Documentation Verification Service — Australian Taxation Office: Audit report
Final audit report
Information Privacy Principles audit
Section 27(1)(h) Privacy Act 1988
Audit undertaken: July 2013
Draft report issued: May 2014
Final report issued: September 2014
Part 1 — Introduction
1.1 The Document Verification Service (DVS) is a national online system that allows authorised government agencies and some organisations to verify specified identity documents issued by a range of Australian, State and Territory government agencies.
1.2 The DVS operates 24 hours a day, seven days a week, and results are provided to users in real time.
1.3 The Attorney General’s Department (AGD) has overall responsibility for the development and oversight of the DVS.
1.4 Authorised government agencies and organisations that have client identification obligations under Australian legislation may register to use the DVS. These entities are known as a DVS ‘User’.
1.5 Proof of Identity (POI) (also known as evidence of identity) documents that can be checked by the DVS are produced by a number of different Commonwealth, State and Territory government agencies. These agencies are known as ‘Issuer’ agencies.
1.6 The POI documents that can be checked are often required by individuals when enrolling for a range of government benefits and services.
1.7 Through the DVS, a User is able to verify that:
- the POI document was issued by the relevant Issuer agency
- the details recorded on the POI document presented by the individual match the details held by the Issuer at the time the POI document was issued
- these details are still valid (ie the details have not expired, or been cancelled).
1.8 The DVS system uses an electronic gateway known as the ‘Hub’, which securely accepts User requests and provides Issuer responses, to POI verification requests. The Hub is operated and maintained by the Department of Human Services (Centrelink program).
1.9 The Office of the Australian Information Commissioner (OAIC) provides advice and considers privacy issues that arise from the implementation of the DVS. This includes conducting audits in relation to aspects of the DVS such as User and Issuer agencies interactions with the DVS, and the operation of the Hub.
1.10 The OAIC conducts these audits pursuant to section 27(1)(h) of the Privacy Act 1988 (Cth) (the Privacy Act), which states that one of the Commissioner’s functions is:
to conduct audits of records of personal information maintained by agencies for the purpose of ascertaining whether the records are maintained according to the Information Privacy Principles.
1.11 The OAIC has previously undertaken six audits of the DVS system. The Australian Taxation Office (ATO) was selected for the current audit as it is a relatively new User agency, having first begun to use the DVS as a component of its business processes in June 2012. The ATO also processes a relatively high volume of POI verification requests using the DVS.
Part 2 — Description of audit
2.1 The purpose of the audit is to assess whether the ATO is maintaining its records of personal information in accordance with the Information Privacy Principles (IPPs) contained in s 14 of the Privacy Act. Specifically, the audit considers use of the DVS for two discrete business processes - compromised Tax File Numbers (TFN) and updates of date of birth detail.
Scope and objectives
2.2 The scope of the audit covers the two business areas within the ATO that have made the most extensive use of the DVS at the time of the audit. Each of the following areas have incorporated the use of the DVS into their normal operating procedures since June 2012:
- Client Identity Support Centre (CISC) for compromised TFN process
- inbound ATO call centre for update of date of birth details.
2.3 The objectives of the audit are to assess, in relation to the ATO’s use of the DVS for the two identified business areas:
how well the ATO meets its IPP 2 obligations through providing notification to clients of the purpose, legal authority (if any) and usual disclosures of the personal information collected
how well the ATO meets its IPP 7 obligations through taking reasonable steps to ensure the personal information it holds is accurate, relevant, up to date, complete and not misleading by making appropriate corrections, deletions and additions
if a customer seeks an alteration to a record, and the ATO will not make these changes (such as when a non-verified DVS result occurs), whether a statement is attached to that record on the request of the customer outlining the alteration sought (IPP 7.3).
2.4 IPP 7.3 also refers to an agency’s obligations to make amendments to a record under an applicable Commonwealth law, such as the Freedom of Information Act 1982 (FOI Act). This aspect of the ATO’s IPP 7 obligation is out of scope for this audit.
2.5 Given that it relates to the notification process, the audit also considered how the ATO meets the terms and conditions of its use of the DVS, specifically around obtaining client consent prior to its use of the DVS and informing individuals of the purpose, uses and any legal authority for the collection.
