Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Review into the Governance, Efficiency, Structure and Operation of Australia’s Superannuation System: Submission to the Review Panel on the Phase Two: Operation and Efficiency - Issues Paper (December 2009)

Submission on Review into the Governance, Efficiency, Structure and Operation of Australia’s Superannuation System to the Review Panel on the Phase Two: Operation and Efficiency – Issues Paper December 2009

pdfReview into the Governance, Efficiency, Structure and Operation of Australia's Superannuation System: Submission to the Review Panel on the Phase Two: Operation and Efficiency - Issues Paper (December 2009)

Key Recommendations

The Office of the Privacy Commissioner has a number of suggestions and comments focusing on the protection of individuals’ personal information in relation to the Superannuation System Review Phase Two Issues Paper:

  1. If the Review Panel favours the increased use of tax file numbers (‘TFNs’) to improve the superannuation system’s efficiency, any additional data-matching within and between superannuation funds involving the TFN should:
    • be limited to specific purposes outlined in legislation
    • retain strict privacy safeguards to protect individual members’ personal information (including the option not to participate) and
    • clearly delineate what new TFN-handling activities are authorised, to ensure compliance with relevant laws.
  2. Any proposed increase in the handling of TFNs should be relevant and necessary to a specified purpose, ensuring there is an adequate relationship with the existing role of TFNs in superannuation law.
  3. Superannuation funds will need to ensure that any proposed TFN matching is authorised by law.
  4. The Office recommends addressing the privacy issues associated with any new proposal for TFN matching by:
    • raising awareness amongst members regarding any changes to the way superannuation funds handle their TFN, including adequate notice to members before their TFN is used for matching
    • considering the practicality and benefit of giving individuals a choice to opt out of their TFN being used for such matching, and
    • undertaking a Privacy Impact Assessment.
  5. Should other proposals be recommended by the Review Panel, Privacy Impact Assessments would also assist regarding those proposals.
  6. If a personal superannuation identification number were pursued, appropriate privacy protections and usage limitations around such a unique identifier would be important. However, the infrastructure required should be weighed alongside the existing regulation and protection offered by the TFN regime.
  7. Similarly, if a central, Government-sponsored exchange facility for superannuation payments were established, the Office would encourage further analysis of necessary information privacy and security safeguards.

Office of the Privacy Commissioner

1. The Office of the Privacy Commissioner (‘the Office’) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth) (‘Privacy Act’), has responsibilities for the protection of individuals’ personal information handled by Australian and ACT Government agencies, large private sector organisations, all private health service providers and some small businesses.


2. The Office welcomes the opportunity to make a submission to the Government’s review into Australia’s superannuation system (‘the Review’). This submission comments on the Review’s Phase Two: Operation and Efficiency – Issues Paper (‘the Issues Paper’). [1] The Office would support an outcome from the Review that is in the best financial interests of members (individuals), by addressing inefficiencies in the superannuation system, [2] while ensuring that personal information is adequately protected.

Coverage of the Privacy Act

3. The Privacy Act largely protects the ‘personal information’ of individuals through binding privacy principles. [3] The 11 Information Privacy Principles [4] (‘IPPs’) regulate personal information handling by Australian Government and ACT agencies (including Government superannuation entities like ComSuper [5] ).

4. The 10 National Privacy Principles (‘NPPs’) regulate private sector organisations with an annual turnover greater than $3 million (including relevant ‘super funds’), all private health service providers, and some small businesses. [6] Many small business employers (other than health service providers) would not be subject to the NPPs, but would need to comply with specific TFN regulation discussed below.

Tax File Numbers (TFNs)

5. The TFN is a unique number (an identifier) issued by the Australian Taxation Office (‘ATO’) to identify individuals, companies and others who lodge income tax returns with the ATO. The TFN was designed to improve the service and administrative efficiency of the tax system, including through data-matching, subject to legislative protections that prevent the widespread adoption of the TFN for different purposes.

6. The Privacy Commissioner’s TFN Guidelines (see paragraph 9) regulate the handling of individuals’ TFNs. The Taxation Administration Act 1953 (Cth) (‘TAA 1953’) also prohibits unauthorised requests, recording, use or disclosure of TFNs. [7]

7. In addition, the Data-matching Program (Assistance and Tax) Act 1990 (Cth) (‘Data-matching Act’) and Statutory Data-matching Guidelines regulate the matching of records between the ATO, Centrelink and the Department of Veterans Affairs (‘DVA’) using the TFN. [8]

8. It is not an offence to decline to provide a TFN. [9] However, there are financial consequences for individuals who do not quote their TFN to employers, financial institutions and certain agencies, including in relation to taxation and receipt of Commonwealth assistance payments.

