Our reference: DMA16/00011
Data Science and Special Purpose Acquisition
Australian Taxation Office
By email: [redacted]
Credit and debit card 2015–16 to 2016–17 financial years data matching program protocol
I refer to your correspondence of 13 October 2016 regarding the Australian Taxation Office’s (ATO) Credit and debit card 2015-16 to 2016-17 financial years data matching program protocol (the protocol).
This program proposes to match data on credit and debit card payments received by businesses through their merchant accounts against the ATO’s taxpayer records to identify individuals and businesses who may not be meeting their registration, reporting, lodgement and/or payment obligations.
The ATO is seeking an exemption to the data destruction timeframes contained in Guideline 7 of the Guidelines on Data Matching in Australian Government Administration 2014 (the guidelines). Specifically, the ATO is seeking to retain data for five years from receipt of all the data files from the source entity
The ATO considers that an exemption from the usual data destruction timeframes is necessary because compliance with the data destruction timeframes would inhibit its ability to identify taxpayers who may be subject to administrative action and therefore result in loss of public revenue.
Consideration of issues under Guideline 10
Under Guideline 10, the ATO must explain the public interest grounds that justify any inconsistency with the requirements of the guidelines. I note that the ATO has addressed the matters contained in Guideline 10. The ATO has identified a number of benefits, which support the conduct of this program, including:
- the protection of public revenue through identification of non-compliance and recovery of tax revenue
- improving voluntary compliance through educating taxpayers and deterring non-compliant taxpayers
- maintaining community confidence in both the taxation and superannuation systems.
I have considered the information provided by the ATO and agree that compliance with the data destruction requirements contained in Guideline 7 would significantly reduce the effectiveness of the ATO’s data matching program.
I approve the ATO’s request to retain information collected during the data matching program for a period longer than 90 days. I have agreed to this exemption on the understanding that the information will not be retained beyond five years, unless a further exemption is approved.
This exemption is only applicable to the data collected for the Credit and debit card 2015-16 to 2016-17 financial years data matching program protocol.
Publication on the OAIC website
Under Guideline 10.6, it is my normal practice to make exemption requests publicly available. The ATO has advised it does not request that this advice be kept confidential and, as such, I will consider making it publicly available on the OAIC website.
Australian Information Commissioner
Australian Privacy Commissioner
8 November 2016