Timing and location
2.6 The audit was conducted on 30 and 31 July 2013 at the ATO’s Moonee Ponds Office at 6 Gladstone Street, Moonee Ponds, Victoria and the ATO’s Client Identity Support Centre at 14-17 Mason Street, Dandenong, Victoria.
2.7 The audit included the following activities:
a document review of relevant policies, procedures and materials developed by the ATO to assist staff using the DVS in the two identified business processes
an on-site inspection and semi-structured interviews with relevant key DVS project managers, team leaders and ATO staff using the DVS to assess:
notifications provided to clients prior to checking POI documents presented (including any explicit consent sought from the client)
processing of date of birth updates and compromised TFNs using the DVS
a review of a sample of electronic records which used the DVS as part of the compromised TFN process
a review of a sample of inbound calls to the ATO’s Call Centre at Moonee Ponds (recorded between May and July 2013) where ATO staff had used the DVS as a part of its POI process prior to providing account services to clients.
2.8 The auditors are of the opinion that the ATO is generally maintaining its records of personal information in accordance with IPP 2 and IPP 7 within the scope of this audit.
2.9 The auditors identified some privacy risks to ATO’s personal information handling practices and make recommendations in relation to these.
2.10 A recommendation is a suggested course of action or a control measure that, if put in place by the agency, will (in the opinion of the OAIC) minimise the risks identified around how personal information is handled against the relevant criterion.
2.11 To the extent possible, the OAIC publishes final audit reports in full or in an abridged version on its website, www.oaic.gov.au. It is sometimes inappropriate to publish all or part of a report because of statutory secrecy provisions or for reasons of privacy, confidentiality, security or privilege. This report has been published in an abridged version, with the removal of some procedural descriptions of specific ATO processes for reasons of security.
Part 3 — Description of auditee
3.1 The ATO is the government’s principal revenue collection agency, responsible for administering the taxation and major aspects of the superannuation systems in Australia.
3.2 The DVS was implemented into ATO business processes from June 2012 as part of Tax Time 2012 with a view to replace current manual POI processes and strengthen the responsiveness and integrity of its document verification processes.
3.3 At the time of the audit, the ATO utilised the DVS across a range of its processes to verify the following eight specified document types issued by a range of Australian, State and Territory government agencies:
- Australian Birth Certificates
- Australian Change of Name Certificates
- Australian Marriage Certificates
- Australian Passports
- Australian Visas
- Australian Citizenship Certificates
- Australian Registration by Descent Certificates
- Australian Drivers Licences
3.4 Since the ATO introduced use of the DVS in June 2012, the number of business areas within the ATO using the system has increased. Initially, the ATO used the DVS to assist with compromised TFN processes and for detail updates for date of birth information. Since then, the ATO has expanded its use to confirming document details provided by clients over the phone and when it has sighted POI documents at shopfront locations.
3.5 From June 2012 to June 2013 the ATO made approximately 36,000 queries on the DVS system, with an average of approximately 3000 queries a month.
3.6 The DVS returns a ‘Y’ (match) response, ‘N’ (non-match) response, or one of two error responses as follows: ‘S’ (system availability error); or ‘D’ (data range error). Non-match or error responses are generally referred to as ‘not verified’ responses, while a match response is referred to as a ‘verified response’. On average, the ATO identified an average ‘not verified’ response rate of 59 per cent.
3.7 The ATO has conducted a post implementation review of the DVS and identified that the unsuccessful responses were caused primarily by:
- incorrectly keyed data (user input error)
- incomplete data being sent through the DVS
- inaccurate data provided by clients.
3.8 The ATO also identified that some staff made multiple queries through the DVS for the same client on the same document.
3.9 The DVS system is accessed by staff through the ATO’s Integrated Core Processing (ICP) interface. All staff with access to the ICP are also able to access the DVS system.
Compromised TFN process
3.10 An ATO client who believes that their TFN has been compromised (ie lost, stolen or misused) is directed by the ATO’s website to contact the CISC to obtain assistance to re-establish their TFN credential.
3.11 The CISC receives inbound calls from clients and makes outbound calls. It may use the DVS to verify a client’s POI documents provided as one part of the alternate POI (APOI) process for compromised TFN cases. The auditors reviewed the use of the DVS by the CISC as part of this process.
