Under the Privacy Act 1988, the Australian Information Commissioner has a number of monitoring, advice and assessment related functions regarding the handling of tax file numbers (TFNs).
Tax file numbers are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, corporations and others who lodge income tax returns with the ATO.
While individuals can't be required to provide their TFN, there may be consequences if they don’t. For example, if individuals don't quote their TFN to employers and financial institutions then they may have tax deducted from their income or interest payments at the highest marginal rate.
Quotation of TFNs is also a condition of receipt of most Australian Government assistance payments.
The Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under s 17 of the Privacy Act regulates the collection, storage, use, disclosure, security and disposal of individuals' TFN information. The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal entities such as corporations, partnerships, superannuation funds and trusts.
The TFN Rule is legally binding. A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Office of the Australian Information Commissioner (OAIC).
TFN guidance material
The OAIC has published guidance about TFN rights and obligations for individuals and for an organisation or agency who receives TFNs. This should be read in conjunction with the TFN Rule and the advisory 'Classes of lawful tax file number recipients' document that the ATO and the Australian Prudential Regulation Authority (APRA) have released. This document is not part of the TFN Rule and is not legally binding. It is a joint ATO and APRA document and constitutes part of the obligations the ATO and APRA have under the TFN Rule to publish information on the classes of persons or bodies who are authorised by law to request an individual quote their TFN.
The obligations relating to the handling of TFNs under the TFN Rule are in addition to responsibilities under other laws, including:
- the Australian Privacy Principles
- the Taxation Administration Act 1953, including offences for the unauthorised use, disclosure, collection, or requests for TFNs
- Part VA of the Income Tax Assessment Act 1936, which contains provisions related to the handling of TFNs
- Part 25A of the Superannuation Industry (Supervision) Act 1993 and Part 11 of the Retirement Savings Accounts Act 1997, which provide for the collection of TFNs by the trustees of superannuation funds and retirement savings account providers
- the Data-matching Program (Assistance and Tax) Act 1990 which provides for, and regulates, the matching of records between the ATO and assistance agencies (that is, DHS, DSS, DET and DVA) that use the TFN in a data-matching process.
TFN related functions
Under s 28A the Australian Information Commissioner has the following monitoring functions in relation to TFNs:
- examining the records of the Commissioner of Taxation to ensure that the Commissioner
- is not using TFN information for purposes beyond his or her powers (s 28A(1)(c)(i))
- is taking adequate measures to prevent the unlawful disclosure of the TFN information that he or she holds (s 28A(1)(c)(ii))
- evaluating compliance with the TFN Rule (s 28A(1)(d))
- monitoring the security and accuracy of TFN information kept by TFN recipients (s 28A(1)(e)).
Under s 28B(1)(d) the Australian Information Commissioner may provide advice to TFN recipients about:
- their obligations under the Taxation Administration Act 1953 in relation to the confidentiality of TFN information; or
- any matter relevant to the operation of the Privacy Act.
Under s 33C(1)(c) the Australian Information Commissioner may conduct an assessment as to whether TFN information held by a TFN recipient is being maintained and handled in accordance with the TFN Rule.