Services Australia specified benefits and entitlements – 2016–17 to 2022–23 data-matching program protocol

The Australian Taxation Office (ATO) has conducted the specified benefits and entitlements data-matching program for 12 years.

This program outlines the ATO's approach to specified benefits and entitlements data from Services Australia, to include:

• collecting a further 3 financial years of Medicare entitlement statements (MES) data, up to and including 2022–23 financial year
• amending the MES data collection and retention timeframes
• ceasing collection of Paid Parental Leave scheme data following reduction in invalid and invalid carer tax offset claim risk.

This protocol consolidates the specified benefits and entitlements data-matching programs encompassing:

• 2016–17 financial year MES data gazetted 12 February 2016
• 2017–18 to 2019–20 financial years MES data gazetted 25 July 2018.

We compare MES data with claims made in income tax returns for the Medicare levy and Medicare levy surcharge.

Medicare gives Australian residents access to health care. It is partly funded by taxpayers who pay a Medicare levy of 2% of their taxable income. Medicare levy is payable by individuals residing in Australia who are eligible for Medicare benefits.

Some individuals, not entitled to Medicare benefits can claim an exemption from the Medicare levy in their income tax return. Individuals not entitled to Medicare benefits for all or part of a financial year must apply for a MES from Services Australia to access the exemption. Any financial year an individual is not entitled to Medicare benefits they will need to apply for a MES.

Exemption from the Medicare levy extends to the Medicare levy surcharge. Taxpayers without private hospital health insurance may have to pay the Medicare levy surcharge in addition to the Medicare levy. The calculation of the Medicare levy surcharge is based on the period without appropriate private hospital health insurance and your income.

We use the specified benefits and entitlements data to:

• ensure the exemptions are correctly claimed
• avoid any unnecessary contact from us for those that are genuinely entitled to claim theses offsets and exemptions.

This data-matching program follows the Office of the Australian Information Commissioner (OAIC) Guidelines on data matching in Australian Government administration (2014). The guidelines assist Australian Government agencies to use data matching as an administrative tool in a way that:

• complies with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Privacy Act)
• is consistent with good privacy practice.

The ATO has a responsibility to protect public revenue and to maintain community confidence in the integrity of the tax system. Our data-matching programs assist us to fulfil this responsibility.

On this page

• Why we look at specified benefits and entitlements data
• Program objectives
• How we use the data
• Public notification of the program
• Our lawful role
• Why we undertake data matching
• How we undertake data matching

Why we look at specified benefits and entitlements data

The specified benefits and entitlements data-matching program will allow us to:

• identify and address claims applied for in tax returns
• provide education and assistance to support correct reporting of payments in tax returns.

Claims for exemption from payment of the Medicare levy and Medicare levy surcharge may be disallowed where: 

• individuals declare they are not entitled to receive Medicare benefits but do not hold a valid MES
• the number of days individuals claim they are not entitled to receive Medicare benefits is different to what is included in the MES.

Program objectives

The objectives of this data-matching program are to:

• promote voluntary compliance by communicating how we use external data with our own, to help encourage taxpayers to comply with their tax and superannuation obligations
• ensure individuals are correctly claiming exemption from payment of the Medicare levy and Medicare levy surcharge
• work with taxpayers and intermediaries to better understand the identified risks and trends for non-compliance
• develop education strategies so compliance is better understood and easier in the future
• speed up processing of income tax returns and payment of refunds to taxpayers who are genuinely entitled to claim these exemptions
• undertake verification activities where the information obtained indicates a taxpayer may not be entitled to claim the exemption, either partly or in its entirety
• help ensure that individuals and businesses are fulfilling their tax and superannuation registration, lodgment, reporting and payment obligations.

How we use the data

The MES data obtained from Services Australia is compared with claims made by a taxpayer on their income tax returns allowing us to:

• identify those taxpayers that are entitled to claim the specified exemptions, along with those that may have made a claim for an exemption to which they are not entitled
• provide information and education campaigns
• use insights from the data to design ways to make it easier for our clients to interact with the system and get their affairs right.

Our previous related programs

Tightening of the eligibility rules, our data-matching program and education strategies have seen a 72% reduction in discrepant claims for the invalid and invalid carer tax offset. With the reduced invalid and invalid carer tax offset claim risk the Paid Parental Leave data is no longer required.

