Submission to the Information Commissioner
The following is the submission we made to the Information Commissioner.
The Australian Taxation Office (ATO) is seeking approval for our Australian Financial Crimes Exchange (AFCX) data matching program 2024–25 to 2026–27 to vary from one or more of the conditions detailed in Guidelines 3.4(a)iv, 6 and 10 of the Office of the Australian Information Commissioner’s (OAIC) (2014) Guidelines on data matching in Australian government administration (the guidelines).
We are seeking that you exercise your discretion and allow us to simplify the description of the information exchanged and, in limited circumstances, to take administrative action in response to a match without immediately notifying the individual concerned.
A taxpayer may be unaware that their identity has been taken over to access their tax account to update bank account and contact records and lodge a tax form to claim a fraudulent refund. When an unauthorised access or fraudulent activity is detected, the ATO may apply treatments to protect the taxpayer information and account prior to contacting the taxpayer to verify their identity. We also may need to cancel or amend a lodged tax form with the correct data that we hold, to ensure the taxpayer's reporting position is correct and they are protected from negative consequences that may include unexpected debts to third parties and loss of access to Government payments.
This deviation of the normal notification conditions in this circumstance is in the public interest as these adjustments:
- proactively safeguard taxpayer personal information from unauthorised access and identity crime
- protect the tax, superannuation, and registry systems by containing fraud and tax crime attempts in near real time
- fulfil our responsibility to protect public revenue and maintain community confidence in the integrity of the tax and superannuation systems
- ensure that we can prevent ATO fraud while not giving criminals or threat actors detail on specific ways to circumvent the detection measures in place within the AFCX and its member organisations.
We recognise that simplifying the descriptions of the data collected may appear to impact on transparency. However, this impact must be balanced against the need to mitigate effects on the AFCX in responding to and preventing financial crime affecting its members, their customers and the Australian public. This program will be subject to an evaluation within 3 years which is consistent with the requirements of Guideline 9.
Additional information justifying this variation is included in the following tables:
- Table 1 – matters considered in accordance with Guideline 10.2 in seeking this variation
- Table 2 – consistency with requirements of the other guidelines issued by the Office of the Australian Information Commissioner
Matters considered in accordance with Guideline 10.2
This section outlines matters considered against the requirements of Guideline 10.2 in seeking this variation.
|
Guideline |
Matter considered |
Consideration |
|---|---|---|
|
10.2.a |
The effect that not abiding by the guidelines would have on individual privacy |
We have in place very secure processes for handling and storing data. Once acquired, all data will be stored on our secure computer systems where access is strictly controlled, and full audit logs maintained. The ATO and our staff operate under stringent confidentiality and privacy legislation that prohibits the improper access to or disclosure of protected information. These obligations are supported by significant penalties, including imprisonment. This substantially mitigates the risks of breaches of privacy. |
|
10.2.b |
The seriousness of the administrative or enforcement action that may flow from a match obtained through the data matching program |
The administrative action assists the taxpayer to protect their personal information from being stolen, misused or compromised. Where we propose to take administrative action where a taxpayer may have reported incorrectly, we will differentiate between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model will be followed to ensure fairness and consistency. |
|
10.2.c |
The effect that not abiding by the guidelines would have on the fairness of the data matching program — including its effect on the ability of individuals to determine the basis of decisions that affect them, and their ability to dispute those decisions |
There will be no effect on the fairness of the program or the ability of taxpayers to find out the basis of decisions that impact them or their ability to dispute those decisions. In limited circumstances, when we detect unauthorised activities, we will apply treatments to protect the taxpayer information and account from identity takeover crime prior to contacting the taxpayer to verify their identity. If we need to amend a tax form, taxpayers are notified of the adjustment in their notice of assessment. This approach is to avoid unfair and unreasonable delays for processing a tax return and delaying a refund. Other discrepancies require verification. Before any administrative action is undertaken, taxpayers will be given a reasonable period to verify the accuracy of the information that has been derived from this data matching program. Where administrative action is to be undertaken, we will adhere to the principles established in the Taxpayers’ Charter and compliance model to ensure an equitable and consistent approach is taken. If a taxpayer doesn't agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through the courts and tribunals. |
|
10.2.d |
The effect that not abiding by the guidelines would have on the transparency and accountability of agency and government operations |
There will be no adverse effects on the transparency and accountability of government operations. Publishing our data matching program provides education and awareness of how we use data. ATO data matching is conducted to address identified risks more efficiently. A comprehensive description of the data provider is included in the program protocol. The description also identifies the principles and criteria for selecting the data provider. Our practice is to raise awareness of the data we hold and why it is necessary for our operation. The program protocol is submitted to the Office of the Australian Information Commissioner, and we will strictly adhere to the commitments in that document. We will publish a notice with general information about the program in the Federal Register of Legislation - Gazettes before administrative action starts. We will also make a copy of the program protocol available on our website. |
|
10.2.e |
The effect that not abiding by the guidelines would have on compliance of the proposed data matching program with the Australian Privacy Principles in the Privacy Act 1988 and the Australian Government Privacy Code |
The data is collected solely for the stated objectives established in the data matching program protocol. |
|
10.2.f |
The effect that complying with the guidelines would have on the effectiveness of the proposed data matching program |
The effectiveness of the program would be reduced if we were not able to use AFCX data to support intended ATO actions to prevent, detect and respond to fraud. Notifying the public of specific types of identity documentation collected by the AFCX provides criminals and threat actors with information that they can use to develop more sophisticated ways of perpetrating fraud and avoid detection. |
