Show download pdf controls
  • Department of Home Affairs Visa Holders - 2017-18, 2018-19 and 2019-20 financial years data matching program protocol

    At a glance

    This protocol has been prepared to meet requirements of the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) (the Guidelines).

    The Department of Home Affairs (Home Affairs) (previously Department of Immigration and Border Protection) Visa Holders data matching program has been developed to assist the ATO to effectively detect and deal with compliance risks within the visa holding population. Data from Department of Home Affairs will be used in our risk detection models to select populations for administrative action relating to tax return integrity, income tax and goods and services tax non-compliance and fraud. This represents the use of data in a smarter way to improve decisions, services and compliance.

    We intend to acquire visa information for visas granted in the period 1 July 2017 to 30 June 2020.

    We have a responsibility to protect public revenue and to maintain community confidence in the integrity of the tax system. Undertaking the Department of Home Affairs Visa Holders data matching program will assist us in investigating and taking steps to mitigate fraud against public revenue.

    Program objectives

    The objectives of this data matching program are to:

    • Maintain currency of our knowledge of taxation and superannuation risks within the visa holders, visa sponsors and migration agents populations.
    • Support the development and implementation of administrative strategies to treat non-compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations by visa holders, visa sponsors and migration agents.
    • Test the accuracy and strengths of our existing risk detection models and treatment systems, and identify areas for improvement in our models, treatment systems and practices.
    • Identify potentially new or emergent fraud methodologies and those entities controlling or exploiting those approaches.
    • Improve the integrity of the taxation and superannuation system by cancelling ineligible ABN registrants.
    • Support compliance activities under Australia’s foreign investment rules.
    • Ensure compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations.
    • Promote voluntary compliance by visa holders, sponsors and agent communities through education and engagement.

    How the data will be used

    We are seeking external data to cross-reference with our internal data holding to identify relevant cases for administrative action, including both compliance activities and educational strategies.

    Our detection models allow us to identify candidates for administrative action. This program will enhance our existing risk detection models and treatment systems by identifying areas for improvement through the identification of entities controlling or exploiting potentially new or emergent fraud methodologies.

    Our action under this data matching program will ensure taxpayers within this population of visa holders, visa sponsors, and migration agents are:

    • completing correct income tax returns and business activity statements
    • meeting their registration, lodgment, reporting and payment obligations for pay as you go withholding, fringe benefits tax and superannuation guarantee; and
    • correctly managing and meeting their taxation and superannuation obligations.

    Prior to any administrative action being taken, taxpayers will be provided with the opportunity to verify the accuracy of the information we receive from Home Affairs. In most cases taxpayers will be given at least 28 days to respond before administrative action is then taken.

    For example, where discrepancy matching identifies that a taxpayer is not reporting all of their income, but in fact are reporting the income under another entity, the taxpayer will be given the opportunity to clarify this situation with us.

    The data may also be used to ensure that taxpayers are complying with their other taxation and superannuation obligations including registration requirements, lodgment obligations and payment responsibilities.

    In cases where taxpayers fail to comply with these obligations even after being prompted and reminded of them, escalation for prosecution action may be initiated in appropriate circumstances.

    Where a taxpayer is correctly meeting their obligations, the use of the data will reduce the likelihood of contact from us.

    Learn more about what we will do before amending a return.

    Previous/Pilot programs

    We have been data matching visa data from Home Affairs (and its predecessors) since 2010, initially covering the 2008-09 financial year. The use of this data in risk detection models and treatment systems has been effective in mitigating compliance risks.

    The previous visa holders data matching program conducted for the 2013–14, 2014–15, 2015–16 and 2016–17 financial years broadly achieved its stated goals, including;

    • tailored advice letters to TFN applicants and to both employers and employees following submission of TFN declarations,
    • ABR verification program to identify temporary visa holders inappropriately obtaining an Australian Business Number (ABN) as contractors, when they should rightly be employees,
    • Research and longitudinal trend analysis of victims and perpetrators of fraud and data quality improvement exercises, and
    • pre-issue compliance verification to monitor registration, lodgment, correct reporting and payment of taxation and superannuation obligations under our refund integrity program.

    The reasons for conducting the Home Affairs visa holders data matching program remain current. The broad utilisation of this dataset throughout the organisation for a number of varied activities is representative of the importance and value this dataset brings to our administrative objectives.

    Data related matters

    Data matching and user agency

    We are the matching agency and the sole user of the data obtained in the course of this data matching program. The data matching program will be conducted on our secure systems in accordance with approved policies and procedures.

    In very limited and specific circumstances we may be permitted by law to disclose individual records to other government agencies. In some permitted circumstances this may include de-identified data.

    Learn more about our on-disclosure provisions.

    Data providers

    The data will be obtained from the Department of Home Affairs as the sole data provider.

