• Specialised payment systems data matching program protocol

    1 Data matching guidelines

    Attention

    Warning:

    This information may not apply to the current year. Check the content carefully to ensure it is applicable to your circumstances.

    End of attention

    The Australian Taxation Office (ATO) has committed itself to voluntarily comply with the Guidelines on data matching in Australian government administration (2014) (Guidelines) published by the Office of the Australian Information Commissioner.

    The specialised payment systems data matching program is prepared and published in accordance with these Guidelines.

    2 Overview

    The specialised payment systems data matching program is a new program. This program will complement and expand upon the current ongoing credit and debit card data matching program. Transactions processed through the specialised payment systems in this program are either not included, or not seen at the ‘end merchant’ level in the ATO’s third party merchant credit and debit card data collection.

    The specialised payment systems data matching program will support our objectives of creating a level playing field for business, detecting non-compliance and dealing with it appropriately to encourage other taxpayers to do the right thing and deter those who do not.

    Comparing merchants’ transactions against information reported in tax returns enables the ATO to assess the taxation compliance of individuals and businesses, or to isolate populations that use certain types of payment systems or do not use any electronic payment system, for more detailed examination. The ATO will match the data provided by specialised payment system providers against taxpayer records to identify those who may not be meeting their registration, reporting, lodgment and/or payment obligations to ensure relevant income is reported and thus to help provide a more level playing field for those businesses doing the right thing. The ATO may also use the data to identify potential ‘cash only’ businesses, by exception.

    Businesses operating in the cash or hidden economy undermine Australia’s taxation and superannuation systems. As part of our compliance activities we will continue our scrutiny of businesses deliberately avoiding their taxation obligations. These businesses are becoming more visible to us as our data matching activities become more sophisticated.

    3 Purpose and objectives

    Purpose

    The purpose of the specialised payment systems data matching program is to protect businesses from unfair competition by identifying taxpayers who are not complying with their taxation obligations.

    Objectives

    The objectives of the specialised payment systems data matching program are to:

    • Identify individuals and businesses that are not correctly reporting their business income
    • Identify individuals who are operating businesses but are failing to meet their registration and/or lodgment obligations
    • Identify liquidated or de-registered businesses that are continuing to trade
    • assist in identifying potential ‘cash only’ businesses, by exception
    • Promote voluntary compliance with taxation obligations and increase awareness in the community of the ways the ATO uses data matching to address taxation non-compliance, by publishing this program protocol, and
    • Assist the ATO in building intelligence about businesses including broader risk, trend and strategic analysis.

    Overall, the ATO is seeking to obtain external data to cross-reference with its own internal data to identify relevant cases for administrative action, including compliance and educational strategies.

    4 Agencies and entities involved

    Matching and primary user agency

    The ATO is the matching agency, and will generally be the sole user of the data. In very limited and specific circumstances as contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953, the ATO may provide individual records to other agencies, including state and territory revenue authorities and law enforcement agencies.

    The data matching program will be conducted on the ATO’s secure computer facilities and in accordance with approved policies and procedures.

    Source entities

    A principle based approach has been adopted to ensure that inclusion as a source entity is fair and transparent.

    Inclusion of data providers in the program is based on the following principles:

    • The data owner or its subsidiary operates a business in Australia that is governed by Australian law
    • The data owner provides online, mobile or automated payment facilities for its clients and maintains records of electronic payments received by those clients. The data owner was providing these facilities for the year/s in focus
    • Where the data owner captures data already collected under the current merchant credit and debit card data matching program, they may be excluded from this program
    • Where the client base of a data owner does not present an omitted income risk, or the administrative or financial cost of collecting the data exceeds the benefit the data may provide, the data owner may be excluded from the program.