Our data matching activities on Medicare exemption claims for 2017–18 returns identified 86,099 individuals that held MES. We were able to validate 87% of these without needing to contact the taxpayer. Reviews were conducted on 11,000 claims.

Medicare exemption statements can be claimed during or after a financial year. For example, a claim for the 2018–19 financial year can be claimed within the 2019–20 and 2020–21 financial years. Our collection process has changed to accommodate this. The change improves the currency of our information for validation and further reduces the need to contact the taxpayer.

Data providers

The ATO is the matching agency and the sole user of the data obtained during this data-matching program.

Data will be obtained from Services Australia.

Our formal information gathering powers

Where appropriate to ensure statutory requirements are met, the data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

This is a coercive power that obligates the data providers to provide the information requested.

We will use the data for tax and superannuation compliance purposes.

Services Australia disclosure

The disclosure of this MES data is certified under section 208 (b)(i) of the Social Security (Administration) Act 1999.

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act and in particular:

• APP6.2(b) – the use of the information is required or authorised by an Australian law
• APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.

Keeping data safe

The data-matching program will be conducted on our secure systems that comply with the requirements of:

• the Australian Government Information Security ManualExternal Link produced by the Australian Cyber Security Centre, which governs the security of government information and communication technology (ICT) systems
• the Australian Government Protective Security Policy FrameworkExternal Link, which provides guidance on security governance, personnel security, physical security and information security.

All ATO computer systems are strictly controlled according to Australian Government security standards for government ICT systems, with features including:

• system access controls and security groupings
• login identification codes and password protection
• full audit trails of data files and system accesses.

We will use our secure internet-based data transfer facility to obtain the data from source entities.

Data elements collected

Data will be collected from Services Australia.

Medicare entitlement statements data

• identifying particulars of the recipient of the statement (name, address, date of birth)
• detail of the periods the person was not entitled to Medicare benefits (start and end dates, current status).

Data Dictionary

The data dictionary outlines the detailed data elements collected.

Table 1: Medicare entitlement statement data

Field Name	Characters	Field Description
REF_NUMBER	12	This field is provided to allow data records in the submitted dataset to be related back to data holdings from which the submitted data record may have been extracted, or, for use in indexing a dataset in order to merge the matching result details with the original source dataset.
SRNM	30	The surname of an individual
1ST_NM	15	The first given name or first given initial of an individual
OTHR_GVN_NM	30	The second given name or second given initial of an individual
FULL_NM	76	The name of a non-individual entity
BRTH_YR	4	The year of birth of an individual
BRTH_MTH	2	The month of birth of an individual
BRTH_DAY	2	The day of birth of an individual
ADDR_LN_1	38	The first line of the address
ADDR_LN_2	38	The second line of the address
STATE_CD	3	The state or territory of the address
LCLTY_NM	27	The suburb, town or city of the address
POST_CD	4	The postcode of the address
FULL_ADDR	140	The field may contain address details that cannot readily be structured into address lines, locality and post code
RPT_ID_NUM	11	A tax file number (TFN), Australian Company Number (ACN) or Australian Business Number (ABN)
CERT_START	8	Date of the start of the Medicare Levy Exemption Certificate
CERT_END	8	Date of the end of the Medicare Levy Exemption Certificate
CERT_STAT	1	Status of the Medicare Levy Exemption Certificate: [C]ertified or [R]evoked

Number of records

The number of individuals affected by this MES data collection is expected to be approximately 100,000 individuals each financial year.

Data quality

We anticipate that the data quality will be of a high standard. Services Australia data is of a high quality and regularly relied on for administration of the tax system.

The data is sourced from providers' systems and may not be available in a format that can be readily processed by our systems. We apply extra levels of scrutiny and analytics to verify the quality of the data. This includes but is not limited to:

• meeting with data providers to understand their data holdings, including their data use, data currency, formats, compatibility and natural systems
• sampling data to ensure it is fit for purpose before fully engaging providers on task
• verification practices at receipt of data to check against confirming documentation; we then use algorithms and other analytical methods to refine the data.

Data is transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our computer systems. We undertake program evaluations to measure effectiveness before determining whether to continue to collect future years of the data or to discontinue the program.