Updated Date of Birth process
3.12 An ATO client’s date of birth detail can only be updated by phone, by mail (via completing a ‘Change of details for individuals’ form) or in person at an ATO shopfront or Australia Post Office (as supporting documents to verify the change of detail are required).
3.13 The ATO website provides information on the type of supporting POI documents that may be used when updating date of birth information over the phone, including:
- Australian birth certificate (full certificate, not an extract)
- Australian citizenship certificate
- Australian passport
- Australian visa (using information from an overseas passport)
- Australian driver’s licence.
3.14 The auditors reviewed the use of the DVS by the ATO’s inbound call centres as part of this process.
Part 4 — Audit issues
4.1 The following findings and recommendations relate to the auditors consideration of the ATO’s use of the DVS as part of the compromised TFN and updating date of birth processes.
4.2 The auditors were advised that the majority of DVS queries undertaken by the ATO, for both compromised TFN and updating date of birth information, used information verified over the phone or stored electronically (eg scanned documents). Both processes reviewed by the auditors did not view the original POI documentation from clients.
IPP 2 issues — Notice of collection
4.3 IPP 2 sets out the notice requirements which apply when collecting personal information directly from an individual, for inclusion in a record or generally available publication. The collector must take reasonable steps to ensure that, before information is collected or, as soon as practicable after this occurs, the individual is made generally aware of:
- the purpose for which the information is being collected
- any legal authorisation or requirement to collect the information
- any entities to which this information is usually disclosed.
4.4 To become a user of the DVS, an agency is required to comply with specific terms and conditions of use. The ATO is specifically required to obtain clients’ consent to verifying the details of their POI documents and must inform clients:
- that the details are being collected to confirm the integrity of the identifying information
- the identifying information may be checked
- of any legal authority under which the details of the identifying information is being collected.
Observations — Compromised TFN process and IPP 2
4.5 The auditors reviewed forms and written procedures, interviewed staff, observed some aspects of the compromised TFN process and gathered information about complaints in order to evaluate whether the ATO is meeting its IPP 2 obligations in the compromised TFN process.
4.6 The forms Tax file number – application or enquiry for individuals and Tax file number – application or enquiry for secondary school students both have a privacy notice which outlines the purpose of collection, legal authority and specifically states the agencies to which this information is typically disclosed (including Centrelink and the Australian Federal Police).
4.7 The forms also state clearly that the ATO may check any POI information supplied by the client with the issuing agencies. Therefore, these privacy notices meet the requirements of IPP 2.
4.8 The auditors note the forms also provide consent for the use of the DVS in line with the ATO’s DVS agreement terms and conditions of use, by outlining to the client that the ATO may check POI documents provided and the legal authority for the collection of this information. Before the declaration which the client signs providing their consent, the instructions on both forms refer the client back to the privacy notice.
4.9 The procedures viewed by the auditors (CISC Inbound Phone Guidelines and Registrations – Compromised TFNs) provide details on how to use the DVS, in relation to APOI processes and for staff to be satisfied they are speaking to the correct person. These CISC procedures contain links to the overall DVS procedures on the intranet (Verify Identity document in the Integrated Core Processing (ICP) System) which is a ‘how-to’ guide on using the DVS.
4.10 The auditors reviewed records of four cases completed the previous day (29 July 2013) using the DVS. Two of these cases were generated from inbound calls and two cases were based on TFN applications received from ATO shopfronts or Australia Post.
4.11 Staff at CISC showed auditors the process used to conduct the APOI checks and provide notices and consents in the inbound call cases. It was not feasible for the auditors to observe real time processing of cases involving use of the DVS, due to the difficulty in being able to identify (from the high volume of incoming calls) which calls were likely to involve use of the DVS within the time available for the CISC inspection. As such, the auditors did not observe the IPP 2 notice being provided to clients (or consents being obtained) prior to ATO staff use of the DVS in real time.
4.12 The purpose for collecting ATO customer’s personal information in this process is to establish POI and that the client can be verified from the information reviewed. While the auditors considered there to be implied consent from clients to verify the POI documents provided, the auditors were unable to assess if clients were explicitly advised of the legal authority for collecting this information, or that the documents would be checked with the issuing agencies.