    For the first year of collection, data will be sought from:

    • Ausfit Pty Ltd
    • Australia and New Zealand Banking Group Limited (BPAY data)
    • Bill Buddy Pty Ltd
    • Commonwealth Bank of Australia (BPAY data)
    • Debitsuccess Pty Ltd
    • eDebit Pty Ltd
    • Ezidebit Pty Ltd
    • Ezypay Pty Ltd
    • FFA Paysmart Pty Ltd
    • Integrapay Pty Ltd
    • IP Payments Pty Ltd
    • National Australia Bank Limited (BPAY data)
    • Flexi Online Pty Ltd (T/A Paymate)
    • PayPal Australia Pty Ltd
    • POLi Payments Pty Ltd
    • Quickpay Pty Ltd
    • St George Bank (BPAY data)
    • Westpac Banking Corporation (BPAY data)

    In accordance with guideline 5.9 the ATO has also advised the source entities to take reasonable steps to notify the general public of their participation in this data matching program.

    5 Data issues

    Data elements

    The ATO works collaboratively with data providers to ensure that requests for data are easily understood and reasonable in terms of costs of compliance. Tailored data specifications taking into account the natural systems of providers will be issued to each provider as part of this process.

    The following data items will be requested from data providers, where the information is held, for all merchants or billers, for the 2013-14 financial year:

    Merchants or biller record fields – latest identification details:

    1. Unique merchant or biller reference number
    2. Business category description
    3. The surname of the primary account owner
    4. The first name of the primary account owner
    5. Other given names of the primary account owner
    6. Birth date of the primary account owner
    7. Merchant or biller’s legal business name
    8. Merchant or biller’s trading name
    9. Business address
    10. Residential address
    11. Postal address
    12. Email address
    13. Business phone number
    14. Mobile phone number
    15. Merchant or biller’s ABN or ACN
    16. BSB number of the merchant or biller’s settlement account
    17. Account number of the merchant or biller’s settlement account
    18. Name details of the merchant or biller’s settlement account
    19. Merchant or biller’s facility registration or activation start date.

    Transaction record fields per merchant/client or biller – monthly transaction totals:

    1. Unique merchant or biller reference number
    2. Month of period of transactions
    3. Amount of monthly sales made by each merchant or biller
    4. Count of monthly sales made by each merchant or biller
    5. Amount of refund transactions
    6. Count of refund transactions.

    A full copy of the data dictionary is included in Appendix A.

    Number of records

    Based on consultation with data providers, it is estimated that records relating to around 25,000 individuals will be received.

    Data quality

    The ATO expects that the data acquired will be of high quality as accurate data is fundamental to effective business operations for specialised payment systems. In many cases, the provider of the specialised payment system assumes the liability for transactions it processes on behalf of merchants or billers. As such a high level of integrity in the client identification fields is essential and built into the merchant/biller on-boarding process. The ATO will establish quality assurance processes in conjunction with the specialised payment providers to ensure the veracity of the data.

    When the data is received it will be checked to ensure that the data contains the required information before loading it onto the ATO’s secure mainframe system. The data will be transferred to the ATO’s secure computer systems for matching.

    Data integrity

    The ATO has a mature identity matching engine, client identification compliance system (CIDC). This ensures a high confidence in the integrity of the identity matching as the system utilises more than one identifier in the matching process. For example, where an Australian business number (ABN), name, address and date of birth are available all fields are used in the identity matching process. Very high confidence matches will occur where all fields are matched.

    Some data is anticipated to be matched at lower confidence levels where there are not matches on all fields, or there is missing data or differences in the data.

    Where administrative action is proposed, additional checks will take place to ensure the correct entity has been identified. The entities will be provided the opportunity to verify the accuracy of the information before any administrative action is taken.

    Data security

    ATO staff are subject to the strict secrecy and privacy provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contraventions of these provisions.

    All ATO systems are strictly controlled, with features including:

    • System access controls and security groupings
    • Login identification codes and password protection
    • Full audit trails of data file and system accesses.

    The ATO will utilise its secure Data Transfer Facility to obtain the data from source agencies.

    Where this is not possible, source agencies will be requested to provide copies of the data on a CD, DVD or USB device encrypted to a standard that satisfies Australian government requirements. The magnetic media device will be password protected, with the password provided under separate cover to the ATO.

    Where the data is not collected by an authorised ATO officer, an approved courier service will be used to collect the data. In remote locations not serviced by an approved courier service, the Australia Post ‘Express Post Platinum’ will be used (this provides both tracking and signature for delivery features).

