Show download pdf controls
  • Motor vehicle registries - 2016-17, 2017-18 and 2018-19 financial years data matching program protocol

    At a glance

    This protocol has been prepared to meet requirements of the Office of the Australian Information Commissioner’s (OAIC) Guidelines on Data Matching in Australian Government Administration (2014) (the Guidelines).

    The motor vehicle registries data matching program has been developed to assess the overall taxation compliance of individuals and businesses involved in buying and selling motor vehicles. We will match the data provided by state and territory motor vehicle registry authorities against ATO taxpayer records with the intent of identifying those who are not participating in the taxation and superannuation system by meeting their registration, reporting, lodgment and payment obligations.

    Information will be acquired from state and territory motor vehicle registry authorities where their records indicate a vehicle has been transferred or newly registered during the 2016-17, 2017-18 and 2018-19 financial years where the purchase price or market value is equal to or greater than $10,000. This threshold was determined taking into account vehicle prices trends.

    The data acquired will allow compliance checks of luxury car tax, fringe benefits tax and fuel schemes, as well as identifying higher risk taxpayers with outstanding lodgments and those with undeclared income who's asset holdings may not be proportionate to their declared financial position.

    Program objectives

    The objectives of this data matching program are to:

    • Primarily identify and address non-compliance with taxation obligations.
    • Obtain intelligence about taxpayers that buy and sell motor vehicles to identify risks and trends of non-compliance with taxation and superannuation obligations.
    • Identify and address taxpayers buying and selling motor vehicles who may not be meeting their obligations to register and lodge returns (including activity statements) and ensure the correct reporting of income and entitlement to both deductions and input tax credits.
    • Use the motor vehicle purchaser’s data as an indicator of risk, along with other data holdings, to identify taxpayers that have purchased vehicles with values that are not commensurate with the income they have reported.
    • Identify cases for investigation of taxpayers of interest, such as seller(s), licenced dealers, fleet managers, leasing companies or representatives of these taxpayers to determine if the use of interposed proxy ownership is used to conceal the real accumulation of wealth, therefore representing a material threat to public revenue.
    • Identify and deal with those taxpayers who may not have met their obligations primarily with regards to GST, fringe benefits tax, luxury car tax, fuel schemes and income tax.
    • Promote voluntary compliance and strengthen community confidence in the integrity of the taxation and superannuation systems by publicising the running of this data matching program.
    • Ensure compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations.

    How the data will be used

    We are seeking external data to cross-reference with our internal data holdings to identify relevant cases for administrative action.

    Details will be requested from the state and territory motor vehicle registering authorities where their records indicate a vehicle has been transferred or newly registered during the identified financial years where the purchase price or market value is equal to or greater than $10,000. This threshold is consistent with earlier programs and was determined taking into account current vehicle price trends.

    A taxation compliance risk profile of taxpayers buying, selling or acquiring motor vehicles will provide us with information to:

    • Deliver products and tailored education strategies to assist taxpayers in managing their taxation obligations.
    • Identify taxpayers at risk of not complying with their taxation or superannuation obligations to be referred to the relevant area for appropriate treatment.

    In cases where taxpayers fail to comply with these obligations even after being prompted and reminded of them, escalation for prosecution action may be initiated in appropriate circumstances.

    Where a taxpayer is correctly meeting their obligations, the use of the data will reduce the likelihood of contact from us.

    Learn more about what we will do before amending a return.

    Previous programs

    This data matching program has been conducted annually since the 2003-04 year. Over each financial year the data has supported compliance checks on luxury car tax, fringe benefits tax and fuel schemes as well as identifying higher risk taxpayers with outstanding taxation lodgements and those with undeclared income.

    The data is used in conjunction with other data sources in our risk detection models and profiling tools to generate compliance action.

    The motor vehicle registries data matching program continues to be effective and we intend to continue the data matching programs for the 2016-17, 2017-18 and 2018-19 financial years.

    Data related matters

    Data matching and user agency

    We are the matching agency and the sole user of the data obtained in the course of this data matching program. The data matching program will be conducted on our secure systems in accordance with approved policies and procedures.