    Data elements

    We will obtain the following information from the Department of Home Affairs for the 2017–18, 2018–19 and 2019–20 financial years:

    • Base population cohort of active visa holders meeting the criteria shown in appendix B.
    • Address history for visa applicants and sponsors.
    • Contact history for visa applicants and sponsors.
    • All visa grants.
    • Visa grant status by point in time.
    • Migration agents (visa application preparer who assisted or facilitated the processing of the visa).
    • Address history for migration agents.
    • Contact history for migration agents.
    • All international travel movements undertaken by visa holders (arrivals and departures).
    • Sponsor details (457 visa).
    • Education providers (educational institution where the student visa holder intends to undertake their study).
    • Visa subclass name.

    See the full data dictionary.

    Number of records

    It is estimated that the total number of records that will be obtained across the three year period of this data matching program is likely to exceed 20 million individuals.

    Data quality

    We expect the Home Affairs data to be of high quality given the department maintains a sophisticated database of visa applications and travel movements.

    Data will be transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our analytical systems.

    Learn more about:

    Data retention

    We are seeking to have the Information Commissioner exercise his discretion and allow the ATO to vary from the data destruction requirements contained in the Guidelines.

    The first collection of data under this program will be quarter one of the 2017-18 financial year (1 July 2017 to 30 September 2017) and is expected to occur during the second quarter of that financial year. The collection of the remaining years will continue progressively on a quarterly basis.

    We are seeking to retain data for a period of three years after loading of all verified data files for each relevant financial year.

    The retention of this data is required for the protection of public revenue. We destroy information that is no longer required in accordance with the Guidelines and the National Archives of Australia's General Disposal Authority 24 - Records relating to Data Matching Exercises (GDA 24). Destroying the data earlier than the requested extension would hinder our ability to protect public revenue.

    Visas frequently cover periods longer than a single financial year, additionally taxpayers on occasion lodge returns and forms past the ordinary due date, particularly those visiting Australia and perhaps less familiar with our tax and superannuation system. Without continued access to this data for the period outlined, we would experience challenges in verifying information so as to identify taxpayers who should be the subject of administrative action.

    Further refining and testing risk identification models takes substantial time and longitudinal evaluation, reducing the availability of data would negatively impact our ability to monitor and improve the performance of our models.

    See the submission to the Information Commissioner setting out the basis for seeking the variation to the data destruction guidelines and its impacts on individual privacy.

    Public notification of the program

    We will notify the public of our intention to undertake this program by:

    • publishing a notice in the Federal Register of Legislation - Gazettes in the week commencing 18th December 2017 – view the content of the gazette notice below
    • publishing this data matching program protocol on our website at Data matching protocols
    • advising the data provider they can notify their clients of their participation in this program
    • Home Affairs on their websiteExternal Link – note they cooperate with other agencies, including information-sharing for law enforcement and the protection of public revenue.

    Gazette notice content*

    Commissioner of Taxation – Notice of a data matching program

    The Australian Taxation Office (ATO) will acquire information on holders of a Visa from the Department of Immigration and Border Protection for the 2017–18, 2018–19 and 2019–20 financial years.

    The data items that will be obtained are:

    • Address history for visa applicants and sponsors
    • Contact history for visa applicants and sponsors.
    • All visa grants.
    • Visa grant status by point in time.
    • Migration agents (visa application preparer who assisted or facilitated the processing of the visa).
    • Address history for migration agents.
    • Contact history for migration agents.
    • All international travel movements undertaken by visa holders (arrivals and departures)
    • Sponsor details
    • Education providers (educational institution where a student visa holder intends to undertake their study)
    • Visa subclass name.

    It is estimated that records of 20 million individuals will be obtained over the course of the three year period.

    These records will be electronically matched with ATO data holdings to identify non-compliance with obligations under taxation and superannuation laws.

    The objectives of this data matching program are to:

    • Maintain currency of our knowledge of taxation and superannuation risks within the visa holders, visa sponsors and migration agents populations.
    • Support the development and implementation of administrative strategies to treat non-compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations by visa holders, visa sponsors and migration agents.
    • Test the accuracy and strengths of our existing risk detection models and treatment systems, and identify areas for improvement in our models, treatment systems and practices.
    • Identify potentially new or emergent fraud methodologies and those entities controlling or exploiting those approaches.
    • Improve the integrity of the taxation and superannuation system by cancelling ineligible ABN registrants.
    • Support compliance activities under Australia’s foreign investment rules.
    • Ensure compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations.
    • Promote voluntary compliance by visa holders, sponsors and agent communities through education and engagement.