    6 Discrepancy matching

    Matching process

    The identity matching process is described above under ‘Data Integrity’, and is the first step in the matching process.

    Records with a sufficient confidence level in the identity match will be loaded to the ATO’s secure data warehouse where data analysts will use various techniques to identify potentially high risk discrepancy matches for actioning within compliance areas. Cases selected for administrative action will be loaded to mainframe case management systems for allocation to compliance staff.

    Lower risk discrepancy matches will be further analysed and a decision taken to either take some form of compliance or educational activity, or to destroy the dataset.

    Quality assurance

    Quality assurance processes are integrated into ATO processes and systems and are implemented throughout the data matching cycle.

    These assurance processes include:

    • Registering the intention to undertake a data matching program on a central register and approvals being obtained from the Data Matching Gatekeeper and Senior Executive Service (SES) officers prior to any activity being undertaken
    • Notifying OAIC of our intention to undertake the data matching program and any intentions to vary from the Data Matching Guidelines
    • Maintaining access management logs recording details of who has access to the data, why access is required and how it will be used
    • Quality assurance processes embedded into compliance activities.

    These processes ensure data is collected in accordance with the ATO’s data management policies and principles, and complies with OAIC’s data matching guidelines.

    7 Action resulting from the program

    This program will be used to identify individuals and businesses that may be under reporting or not reporting income and not complying with their lodgment obligations as part of the intent to protect businesses that do the right thing from unfair competition.

    Taxpayers identified as being non-compliant with their taxation and lodgment obligations will be referred to the relevant compliance area of the ATO for appropriate compliance action. These cases will be subject to compliance activity, to determine the level of compliance with taxation laws by businesses within this group. In some instances it may facilitate debt collection or lodgment compliance activities to address outstanding obligations. Before any compliance action is undertaken, individuals will be given at least 28 days to clarify any information that has been derived from the specialised payment systems data matching program.

    Action resulting from the program for the period reviewed will ensure that businesses are:

    • Correctly reporting their income
    • Registered for GST, if required to do so
    • Meeting their tax return and activity statement lodgment requirements and any other taxation obligations.

    In cases where taxpayers fail to comply with their obligations, even after being reminded of them, the ATO will take other action as appropriate. This may include consideration for prosecution. In addition, a risk profile of the taxation compliance of businesses within this group will provide pertinent statistical information to the ATO to determine new and appropriate education and compliance strategies for a range of industries.

    8 Time limits applying to the program

    The collection of the 2013-14 financial year data under this program protocol is expected to occur in the period from October to December 2014.

    In accordance with Guideline 7.7, the ATO has sought a variation to the destruction conditions.

    The nature of the discrepancy matching that occurs under this program will be, in some instances, iterative. This includes the data being used to generate lodgment reviews with subsequent lodgements then being compared to the transactional data for accuracy. This, in combination with our intention to conduct longer term analysis and risk profiling of the data set, has prompted the ATO to seek a timeframe for the destruction of all data under this program of up to three years from the receipt of all verified data files from all data providers. This timeframe aligns with the requirement to evaluate the data matching program no later than three years after the commencement of operation of the data matching program.

    A full case setting out the basis for seeking this variation to the Guidelines and its impacts on individual privacy is contained in Appendix B.

    When data is no longer required it will be destroyed in accordance with General Disposal Authority 24 and/or the Records Disposal Authority 1194 as applicable. All data to be destroyed will be handled securely under the supervision of the ATO’s IT Trusted Access branch and in accordance with the ATO’s security procedures table for dissemination limiting marker: sensitive.

    9 Public notice of the program

    The ATO will publish a public notification of this data matching program in the Commonwealth government notices gazette in October 2014. A copy of the gazette notice will be provided to the data providers and the OAIC.

    A copy of the proposed gazette notice is included in Appendix C.

    The ATO will also publish a copy of this data matching program protocol on its website once the gazette notice has been published.

    Data providers have been advised they may also notify their clients of participation in this data matching program and they are considering their options.

    10 Relationship to lawful functions

    The Commissioner of Taxation has responsibility for ensuring taxpayers meet their taxation and superannuation obligations. Compliance with these obligations is a matter the ATO takes seriously and a failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the taxation and superannuation systems and the ATO’s capacity in administering those systems.

