PC03: Openness About the Types of Information Held and Handling Policies

Introduction

As part of the accreditation process to become fully gatekeeper accredited, the ATO Public Key Infrastructure (PKI) was required to provide a suite of supporting policy documents. These documents include a privacy policy which is detailed in nine policy documents PC01-PC09.

This document sets out the Tax Office's PKI policy in regard to openness for types of personal information it holds and information handling policies for issuing keys and certificates. The information privacy principle (IPP) relevant to this policy is IPP5 which requires the Tax Office to take such steps as are, in the circumstances, reasonable to enable any person to ascertain:

• the nature of the information
• the main purpose for which the information is used, and
• the steps that they should take if they wish to get access to the record.

IPP5 also obliges the Tax Office to maintain a record setting out:

• the nature of the records of personal information kept by, or on behalf of, the Tax Office
• the purpose for which each type of record is kept
• the classes of individuals about whom records are kept
• the period for which each type of record is kept
• the people who are entitled to have access to personal information in the records and the conditions under which they are entitled to have that access, and
• the steps that people should take if they wish to get access to that information.

This information is publicly available and is submitted to the Privacy Commissioner in June each year and the Privacy Commissioner is required to publish it.