    A document describing this program has been prepared in consultation with the Office of the Australian Information Commissioner. A copy of this document is available at Data Matching protocols

    The ATO complies with the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) which includes standards for data matching to protect the privacy of individuals. A full copy of the ATO’s privacy policy can be accessed at www.ato.gov.au/privacy

    * This Gazette notice was published in December 201, as this is a record of the notice as it was published, the department's name change due to machine of government changes is not reflected.

    Legal matters

    Learn more about:

    Appendix A

    Data Dictionary

    HOME_AFFAIRS_ATO_ACTIVE_VISA_HOLDERS_dd_mm_yy_TO_dd_mm_yy

    Base population cohort of active visa holders meeting the criteria shown in appendix B

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Person Identifier (PID)

    PRSN_ID

    Client Visa Subclass Code

    VISA_SBCLS_CD

    Client Visa Grant Number

    VISA_GRANT_NR

    HOME_AFFAIRS_ATO_CLIENT_ADRS

    Address history for visa applicants and sponsors

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Client type (Visa Applicant, Sponsor)

    CLIENT_TYPE_CD

    Address Type (Residential, Postal, Business, Residential other, Postal other, Business other)

    ADRS_TYPE_DS

    Date of Effect From

    EFFECT_DT_FROM

    Date of Effect To

    EFFECT_DT_TO

    Client First Line of the Address

    ADDRESS_1

    Client Second Line of the Address

    ADDRESS_2

    Client Third Line of the Address

    ADDRESS_3

    Client Fourth Line of the Address

    ADDRESS_4

    Country Code

    CNTRY_CD

    The Postcode of the Address

    POSTCODE

    The State or Territory of the Address

    STATE

    The Suburb, Town or City of the Address

    LOCALITY

    HOME_AFFAIRS_ATO_CLIENT_CONTACT

    Contact history for visa applicants and sponsors

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Client type (Visa Applicant, Sponsor)

    CLIENT_TYPE_CD

    Contact Type (Residential, Postal, Business, Residential other, Postal other, Business other)

    ADRS_TYPE_DS

    Date of Effect From

    EFFECT_DT_FROM

    Date of Effect To

    EFFECT_DT_TO

    Mobile phone number

    MOBILE_PHONE

    Phone number

    PHONE

    Fax number

    FAX

    Email address

    EMAIL

    HOME_AFFAIRS_ATO_GRANTS

    History of visas granted (active visa holders)

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Person Identifier (PID)

    PRSN_ID

    Client Visa Subclass Code

    VISA_SBCLS_CD

    Client Visa Grant Number

    VISA_GRANT_NR

    Visa Grant Date

    VISA_GRANT_DT

    Country that issued the travel document

    CITIZENSHIP_CNTRY

    Client Travel Document Identifier

    TRVL_DOC_ID

    Visa Grant Entry Expiry Date

    VISA_ENTRY_EXPRY_DT

    Visa stay number of days allowed

    VISA_STAY_DAYS_NR

    Number of entries allowed (No Entry, Single Entry, Multiple Entry)

    VISA_ENTRIES_ALLOWED_CD

    Client Birth Country

    BIRTH_CNTRY

    Client Birth Date Day (DD)

    BIRTH_DT_DD

    Client Birth Date Month (MM)

    BIRTH_DT_MM

    Client Birth Date Year (YYYY)

    BIRTH_DT_YYYY

    Client Title

    TITLE

    Client Family Name or Surname

    FAMILY_NAME

    Client First Given Name or First Given Initial

    GIVEN_NAME

    Client Second Given Name or Second Given Initial

    SECOND_GIVEN_NM

    Home Affairs Source Processing System

    SOURCE_SYSTEM

    Client Applicant Type (Primary or Secondary)

    APPLNT_TYPE_CD

    Visa CASE Identifier

    VA_CASE_ID

    Migration Agent Number Identifier

    AGT_MARA_ID

    HOME_AFFAIRS_ATO_PERSON_VISA_SNAPSHOT

    Person visa status at a point in time

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Person Identifier (PID)

    PRSN_ID

    Client Visa Subclass Code

    VISA_SBCLS_CD

    Client Visa Grant Number

    VISA_GRANT_NR

    Client Lawful Status (eg. onshore – Lawful)

    LAWFUL_STATUS_DS

    Client Lawful Status snapshot date

    LAWFUL_STATUS_DT

    Client Visa In Effect Until Date

    VISA_IN_EFFECT_UNTIL_DT

    HOME_AFFAIRS_ATO_MGRNT_AGT

    Migration agents (visa application preparer who assisted or facilitated the processing of the visa)

