Show download pdf controls
  • Public notification of the program

    We will notify the public of our intention to collect 2019–20 to 2021–22 financial year data by:

    • publishing a notice in the Federal Register of Legislation gazettes in the week commencing 16 March 2020
    • publishing this data-matching program protocol on our website at
    • advising the data providers that they  
      • can notify their clients of their participation in this program
      • should update their privacy policies to note that personal information is disclosed to the ATO for data-matching purposes.

    Gazette notice content

    The following information about the data-matching program appears as a gazette notice in the Federal Register of Legislation.

    Gazette notice: Commissioner of Taxation - Notice of a data-matching program

    The Australian Taxation Office (ATO) will acquire ride sourcing data to identify individuals that may be engaged in providing ride sourcing services during the 2019–20 to 2021–22 financial years. The data items include:

    • identification details - driver identifier; Australian Business Number (ABN); driver name; birth date; mobile phone number; email address; address
    • transaction details - bank account details; aggregated payment details (gross fares, net amount paid to driver, and all other income to which Goods and Services Tax may or may not apply to) of all payments received in the relevant period.
    • We estimate that records relating to approximately 250,000 individuals will be obtained each financial year.

    The data will be acquired and matched to with certain sections of ATO data holdings to identify taxpayers that can be provided with tailored information to help them meet their tax and superannuation obligations, or to ensure compliance with taxation law. These obligations may include registration, lodgment, reporting and payment responsibilities.

    The objectives of this program are to:

    • promote voluntary compliance and increase community confidence in the integrity of the tax and superannuation systems
    • identify and educate individuals who may be failing to meet their registration and/or lodgment obligations and assist them to comply
    • gain insights from the data that may help us to develop and implement engagement strategies to improve voluntary compliance which include educational or compliance activities as appropriate
    • obtain intelligence to increase the ATO’s understanding of the behaviours and compliance profiles of individuals and businesses that provide ride sourcing services
    • ensure compliance with registration, lodgment, correct reporting and payment of tax and superannuation obligations.

    A document describing this program is available at

    This program follows the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian Government administration (2014) (the guidelines). The guidelines include standards for the use data-matching as an administrative tool in a way that complies with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Privacy Act), and are consistent with good privacy practice.

    A full copy of the ATO’s privacy policy can be accessed at

    End of example

    Our lawful role

    The ATO is the Australian Government’s principal revenue collection agency. The Commissioner of Taxation has responsibility for ensuring taxpayers meet their tax and superannuation obligations. Compliance with these obligations is a matter we take seriously. Failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the tax and superannuation systems and our capability to administer those systems.

    The ATO carries out its legislated functions through general powers of administration contained in but not limited to:

    • section 3A of the Taxation Administration Act 1953
    • section 8 of the Income Tax Assessment Act 1936
    • section 1-7 of the Income Tax Assessment Act 1997
    • section 43 of the Superannuation Guarantee (administration) Act 1992
    • section 356-5 in Schedule 1 of the Taxation Administration Act 1953.

    Data-matching is one of the strategies used to identity and deal with non-compliant behaviour. Data-matching also provides a degree of assurance that taxpayers are meeting their obligations.

    Privacy Act

    The Privacy Act 1988 (Privacy Act) regulates how personal information is handled by certain entities, such as companies and government agencies.

    Schedule 1 of the Privacy Act lists the 13 Australian Privacy Principles (APPs). The principles cover the collection, use, disclosure, storage and management of personal information.

    Data will only be used within the limits prescribed by the APPs and the Privacy Act.

    The Australian Government Agencies Privacy CodeExternal Link, embeds privacy in all government agency processes and procedures. It ensures that privacy compliance is a priority in the design of our systems, practices and culture.

    The ATO complies with all of the code's requirements, and we are transparent and open about what information we collect, hold and disclose. We train our staff to keep personal information safe, and all our systems and offices are protected and secure.

    See also:

    How we protect your personal information

    Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

    All information and records are managed in accordance with the provisions of the Archives Act 1983.