Privacy Commissioner’s TFN Guidelines

9. The TFN Guidelines regulate the collection, storage, use, disclosure, security and disposal of TFNs. [10] The Guidelines are legally binding and are issued by the Privacy Commissioner under section 17 of the Privacy Act. As with the IPPs and NPPs under the Act, a breach of the Guidelines is an ‘interference with privacy’ of an individual, who may complain to the Privacy Commissioner to seek redress.

10. The key purposes of the TFN Guidelines are to permit the use and disclosure of individuals’ TFNs in circumstances limited by specific legislative authority; and to prevent TFNs from being used for unintended purposes, including as a national identification system. Specific legislative authority for the use and disclosure of TFNs is limited to taxation, assistance agency or superannuation law. [11]

Law Reform

11. In 2008, the Australian Law Reform Commission (‘ALRC’) recommended in its Report 108, For Your Information: Australian Privacy Law and Practice (‘ALRC Report’) that the Office should review the TFN Guidelines in consultation with the ATO and other stakeholders. [12] The Australian Government has accepted the ALRC’s recommendation, noting that such a review is a matter for the Privacy Commissioner. [13] It is the Office’s intention to review and update the Guidelines in the near future so they are easier to read, understand and interpret.

TFNs and Superannuation

12. Since its inception, the use of the TFN has been expanded for taxation and certain other purposes. Superannuation entities, employers, assistance agencies and others can handle TFNs for limited purposes under relevant laws. [14]

13. In 1996, TFN Guideline 3A was introduced to place certain obligations on the Insurance and Superannuation Commissioner. This recognised the greater role for TFNs in the administration of superannuation following legislative changes in that area. Those changes signified Parliament’s intent that limited use of the TFN for such purposes was considered appropriate. [15] Functions of the Insurance and Superannuation Commissioner (‘ISC’) relating to TFNs were transferred to the Australian Prudential Regulation Authority (‘APRA’). [16]

TFN matching by Superannuation Funds

14. The Issues Paper asks whether in future, TFNs should be used by fund administrators to match against member accounts (within and between super funds) to accurately identify members accounts. [17] The paper suggests this would allow funds to more efficiently handle inactive superannuation accounts; automatically consolidate multiple accounts; [18] and reduce incidents of lost accounts by re-uniting ‘lost members’ of super funds.

15. The Office understands that under the current superannuation system, there is no automatic consolidation of superannuation accounts spread over various funds. Under the Superannuation Industry (Supervision) Regulations individuals need to do this manually by submitting a form.

16. The Office is also aware of existing tools to assist members to trace and consolidate superannuation accounts, such as the ATO’s SuperSeeker website. [19] The utility of these and other ATO tools could be considered in assessing the need for a more automated system involving TFNs as raised in the Issues Paper. [20] Such tools may complement any proposal for TFN matching and account consolidation.

17. The Issues Paper explains that TFN matching could remove the need for manual consolidation and offer a convenience to members not currently available. [21]

18. If the Review concludes that superannuation bodies should be able to match TFNs for specific additional purposes to promote efficiency in the superannuation system, this should be done in a way that minimises the risk of such information being linked or matched excessively or without justification, or otherwise used in ways that individuals would not reasonably expect.

19. The Office makes a distinction between the exercise of a considered, deliberate and appropriate decision to adjust the manner for which something is used, and the unplanned, incremental expansion in the purpose of a system for unrelated purposes without direction or oversight (often known as ‘function creep’). [22]

20. The handling of TFNs in the superannuation context is already allowed under the TFN Guidelines. TFN data-matching by super funds for the purposes discussed above would amount to an extension of the TFN’s current use, rather than a completely new application.

21. The Office would not be opposed to promoting efficiency in the superannuation system through limited and clearly articulated use of the TFN for the types of activities described. Such a proposal should be measured; accompanied by strict privacy safeguards to protect personal information and choice; and be based on the likelihood of strong individual benefits. This approach would also appear to reflect the Government’s intention regarding the use and protection of unique identifiers generally. [23]

22. For the Issues Paper’s concept to be implemented, compliance with superannuation and privacy laws, and general privacy issues associated with TFN data-matching, would need to be considered and addressed.

Compliance with superannuation and privacy laws

23. The Office understands that generally, TFN data-matching by super funds would only be permissible under the TFN Guidelines where such activities are authorised under ‘superannuation law’. [24] If the Government were to consider such a proposal it would need to determine whether current superannuation law provides the necessary authorisation or if amendments to existing law are required.