    Description

    Field name

    Migration Agent Number Identifier

    AGT_MARA_ID

    Migration Agent Title

    AGT_NAME_TITLE

    Migration Agent Family Name or Surname

    AGT_FMLY_NM

    Migration Agent First Given Name or First Given Initial

    AGT_GIVEN_NM

    Migration Agent Second Given Name or Second Given Initial

    AGT_SCND_GVN_NM

    Migration Agent Business Name

    AGT_BUSINESS_NM

    HOME_AFFAIRS_ATO_MGRNT_AGT_ADRS

    Address history for migration agents

    Description

    Field name

    Migration Agent Number Identifier

    AGT_MARA_ID

    Address Type (Residential, Postal, Business, Residential other, Postal other, Business other)

    ADRS_TYPE_DS

    Date of Effect From

    EFFECT_DT_FROM

    Date of Effect To

    EFFECT_DT_TO

    The First Line of the Address

    ADDRESS_1

    The Second Line of the Address

    ADDRESS_2

    The Third Line of the Address

    ADDRESS_3

    The Fourth Line of the Address

    ADDRESS_4

    Country Code

    CNTRY_CD

    The Postcode of the Address

    POSTCODE

    The State or Territory of the Address

    STATE

    The Suburb, Town or City of the Address

    LOCALITY

    HOME_AFFAIRS_ATO_MGRNT_AGT_CONTACT

    Contact history for migration agents

    Description

    Field name

    Migration Agent Number Identifier

    AGT_MARA_ID

    Contact Type (Residential, Postal, Business, Residential other, Postal other, Business other)

    CONTACT_TYPE_DS

    Date of Effect From

    EFFECT_DT_FROM

    Date of Effect To

    EFFECT_DT_TO

    Mobile phone number

    MOBILE_PHONE

    Phone number

    PHONE

    Fax number

    FAX

    Email address

    EMAIL

    HOME_AFFAIRS_ATO_MVMNT

    All international travel movements undertaken by visa holders (arrivals and departures)

    Description

    Field name

    Client Identifier

    CLIENT_ID

    Person Identifier (PID)

    PRSN_ID

    Client Visa Subclass Code

    VISA_SBCLS_CD

    Client Visa Grant Number

    VISA_GRANT_NR

    Movement Direction (Arrival or Departure)

    MOVEMENT_DIRECTION_CD

    Movement Date

    MOVEMENT_DT

    HOME_AFFAIRS_ATO_NOMINATIONS

    Sponsor details

    Description

    Field name

    Nomination CASE Identifier

    NM_CASE_ID

    Visa CASE Identifier

    VA_CASE_ID

    Visa to nomination link date

    VA_LINK_EF_DT

    Visa to nomination link end date

    VA_LINK_ET_DT

    Sponsor Identifier

    SP_CLIENT_ID

    Sponsor ABN (Australian Business Number)

    SP_ABN

    Sponsor Title

    SP_TITLE

    Sponsor Family Name or (Business Employer Name)

    SP_NM

    Sponsor First Given Name or First Given Initial

    SP_GIVEN_NAME

    Sponsor Second Given Name or Second Given Initial

    SP_SECOND_GIVEN_NM

    Nominated Base Salary $ Amount

    NM_BASE_SALARY

    Nominated Total Remuneration $ Amount

    NM_REMUNERATION_AMT

    Post code of work location

    NM_WORK_POSTCODE

    Occupation code of worker

    NM_OCCUPTN_CD

    ANZSCO = 3, ASCO = 2

    NM_OCCUPTN_TYPE_CD

    HOME_AFFAIRS_ATO_STUDENT_COURSE

    Education providers (educational institution where the student visa holder intends to undertake their study)

    Description

    Field name

    Client Visa Grant Number

    VISA_GRANT_NR

    Educational Provider Code Number

    EDUCATION_PROVIDER_CD

    HOME_AFFAIRS_ATO_VISA_SUBCLASS

    Visa subclass name

    Description

    Name

    Client Visa Subclass Code

    VISA_SBCLS_CD

    Client Visa Subclass Name

    VISA_SBCLS_NM

    Date of Effect From

    EFFECT_DT_FROM

    Date of Effect To

    EFFECT_DT_TO

    Appendix B

    Visa Holder Selection Method

    Definitions

    Focus periods

    Data will be extracted and transferred to the ATO in batches each quarter. The 'Focus period' is the period of time each data batch relates (start date to end date). For example, data batches will be required for the following focus periods under this data matching program:

    • 1/07/2017 to 30/09/2017
    • 1/10/2017 to 31/12/2017
    • 1/01/2018 to 30/03/2018
    • 1/04/2018 to 30/06/2018
    • 1/07/2018 to 30/09/2018
    • 1/10/2018 to 31/12/2018
    • 1/01/2019 to 31/03/2019
    • 1/04/2019 to 30/06/2019
    • 1/07/2019 to 30/09/2019
    • 1/10/2019 to 31/12/2019
    • 1/01/2020 to 30/03/2020
    • 1/04/2020 to 30/06/2020

