxation laws, it is generally an offence to disclose that information, even if the information is also available from a public source[24].

30.The draft Bill would change these provisions. Under the draft Bill it is not an offence for an entity to make a record of, or disclose any taxpayer information that is publicly available. This includes taxpayer information collected from a public source (such as the electoral role, open court records, books, the Internet and newspapers) and taxpayer information collected from another sourcethat is also available from a public source[25].

31.The draft Explanatory Memorandum provides that these amendments will remove the ‘arbitrary administrative burden on the ATO to identify the source of information before it is disclosed’ and will have a ‘minimal impact on privacy’[26].

32. The Office notes that publicly available personal information falls within the definition of ‘personal information’ in section 6 (1) of the Privacy Act. Accordingly, publicly available taxpayer information (containing personal information) collected for inclusion in a record or generally available publication usually will be subject to the protections inIPPs 1 to 3(where the information is collected by an agency), or NPP 1 (where the information is collected by an organisation).

33. However, the protections in IPPs 10 and 11 or NPP 2 may not apply where publicly available taxpayer information (containing personal information) is used or disclosed under paragraph 355-40 or 355-170 of the draft Bill, if the exceptions in IPPs 10.1(c), 11.1(d) or NPP 2.1(g) apply (see paragraph 14 above).

34. While the Office recognises that there are efficienciesassociated with exempting publicly available taxpayer information from the secrecy offence provisions, the Office considers that this should not override the protections afforded to personal information (that is also publicly available) under IPPs 10, 11 and NPP 2.

35. The Office believes that any proposal to reduce privacy safeguards currently offered under the secrecy provisions and the Privacy Act could risk lessening the community’s confidence that personal information is being handled appropriately.

36. It may be more consistent with community expectations for the agency or organisation to obtain an individual’s consent before using or disclosing such information, as generally provided for under IPPs 10 and 11 and NPP2 (subject to any other applicable exceptions).

37. Accordingly, the Office suggests that a note be added to paragraphs 355-40 and 355-170 of the draft Bill, to the effect that a use or disclosure under this paragraph is not ‘required or authorised by or under law’ for the purposes of the Privacy Act.

38. Alternatively, the Office suggests that the exceptions in paragraphs 355-40 and 355-170 of the draft Bill, should not apply to taxpayer information made publicly available as a result of a security breach or unlawfully.

Future policy considerations

39. The Office notes that the draft Explanatory Memorandum provides, as a guide for future policy consideration, that taxpayer information should only be disclosed where the public benefit of such disclosure clearly outweighs taxpayer privacy[27]. According to the draft Explanatory Memorandum, as a general rule this means that‘the more remote the use of information is from the purpose for which it was obtained, the stronger the public benefit needs to be before the disclosure can be justified’[28].

40. The Office notes that the Treasury’s Discussion Paper on the Review of Taxation Secrecy and Disclosure Provisions provided a similar framework, called the Information Disclosure Framework, as a ‘guide to whom and in what circumstances, protected taxpayer information may be disclosed’[29]. The Office noted, in its submission on the Treasury Discussion Paper,that the Information Disclosure Framework may not provide a definitive indication about when a use or disclosure is permitted.The Office was therefore concerned that the framework may be too subjective and potentially very difficult to apply[30].

41. The Office also submitted that it supported the formulation of a set of standard secrecy provisions, with specific exceptions that permit disclosures to a particular entity for an identified purpose.The Office believed this approach would help entities to be able to clearly identify when a particular use or disclosure is permitted.

42.The Office welcomes that the draft Bill is structured in this way. However, it reiterates the above comments in relation to the guide for future policy consideration in paragraphs 1.16 and 1.17 of the draft Explanatory Memorandum.

43. Moreover, the Office suggests that when evaluating whether the public benefit of a proposed disclosure clearly outweighs taxpayer privacy, the following factors should be considered:

  1. Will the proposed disclosure be exempt from the privacy principles (for example, by reason that it is ‘authorised by or under law)? (see paragraph 14 above).
  2. If so, how far would the proposed disclosure diverge from the protections in the IPPs or NPPs that would otherwise apply? Among other things, this may involve analysing the remoteness of a proposed disclosure of information from the purpose for which the information was obtained.
  3. Is the proposed disclosure likely to be consistent with community expectations?
  4. Is the proposed disclosure the best option available to maximise privacy?
  5. Is the proposed disclosure necessary to achieve a given policy objective?

44.The Office therefore suggests that paragraph 1.17 of the draft Explanatory Memorandum be amended to provide that a broad range of factors need to be considered when assessing whether the public benefit of a proposed disclosure outweighs taxpayer privacy, including the factors outlined in paragraph 43 above.


[1]Information relating to the operation of the Privacy Act can be found on the Office’s website at www.privacy.gov.au.

[5]See paragraph 1.11 of the draft Explanatory Memorandum.

[6]See paragraph 355-20 of the draft Bill.

[7]See paragraph 355-155 of the draft Bill.

[8]See paragraph 355-265 of the draft Bill.

[9]See ALRC Issues Paper 34 Overview, Review of Secrecy Laws Inquiry Snapshot, 2 February 2009 (http://www.austlii.edu.au/au/other/alrc/publications/issues/34_Overview/).

[10]ALRC, For Your Information: Australian Privacy Law and Practice, ALRC 108 (2008) at Chapter 15.122 (http://www.austlii.edu.au/au/other/alrc/publications/reports/108/).

[11]See paragraph 1.25 of the draft Explanatory Memorandum.

[12]‘Organisations’ are defined in section 6C of the Privacy Act as an individual, a body corporate, a partnership, any other unincorporated association or trust, that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.’

[13]Section 56 of the APRA Act contains secrecy and confidentiality protections in relation to information disclosed or obtained under a prudential regulation framework law. In general terms, section 56(12) provides that a disclosure of personal information (defined in the Privacy Act) is taken to be ‘authorised by law’ for the purposes of IPP11.3(d), if the information is protected information contained in a protected document, and the disclosure is made in accordance with particular subsections in section 56.

[14]See paragraph 5.84 of the draft Explanatory Memorandum.

[15]See paragraph 5.80- 5.81 of the draft Explanatory Memorandum. IPP11.1(c) generally provides that an agency may disclose personal information where ‘the record keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person.’

[16]See paragraph 5.81 of the draft Explanatory Memorandum.

[17]ALRC, For Your Information: Australian Privacy Law and Practice, ALRC 108 (2008) at 25.84.

[18]See Office of the Privacy Commissioner’s Submission to the ALRC Review of Privacy – Discussion Paper 72, at Chapter 22, paragraph 32 and 34 (http://www.privacy.gov.au/publications/submissions/alrc_72/PartD.html).

[19]See item 1 in paragraph 355-75 of the draft Bill.

[20]See paragraph 355-175(3) of the draft Bill.

[21]See paragraph 355-80 and item 2 in paragraph 355-175 (3) of the draft Bill.

[22]See paragraph 355-80(4) of the draft Bill.

[23]See paragraph 4.5 of the draft Explanatory Memorandum.

[24]See paragraph 4.31 of the draft Explanatory Memorandum.

[25]See paragraphs 355-40 and 355-170 of the draft Bill and paragraph 4.30 of the draft Explanatory Memorandum.

[26]See paragraph 4.32 of the draft Explanatory Memorandum.

[27]See paragraph 1.16 of the draft Explanatory Memorandum.

[28]See paragraph 1.17 of the draft Explanatory Memorandum.

[29]See ‘Review of Taxation Secrecy and Disclosure Provisions’ at page 16 http://www.treasury.gov.au/contentitem.asp?ContentID=1121&NavID=