    In very limited and specific circumstances we may be permitted by law to disclose individual records to other government agencies. In some permitted circumstances this may include de-identified data.

    Learn more about our on-disclosure provisions.

    Data providers

    Data will be acquired from the eight State and Territory motor vehicle registry authorities.

    Australian Capital Territory

    Office of Regulatory Services, Justice and Community Safety Directorate

    New South Wales

    Roads and Maritime Services

    Northern Territory

    Department of Lands and Planning

    Queensland

    Department of Transport and Main Roads

    South Australia

    Department of Planning, Transport and Infrastructure

    Tasmania

    Department of State Growth Resources, Registration and Licensing Branch

    Victoria

    VicRoads Licensing and Registrations Operations

    Western Australia

    Department of Transport

    In accordance with Guideline 5.9 we have also advised each of the source agencies to take reasonable steps to notify the general public of their participation in this data matching program, such as information on their website and their privacy statement.

    Data elements

    We will obtain the following information from the State and Territory motor vehicle registry authorities for the 2016-17, 2017-18 and 2018-19 financial years:

    • Details of the purchaser(s), seller(s), licenced dealer, fleet manager, leasing company (or representative of any of these) and the registering person for an unincorporated body, including:
      • Name – individual
      • Name – business (legal and trading)
      • Address (including postcode) – residential, business (for legal notices), postal (for renewals)
      • Date of birth – (individuals)
      • Contact phone number
      • Australian business number (if applicable)
      • Australian company number (if applicable)
       

    Based on experience from previous data motor vehicle registries matching programs, the majority of transactions involve only a single seller and single buyer.

    • Transaction details will include:
      • Date of transaction
      • Type of transaction (for example, new registration, transfer)
      • Sale price of the vehicle
      • Market value of the vehicle
      • Vehicle’s garage address
      • Type of intended vehicle use (for example, private, business)
      • Vehicle make
      • Vehicle model
      • Vehicle body type
      • Year of manufacture
      • Engine capacity or number of cylinders
      • Tare weight (unladen weight)
      • Gross weight (gross vehicle mass and/or gross combination mass)
      • Vehicle identification number (chassis number)
      • Registration number
      • Transaction receipt number
      • State stamp duty exemption (yes or no)
      • Reason for stamp duty exemption
      • Dealer’s licence number
       

    See the full data dictionary.

    Number of records

    It is estimated that the number of individuals we will obtain records about across all data providers is likely to exceed 1.5 million each financial year. (Some transactions will involve more than one individual).

    Data quality

    We work collaboratively with the motor vehicle registry bodies to ensure that any request for data is reasonable in terms of both costs of providing the data and systems capability.

    Based on over ten years of previous motor vehicle registries data matching programs, we are confident the data will be of good quality. The States and Territories have their own financial and legislative incentives to maintain accurate records.

    Data will be transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our analytical systems.

    Learn more about:

    Data retention

    We are seeking to have the Information Commissioner exercise his discretion and allow the ATO to vary from the data destruction requirements contained in the Guidelines.

    The annual collection of data under this program will include a single financial year and is expected to occur in the second or third quarter of the subsequent financial year.

    We are seeking to retain data for a period of three years after loading of all verified data files for each relevant financial year.

    The retention of this data is required for the protection of public revenue. We destroy information that is no longer required in accordance with the Guidelines and the National Archives of Australia's General Disposal Authority 24 - Records relating to Data Matching Exercises (GDA 24). Destroying the data earlier than the requested extension would hinder our ability to protect public revenue because:

    • The discrepancy matching that occurs under parts of this program is iterative in nature. For example one discrepancy match may be used in subsequent and different matching processes. This process can typically occur over multiple financial years.
    • The data is also used in multiple risk models, including models that establish retrospective profiles over a number of years. Destroying the data in accordance with the Guidelines will reduce the effectiveness of these models.
    • It would hinder our ability to conduct longer term analysis of the risks associated with asset accumulation.

    Taxpayers at times lodge income tax returns several years past their due date and as such we need to retain this information for a reasonable period to allow for these delays.

    See the submission to the Information Commissioner setting out the basis for seeking the variation to the data destruction guidelines and its impacts on individual privacy.