To assure data is fit for consumption and maintains integrity throughout the data-matching program, it is assessed against the 11 elements of the ATO data-quality framework:

1. Accuracy – the degree to which the data correctly represents the actual value
2. Completeness – if all expected data in a data set is present
3. Consistency – whether data values in a data set are consistent with values elsewhere within the data set or in another data set
4. Currency – how recent the time period is that the data set covers
5. Precision – the level of detail of a data element
6. Privacy – access control and usage monitoring
7. Reasonableness – reasonable data is within the bounds of common sense or specific operational context
8. Referential integrity – when all intended references within a data set or with other data sets, are valid
9. Timeliness – how quickly the data is available for use from the time of collection
10. Uniqueness – if duplicated files or records are in the data set
11. Validity – data values are presented in the correct format and fall within a predefined set of values.

Data retention

The MES data collected for this program is for all financial years from 2016–17 to 2022–23.

MES data is collected biannually in January and August.

Data for each financial year the MES applies will first be collected in January following the applicable financial year. For example, MES for 2019–20 financial year will be first collected January 2021.

Data for MES for the applicable financial year that are granted after that financial year will be collected iteratively at each January and August collection period for 2 years of collection. This means MES for the 2019–20 financial year but processed after the financial year will be collected as outlined in the table below.

Example of collection periods for 2019–20 financial year Medicare exemption statements processed after the financial year

Medicare exemption statements for the 2019–20 financial year granted after the financial year	Collection period
Processed 1 July 2020 to 31 December 2020	January 2021
Processed 1 January 2021 to 31 July 2021	August 2021
Processed 1 August 2021 to 31 December 2021	January 2022
Processed 1 January 2022 to 31 July 2022	August 2022

The collection of the 2019–20 has been on this basis. The remaining years will follow a similar pattern.

We destroy data that is no longer required, in accordance with the Archives Act 1983, the records authorities issued by the National Archives of Australia, both general and ATO-specific.

For the MES data, we will retain each financial year of data for 2 years from receipt of the final instalment of verified data files from the data providers.

The data is required for this period for the protection of public revenue as:

• retaining data for the specified periods enables us to undertake verification activities where the information obtained indicates a taxpayer may not be entitled to claim the exemption, either partly or in its entirety
• the data enhances our ability to identify taxpayers who may not be complying with their tax and superannuation obligations, which is integral to the protecting the integrity of the tax and superannuation systems
• the data retention supports our general compliance approach of reviewing an assessment within the applicable claiming period, which also aligns with the requirements for taxpayers to keep their records.

While increased data-retention periods may increase the risk to privacy, we have a range of safeguards to appropriately manage and minimise this. ATO systems and controls are designed to ensure the privacy and security of the data we manage.

See also

• Our lawful role
• How we undertake data-matching
• Why we undertake data-matching

Public notification of the program

We will notify the public of our intention to collect the additional 2020–21 to 2022–23 data by:

• publishing a notice in the Federal Register of Legislation gazettes on 16 November 2021.
• publishing this data-matching program protocol on our website at ato.gov.au/dmprotocols
• advising the data providers that they can notify their clients of their participation in this program (Services Australia privacy policyExternal Link on their website includes that personal information is disclosed to ATO for data-matching purposes).

Gazette notice content

The following information about the data-matching program appears as a gazette notice in the Federal Register of Legislation.

Our lawful role

The ATO is the Australian Government’s principal revenue collection agency. The Commissioner of Taxation has responsibility for ensuring taxpayers meet their tax and superannuation obligations. Compliance with these obligations is a matter we take seriously. Failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the tax and superannuation systems and our capability to administer those systems.

The ATO carries out its legislated functions through general powers of administration contained in but not limited to:

• section 3A of the Taxation Administration Act 1953
• section 8 of the Income Tax Assessment Act 1936
• section 1–7 of the Income Tax Assessment Act 1997
• section 43 of the Superannuation Guarantee (administration) Act 1992
• section 356-5 in Schedule 1 of the Taxation Administration Act 1953.

Data matching is one of the strategies used to identify and deal with non-compliant behaviour. Data matching helps provide assurance that taxpayers are meeting their obligations.

Privacy Act

The Privacy Act 1988 (Privacy Act) regulates how personal information is handled by certain entities, such as companies and government agencies.

Schedule 1 of the Privacy Act lists the 13 Australian Privacy Principles (APPs). The principles cover the collection, use, disclosure, storage and management of personal information.

Data will only be used within the limits prescribed by the APPs and the Privacy Act.

The Australian Government Agencies Privacy CodeExternal Link embeds privacy in all government agency processes and procedures. It ensures that privacy compliance is a priority in the design of our systems, practices and culture.

