Your situation
Business
Tax Agent
Individual
BAS Service Provider

Online services
e-tax
Business Portal
BAS Service Provider Portal
Tax Agent Portal
Electronic Commerce Interface (ECI)
Minimum computer requirements
Online services promotional CD
Extra time to lodge and pay BAS

Online security
Digital certificates
Put your digital certificate on a USB stick
Terms, conditions & policies

Help
Frequently asked questions
Contact us

PC07: Limits Placed on the Use of Personal Information

Introduction

As part of the accreditation process to become fully Gatekeeper accredited, the Australian Taxation Office (ATO) Public Key Infrastructure (PKI) was required to provide a suite of supporting policy documents. These documents include a privacy policy which is detailed in nine policy documents PC01-PC09.

This document sets out the ATO PKI’s policy in regard to limits placed on the use of personal information to ensure that personal information it holds in relation to issuing Keys and Certificates is used only for relevant purposes. Section 14 of the Privacy Act 1988 contains 11 Information Privacy Principles (IPPs) which outline the standards used by Commonwealth and Australian Capital Territory Government Agencies to collect, store, access, use and disclose personal information. The IPP relevant to this policy is IPP 10.

According to the Privacy Act 1988, personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about a natural person whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

In complying with Information Privacy Principle 10, the ATO PKI will limit its use of personal information for the purpose for which it was collected unless:

the individual consents to its use for another purpose.
the Tax Office believes, on reasonable grounds, that the use of the information for that other purpose is necessary to prevent, or lessen, a serious and imminent threat to the life or health of another person
the use of the information for the other purpose is required or authorised by or under law
the use of the information for that other purpose is reasonably necessary for the enforcement of the criminal law, or of a law imposing a pecuniary penalty, or for the protection of the public revenue, or
the purpose for which the information is used is directly related to the purpose for which the information was obtained.

The ATO PKI will use personal information to undertake Evidence of Identity (EOI) verification and authentication of applicants for Keys and Certificates. The purpose for obtaining personal information is set out in documents supporting Public Key Infrastructure – for example, the Certificate Practice Statement and the Certificate Policy which are publicly available at www.ato.gov.au/pki.

Last Modified: Thursday, 2 December 2004

Table of contents

Introduction

What personal information is collected?

Limits placed on the use of personal information

Attachment A - Information Privacy Principle

Give us your feedback