    Public notification of the program

    We will notify the public of our intention to undertake this program by:

    Gazette notice content

    Commissioner of Taxation - Notice of a data matching program

    The Australian Taxation Office (ATO) will acquire information during the 2016-17, 2017-18 and 2018-19 financial years, on vehicles that have been transferred or newly registered where the purchase price or market value is equal to or greater than $10,000.

    Data will be acquired from the eight State and Territory motor vehicle registry authorities.

    • Australian Capital Territory
      • Office of Regulatory Services, Justice and Community Safety Directorate
       
    • New South Wales
      • Roads and Maritime Services
       
    • Northern Territory
      • Department of Lands and Planning
       
    • Queensland
      • Department of Transport and Main Roads
       
    • South Australia
      • Department of Planning, Transport and Infrastructure
       
    • Tasmania
      • Department of State Growth Resources, Registration and Licencing Branch
       
    • Victoria
      • VicRoads Licencing and Registrations Operations
       
    • Western Australia
      • Department of Transport
       

    The data items that will be obtained are:

    • Details of the purchaser(s), seller(s), licenced dealer, fleet manager, leasing company (or representative of any of these) and the registering person for an unincorporated body, including:
      • Name – individual
      • Name – business (legal and trading)
      • Address (including postcode) – residential, business (for legal notices), postal (for renewals)
      • Date of birth – (individuals)
      • Contact phone number
      • Australian business number (if applicable)
      • Australian company number (if applicable)
       

    Based on experience from previous data motor vehicle registries matching programs, the majority of transactions involve only a single seller and single buyer.

    • Transaction details will include:
      • Date of transaction
      • Type of transaction (for example, new registration, transfer)
      • Sale price of the vehicle
      • Market value of the vehicle
      • Vehicle’s garage address
      • Type of intended vehicle use (for example, private, business)
      • Vehicle make
      • Vehicle model
      • Vehicle body type
      • Year of manufacture
      • Engine capacity or number of cylinders
      • Tare weight (unladen weight)
      • Gross weight (gross vehicle mass and/or gross combination mass)
      • Vehicle identification number (chassis number)
      • Registration number
      • Transaction receipt number
      • State stamp duty exemption (yes or no)
      • Reason for stamp duty exemption
      • Dealer’s licence number
       

    It is estimated that records of 1.5 million individuals will be obtained each financial year.

    These records will be electronically matched with ATO data holdings to identify non-compliance with obligations under taxation and superannuation laws.

    The objectives of this data matching program are to:

    • Primarily identify and address non-compliance with taxation obligations.
    • Obtain intelligence about taxpayers that buy and sell motor vehicles to identify risks and trends of non-compliance with taxation and superannuation obligations.
    • Identify and address taxpayers buying and selling motor vehicles who may not be meeting their obligations to register and lodge returns (including activity statements) and ensure the correct reporting of income and entitlement to both deductions and input tax credits.
    • Use the motor vehicle purchaser’s data as an indicator of risk, along with other data holdings, to identify taxpayers that have purchased vehicles with values that are not commensurate with the income they have reported.
    • Identify cases for investigation of taxpayers of interest, such as seller(s), licenced dealers, fleet managers, leasing companies or representatives of these taxpayers to determine if the use of interposed proxy ownership is used to conceal the real accumulation of wealth, therefore representing a material threat to public revenue.
    • Identify and deal with those taxpayers who may not have met their obligations primarily with regards to GST, fringe benefits tax, luxury car tax, fuel schemes and income tax.
    • Promote voluntary compliance and strengthen community confidence in the integrity of the taxation and superannuation systems by publicising the running of this data matching program.
    • Ensure compliance with registration, lodgment, correct reporting and payment of taxation and superannuation obligations.