    The ATO’s data matching program is one of the strategies used to identity and deal with non-compliant behaviour. Data matching programs provide a degree of assurance that the taxpayers are meeting their obligations.

    11 Legal authority

    ATO legislation

    The data will be obtained under the ATO’s formal information gathering powers contained in the following legislative provisions:

    • Section 264 of the Income Tax Assessment Act 1936
    • Section 353-10 and 353-15 of Schedule 1 to the Taxation Administration Act 1953 (administering indirect taxes)

    These are coercive powers that obligate the data providers to furnish the information requested. The ATO will use the information for taxation and superannuation compliance purposes.

    Privacy Act

    This use is within the limits on the use of personal information imposed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act 1988 and in particular:

    • APP6.2(b) – the use of the information is permitted by an Australian Law; and
    • APP6.2(e) – the use is necessary for the ATO’s enforcement related activities

    In accordance with APP6.5, this program protocol constitutes the written note of the data being used for enforcement related activities.

    12 Alternative methods

    Relying only on data already held by the ATO is of limited value for the following reasons:

    • The ATO does not hold electronic transaction data outside the current credit and debit card merchant data collection
    • ATO data only covers entities that have an ABN or TFN. This data will not identify entities that have never registered for an ABN or TFN and are operating outside the taxation system.

    This data matching program will allow the ATO to identify taxpayers that may be operating outside the taxation and superannuation systems. It will also reduce the likelihood of the ATO unnecessarily contacting a taxpayer who is complying with their taxation obligations.

    Data matching is an effective and efficient method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations that would otherwise be a resource intensive exercise examining records individually.

    It also assists the ATO to effectively promote voluntary compliance by notifying the public of areas and activities under scrutiny.

    13 Costs and benefits

    Befits

    The benefits of this program are expected to be significant and include:

    • An enhanced capacity to identify taxpayers who are operating a business but not reporting some, or all, of their income or who are not complying with all of their taxation obligations
    • A reduced risk to revenue as the ATO will be able to more readily identify businesses operating outside the tax system
    • The ATO being able to use the intelligence gained from this data to refine risk profiles and parameters
    • The ATO having a greater understanding of the businesses operating in the hidden economy and being able to cater for these businesses in our compliance strategies
    • There being greater integrity in the taxation system because of an increasing level of voluntary compliance and awareness within the community of taxation obligations
    • Maintaining community and government confidence in the taxation system – maintaining this confidence is critical to the ongoing role of the ATO. This program will highlight actions being taken by the ATO in relation to registration, lodgment and correct completion of income tax returns and business activity statements.

    Costs

    The costs of the specialised payment systems data matching program are expected to be minimal in relation to the total revenue protected. The costs include ATO resources to:

    • Store data in the ATO information technology facilities
    • Run the data matching program and activities
    • Support the data matching system
    • Prepare and analyse data for case selection and profiling, and
    • Relationship management and technical support to data providers.

    Appendix A - Data dictionary

    Field Name

    Field Description

    REF_NUM

    Unique client/merchant/biller identifier.

    BUS_CTGRY

    Business category, ie description of business activity.

    SRNM

    The surname of the individual primary account owner.

    FRST_NM

    The first name or the first initial of the individual primary account owner.

    OTHR_GVN_NM

    The second name or second initial of the individual primary account owner.

    DOB

    Birth date of the individual primary account owner.

    FULL_NM

    Client/merchant/biller’s legal business name.

    TRDG_NM

    Client/merchant/biller’s business trading name

    BUS_ADDR

    Business address including postcode.

    RSDNTL_ADDR

    Residential address including postcode (of primary account owner).

    PSTL_ADDR

    Postal address including postcode.

    BUS_PH_NUM

    Business phone number including area code.

    MBL_PH_NUM

    Mobile phone number.

    EMAIL_ADDR

    Email address on record.

    RPRTD_ID_NUM

    Australian Company Number or Australian Business Number.

    BSB

    Client/merchant/biller’s settlement account BSB number.