4.13 In two cases the auditors observed a standard TFN application form in use by a client, which met the requirements of IPP 2 and the client consent requirements of the DVS condition of use.
4.14 Interviews of ATO staff with team leaders outlined the compromised TFN process and the use of the DVS as part of this process. In relation to IPP 2 requirements and seeking client consent, team leaders advised there are no specific CISC procedures or call scripting in relation to the use of DVS. Rather, CISC staff would generally access and use scripts used by the inbound call centres that also use the DVS as part of POI process.
4.15 Auditors were advised that staff would typically advise clients they are validating data provided with the relevant agency, for example by using language such as ‘I am trying to validate those details with Vic Roads’.
4.16 The ATO advised auditors that CISC had not received privacy related complaints about the DVS generally, or the IPP 2 notice and client consent requirements specifically.
Observations — Updating date of birth process and IPP 2
4.17 The ATO can process updates to client details, including date of birth, over the phone, through the completion of relevant forms or in person at an ATO shopfront or Australia Post.
4.18 The auditors observed that the privacy notice on the Update date of birth form meets the requirements of IPP 2 and includes advice that supporting documents may be checked with issuing agencies.
4.19 The auditors specifically reviewed the use of the DVS by the inbound call centres in the updating of an individual’s date of birth detail, by reviewing eight recent pre-recorded inbound calls to the call centre.
4.20 The auditors were advised that clients may be unaware that the ATO holds incorrect personal information on them until they make contact with the ATO, go through the POI process and identify that (for example) the date of birth information held on ATO records is not correct.
4.21 As the collection of information for use in the DVS occurs verbally, the IPP 2 notice and DVS client consent requirements are also provided verbally.
4.22 The auditors were advised by team leaders, and also observed in the review of call recordings, that a caller is advised that they will be asked to respond to a number of POI questions for the purpose of verifying their identity. This is a reasonable step to make the client aware of the purpose of the collection of this information by the ATO under IPP 2.
4.23 After the caller consents to this process, the call proceeds. The auditors did not observe a date of birth update as part of the eight calls reviewed. However, the auditors did observe ATO staff using the DVS for POI purposes in four of the reviewed calls, primarily for clients contacting the ATO to obtain their TFN details.
4.24 The auditors were advised by team leaders that the use of the DVS was one of the options available to ATO staff to establish POI. As such, the view expressed by the ATO was that consent provided by the client to answer POI questions applies generally to the POI process, which may (in some instances) include documents to be verified through the DVS.
4.25 In terms of obtaining consent from customers about the use of the DVS, the call script for date of birth updates outlines that after establishing the customer has an acceptable POI document, ATO staff are to advise the caller that the document details will be verified with the agency that issued the documents. The auditors also observed a difference between the requirements of the scripting and the actual practice of ATO staff as observed in the review of call recordings.
4.26 The auditors were provided Frequently Asked Questions (FAQ) about the use of the DVS which had been circulated to senior staff. These FAQs outline that clients should be asked for their consent and made aware that the details they give from their identity documents will be checked with the issuing agencies.
4.27 However, in the reviewed call recordings, ATO staff generally outlined the documents that they could use to verify client POI details. Where the POI process involved use of the DVS, almost all staff members referred to the use of ‘the DVS’ (ie using the acronym) to check and verify the client’s POI. One staff member used the fuller phrase ‘Document Verification Service’. All clients were asked if this was acceptable and all provided their consent verbally.
4.28 The auditors noted that clients may not be aware of what the term ‘DVS’ means, where that term is used by ATO staff as part of the POI process. While DVS usage rates and the calls reviewed showed that ATO staff were generally aware of the availability of the DVS system, the auditors noted that both ATO staff and clients may not fully understand that ‘using the DVS’ means the information collected may be checked against the issuing agency’s records.
4.29 The Privacy Impact Assessment conducted by ATO prior to the implementation of the DVS recommended that the ATO develop a process for situations where clients do not provide consent. The observations by the auditors from the calls reviewed demonstrated that if a client’s details were not able to be verified, or the client had no DVS type document to verify, they were in all cases provided with an alternative mechanism to meet the POI requirements.
