Show download pdf controls
  • More information

    What we will do before we amend a return

    Where we detect a discrepancy that requires verification we will contact you – usually by phone, letter or email.

    Before any administrative action is taken, you will be provided with the opportunity to verify the accuracy of the information obtained by us. You will be given at least 28 days to respond before administrative action is taken.

    For example, where discrepancy matching finds that you are not reporting all your income – but in fact are reporting the income under another entity – you will be given the opportunity to clarify the situation.

    The data may also be used to make sure that you are complying with other tax and superannuation obligations, including:

    • registration requirements
    • lodgment obligations
    • payment responsibilities.

    In cases where you fail to comply with these obligations (after being reminded of them), escalation for prosecution action may be started in appropriate circumstances.

    Where you have correctly met your obligations, the use of the data will reduce the likelihood of contact from us.

    Our on-disclosure provisions

    Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the other government agencies we can disclose taxpayer information to, and the circumstances we are allowed to make those disclosures. These include agencies responsible for:

    • state and territory revenue laws
    • payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
    • overseeing superannuation funds, corporations and financial market operators to ensure compliance with prudential regulations
    • determining entitlement to rehabilitation and compensation payments
    • law enforcement activities to assist with specific types of investigations.

    Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by tax laws.

    How we undertake data matching

    We use sophisticated identity matching techniques to make sure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple details to find an identity match. For example, where a name, address and date of birth are available – all items are used in the identity matching process. Very high confidence matches will occur where all fields are matched.

    Extra manual processes, such as individual record searches, may be undertaken where high confidence identity matches don't occur, or a decision taken to destroy the data with no further action.

    Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

    Data analysts use many models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

    Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity, or to destroy the data. In accordance with Guideline 7 – where a decision is made not to take further action, the information that has been collected will be destroyed within 90 days.

    How we protect your personal information

    Our staff are subject to the strict confidentiality and privacy provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

    All our computer systems are strictly controlled, with features including:

    • system access controls and security groupings
    • login identification codes and password protection
    • full audit trails of data files and system accesses.

    We will utilise our secure internet-based data transfer facility to obtain the data from the source agency. Where this is not possible, the data provider will be requested to provide copies of the data on a CD, DVD or USB device encrypted to a standard that satisfies Australian government requirements. The magnetic media device will be password protected, with the password provided under separate cover to us.

    Where the data isn't collected by an authorised ATO officer, an approved courier service will be used. In remote locations not serviced by an approved courier service, the Australia Post ‘Express Post Platinum’ will be used (this provides both tracking and signature for delivery features).

    Our quality assurance framework

    Quality assurance processes are integrated into our processes and computer systems and are applied throughout the data matching cycle.

    These assurance processes include:

    • registering the intention to undertake a data matching program on an internal register
    • obtaining approval from the data matching gatekeeper and relevant Senior Executive Service (SES) officers – prior to any activity being undertaken
    • conducting program pilots or obtaining sample data to ensure the data matching program will achieve its objectives prior to full data sets being obtained
    • notifying the Office of the Australian Information Commissioner of our intention to undertake the data matching program and request permission to vary from the data matching guidelines (where applicable)
    • maintaining access management logs recording details of who has access to the data, why access is required and how it will be used
    • processes embedded into compliance activities, such as  
      • review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
      • ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
      • regular independent panel reviews of samples of case work to provide assurance of the accuracy and consistency of case work.

    These processes ensure data is collected and used in accordance with our data management policies and principles, and complies with the Information Commissioner's data matching guidelines.

    Why we undertake data matching

    We have considered a range of alternatives to this data matching program to ensure entities are complying with their taxation and superannuation obligations. Relying only on data already held by us is of limited value for the following reasons:

    • we only receive data from taxpayers who are correctly registered and meeting their lodgment obligations
    • we have no other data to cross-reference to ensure taxpayers are reporting their obligations correctly other than by directly contacting every taxpayer.

    This data matching program will allow us to identify taxpayers who aren't fully complying with their obligations, as well as those that may be operating outside the tax and superannuation systems. It will also reduce the likelihood of us unnecessarily contacting taxpayers who appear to be complying with their tax obligations.

    Data matching is an effective method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations.

    Data matching also assists us in effectively promoting voluntary compliance by notifying the public of areas and activities under scrutiny.

    Costs and benefits of data matching


    There are some incidental costs to us in the conduct of this data matching program, but these will be more than offset by the total revenue protected. These costs include:

    • data analyst resources to identify potential instances of non-compliance
    • compliance resources to manage casework and educational activities
    • governance resources to ensure that the Guidelines and Privacy Act are complied with, and quality assurance work to ensure the rigour of the work undertaken by analysts and compliance staff
    • storage of the data.


    Benefits from conducting this data matching program include:

    • maintaining community confidence in both the tax and superannuation systems by creating a level playing field, as well as maintaining community confidence in the ATO’s capacity to fairly administer those systems
    • integrity of the tax and super systems – there are inherent risks in taxpayers not complying with their obligations, including those that deliberately abuse these systems – this program will assist us in detecting, dealing with and deterring those that aren't meeting their obligations
    • enabling enforcement activity and recovery of tax revenue – without undertaking this data matching program and subsequent compliance activity there are no assurances that a wider risk to revenue does not exist.
      Last modified: 18 Dec 2017QC 50759