    BNK_ACNT_NUM

    Client/merchant/biller’s settlement account number.

    BNK_ACNT_NM

    Client/merchant/biller’s settlement account name details.

    REGN_STRT_DT

    Client/merchant/biller’s registration commencement date.

    REF_NUM

    Unique client/merchant/biller identifier.

    MNTH_PERD

    Month of period of transactions.

    SLS_AMT

    Gross amount of monthly sales made by client/merchant/biller.

    SLS_CNT

    Gross count of monthly sales.

    RFND_AMT

    Total amount of monthly refund transactions.

    RFND_CNT

    Total count of monthly refund transactions.

    Appendix B - Variation to guidelines

    The Australian Taxation Office (ATO) is seeking approval for the specialised payment systems data matching protocol to vary from one or more of the conditions detailed in Guideline 10 of the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian government administration (2014) (the Guidelines).

    The ATO is seeking to retain data for three years from receipt of all data files from data providers. The ATO considers that a variation from the usual retention periods for this data matching program is in the public interest as:

    • This variation is necessary for the effectiveness of the data matching program, as outlined in section 8
    • This variation is necessary to ensure the protection of public revenue.

    In seeking this variation the ATO has determined that there is no effect on the privacy of an individual.

    This program will continue to be subject to an evaluation within three years which is consistent with the requirements of Guideline 9.

    Additional information justifying this variation is included in the tables below:

    • Table 1 – Matters considered in accordance with Guideline 10.2 in seeking this variation
    • Table 2 – Consistency with the other requirements of the other Guidelines issued by the Office of the Australian Information Commissioner.

    The ATO does not request that this be kept confidential (Guideline 10.6) and has no concern should the Office of the Australian Information Commissioner place this information on its website.

    Table 1 – Matters considered in seeking this variation to the guidelines

    Matter considered

    Consideration

    10.2.1 - The effect of not abiding by the specified requirements of the guidelines would have on individual privacy

    • Retaining data for a period of three years will not increase the risks to an individual’s privacy. The ATO has in place very secure processes for handling and storing data. Once acquired, all data will be stored on the ATO data warehouse where access is strictly controlled and full audit logs maintained
    • The ATO and its staff operate under stringent secrecy and privacy legislation that prohibits the improper access to or disclosure of protected information. These obligations are supported by significant penalties, including imprisonment. This substantially mitigates the risks of breaches of individual privacy
     

    10.2.2 - The seriousness of the administrative or enforcement action that may flow from the data matching program

    • An extension of the retention period will not affect the seriousness of the administrative action that may flow from the match, but will assist in detecting non-compliance or taxation fraud
    • Where the ATO proposes to take administrative action where a taxpayer may have reported incorrectly, the ATO will differentiate between those who try to do the right thing and those who set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and Compliance Model will be followed to ensure fairness and consistency
     

    10.2.3 - The effect that not abiding by the specified requirements of the guidelines would have on the fairness of the program – including its effect on people’s ability to find out that basis for decisions that affect them and their ability to dispute those decisions

    • There will be no effect on the fairness of the program or the ability of taxpayers to find out the basis of decisions that impact them or their ability to dispute those decisions
    • Before any administrative action is undertaken, taxpayers will be given at least 28 days to verify the accuracy of the information that has been derived from this data matching program
    • Where administrative action is taken, the principles established in the Taxpayers’ Charter and Compliance Model will be adhered to ensure an equitable and consistent approach is taken
    • If a taxpayer does not agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through the courts and tribunals
     

    10.2.4 - The effect that not abiding by the specified requirements of the guidelines would have on the transparency and accountability of government operations

    • There should not be any adverse effect on the transparency and accountability of government operations
    • A program protocol is submitted to the Office of the Australian Information Commissioner and the ATO will strictly adhere to the commitments in that document
    • The ATO will publish a notice with general information about the program in the Commonwealth government notices gazette before data matching commences. The ATO will also make a copy of the program protocol available on its website
     

    10.2.5 - The effect that not abiding by the specified requirements of the guidelines would have on compliance of the proposed program with the Australian Privacy Principles in the Privacy Act 1988