    A document describing this program has been prepared in consultation with the Office of the Australian Information Commissioner. A copy of this document is available at www.ato.gov.au/dmprotocols

    The ATO complies with the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) which includes standards for data matching to protect the privacy of individuals. A full copy of the ATO’s privacy policy can be accessed at www.ato.gov.au/privacy

    Legal matters

    Learn more about:

    Data Dictionary

    File One - Transaction information, file format - text FIXED length

    Character

    Position

    Field Name

    Format

    Description

    1-20 TRANS_RECEIPT_NUMBER CHAR (20)(left justified, blank filled) Receipt number of transaction – enables chronology where more than one transaction per vehicle is recorded on one date.
    21-28 TRANS_DATE CHAR (8) Transaction date - year, month and day - yyyymmdd
    29-53 TRANS_TYPE CHAR (25)(left justified, blank filled) Transaction type – either‘New Registration’ or ‘Transfer Registration’
    54 - 65 SELLER_CRN CHAR(12)(left justified, blank filled) Seller Customer Reference Number – unique identifier which identifies the seller’s (legal owner) registration details. This information will enable linking to the customer file.
    66 - 77 PURCHASER_CRN CHAR(12)(left justified, blank filled) Purchaser Customer Reference Number– unique identifier which identifies the purchaser’s (legal owner) registration details. This information will enable linking to the customer file.
    78-87 PURCHASE_PRICE CHAR (10)(right justified, zero filled) Amount vehicle sold for at time of transaction.
    88-97 MARKET_VALUE CHAR (10)(right justified, zero filled) Market value of vehicle at time of transaction.
    98-175 VEH_USAGE_TYPE CHAR (78)(left justified, blank filled) Vehicle Usage eg Private, Business, Taxi, Charter, Ambulance.
    176-205 MAKE_OF_VEHICLE CHAR (30)(left justified, blank filled) Make of Vehicle eg Ford, Holden, Kenworth
    206-260 MODEL_OF_VEHICLE CHAR (55)(left justified, blank filled) Model of Vehicle eg Land-cruiser, RX7, Golf
    261-264 YEAR_OF_MANUFACTURE CHAR (4)(right justified, zero filled) Year only - yyyy
    265-342 BODY_TYPE CHAR (78)(left justified, blank filled) Body Type eg Caravan, Hatchback, Sedan, Horse-float, Van
    343-347 ENGINE_CAPACITY CHAR (5)(right justified, zero filled) Size of engine
    348-351 NO_OF_CYLINDERS CHAR (4)(right justified, zero filled) Number of cylinders
    352-359 TARE_MASS CHAR (8)(right justified, zero filled) The weight of an empty vehicle or container
    360-367 GVM CHAR (8)(right justified, zero filled) Gross Vehicle Mass - maximum weight that a truck can carry including its own weight
    368-375 GCM CHAR (8)(right justified, zero filled) Gross Combination Mass - total weight a truck can carry or tow
    376-395 VIN_CHASSIS CHAR (20)(left justified, blank filled) Vehicle identification number
    396-405 REGISTRATION_NUMBER CHAR (10)(left justified, blank filled) Plate details
    406-408 STAMP_DUTY_EXEMPT_INDICATOR CHAR (3)(left justified, blank filled) Stamp Duty Exemption –Was the vehicle exempted from payment of stamp duty?Was stamp duty $0?Either ‘yes’ or ‘no’
    409-463 STAMP_DUTY_EXEMPT_REASON CHAR (55)(left justified, blank filled) If the above response is ‘yes’ – what is the reason for the exemption eg beneficiary of will, gift – parent to child, spouse to spouse, benevolent institution or not known.If the above field is ‘no” – this field is left blank.
    464-467 GRG_ADD_POST_CD CHAR (4)(right justified, zero filled) The postcode of the vehicle’s garage address
    468-567 GRG_ADDR CHAR (100)(left justified, blank filled) Garage address of vehicle

    Submission to the Information Commissioner

    Varying from the data destruction requirements

    The Australian Taxation Office (ATO) is seeking approval for the Motor Vehicle Registries data matching program for the 2016-17, 2017-18 and 2018-19 to vary from one or more of the conditions detailed in Guideline 10 of the Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration (2014) (the Guidelines).

    We are seeking to retain data for a period of three years after loading of all verified data files for each relevant financial year.

    We consider that a variation from the standard retention periods for this data matching program is in the public interest as:

    • The discrepancy matching that occurs under parts of this program is iterative in nature. For example one discrepancy match may be used in subsequent and different matching processes. This process can typically occur over multiple financial years.
    • The data is also used in multiple risk models, including models that establish retrospective profiles over a number of years. Destroying the data in accordance with the Guidelines will reduce the effectiveness of these models.
    • It would hinder our ability to conduct longer term analysis of the risks associated with asset accumulation.