    Table name

    Selection method description

    Base population cohort of active visa holders

    Active visa holders that have been granted one or more visas and stayed in Australia for any part or the whole focus period

    Address history for visa applicants and sponsors

    10 years of address history required for all in the base population cohort

    Contact history for visa applicants and sponsors

    10 years of contact history required for all in the base population cohort

    History of visas granted (active visa holders)

    10 years of history of ALL granted visas for all in the base population cohort (not limited by focus period)

    Person visa status at a point in time

    Snapshot records within the focus period for all in the base population cohort

    Migration agents (visa application preparer who assisted or facilitated the processing of the visa)

    All migration agents with a link to one or more in the base population cohort

    Address history for migration agents

    10 years of address history required for migration agents with a link to one or more in the base population cohort

    Contact history for migration agents

    10 years of contact history required for migration agents with a link to one or more in the base population cohort

    All international travel movements undertaken by visa holders (arrivals and departures)

    10 years of history of ALL travel movements for all in the base population cohort (not limited by focus period)

    Sponsor details (457 visa)

    All sponsors with a link to one or more in the base population cohort

    Education providers (educational institution where the student visa holder intends to undertake their study)

    All education providers with a link to one or more in the base population cohort

    Visa subclass name

    All visa subclass names with a link to one or more in the base population cohort

    Appendix C

    Submission to the Information Commissioner

    Varying from the data destruction requirements

    The Australian Taxation Office (ATO) is seeking approval for the Department of Home Affairs Visa Holders data matching program for the 2017–18, 2018–19 and 2019–20 to vary from one or more of the conditions detailed in Guideline 10 of the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) (the Guidelines).

    We are seeking to retain data for a period of three years after loading of all verified data files for each relevant financial year.

    We consider that a variation from the usual retention periods for this data matching program is in the public interest as:

    • the retention of this data is required for the protection of public revenue, destroying the data earlier than the requested extension would hinder our ability to protect public revenue.
    • visas frequently cover periods longer than a single financial year, additionally taxpayers on occasion lodge returns and forms past the ordinary due date, particularly those visiting Australia and perhaps less familiar with our tax and superannuation system. Without continued access to this data for the period outlined, we would experience challenges in verifying information so as to identify taxpayers who should be the subject of administrative action.
    • further refining and testing risk identification models takes substantial time and longitudinal evaluation, reducing the availability of data would negatively impact our ability to monitor and improve the performance of our models.
    • destruction of the data would inhibit our ability to identify taxpayers who may be subject to administrative action and therefore result in loss of public revenue.

    We have determined that this variation will not affect the privacy of an individual.

    This program will be subject to an evaluation within three years which is consistent with the requirements of Guideline 9.

    Additional information justifying this variation is included in the tables below:

    • Table 1 – matters considered in accordance with Guideline 10.2 in seeking this variation
    • Table 2 – consistency with requirements of the other guidelines issued by the Office of the Australian Information Commissioner

    The Commissioner of Taxation does not request that this advice be kept confidential (Guideline 10.6) and has no concerns with the Office of the Australian Information Commissioner placing the information on its website.

    Table 1: Matters considered in seeking this variation to the Guidelines

    Matter considered

    Consideration

    10.2.a

    The effect that not abiding by the Guidelines would have on individual privacy

    • Retaining data for a period of three years will not increase the risks to an individual’s privacy. We have in place very secure processes for handling and storing data. Once acquired, all data will be stored on our secure computer systems where access is strictly controlled and full audit logs maintained.
    • The ATO and our staff operate under stringent confidentiality and privacy legislation that prohibits the improper access to or disclosure of protected information. These obligations are supported by significant penalties, including imprisonment. This substantially mitigates the risks of breaches of privacy.

     

    10.2.b

    The seriousness of the administrative or enforcement action that may flow from a match obtained through the data matching program

    • An extension of the retention period will not affect the seriousness of the administrative action that may flow from the match, but will assist in detecting non-compliance or taxation fraud.
    • Where we propose to take administrative action where a taxpayer may have reported incorrectly, we will differentiate between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model will be followed to ensure fairness and consistency.

     

    10.2.c

    The effect that not abiding by the Guidelines would have on the fairness of the data matching program — including its effect on the ability of individuals to determine the basis of decisions that affect them, and their ability to dispute those decisions

    • There will be no effect on the fairness of the program or the ability of taxpayers to find out the basis of decisions that impact them or their ability to dispute those decisions.
    • Before any administrative action is undertaken, taxpayers will be given at least 28 days to verify the accuracy of the information that has been derived from this data matching program.
    • Where administrative action is to be undertaken, we will adhere to the principles established in the Taxpayers’ Charter and compliance model to ensure an equitable and consistent approach is taken.
    • If a taxpayer does not agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through tribunals and the courts.