    • There will be effect on compliance with the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 due to a longer retention of the data. The data is collected is solely for the stated objectives established in the data matching program protocol
     

    10.2.6 - The effect that abiding by all of the requirements of the guidelines would have on the effectiveness of the proposed program

    • The effectiveness of the program would be reduced if the data retention period is not extended
    • There would be a significant reduction in the ability of the ATO to detect incorrect reporting and taxation fraud without understanding and monitoring trends in the data collected
    • The destruction of the data in accordance with the guidelines impacts the integrity of the taxation system by:
      • Limiting the ATO’s ability to identify taxpayers who may be subject to administrative action
      • Resulting in the loss of government revenue
       
     

    10.2.7 - Whether complying fully with the guidelines could jeopardise or endanger the life or physical safety of information providers or could compromise the source of information provided in confidence

    • Not abiding by all the requirements of the guidelines would not influence or affect the personal safety of any individual identified as part of the program or compromise the source of the information provided in confidence
     

    10.2.8 - The effect that abiding by all the requirements of the guidelines would have on public revenue – including tax revenue, personal benefit payments, debts to the Commonwealth and fraud against the Commonwealth

    • Not allowing the variation to the data retention period of the current program would cause the ATO to miss potential breaches of taxation laws and subsequent non-payment of tax. This would result in the Commonwealth foregoing taxation revenue
    • There are risks to the integrity of taxation system when people fail to comply with their obligations. Abiding by all of the requirements of the guidelines will reduce the effectiveness of proposed compliance activity. The ATO would miss the opportunity to educate those taxpayers trying to do the right thing, and deterring those that are non-compliant from repeating the behaviour in the future
    • The effect of abiding by all of the requirements in the guidelines could negatively impact on both public revenue and public and government confidence in the ATO. People not complying with their taxation obligations, including those operating outside the system, establish a bad example to complaint taxpayers and may encourage their non-compliance. Maintaining community and government confidence in the taxation system is critical to the on-going role of the ATO
     

    10.2.9 - Whether abiding by all of the requirements of the guidelines would involve the release of a document that would be an exempt document under the Freedom of Information Act 1982

    • Only information relating to the taxpayer’s own affairs will be released upon receipt of a Freedom of Information request
     

    10.2.10 - The legal authority for conducting the proposed program in a way inconsistent with the specified requirements of the guidelines

    • There is no specific legislative power authorising the conduct of this program inconsistent with the Guidelines
    • The Commissioner of Taxation, or his authorised representative, has formed the opinion that this data is required to enable the ATO to effectively and efficiently carry out its legislated functions under the general powers of administration contained in:
      • Section 3A of the Taxation Administration Act 1953
      • Section 8 of the Income Tax Assessment Act 1936
      • Sections 1-7 of the Income Tax Assessment Act 1997
       
    • The reasons for proposing to operate outside requirements of the guidelines are detailed above
     

    Table 2 – Consistency with the guidelines

    This section outlines where the ATO is consistent with the requirements of the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian government administration (2014).

    Paragraph/Guideline

    Action taken/to be taken

    Para 6 - Status of the Guidelines

    The ATO has committed to complying with the Office of the Australian Information Commissioner’s Guidelines on data matching in Australian government administration 2014 by way of Chief Executive Instruction.

    GL1 - Application of the Guide

    The ATO applies the guidelines to all data matching programs where it is anticipated the program will include records of 5,000 or more individuals.

    The ATO recognises that programs where there are multiple data sources with common objectives and algorithms are treated as a single data matching program.

    GL2 - Considerations before conducting a data matching program

    The ATO conducts a cost-benefit analysis and considers alternate methods prior to proposing to conduct a data matching program.

    Further, the ATO has rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals.

    GL3 - Prepare a program protocol

    Prior to conducting a data matching program, the ATO prepares a data matching program protocol, submits this to the Office of the Australian Information Commissioner and makes a copy publicly available.

    When elements of a data matching program change, the program is amended and a copy of the amended protocol provided to the OAIC.

    GL4 - Technical standards report

    Documentation is prepared and maintained that, if collated, would satisfy the requirements for a technical standards report.