24. Legislative amendments which clearly authorise specific matching activities would provide appropriate certainty for super funds and regulators. The Office’s voluntary data-matching guidelines for agencies could also be useful as a guide to encourage good privacy practice in relation to those authorised matching activities. [25]

A privacy friendly approach – notice, choice and understanding

25. To ensure that the benefit gained from automatic consolidation is not at the expense of privacy, super funds should continue to inform their members of their privacy rights and how their personal information, including the TFN, will be handled and for what purposes.

26. Adequate notice should be provided to new and existing members before their TFN is used for additional data-matching. For example, members should be informed of the legal basis for the matching; that declining to participate is not an offence; and the consequences (financial or otherwise) for not participating in TFN matching. [26] This could leverage off existing and proposed communication with members – letters, other publications (such as product disclosure statements and annual reports) and online content, setting out how TFNs would be handled in future. This would align with the intent of the TFN Guidelines to notify individuals and publicise the handling of TFNs for superannuation purposes generally. [27]

27. As the precise mechanics of additional TFN matching are not explored in the Issues Paper, it could be further considered whether it would be practicable for individuals to be given the choice to ‘opt out’ of the account matching process even if they provide their TFN for other purposes. An ability to opt out may also reflect the intent of the TFN Guidelines that individuals’ rights under taxation, assistance agency and superannuation law ‘to choose not to quote a tax file number shall be respected’. [28] If the ability to opt out is considered viable and of benefit, any available alternatives to automatic TFN matching should also be made known, such as existing tools for manually consolidating accounts.

28. To address this range of issues, the Office would suggest a Privacy Impact Assessment (‘PIA’) be undertaken . [29]

Personal Superannuation Identification Number

29. The Issues Paper asks whether each member should be provided with a personal superannuation identification number that must be given to the trustee of each superannuation fund in which the person participates during their working life. [30]

30. While the Office notes that in some cases multiple identifiers can act as a preventative barrier to function creep and inappropriate data-linkage that may exceed community expectations, [31] a new, unique, superannuation identifier would still require a specific regulatory regime with strict controls for its use. In addition, proposals to introduce new unique identifiers can raise new privacy risks. For example, they may create the infrastructure for the linkage of disparate personal information in unexpected ways, or have unforeseen consequences. [32]

31. On the other hand, the existing use of the TFN in the superannuation context is recognised; the TFN regime (including the TFN Guidelines) is well established, and in the Office’s view appears to adequately regulate the use of TFNs by superannuation entities. While the Office does not have a strong preference, this could potentially mitigate the need to develop a new and separate identifier specifically for superannuation.

32. In its Report 108, the ALRC recommended that before Government agencies decide to introduce any unique multi-purpose identifier, the Government should, in consultation with the Privacy Commissioner, consider the need for a PIA. [33] The Australian Government gave in?principle support to this recommendation in its first stage response to the ALRC Report. [34] If the introduction of a new superannuation identifier were contemplated further, the Office would support such a process.

Superannuation Exchange Facility

33. The Issues Paper asks whether there would be an advantage in requiring superannuation contributions being channelled through a central government sponsored exchange facility which could require all payments to be attached to the member’s TFN to ensure proper member identification. [35]

34. Such a facility would presumably require access to an existing repository of TFNs and related data, or the establishment of a new TFN database or register, in order to match and identify members. In any such framework, it would be important to prevent the proliferation of TFN usage by:

  • limiting the number of agencies, organisations or individuals who could potentially have access to this repository
  • prescribing authorised uses for clearly articulated purposes, and
  • storing TFNs securely and separately from other information to prevent loss or misuse. [36]

35. The Office notes the Australian Government recently announced that it would establish a free superannuation clearing house service for small business through Medicare Australia from July 2010. [37] The service will enable small businesses to pay their superannuation contributions electronically to a single location.

36. The Office understands that the development of the service is still in the preliminary stage, and the role which the TFN will play is still being considered. However, the proposed clearing house service could be taken into account in any development of a superannuation exchange facility.

37. The Office acknowledges that further discussion will be required on how such a facility would operate. If such a proposal were adopted, it would be important to ensure that the facility had appropriate safeguards to protect the privacy of TFNs and other personal information which it might handle.

[2] Review into Australia’s Superannuation System: Phase Two: Operation and Efficiency – Issues Paper, 16 October 2009, p. 3

[3] Personal information is defined in section 6 of the Privacy Act, and in brief refers to information or an opinion from which an individual is identifiable.