    We have determined that this variation will not materially affect the privacy of an individual.

    This program will be subject to an evaluation within three years which is consistent with the requirements of Guideline 9.

    Additional information justifying this variation is included in the tables below:

    • Table 1 – matters considered in accordance with Guideline 10.2 in seeking this variation
    • Table 2 – consistency with requirements of the other guidelines issued by the Office of the Australian Information Commissioner

    The Commissioner of Taxation does not request that this advice be kept confidential (Guideline 10.6) and has no concerns with the Office of the Australian Information Commissioner placing the information on its website.

    Table 1: Matters considered in seeking this variation to the Guidelines

    Matter considered

    Consideration

    10.2.a

    The effect that not abiding by the Guidelines would have on individual privacy

    • Retaining data for a period of three years will not increase the risks to an individual’s privacy. We have in place very secure processes for handling and storing data. Once acquired, all data will be stored on our secure computer systems where access is strictly controlled and full audit logs maintained.
    • The ATO and our staff operate under stringent confidentiality and privacy legislation that prohibits the improper access to or disclosure of protected information. These obligations are supported by significant penalties, including imprisonment. This substantially mitigates the risks of breaches of privacy.
     

    10.2.b

    The seriousness of the administrative or enforcement action that may flow from the data matching program

    • An extension of the retention period will not affect the seriousness of the administrative action that may flow from the match, but will assist in detecting non-compliance or taxation fraud
    • Where we propose to take administrative action where a taxpayer may have reported incorrectly, we will differentiate between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model will be followed to ensure fairness and consistency.
     

    10.2.c

    The effect that not abiding by the Guidelines would have on the fairness of the data matching program — including its effect on the ability of individuals to determine the basis of decisions that affect them, and their ability to dispute those decisions

    • There will be no effect on the fairness of the program or the ability of taxpayers to find out the basis of decisions that impact them or their ability to dispute those decisions.
    • Before any administrative action is undertaken, taxpayers will be given at least 28 days to verify the accuracy of the information that has been derived from this data matching program.
    • Where administrative action is to be undertaken, we will adhere to the principles established in the Taxpayers’ Charter and compliance model to ensure an equitable and consistent approach is taken.
    • If a taxpayer does not agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through tribunals and the courts.
     

    10.2.d

    The effect that not abiding by the Guidelines would have on the transparency and accountability of agency and government operations

    • There will be no adverse effects on the transparency and accountability of government operations.
    • A program protocol is submitted to the Office of the Australian Information Commissioner and we will strictly adhere to the commitments in that document.
    • We will publish a notice with general information about the program in the Federal Register of Legislation - Gazettes before administrative action commences. We will also make a copy of the program protocol available on our website.
     

    10.2.e

    The effect that not abiding by the Guidelines would have on compliance of the proposed data matching program with the Australian Privacy Principles in the Privacy Act 1988

    • There will be no effect on compliance with the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 due to longer retention of the data. The data is collected solely for the stated objectives established in the data matching program protocol.
     

    10.2.f

    The effect that complying with the Guidelines would have on the effectiveness of the proposed data matching program

    • The effectiveness of the program would be reduced if the data retention period is not extended.
    • There would be a significant reduction in our ability to detect incorrect reporting and taxation fraud without assessing trends in the data collected.
    • The destruction of the data in accordance with the current guidelines would impact the integrity of the taxation system by:
      • limiting our ability to identify taxpayers who may be subject to administrative action
      • resulting in the loss of revenue.
       
     

    10.2.g

    Whether complying fully with the Guidelines could jeopardise or endanger the life or physical safety of information providers or could compromise the source of information provided in confidence

    • Not abiding by all the requirements of the Guidelines would not influence or affect the personal safety of any individual identified as part of the program or compromise the source of the information provided in confidence.
     