    GL5 - Notify the public

    The ATO publishes notification of its intention to undertake data matching program in the Commonwealth government notices gazette prior to the commencement of the program.

    This notice includes all of the requirements outlined in the guidelines.

    Notification of the program is also published on the ATO’s website and data providers are advised they can advertise their participation in the data matching program.

    GL6 - Notify individuals of proposed administrative action

    Prior to taking any administrative as a result of the data matching programs individuals and other taxpayers are provided at least 28 days to verify the accuracy of the information provided to the ATO by third parties.

    GL7- Destroy information that is no longer required

    The ATO is seeking to vary from this requirement.

    GL8 - Do not create new registers, datasets or databases

    The ATO does not create new registers or databases using data obtained in the course of a data matching program.

    GL9 - Data matching program evaluations

    Programs are regularly evaluated and always no later than 3 years after the commencement of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner.

    GL10 - Variations to guideline requirements

    When the ATO intends to vary from the requirements of the guidelines it seeks the approval of the Office of the Australian Information Commissioner and provides documentation to support the variance.

    GL11 - Data matching with entities other than agencies

    The ATO undertakes its own data matching programs and never outsources this function.

    Where data is obtained from an organisation, it usually does so using its formal information gathering powers. In these instances the organisations are advised they are able to notify their clients of their participation in the data matching program.

    GL12 - Data matching with exempt agencies

    The ATO does not usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the guidelines (i.e. any data matching undertaken with an exempt agency would usually be for fewer than 5,000 individuals).

    In the event the a data matching activity would otherwise be subject to these guidelines except for the exemption status, the ATO would still adhere to the principles of the guidelines and prepare a program protocol, seeking to vary from the guidelines by not publicly notifying of the program and publishing the protocol. The ATO would still lodge a copy of the protocol with the Office of the Australian Information Commissioner.

    GL13 - Enable review by the Office of the Australian Information Commissioner

    The ATO would not prevent the Office of the Australian Information Commissioner from reviewing its data matching activities and processes. These activities and processes are also periodically reviewed by the Australian National Audit Office and Inspector-General of Taxation.

    Appendix C - Gazette notice

    Commissioner of Taxation

    NOTICE OF A DATA MATCHING PROGRAM

    The Australian Taxation Office (ATO) will request and collect data relating to electronic payments made to businesses through specialised payment systems for the period from 1 July 2013 to 30 June 2014 from the following entities:

    • Ausfit Pty Ltd
    • Australia and New Zealand Banking Group Limited (BPAY data)
    • Bill Buddy Pty Ltd
    • Commonwealth Bank of Australia (BPAY data)
    • Debitsuccess Pty Ltd
    • eDebit Pty Ltd
    • Ezidebit Pty Ltd
    • Ezypay Pty Ltd
    • FFA Paysmart Pty Ltd
    • Integrapay Pty Ltd
    • IP Payments Pty Ltd
    • National Australia Bank Limited (BPAY data)
    • Flexi Online Pty Ltd (T/A Paymate)
    • PayPal Australia Pty Ltd
    • POLi Payments Pty Ltd
    • Quickpay Pty Ltd
    • St George Bank (BPAY data)
    • Westpac Banking Corporation (BPAY data)

    This acquired data will be electronically matched with certain sections of ATO data holdings, including other third party data holdings, to help protect businesses which meet their obligations from unfair competition. It is expected that records relating to over 25,000 individuals will be matched.

    This program is called the Specialised Payment Systems Data Matching Program and it will enable the ATO to:

    • Provide a more level playing field for businesses that do the right thing by identifying, for corrective actions, those that may not be meeting their obligations
    • More accurately identify businesses with certain characteristics, such as operating as ‘cash only’, which may assist in identifying alternate techniques that should be used to ensure relevant taxpayers meet their obligations.

    A document describing this program has been prepared and lodged with the Office of the Australian Information Commissioner. A copy of this document is available by

    The ATO complies with the Office of the Australian Information Commissioner’s Guidelines, The use of Data Matching in Commonwealth Administration, which includes standards for data matching to protect the privacy of individuals.

      Last modified: 13 Oct 2014QC 42730