     

    10.2.d

    The effect that not abiding by the Guidelines would have on the transparency and accountability of agency and government operations

    • There will be no adverse effects on the transparency and accountability of government operations.
    • A program protocol is submitted to the Office of the Australian Information Commissioner and we will strictly adhere to the commitments in that document.
    • We publish a notice with general information about the program in the Federal Register of Legislation - Gazettes before administrative action commences. We also make a copy of the program protocol available on our website.

     

    10.2.e

    The effect that not abiding by the Guidelines would have on compliance of the proposed data matching program with the Australian Privacy Principles in the Privacy Act 1988

    • There will be no effect on compliance with the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 due to longer retention of the data. The data is collected solely for the stated objectives established in the data matching program protocol.

     

    10.2.f

    The effect that complying with the Guidelines would have on the effectiveness of the proposed data matching program

    • The effectiveness of the program would be reduced if the data retention period is not extended.
    • There would be a significant reduction in our ability to detect incorrect reporting and taxation fraud without assessing trends in the data collected.
    • The destruction of the data in accordance with the current guidelines would impact the integrity of the taxation system by:  
      • limiting our ability to identify taxpayers who may be subject to administrative action
      • resulting in the loss of revenue.
       

     

    10.2.g

    Whether complying fully with the Guidelines could jeopardise or endanger the life or physical safety of information providers or could compromise the source of information provided in confidence

    • Not abiding by all the requirements of the Guidelines would not influence or affect the personal safety of any individual identified as part of the program or compromise the source of the information provided in confidence.

     

    10.2.h

    The effect that complying fully with the Guidelines would have on public revenue – including tax revenue, personal benefit payments, debts to the Commonwealth and fraud against the Commonwealth

    • Not allowing the variation to the data retention period of the current program would cause us to miss potential breaches of taxation laws and subsequent non-payment of tax. This would result in the Commonwealth foregoing taxation revenue.
    • There are risks to the integrity of taxation system when people fail to comply with their obligations. Abiding by all of the requirements of the guidelines will reduce the effectiveness of the proposed compliance activity. We would miss the opportunity to educate those taxpayers trying to do the right thing, and deter those that are non-compliant from repeating the behaviour.
    • The effect of abiding by all of the requirements in the guidelines could negatively impact both public revenue and the confidence the public and government have in the ATO as an administrator of the taxation system. People not complying with their taxation obligations, including those operating outside the system, set a bad example to compliant taxpayers and may encourage their non-compliance. Maintaining community and government confidence in the taxation system is critical to our ongoing role.

     

    10.2.i

    Whether complying fully with the Guidelines would involve the release of a document that would be an exempt document under the Freedom of Information Act 1982

    • Upon receipt of a freedom of information request only information relating to the taxpayer’s own affairs will be released to the taxpayer concerned.

     

    10.2.j

    Any legal authority for, or any legal obligation that requires, the conduct of the proposed data matching program in a way that is inconsistent with the Guidelines.

    • There is no specific legislative power authorising the conduct of this program inconsistent with the Guidelines.
    • The Commissioner of Taxation, or his authorised representative, has formed the opinion that this data is required to enable us to effectively and efficiently carry out its legislated functions under the general powers of administration contained in:  
      • Section 3A of the Taxation Administration Act 1953
      • Section 8 of the Income Tax Assessment Act 1936
      • Section 1-7 of the Income Tax Assessment Act 1997
      • Section 356-5 in Schedule 1 of the Taxation Administration Act 1953
       
    • The reasons for proposing to operate outside requirements of the Guidelines are detailed above.

     

    Table 2: Matters considered in seeking this variation to the Guidelines

    This section outlines where we are being consistent with the requirements of the Guidelines.

    Paragraph/Guideline

    Action taken/To be taken

    Paragraph 6

    Status of the Guidelines

    Our commitment to complying with the Guidelines is embedded in our data management policies and principles and clearly stated in the chief executive instruction.

    Guideline 1

    Application of the Guide

    We apply the guidelines for all data matching programs where it is anticipated the program will include records of 5,000 or more individuals.

    We recognise that programs where there are multiple data sources but with common objectives and algorithms are treated as a single data matching program.

    Guideline 2

    Deciding to carry out or participate in a data matching program

    We conduct a cost-benefit analysis and consider alternate methods prior to proposing to conduct a data matching program.

    Further, we have rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals.

    Guideline 3

    Prepare a program protocol

    Prior to conducting a data matching program, we prepare a data matching program protocol, submit this to the Office of the Australian Information Commissioner and make a copy publicly available on the ATO website.

    When elements of a data matching program change, the protocol is amended, a copy of the amended protocol is provided to the Office of the Australian Information Commissioner and updated on our website

    Guideline 4

    Prepare a technical standards report

    Documentation is prepared and maintained so as to satisfy the requirements of a technical standards report.