    10.2.h

    The effect that complying fully with the Guidelines would have on public revenue – including tax revenue, personal benefit payments, debts to the Commonwealth and fraud against the Commonwealth

    • Not allowing the variation to the data retention period of the current program would cause us to miss potential breaches of taxation laws and subsequent non-payment of tax. This would result in the Commonwealth foregoing taxation revenue.
    • There are risks to the integrity of taxation system when people fail to comply with their obligations. Abiding by all of the requirements of the guidelines will reduce the effectiveness of the proposed compliance activity. We would miss the opportunity to educate those taxpayers trying to do the right thing, and deter those that are non-compliant from repeating the behaviour.
    • The effect of abiding by all of the requirements in the guidelines could negatively impact both public revenue and the confidence the public and government have in the ATO as an administrator of the taxation system. People not complying with their taxation obligations, including those operating outside the system, set a bad example to compliant taxpayers and may encourage their non-compliance. Maintaining community and government confidence in the taxation system is critical to our ongoing role.
     

    10.2.i

    Whether complying fully with the Guidelines would involve the release of a document that would be an exempt document under the Freedom of Information Act 1982

    • Upon receipt of a freedom of information request only information relating to the taxpayer’s own affairs will be released to the taxpayer concerned.
     

    10.2.j

    Any legal authority for, or any legal obligation that requires, the conduct of the proposed data matching program in a way that is inconsistent with the Guidelines.

    • There is no specific legislative power authorising the conduct of this program inconsistent with the Guidelines.
    • The Commissioner of Taxation, or his authorised representative, has formed the opinion that this data is required to enable us to effectively and efficiently carry out its legislated functions under the general powers of administration contained in:
      • Section 3A of the Taxation Administration Act 1953
      • Section 8 of the Income Tax Assessment Act 1936
      • Section 1-7 of the Income Tax Assessment Act 1997
      • Section 356-5 in Schedule 1 of the Taxation Administration Act 1953
       
    • The reasons for proposing to operate outside requirements of the Guidelines are detailed above.
     
    Table 2: Matters considered in seeking this variation to the Guidelines

    Paragraph/Guideline

    Action taken/To be taken

    Paragraph 6

    Status of the Guidelines

    Our commitment to complying with the Guidelines is embedded in our data management policies and principles and clearly stated in the chief executive instruction.

    Guideline 1

    Application of the Guide

    We apply the guidelines for all data matching programs where it is anticipated the program will include records of 5,000 or more individuals.

    We recognise that programs where there are multiple data sources but with common objectives and algorithms are treated as a single data matching program.

    Guideline 2

    Deciding to carry out or participate in a data matching program

    We conduct a cost-benefit analysis and consider alternate methods prior to proposing to conduct a data matching program.

    Further, we have rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals.

    Guideline 3

    Prepare a program protocol

    Prior to conducting a data matching program, we prepare a data matching program protocol, submit this to the Office of the Australian Information Commissioner and make a copy publicly available on the ATO website.

    When elements of a data matching program change, the protocol is amended, a copy of the amended protocol is provided to the Office of the Australian Information Commissioner and updated on our website

    Guideline 4

    Prepare a technical standards report

    Documentation is prepared and maintained so as to satisfy the requirements of a technical standards report.

    Guideline 5

    Notify the public

    We publish notification of our intention to undertake a data matching program in the Federal Register of Legislation - Gazettes prior to the commencement of the program.

    This notice will include the following information as required by the Guidelines:

    • a brief description of the objectives of the data matching program
    • the matching agency and source entities involved in the data matching program
    • a description of the data contained in the data set involved in the data matching program
    • the categories of individuals about whom personal information is to be matched
    • the approximate number of individuals affected
    • reference to our privacy policy.

    Notification of the program is also published on our website and data providers are advised they can advertise their participation in the data matching program.

    Guideline 6

    Notify individuals of proposed administrative action

    Prior to taking any administrative action as a result of the data matching programs, individuals and other entities are given at least 28 days to verify the accuracy of the information provided to us by third parties.

    Guideline 7

    Destroy information that is no longer required

    We are seeking to vary from this requirement.

    Guideline 8

    Do not create new registers, datasets or databases

    We do not create new registers or databases using data obtained in the course of a data matching program.

    Guideline 9

    Regularly evaluate data matching programs

    Programs are evaluated within three years of the commencement of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner on request.

