PC01: Manner and Extent of Collection of Personal Information

1. Introduction

As part of the process to become fully Gatekeeper accredited, the Australian Taxation Office (ATO) Public Key Infrastructure (PKI) was required to provide a suite of supporting policy documents. These documents include a privacy policy which is detailed in nine policy documents PC01-PC09.

This document sets out the ATO PKI's policy on the manner and extent of collection of personal information. The Information Privacy Principles (IPPs) relevant to this policy are IPPs 1-3. These require:

1. Information to be collected for a lawful purpose that is directly related to the function of the collector and the information has to be necessary for that purpose.
2. The collector should make the individual aware of:
• the purpose the information is required
• the fact that the collection is authorised or required by law, and
• any body or agency to whom the information is normally disclosed.
3. The information should be relevant to the purpose, up to date and complete.

The introduction of self assessment for income tax and other purposes has meant that much of the personal information collected by the ATO is sourced from the taxpayer providing personal information to the ATO directly.

According to the Privacy Act 1988, personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about a natural person whose identity is apparent, or can reasonably be ascertained, from the information or opinion.