The ATO complies with the code's requirements, and we are transparent and open about what information we collect, hold and disclose. We train our staff to keep personal information safe, and all our systems and offices are protected and secure.

Our data Stewardship model upholds our data governance practices and embeds 6 ethical standards that guide how we collect, manage, share and use your data:

1. Act in the public interest, be mindful of the individual
2. Uphold privacy, security and legality
3. Explain clearly and be transparent
4. Engage in purposeful data activities
5. Exercise human supervision
6. Maintain data stewardship.

See Your privacy.

How we protect your personal information

Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

All information and records are managed in accordance with the provisions of the Archives Act 1983.

The requirement to retain data is reviewed on an ongoing basis in accordance with the timeframes and requirements of the OAIC guidelines. We destroy data that is no longer required, in accordance with the Archives Act 1983 and the records authorities issued by the National Archives of Australia, both general and ATO-specific.

Under section 24 of the Act, records can be disposed of where it is approved by the National Archives; required by another law, or a normal administrative practice that the Archives approves of.

Approval from National Archives is normally provided through records authorities, which are used in the process of sentencing to make decisions about keeping, destroying or transferring particular information and records.

General or ATO-specific records authorities issued by National Archives apply to our processes of verifying and assuring taxpayer compliance with tax, superannuation and other laws administered by the ATO.

Our record management practices allow us to satisfy the OAIC guidelines and Australian Privacy Principle 11 (APP 11) contained in Schedule 1 of the Privacy Act 1988 and in particular:

• APP11.1 – An APP entity must take reasonable steps to protect information from
  • misuse, interference and loss
  • unauthorised access, modification or disclosure.
   
• APP11.2 – An APP entity must take reasonable steps to destroy or de-identify information it no longer needs.

Our on-disclosure provisions

In very limited and specific circumstances, we may be permitted by law to disclose individual records to other government agencies.

Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the government agencies we can disclose taxpayer information to, and the circumstances in which we are permitted to make those disclosures. These include agencies responsible for:

• state and territory revenue laws
• payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
• overseeing super funds, corporations and financial market operators to ensure compliance with prudential regulations
• determining entitlement to rehabilitation and compensation payments
• law enforcement activities to assist with specific types of investigations
• policy analysis, costing and effectiveness measurement.

Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances, on-disclosures may include de-identified datasets for statistical analysis.

How we undertake data matching

The ATO's identity-matching capability is used to identify individual and or non-individual entities reported to us from multiple external sources. The process uses both mainframe-based and mid-range applications that comply with an ATO-designed software solution (technical standard). The technical standard supports all our data-matching programs and aligns with OAIC guideline 4.7.

We use over 60 sophisticated identity-matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. These techniques use multiple identifiers to obtain an identity match. The identity-matching process appends matching information to the original reported transaction to include an ATO identifier number and a 3-character outcome code that indicates to the user the level of matching confidence for the transaction. For example, where a name, address and date of birth are available, all items are used in the identity-matching process. Very high confidence matches will occur where all fields are matched.

Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision is taken to destroy data no longer required. Our manual identity-matching process involves an ATO officer reviewing and comparing third-party data identity elements against ATO information on a one-on-one basis, seeking enough common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting.

Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

Lower risk discrepancy matches will be further analysed, and a decision made to take some form of compliance or educational activity, or to destroy the data.

To maintain integrity of the administration of the tax and superannuation systems, only those with a direct and genuine ‘need to know’ can access the technical standards for our identity and discrepancy matching solutions.

Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

See also

• How we use data-matching
• How we use data and analytics

What we do before we amend a return

Where we detect a discrepancy that requires verification, we will contact the taxpayer usually by telephone, letter or email.

Before we take any administrative action, taxpayers will have the opportunity to verify the accuracy of the information we have obtained. Taxpayers will have at least 28 days to respond before we take administrative action.

For example, where discrepancy-matching identifies that a taxpayer may not be reporting all their income, but in fact they're reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.

The data may also be used to ensure that taxpayers are complying with their other tax and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.

In cases where taxpayers fail to comply with these obligations, after being reminded of them, we may instigate prosecution action in appropriate circumstances.

Where a taxpayer has correctly met their obligations, the use of the data will reduce the likelihood of contact from us.

Making a privacy complaint

Our privacy policy outlines how we collect, hold and disclose data and explains what you can do if you're not satisfied with the way your information has been treated.