    Guideline 10

    Seeking exemptions from Guideline requirements

    When we intend to vary from the requirements of the Guidelines, we seek the approval of the Office of the Australian Information Commissioner and provide documentation to support the variance.

    Guideline 11

    Data matching with entities other than agencies

    We undertake our own data matching programs. This function is not outsourced.

    Where data is obtained from an entity other than an individual, we usually do so using our formal information gathering powers. In these instances the entities are advised they are able to notify their clients of their participation in the data matching program.

    Guideline 12

    Data matching with exempt agencies

    We do not usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the Guidelines (i.e. any data matching undertaken with an exempt agency would usually be for fewer than 5,000 individuals).

    In the event a data matching activity would otherwise be subject to these Guidelines except for the exemption status, we still adhere to the principles of the Guidelines and prepare a program protocol, seeking to vary from the Guidelines by not publicly notifying of the program and publishing the protocol. We would still lodge a copy of the protocol with the Office of the Australian Information Commissioner.

    Guideline 13

    Enable review by the Office of the Australian Information Commissioner

    We would not prevent the Office of the Australian Information Commissioner from reviewing our data matching activities and processes. These activities and processes have been reviewed by the Australian National Audit Office and Inspector-General of Taxation.

    More information

    What we will do before we amend a return

    Where we detect a discrepancy that requires verification we will contact the taxpayer usually by telephone, letter or email.

    Before any administrative action is taken, taxpayers will be provided with the opportunity to verify the accuracy of the information obtained by us. Taxpayers will be given at least 28 days to respond before administrative action is taken.

    For example, where discrepancy matching identifies that a taxpayer may not be reporting all of their income, but in fact they are reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.

    The data may also be used to ensure that taxpayers are complying with their other taxation and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.

    In cases where taxpayers fail to comply with these obligations, even after being reminded of them, escalation for prosecution action may be instigated in appropriate circumstances.

    Where a taxpayer is correctly meeting their obligations, the use of the data will reduce the likelihood of contact from us.

    Our on-disclosure provisions

    Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the other government agencies we can disclose taxpayer information to, and the circumstances we are permitted to make those disclosures. These include agencies responsible for:

    • state and territory revenue laws
    • payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
    • overseeing superannuation funds, corporations and financial market operators to ensure compliance with prudential regulations
    • determining entitlement to rehabilitation and compensation payments
    • law enforcement activities to assist with specific types of investigations
    • policy analysis, costing and effectiveness measurement.

    Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances on-disclosures may include de-identified datasets for statistical analysis.

    How we undertake data matching

    We use sophisticated identity matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple details to obtain an identity match. For example, where a name, address and date of birth are available all items are used in the identity matching process. Very high confidence matches will occur where all fields are matched.

    Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision taken to destroy the data with no further action. Our manual identity matching process involves an ATO officer reviewing and comparing third party data identity elements against ATO information on a one-on-one basis, seeking sufficient common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting. Where it is determined data is no longer required a decision is taken to destroy the data.

    Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

    Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity.

    Destruction of data is conducted in accordance with the timeframes and requirements of the Guidelines and GDA24 or an extension of time is sought from the Information Commissioner.

    Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

    How we protect your personal information

    Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

    All ATO computer systems are strictly controlled, with features including:

    • system access controls and security groupings
    • login identification codes and password protection
    • full audit trails of data files and system accesses.

    We will generally utilise our secure internet-based data transfer facility to convey the data from source agencies.

    Where this is not possible, data providers will be requested to provide the data on a CD, DVD or USB media storage device encrypted to a standard that satisfies Australian government requirements. The media storage device will be password protected, with the password provided under separate cover.

    Where the media storage device is not collected by an authorised ATO officer, an approved courier service will be used to collect the device. In remote locations not serviced by an approved courier service, the Australia Post ‘Express Post Platinum’ service will be utilised (providing both tracking and signature for delivery features).

    Our quality assurance framework

    Quality assurance processes are integrated into our processes and computer systems and are applied throughout the data matching cycle.