[4] The IPPs are available at .

[5] ComSuper is a government agency which administers Australian Government superannuation schemes including PSSap, PSS, CSS, MilitarySuper, and DFRDB. PSSap administration is expected to be outsourced by 30 June 2011 (see )

[6] The NPPs are available at .

[7] TFN regulation is also partly contained in the Income Tax Assessment Act 1936 (Cth) .

[8] More information on the Statutory Data-matching Guidelines is available at . The Privacy Commissioner has also issued Voluntary Data-matching Guidelines for agencies undertaking other types of data-matching ( The Use of Data Matching in Commonwealth Administration – Guidelines (1998), see link above).

[9] See, eg, TAA 1953, s 8WA(4) and Privacy Commissioner’s binding TFN Guidelines, Guideline 1.2.

[10] Office of the Federal Privacy Commissioner (now the Office of the Privacy Commissioner), Tax File Number Guidelines (1992), available at .

[11] Note 10, Guideline 2.3; “Superannuation law” for the purposes of the TFN Guidelines means an Act for which the Insurance and Superannuation Commissioner has the general administration; including the Superannuation Industry (Supervision) Act 1993 (it is understood responsibility for TFNs and superannuation now lies with the Australian Prudential Regulation Authority (‘APRA’)).

[12] ALRC Report 108, May 2008, Recommendation 30-7, Para 30.144; Report available at . In submissions to that review, the Office suggested consideration should be given to such a review (Submission to ALRC Issues Paper 31 (2007), re Question 12-1; Submission to Discussion Paper 72 (2007), re Proposal 27-6 – see ).

[13] The Government’s first stage response to ALRC Report 108 was released in October 2009, available at .

[14] The Commissioner of Taxation and the Insurance and former Superannuation Commissioner (‘ISC’) compiled a list of classes of lawful TFN recipients which is associated with the TFN Guidelines, but it is not registered on Federal Register of Legislative Instruments. The list was issued in accordance with TFN Guidelines 3 and 3A, which require the Commissioner of Taxation and the ISC to release publicly available information about matters including the classes of persons authorised to request TFNs.

[15] This is cited in the Commissioner’s Note to Guideline 3A. The Commissioner’s Notes are annotated to the binding Guidelines. They do not form part of the law but provide interpretive assistance.

[16] See, eg, Financial Sector Reform (Amendments and Transitional Provisions) Act 1998 – Schedule – Amendment of the Superannuation Industry (Supervision) Act 1993 .

[17] Issues Paper, p. 12, para 6.4.4; p. 17 para 7.4.4

[18] Note 17

[19] SuperSeeker is a tool that allows members to look for lost superannuation and provides possible matches of members with their funds. SuperSeeker is available at: .

[20] Note 17

[21] Note 17

[22] Consultation on the Australian Government Health and Social Services Access Card - Discussion Paper Number 1; Office Submission to the Department of Human Services: Access Card Consumer and Privacy Taskforce (August 2006); available at -

[23] See, eg, Government’s first stage response to the ALRC Report, Government response to Recommendation 30-2: “...there are circumstances where the use and disclosure of a government identifier by an organisation will allow them to provide a strong benefit to an individual...that there should be a mechanism which provides the flexibility to allow prescribed identifiers to be adopted, used or disclosed by organisations in prescribed circumstances.”

[24] As defined in the TFN Guidelines, Guideline 9 (see above, n 11).

[25] Those guidelines do not apply to data-matching conducted by organisations (cf agencies).

[26] See TFN Guidelines, Guideline 5 (collection of TFN Information) regarding this approach.

[27] See TFN Guideline 5 and 3A. It is understood the APRA has taken over TFN related functions of the former the Insurance and Superannuation Commissioner under superannuation law.

[28] TFN Guidelines, Guideline 1.2

[29] The Office’s PIA Guide is available at

[30] Issues Paper, page 12, para 6.4.4

[31] See, eg, the Office’s Submission to ALRC Issues Paper 31, Chapter 12, para 20.

[32] See, eg, the Office’s Submission to ALRC Discussion Paper 72, re Proposal 27-5.

[33] ALRC Report 108, Recommendation 30-6.

[34] Australian Government, first stage response to ALRC Report 108, response to Recomm. 30-6.

[35] Issues Paper, page 15, para 7.2.2

[36] TFN Guidelines, Guideline 6; Also note IPP4 which relates to storage and security and NPPs 3 and 4 which relate to information quality and security. Whether the IPPs or NPPs apply will depend upon whether the facility is administered by the public or private sectors.