If you're not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint by:

• using the online complaints form at ato.gov.au/complaints
• phoning our complaints line on 1800 199 010
• using the National Relay Service (NRS) call numbersExternal Link (if you have a hearing, speech or communication impairment)
• sending us a free fax on 1800 060 063
• writing to us at

ATO Complaints

PO Box 1271

ALBURY NSW 2640

If you're not satisfied with the outcome of the privacy complaint, you can contact the Office of the Australian Information Commissioner. More details on the process can be found on the OAIC website at oaic.gov.au/privacy/making-a-privacy-complaintExternal Link.

Why we undertake data matching

To effectively administer the tax and superannuation systems, the ATO is required in accordance with the law to collect and analyse information concerning the financial affairs of taxpayers and other participants in the Australian economy.

In addition to our administrator responsibilities, the Public Service Act 1999 (PS Act) requires each agency head to ensure their agency complies with legislative and whole-of-government requirements. Agency heads are required to ensure proper use and management of public resources as per the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

We consider and undertake a range of alternatives to data matching to ensure entities are complying with their tax and superannuation obligations. Relying only on data that we already hold is of limited value for the following reasons:

• The tax system operates on willing participation, so our data is derived from taxpayers that are correctly registered and meeting their lodgment obligations.
• The only other way of ensuring that taxpayers are reporting their obligations correctly would be to contact every taxpayer directly.

Data matching allows us to cross-reference suitable external data to identify taxpayers who may not be in full compliance with their obligations, as well as those that may be operating outside the tax and superannuation systems. It also reduces the likelihood of unnecessarily contacting taxpayers who are complying with their tax obligations.

Data matching is an effective method of examining the records of thousands of taxpayers. We do this to ensure compliance with lodgment and reporting obligations. This would otherwise be a resource-intensive exercise.

Data matching also assists us to effectively promote voluntary compliance by notifying the public of risk areas and activities under scrutiny.

Our quality assurance framework

Quality assurance is integrated into our processes and computer systems and applied throughout the data-matching cycle.

These assurance processes include:

• registering the intention to undertake a data-matching program on an internal register
• risk assessment and approval from the data steward and relevant senior executive service (SES) officers prior to any data-matching program being undertaken
• conducting program pilots or obtaining sample data to ensure the data-matching program will achieve its objectives prior to full datasets being obtained
• notifying the OAIC of our intention to undertake the data-matching program and seek permission to vary from the data-matching guidelines (where applicable)
• restricting access to the data to approved users and using access management logs to record details of who has accessed the data
• quality assurance processes embedded into compliance activities, including
  • review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
  • ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
  • regular independent panel reviews of samples of case work to ensure our case work is accurate and consistent.
   

These processes ensure data is collected and used in accordance with our data-management policies and principles and complies with the OAIC's data-matching guidelines.

Costs and benefits of data matching

Costs

There are some incidental costs to us in the conduct of data-matching programs, but these will be more than offset by the total revenue protected. These costs include:

• data analyst resources to identify potential instances of non-compliance
• compliance resources to manage casework and educational activities
• governance resources to ensure compliance with the guidelines and Privacy Act
• quality assurance processes to ensure the rigour of the work undertaken by analysts and compliance staff
• storage of the data.

Benefits

The use of data is common across government agencies and the private sector. The use of data, computer power and storage continue to grow, which increases the benefits from data matching. Data matching and the insights it provides help us:

• deliver tailored products and services, which underpins our culture of service
• make it easier for taxpayers and agents by providing tailored messages in our online services
• enable early intervention activities, as our goal is prevention rather than correction
• maintain community confidence in our ability to administer the tax and superannuation systems, because we can
  • make better, faster and holistically smarter decisions with measurable results to deliver a level playing field for all
  • solve problems and shape what we do for the community
  • advise government and deliver outcomes with agility
   
• maintain the integrity of the tax and superannuation systems by
  • providing education to assist taxpayers to do the right thing
  • deterring behaviours so taxpayers adhere to their obligations
  • detecting taxpayers who are not complying with their obligations, targeting those that continue to deliberately abuse the tax and superannuation systems
  • enabling enforcement activity and recovery of tax revenue
  • directing compliance activities to assure that wider risks to revenue do not exist.
   

Services Australia 2016–17 to 2022–23 data-matching program protocol outlining benefits and entitlements data.