4.30 The auditors noted that information on updating date of birth details provided on the ATO’s website outlines the identity documents that can be verified over the phone and that verification of these details occurs with the agencies who issued the documents.
Privacy issues — IPP 2
4.31 When physical documents are provided for DVS verification, such as through TFN application forms, the notice requirements of IPP 2 and the conditions of use for the DVS in relation to client consent are being met.
4.32 When verifying information verbally using the DVS as part of the compromised TFN and update date of birth processes, it is not clear that all the IPP 2 requirements are being met, particularly in relation to providing clients with information about agencies to which the information is usually disclosed.
4.33 The auditors acknowledge that additional steps may be required to help ensure consistency with IPP 2 notice requirements in verbal interactions. The Plain English Guidelines to Information Privacy Principles 1-3 outline that if the IPP 2 notice is being provided orally then the words used to give the IPP 2 notice should be written down and included in staff instructions. Further that staff should take care to explain the notice clearly and ask the person if they have understood the notice, and if they would like any part of the notice repeated.
4.34 For both CISC and the inbound call centre, while there may be general consent from a client to respond to questions about POI at the beginning of the call, a client may be unaware that (if the DVS is used as part of the POI) the ATO will check the documents details with an issuing agency.
4.35 In the inbound call centres, call scripting for the update date of birth process tells staff to advise clients that details will be verified with issuing agencies. These inbound call centres also had FAQs detailing the need to obtain client consent and to advise clients their details are being provided to issuing agencies.
4.36 However, call scripts do not explicitly advise staff that they require specific consent from clients for their information to be checked or verified with issuing agencies. Further, it was not clear to the auditors that the call scripting text was commonly used by ATO staff in the inbound call centres. While some calls followed the general scripting, other calls varied in how clients were advised of the use of the DVS to check or verify information with issuing agencies.
4.37 This was also the case for the CISC area, where staff are not required to follow any set call scripting for the compromised TFN process.
4.38 The auditors noted that the evaluation conducted on the implementation of the DVS by the ATO identified quality control and implementation issues primarily by accessing user logs based on keystrokes use. It was also difficult for the ATO to identify samples of calls and cases using the DVS for the auditors to inspect.
Recommendations — IPP 2
Recommendation 1 — update call scripts, procedures and guidance materials
4.39 The auditors recommend that the ATO update relevant call scripts and other guidance material (eg FAQs) and improve the training provided to staff for both the compromised TFN process and date of birth update process to specify clearly:
- that clients must be informed that the identity document information they provide will be checked
- that the client’s informed consent to this purpose and use must be obtained by the ATO prior to the check being undertaken.
Recommendation 2 — improve quality assurance and monitoring processes
4.40 The auditors recommend that improved quality assurance, coaching or other formal or informal monitoring processes are implemented to ensure the ATO can identify whether staff are meeting their IPP 2 notification obligations and the DVS Terms and Conditions of use around obtaining informed client consent.
IPP 7 issues — Accuracy
4.41 IPP 7 requires an agency to make appropriate corrections, deletions and additions to ensure the records they hold are accurate, relevant, up to date, complete and not misleading.
4.42 Where an agency is not willing to amend a record the agency, at the request of an individual, shall take steps to attach a record to the statement of the correction, deletion or addition sought.
Observations — IPP 7
4.43 The auditors noted that the DVS is only one of the systems or tools utilised by ATO to ensure the accuracy and completeness of information provided for POI purposes.
4.44 The auditors reviewed the current practices and procedures the ATO has developed to ensure the accuracy and completeness of personal information when using the DVS. The auditors found that the DVS was well regarded as a system by ATO staff, which was reported and observed to be both easy to use and convenient for the ATO and client.
4.45 Based on the observations of the auditors, the average non-verified rate from using the DVS appeared to be a reflection of:
the different terminology and data requirements of the documents to be verified. For example, in call recordings from the inbound call centre, the auditors noted staff difficulties when attempting to verify Australian Visas via the DVS (through the use of expired overseas passports) or difficulties in establishing appropriate country codes to apply (eg ‘country of issue’ options did not appear to include an option for England, Scotland, Wales or Northern Ireland – with the use of ‘UK’ and ‘GBR’ both leading to non-verified responses).
call centre or CISC staff not being able to sight the document being verified and having to rely on clients providing the relevant document information required to input to the DVS both accurately and completely.
