Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Credit and debit card data matching program exemption

Our reference: DMA15/00009

[redacted]
Data Matching Gatekeeper, Data Management, Smarter Data
Australian Taxation Office

By email: [redacted]

Dear [redacted]

Request for exemption from Guidelines on Data Matching in Australian Government Administration

I refer to your correspondence of 19 August 2015 regarding the Australian Taxation Office’s (ATO) Credit and Debit Card Data Matching Program (the data matching program).

The purpose of the data matching program is to assist DHS in reducing inappropriate access to welfare payments by identifying welfare customers who may have undeclared wealth. The data matching program will use data provided by a number of financial institutions (the source entities) as set out in the data matching program protocol.

I note that the ATO is seeking an exemption to the data destruction requirements under Guideline 7 of the Guidelines on Data Matching in Australian Government Administration 2014 (the Guidelines). Specifically, the ATO is seeking an exemption from the requirement to destroy the collected data matching information within 90 days of the completion of the data matching exercise.

Consideration of issues

Under Guideline 10, an agency seeking an exemption must explain the public interest grounds that justify any inconsistency with the requirements of the Guidelines. The ATO has identified a number of benefits that support the conduct of the program, including:

  • maintaining community confidence in the taxation system
  • assisting the ATO in promoting voluntary compliance
  • allowing the ATO to carry out its enforcement activities and educational activities
  • ensuring compliance with taxpayers’ obligations
  • allowing the ATO to gain a greater understanding of businesses operating in the cash and hidden economies

I consider that the ATO has provided appropriate reasons justifying a variation to the data destruction requirements in the context of this DMP. Specifically, compliance with the data destruction timeframes in the case of this DMP would:

  • inhibit the ATO’s ability to detect fraud and avoidance of tax obligations
  • limit the ATO’s ability to educate taxpayers and deter non-compliant behaviour
  • result in a loss of public revenue
  • undermine public support of, and confidence in, the integrity of the tax system.

Exemption approval

I have considered the information before me and agree that compliance with the data destruction requirements contained in Guideline 7 would reduce the effectiveness of this data matching program.

I approve the ATO’s request to retain information collected during the data matching program for a period longer than 90 days. I have agreed to this exemption on the understanding that the information will not be retained for a period longer than five years from the date of receipt of all data files from the source entity, unless a further exemption is approved.

This exemption is only applicable to the Credit and Debit Card Data Matching Program.

Publication on the OAIC website

Under Guideline 10.6, it is my normal practice to make exemption requests publicly available. I note that in its exemption request the ATO has stated that it does not require the exemption request to be kept confidential and, as such, it will be published on the OAIC website.

Should you have any questions, please contact [redacted].

Yours sincerely

Timothy Pilgrim
Acting Australian Information Commissioner
11 September 2015