    Guideline 5

    Notify the public

    We publish notification of our intention to undertake a data matching program in the Federal Register of Legislation - Gazettes prior to the commencement of the program.

    This notice includes the following information as required by the Guidelines:

    • a brief description of the objectives of the data matching program
    • the matching agency and source entities involved in the data matching program
    • a description of the data contained in the data set involved in the data matching program
    • the categories of individuals about whom personal information is to be matched
    • the approximate number of individuals affected
    • reference to our privacy policy.

    Notification of the program is also published on our website and data providers are advised they can advertise their participation in the data matching program.

    Guideline 6

    Notify individuals of proposed administrative action

    Prior to taking any administrative action as a result of the data matching programs, individuals and other entities are given at least 28 days to verify the accuracy of the information provided to us by third parties.

    Guideline 7

    Destroy information that is no longer required

    We are seeking to vary from this requirement.

    Guideline 8

    Do not create new registers, datasets or databases

    We do not create new registers or databases using data obtained in the course of a data matching program.

    Guideline 9

    Regularly evaluate data matching programs

    Programs are evaluated within three years of the commencement of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner on request.

    Guideline 10

    Seeking exemptions from Guideline requirements

    When we intend to vary from the requirements of the Guidelines, we seek the approval of the Office of the Australian Information Commissioner and provide documentation to support the variance.

    Guideline 11

    Data matching with entities other than agencies

    We undertake our own data matching programs. This function is not outsourced.

    Where data is obtained from an entity other than an individual, we usually do so using our formal information gathering powers. In these instances the entities are advised they are able to notify their clients of their participation in the data matching program.

    Guideline 12

    Data matching with exempt agencies

    We do not usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the Guidelines (i.e. any data matching undertaken with an exempt agency would usually be for fewer than 5,000 individuals).

    In the event a data matching activity would otherwise be subject to these Guidelines except for the exemption status, we still adhere to the principles of the Guidelines and prepare a program protocol, seeking to vary from the Guidelines by not publicly notifying of the program and publishing the protocol. We would still lodge a copy of the protocol with the Office of the Australian Information Commissioner.

    Guideline 13

    Enable review by the Office of the Australian Information Commissioner

    We would not prevent the Office of the Australian Information Commissioner from reviewing our data matching activities and processes. These activities and processes have been reviewed by the Australian National Audit Office and Inspector-General of Taxation.

    More information

    What we will do before we amend a return

    Where we detect a discrepancy that requires verification we will contact the taxpayer usually by telephone, letter or email.

    Before any administrative action is taken, taxpayers will be provided with the opportunity to verify the accuracy of the information obtained by us. Taxpayers will be given at least 28 days to respond before administrative action is taken.

    For example, where discrepancy matching identifies that a taxpayer may not be reporting all of their income, but in fact they are reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.

    The data may also be used to ensure that taxpayers are complying with their other taxation and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.

    In cases where taxpayers fail to comply with these obligations, even after being reminded of them, escalation for prosecution action may be instigated in appropriate circumstances.

    Where a taxpayer is correctly meeting their obligations, the use of the data will reduce the likelihood of contact from us.

    Our on-disclosure provisions

    Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the other government agencies we can disclose taxpayer information to, and the circumstances we are permitted to make those disclosures. These include agencies responsible for:

    • state and territory revenue laws
    • payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
    • overseeing superannuation funds, corporations and financial market operators to ensure compliance with prudential regulations
    • determining entitlement to rehabilitation and compensation payments
    • law enforcement activities to assist with specific types of investigations
    • policy analysis, costing and effectiveness measurement.

    Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances on-disclosures may include de-identified datasets for statistical analysis.

    How we undertake data matching

    We use sophisticated identity matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple details to obtain an identity match. For example, where a name, address and date of birth are available all items are used in the identity matching process. Very high confidence matches will occur where all fields are matched.

    Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision taken to destroy the data with no further action. Our manual identity matching process involves an ATO officer reviewing and comparing third party data identity elements against ATO information on a one-on-one basis, seeking sufficient common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting. Where it is determined data is no longer required a decision is taken to destroy the data.

    Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

    Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity, or to destroy the data.

    Destruction of data is conducted in accordance with the timeframes and requirements of the Guidelines and GDA24 or an extension of time is sought from the Information Commissioner.

    Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

    How we protect your personal information

    Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

    All ATO computer systems are strictly controlled, with features including:

    • system access controls and security groupings
    • login identification codes and password protection
    • full audit trails of data files and system accesses.

    We will generally utilise our secure internet-based data transfer facility to convey the data from source agencies.

    Where this is not possible, data providers will be requested to provide the data on a CD, DVD or USB media storage device encrypted to a standard that satisfies Australian government requirements. The media storage device will be password protected, with the password provided under separate cover.