4.46 Auditors were advised by team leaders, and observed (at both the CISC and the inbound call centre) that the DVS was not used as the sole basis of evidence for POI or APOI alterations or amendments. Rather, verifying a document using the DVS only forms one part of the POI or APOI process.
4.47 Where the DVS returns a non-verified response for ATO staff, staff provided alternative mechanisms for clients to meet POI or APOI requirements such as referring the client to an ATO shopfront.
4.48 ATO staff and team leaders in the CISC and inbound call centre advised that when using the DVS, staff confirm details provided over the phone by clients by repeating the provided details back to the client prior to use of the DVS.
4.49 In one review of records completed the previous day (29 July 2013) using the DVS by the CISC, the auditors observed the information held by the ATO was found to be incorrect through the APOI process. The ATO staff member took appropriate steps to confirm the correct details, which were then verified through the DVS, and made appropriate notations on ATO system to reflect the changes made.
4.50 As previously stated above, the auditors were unable to observe the updating of date of birth details as part of this audit. However, the auditors did review a sample of call recordings on the interaction of ATO call centre staff with the DVS to establish POI, which demonstrated the steps taken by call centre staff when using the DVS and, relevant to IPP 7, that staff re-confirmed the details provided by clients including the spelling and format of POI document details.
4.51 The auditors noted, in one reviewed call, an ATO Officer requested the client’s drivers licence number only, rather than other licence detail. The staff member confirmed the client’s name, address and date of birth from ATO records. However, it appeared the ATO record detail was entered into the DVS, rather than the detail from the drivers licence POI document (and without confirming whether the client detail on the licence were the same as the detail held by the ATO). In this instance, the licence was not subsequently used as part of POI and another document was verified using the DVS for this purpose.
4.52 CISC staff reported that no complaints had been recorded where a customer had concerns about the ATO using the DVS. CISC staff also demonstrated a good awareness of the limitations of the DVS, in that it does not confirm the identity of the caller, but rather confirms the details of the POI documentation issued by an agency.
4.53 The auditors were also advised of the coaching, training and quality assurance frameworks in place at CISC and the inbound call centre. There was a general acknowledgement that the DVS is easy to use, and (while staff utilise on the job training and are largely self-taught) they are able to escalate or raise issues with their team leader in relation to any technical issues with the system through a business support network or with the CAS area.
4.54 The inbound call centre particularly has coaching and training processes in place that has a strong focus on POI. The call centre team leaders also provide updates, FAQs and reminders to staff on using the DVS. The auditors also reviewed a call recording where the call centre staff member placed the client on hold and sought internal advice from an ATO specialist. During this coaching, the specialist appropriately advised the call centre staff member of the availability of the DVS for APOI verification (the call centre operator was unaware of this) and identified a range of options for the call centre staff member to advise the client to enable them to correct an inaccuracy on the ATO records. This update did not occur over the telephone, however, as the client was instructed to attend an ATO shopfront to resolve the issue.
4.55 The auditors note that the inbound call centre’s quality assurance process involves staff replicating the verification process using the DVS. These checks are not recorded separately, and also appear to be recorded as ‘uses’ of the DVS, adding to the overall use statistics for the ATO use of DVS.
4.56 The auditors did not observe a situation where a client requested a statement be made on file as the ATO held inaccurate information, the staff member was unable to verify the inaccuracy and the record was not able to be updated.
DVS Procedures and IPP 7
4.57 The DVS procedures provide a general overview of the DVS system as well as separate DVS user guides for each document that may be verified using the DVS (including State and Territory variations of these documents).
4.58 The DVS procedures are produced and maintained by Client Account Services (CAS), which is responsible for the implementation of the DVS system across the ATO.
4.59 The step-by-step DVS user guides are available on the ATO’s intranet, and the auditors observed that users needed to navigate through approximately four screens to identify an individual procedure from the front page of the intranet.
4.60 The auditors noted that some staff demonstrated a lack of awareness that these DVS procedures were available on the intranet. There was, however, a strong staff awareness of local business unit level procedures and guidance documents.