    These assurance processes include:

    • registering the intention to undertake a data matching program on an internal register
    • obtaining approval from the Data Steward and relevant Senior Executive Service (SES) officers prior to any activity being undertaken
    • conducting program pilots or obtaining sample data to ensure the data matching program will achieve its objectives prior to full data sets being obtained
    • notifying the Office of the Australian Information Commissioner of our intention to undertake the data matching program and request permission to vary from the data matching guidelines (where applicable)
    • access to the data is restricted to approved users and access management logs record details of who has accessed the data
    • quality assurance processes embedded into compliance activities include:
      • review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
      • ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
      • regular independent panel reviews of samples of case work to provide assurance of the accuracy and consistency of case work.
       

    These processes ensure data is collected and used in accordance with our data management policies and principles, and complies with the Information Commissioner's data matching guidelines.

    Why we undertake data matching

    We have considered a range of alternatives to this data matching program to ensure entities are complying with their taxation and superannuation obligations. Relying only on data already held by the ATO is of limited value for the following reasons:

    • the taxation system operates on willing participation so our data is derived from taxpayers that are correctly registered and meeting their lodgment obligations
    • we have no other data to cross-reference to ensure taxpayers are reporting their obligations correctly other than by directly contacting every taxpayer.

    This data matching program will allow us to identify taxpayers who are not fully complying with their obligations, as well as those that may be operating outside the taxation and superannuation systems. It will also reduce the likelihood of the ATO unnecessarily contacting taxpayers who are complying with their taxation obligations.

    Data matching is an effective method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations that would otherwise be a resource intensive exercise.

    Data matching also assists us in effectively promoting voluntary compliance by notifying the public of areas and activities under scrutiny.

    Costs and benefits of data matching

    Costs

    There are some incidental costs to us in the conduct of this data matching program, but these will be more than offset by the total revenue protected. These costs include:

    • data analyst resources to identify potential instances of non-compliance
    • compliance resources to manage casework and educational activities
    • governance resources to ensure that the Guidelines and the Privacy Act 1988 are complied with, and quality assurance work to ensure the rigour of the work undertaken by analysts and compliance staff
    • information technology infrastructure and data storage.

    Benefits

    Benefits from conducting this data matching programs include:

    • maintaining community confidence in both the taxation and superannuation systems by creating a level playing field, as well as maintaining community confidence in the ATO’s capacity to fairly administer those systems
    • integrity of the taxation and superannuation systems – there are inherent risks in taxpayers not complying with their obligations, including those that deliberately abuse these systems – this program will assist the ATO in detecting, dealing with and deterring those that are not meeting their obligations
    • enabling enforcement activity and recovery of taxation revenue – without undertaking this data matching program and subsequent compliance activity there are no assurances that a wider risk to revenue does not exist.

    Making a privacy complaint

    If a taxpayer is not satisfied with how we have collected, held, used or disclosed their personal information, they can make a formal complaint by:

    • using the online complaints form at www.ato.gov.au/complaints
    • phoning our complaints line on 1800 199 010
    • phoning the National Relay Service on 13 36 77 (if you have a hearing, speech or communication impairment)
    • sending us a free fax on 1800 060 063
    • writing to us at:

    ATO Complaints

    PO Box 1271

    ALBURY NSW 2640.

    If a taxpayer is not satisfied with the outcome of the privacy complaint, they can contact the Office of the Australian Information Commissioner. More details on the process can be found on the OAIC website at www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaintExternal Link

    For more information and to review our privacy policy visit our website at www.ato.gov.au/privacy

    Our lawful role

    The Commissioner of Taxation has responsibility for ensuring taxpayers meet their taxation and superannuation obligations. Compliance with these obligations is a matter we take seriously and failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the taxation and superannuation systems and our capacity to administer those systems.

    Our data matching program is one of the strategies used to identity and deal with non-compliant behaviour. Data matching programs also provide a degree of assurance that taxpayers are meeting their obligations.

    Our legal authority to undertake a data matching program

    ATO legislation

    The data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

    This is a coercive power that obligates the data provider to give the information requested. We will use the information for taxation and superannuation compliance purposes.

    Privacy Act

    Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act 1988 and in particular:

    • APP6.2(b) – the use of the information is required or authorised by an Australian law
    • APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement related activities.
      Last modified: 13 Apr 2018QC 55088