    Where the media storage device is not collected by an authorised ATO officer, an approved courier service will be used to collect the device. In remote locations not serviced by an approved courier service, the Australia Post ‘Express Post Platinum’ service will be utilised (providing both tracking and signature for delivery features).

    Our quality assurance framework

    Quality assurance processes are integrated into our procedures and computer systems and are applied throughout the data matching cycle.

    These assurance processes include:

    • registering the intention to undertake a data matching program on an internal register
    • obtaining approval from the Data Steward and relevant Senior Executive Service (SES) officers prior to any activity being undertaken
    • conducting program pilots or obtaining sample data to ensure the data matching program will achieve its objectives prior to full data sets being acquired
    • notifying the Office of the Australian Information Commissioner of our intention to undertake the data matching program and request permission to vary from the data matching guidelines (where applicable)
    • access to the data is restricted to approved users and access management logs record details of who has accessed the data
    • quality assurance processes embedded into compliance activities include:  
      • review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
      • ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
      • regular independent panel reviews of samples of case work to provide assurance of the accuracy and consistency of case work.
       

    These processes ensure data is collected and used in accordance with our data management policies and principles, and complies with the Information Commissioner's data matching guidelines.

    Why we undertake data matching

    We have considered a range of alternatives to this data matching program to ensure entities are complying with their taxation and superannuation obligations. Relying only on data already held by the ATO is of limited value for the following reasons:

    • the taxation system operates on willing participation so our data is derived from taxpayers that are correctly registered and meeting their lodgment obligations
    • we have no other data to cross-reference to ensure taxpayers are reporting their obligations correctly other than by directly contacting every taxpayer.

    This data matching program will allow us to identify taxpayers who are not fully complying with their obligations, as well as those that may be operating outside the taxation and superannuation systems. It will also reduce the likelihood of the ATO unnecessarily contacting taxpayers who are complying with their taxation obligations.

    Data matching is an effective method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations that would otherwise be a resource intensive exercise.

    Data matching also assists us in effectively promoting voluntary compliance by notifying the public of areas and activities under scrutiny.

    Costs and benefits of data matching

    Costs

    There are some incidental costs to us in the conduct of this data matching program, but these will be more than offset by the total revenue protected. These costs include:

    • data analyst resources to identify potential instances of non-compliance
    • compliance resources to manage casework and educational activities
    • governance resources to ensure that the Guidelines and the Privacy Act 1988 are complied with, and quality assurance work to ensure the rigour of the work undertaken by analysts and compliance staff
    • storage of the data.

    Benefits

    Benefits from conducting this data matching programs include:

    • maintaining community confidence in both the taxation and superannuation systems by creating a level playing field, as well as maintaining community confidence in the ATO’s capacity to fairly administer those systems
    • integrity of the taxation and superannuation systems – there are inherent risks in taxpayers not complying with their obligations, including those that deliberately abuse these systems – this program will assist the ATO in detecting, dealing with and deterring those that are not meeting their obligations
    • enabling enforcement activity and recovery of taxation revenue – without undertaking this data matching program and subsequent compliance activity there are no assurances that a wider risk to revenue does not exist.

    Making a privacy complaint

    If a taxpayer is not satisfied with how we have collected, held, used or disclosed their personal information, they can make a formal complaint by:

    • using the online complaints form at www.ato.gov.au/Complaints
    • phoning our complaints line on 1800 199 010
    • phoning the National Relay Service on 13 36 77 (if you have a hearing, speech or communication impairment)
    • sending us a free fax on 1800 060 063
    • writing to us at:

    ATO Complaints
    PO Box 1271
    ALBURY  NSW  2640.

    If a taxpayer is not satisfied with the outcome of the privacy complaint, they can contact the Office of the Australian Information Commissioner. More details on the process can be found on the OAIC website at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaintExternal Link

    For more information and to review our privacy policy visit our website at www.ato.gov.au/privacy

    Our lawful role

    The Commissioner of Taxation has responsibility for ensuring taxpayers meet their taxation and superannuation obligations. Compliance with these obligations is a matter we take seriously and failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the taxation and superannuation systems and our capacity to administer those systems.

    Our data matching program is one of the strategies used to identity and deal with non-compliant behaviour. Data matching programs also provide a degree of assurance that taxpayers are meeting their obligations.

    Our legal authority to undertake a data matching program

    ATO legislation

    The data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

    This is a coercive power that obligates the data provider to give the information requested. We will use the information for taxation and superannuation compliance purposes.

    Privacy Act

    Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act 1988 and in particular:

    • APP6.2(b) – the use of the information is required or authorised by an Australian law
    • APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement related activities.
      Last modified: 21 Dec 2017QC 54138