4.61 CAS staff advised the auditors that the DVS procedures will be linked to individual pages on the relevant DVS screen on ICP as part of the September 2013 release of the DVS. For example, a link to the DVS user guide for an Australian driver’s licences would then be available in ICP on the search of Australian driver’s licences’ DVS screen.
4.62 Local business unit level procedures and guidance has been developed by CISC and the inbound call centres to provide guidance for staff on using the DVS in the context of their work. These local procedures, including call scripting for the inbound call centres, have links to the general DVS procedures, but did not at the time of the audit appear to link to the individual step-by-step DVS guides for each type of POI document.
Privacy issues — IPP 7
4.63 The auditors were provided with FAQ sheets covering the use of the DVS which had been circulated to senior staff. These FAQs outlined that clients should be asked for their consent and made aware that the details they give from their identity documents will be checked with the Issuing agencies.
4.64 The auditors observed many of the same issues around the accuracy of information used in the DVS that were identified in the ATO’s own DVS post implementation report. However, the auditors also observed that multiple queries made on the same POI document were often due to ATO staff misunderstanding what details were required for specific DVS fields, rather than attempting to achieve a verified result by trying different variations or ‘best guesses’.
4.65 Better clarity or guidance for ATO staff on what specific DVS fields (including the format of the DVS data field required) may be addressed through training or providing at hand guidance on particular data fields (such as Australian Visas held in overseas passports) to raise awareness of how the DVS system operates. Continued monitoring and review of the use of the DVS by ATO staff (including ongoing review of errors or non-verified DVS results by the ATO) should also assist the ATO to improve the positive verification responses using these POI documents.
4.66 While the auditors noted a good level of general awareness of ATO staff around the availability of the DVS for POI verification, this was not complete.
Part 5 — Summary of recommendations
Recommendation 1 — update call scripts, procedures and guidance materials
5.1 The auditors recommend that the ATO update relevant call scripts and other guidance material (eg FAQs) and improve the training provided to staff for both the compromised TFN process and date of birth update process to specify clearly:
that clients must be informed that the identity document information they provide will be checked
that the client’s informed consent to this purpose and use must be obtained by the ATO prior to the check being undertaken.
The MOU between the Attorney General Department and the ATO, for participation in the DVS, requires the ATO to obtain client consent to verify the Identifying Information.
The ATO has developed strategies to improve compliance of the consent requirement. Strategies implemented include:
undertaking an extensive communication program to ensure the DVS is used effectively and accurately by ATO users
updating call centre scripting procedures and guidance materials to ensure clients are informed and provide consent for their identity document information to be checked with the issuing agency
ongoing Quality Assurance process to monitor DVS usage, verified results and the obtaining of client consent.
Recommendation 2 — improve quality assurance and monitoring processes
5.2 The auditors recommend that improved quality assurance, coaching or other formal or informal monitoring processes are implemented to ensure the ATO can identify whether staff are meeting their IPP 2 notification obligations and the DVS Terms and Conditions of use around obtaining informed client consent.
Since the completion of the audit, the ATO use of DVS and requirement to obtain client consent has been incorporated into call centre quality assurance, and feedback is provided to the staff member at regular coaching sessions. This has been achieved through:
- incorporating DVS as a specific check point in the Quality Coaching framework criteria
- incorporating DVS comments from quality evaluations into monthly staff coaching sessions
- monthly meetings with DVS stakeholders to identify trends and issues to ensure staff are obtaining informed consent
- ensuring call centre communications identify key areas of improvement in the use of DVS
- quality assessors have meetings focusing on the use of DVS.
Appendix A — Information obtained during the audit
The following information was provided by the ATO during the course of the audit:
- copies of DVS procedures, user guides and fact sheets
- copy of relevant call centre scripts
- copies of TFN application forms
- a copy of the ATO Privacy Impact Assessment on ATO Participation in the DVS (June 2011)
- a copy of the DVS Post Implementation Report (December 2012)
- statistics on usage of DVS from June 2012 to June 2013
- training material provided to staff on use of the DVS
- information on the roll out of the DVS including communication to senior ATO staff
- CISC procedures on inbound phone calls, compromised TFNs and process maps
- updated call scripts for the updating date of birth process.