    The requirement to retain data is reviewed on an ongoing basis in accordance with the timeframes and requirements of the OAIC guidelines. We destroy data that is no longer required, in accordance with the Archives Act 1983 and the records authorities issued by the National Archives of Australia, both general and ATO-specific.

    Under Section 24 of the Act, records can be disposed of where it is approved by the National Archives; required by another law, or a normal administrative practice that the Archives approves of.

    Approval from National Archives is normally provided through records authorities, which are used in the process of sentencing to make decisions about keeping, destroying or transferring particular information and records.

    General or ATO-specific records authorities issued by National Archives apply to our processes of verifying and assuring taxpayer compliance with tax, superannuation and other laws administered by the ATO.

    Our record management practices allow us to satisfy the OAIC guidelines and Australian Privacy Principle 11 (APP11) contained in Schedule 1 of the Privacy Act 1988 and in particular:

    • APP11.1 – An APP entity must take reasonable steps to protect information from  
      • Misuse, interference and loss
      • Unauthorised access, modification or disclosure.
    • APP11.2 – APP entity must take reasonable steps to destroy or de-identify information it no longer needs.

    Our on-disclosure provisions

    In very limited and specific circumstances, we may be permitted by law to disclose individual records to other government agencies.

    Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the government agencies we can disclose taxpayer information to, and the circumstances in which we are permitted to make those disclosures. These include agencies responsible for:

    • state and territory revenue laws
    • payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
    • overseeing super funds, corporations and financial market operators to ensure compliance with prudential regulations
    • determining entitlement to rehabilitation and compensation payments
    • law enforcement activities to assist with specific types of investigations
    • policy analysis, costing and effectiveness measurement.

    Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances, on-disclosures may include de-identified datasets for statistical analysis.

    How we undertake data-matching

    The ATO's identity-matching capability is used to identify individual and or non-individual entities reported to us from a number of external sources. The process is mainframe-based and uses an ATO-designed software solution (technical standard). Aligning with guideline 4.7, this standard supports all of our data-matching programs.

    We use over 60 sophisticated identity-matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple identifiers to obtain an identity match. The identity-matching process appends matching information to the original reported transaction to include an ATO identifier number and a three-character outcome code that indicates to the user the level of matching confidence for the transaction. For example, where a name, address and date of birth are available, all items are used in the identity-matching process. Very high confidence matches will occur where all fields are matched.

    Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision taken to destroy the data with no further action. Our manual identity-matching process involves an ATO officer reviewing and comparing third-party data identity elements against ATO information on a one-on-one basis, seeking sufficient common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting.

    Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

    Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity, or to destroy the data.

    To maintain integrity of the administration of the tax and superannuation systems, only those with a direct and genuine ‘need to know’ can access the technical standards for our identity and discrepancy matching solutions.

    Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

    See also:

    What we do before we amend a return

    Where we detect a discrepancy that requires verification we will contact the taxpayer usually by phone, letter or email.

    Before any administrative action is taken, taxpayers will be given the opportunity to verify the accuracy of the information obtained by us. Taxpayers will be given at least 28 days to respond before administrative action is taken.

    For example, where discrepancy-matching identifies that a taxpayer may not be reporting all of their income, but in fact they're reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.

    The data may also be used to ensure that taxpayers are complying with their other tax and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.

    In cases where taxpayers fail to comply with these obligations, after being reminded of them, prosecution action may be instigated in appropriate circumstances.

    Where a taxpayer has correctly met their obligations, the use of the data will reduce the likelihood of contact from us.

    Making a privacy complaint

    Our privacy policy outlines how we collect, hold and disclose data and explains what you can do if you're not satisfied with the way your information has been treated.

    If you're not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint by:

    ATO Complaints
    PO Box 1271
    ALBURY NSW 2640.

    If you're not satisfied with the outcome of the privacy complaint, you can contact the Office of the Australian Information Commissioner. More details on the process can be found on the OAIC website at Link.

      Last modified: 20 Mar 2020QC 61837