|
10.2.g |
Whether complying fully with the guidelines could jeopardise or endanger the life or physical safety of information providers or could compromise the source of information provided in confidence |
Not abiding by all the requirements of the guidelines would not influence or affect the personal safety of any individual identified as part of the program or compromise the source of the information provided in confidence. There is a risk that publishing the data descriptions provided in their entirety would compromise the operations of the AFCX member organisations by alerting threat actors to ways to circumvent existing controls. |
|
10.2.h |
The effect that complying fully with the guidelines would have on public revenue – including tax revenue, personal benefit payments, debts to the Commonwealth and fraud against the Commonwealth |
Not allowing the exemption under the current program may result in the Commonwealth foregoing taxation revenue and losing community confidence in the integrity of the tax and superannuation systems. Abiding by all of the requirements of the guidelines will reduce the effectiveness of the proposed activity. We would miss the opportunity to prevent unauthorised activities, protect taxpayer personal information and contain fraud and tax crime attempts in near real time. The effect of abiding by all of the requirements in the guidelines could negatively impact both public revenue and the confidence the public and government have in the ATO as an administrator of the taxation system. By sharing information, analytic capability, and evidence-based insights, AFCX members work outside traditional silos to identify criminal trends, activity and networks that operate across different businesses. Complying fully with the guidelines may compromise the broader benefit the AFCX provides in breaking down silos to protect the Australian public from fraud,scams and taxation fraud. |
|
10.2.i |
Whether complying fully with the guidelines would involve the release of a document that would be an exempt document under the Freedom of Information Act 1982 |
Upon receipt of a freedom of information request, only information relating to the taxpayer’s own affairs and to which they are entitled under the Act will be released to the taxpayer concerned. |
|
10.2.j |
Any legal authority for, or any legal obligation that requires, the conduct of the proposed data matching program in a way that is inconsistent with the guidelines. |
The AFCX has legal obligations to its member organisations to protect the data collected from their customers. Publishing the types of documents used to verify an individual's identity would provide criminals and threat actors with information that could be used to circumvent existing controls. As a member the ATO also has an obligation to abide by the restrictions agreed to by the AFCX and other members. The Commissioner of Taxation, or his authorised representative, has formed the opinion that this data is required to enable us to effectively and efficiently carry out its legislated functions under the general powers of administration contained in: Section 3A of the Taxation Administration Act 1953 Section 8 of the Income Tax Assessment Act 1936 Section 1-7 of the Income Tax Assessment Act 1997 Section 356-5 in Schedule 1 of the Taxation Administration Act 1953 The reasons for proposing to operate outside requirements of the guidelines are detailed above. |
Consistency with requirements of the guidelines
This section outlines where we are being consistent with the requirements of the guidelines.
|
Guideline |
Purpose |
Action taken/to be taken |
|---|---|---|
|
Paragraph 6 |
Status of the guidelines |
Our commitment to complying with the guidelines is embedded in our data management policies and principles and clearly stated in the chief executive instruction. |
|
Guideline 1 |
Application of the guide |
We apply the guidelines for all data matching programs where it is anticipated the program will include records of 5,000 or more individuals. We recognise that programs where there are multiple data sources but with common objectives and algorithms are treated as a single data matching program. |
|
Guideline 2 |
Deciding to carry out or participate in a data matching program |
We conduct a cost-benefit analysis and consider alternate methods prior to proposing to conduct a data matching program. Further, we have rigorous governance arrangements, processes and system controls in place to protect the privacy of individuals. |
|
Guideline 3 |
Prepare a program protocol |
Prior to conducting a data matching program, we prepare a data matching program protocol, submit this to the Office of the Australian Information Commissioner and make a copy publicly available on the ATO website. When elements of a data matching program change, the protocol is amended, a copy of the amended protocol is provided to the Office of the Australian Information Commissioner and updated on our website. |
|
Guideline 4 |
Prepare a technical standards report |
Documentation is prepared and maintained so as to satisfy the requirements of a technical standards report. |
|
Guideline 5 |
Notify the public |
We publish notification of our intention to undertake a data matching program in the Federal Register of Legislation - Gazettes prior to the commencement of the program. This notice will include the following information as required by the guidelines:
Notification of the program is also published on our website and data providers are advised they can advertise their participation in the data matching program. |
|
Guideline 6 |
Notify individuals of proposed administrative action |
In limited circumstances, a notification occurs after the administrative action. When we detect unauthorised activities, we will apply treatments to protect the taxpayer information and account from identity takeover crime prior to contacting the taxpayer to verify their identity. Where we take administrative action to amend a taxpayer’s tax form based on the data we hold, we are seeking to notify individuals in the notice of assessment. When considering administrative action, we take a differentiated approach between those that try to do the right thing and those that set out to deliberately avoid their obligations. Documented procedures, including the Taxpayers’ Charter and compliance model, will be followed to maintain taxpayer rights and obligations. When we identify a discrepancy that requires verification, taxpayers will be contacted by phone, data matching letter or email. Taxpayers will be given a reasonable period to verify the accuracy of the information that has been derived from this data-matching program before administrative action is undertaken. If a taxpayer doesn't agree with an assessment, they maintain the right to dispute the decision. They also have the legal right to appeal against those decisions through the courts and tribunals. |
|
Guideline 7 |
Destroy information that is no longer required |
We regularly review our requirement to continue to retain data and destroy those datasets no longer reasonably necessary. |
|
Guideline 8 |
Don't create new registers, data sets or databases |
We don't create new registers or databases using data obtained in the course of a data matching program. |
|
Guideline 9 |
Regularly evaluate data matching programs |
Programs are evaluated within 3 years of the start of the data matching program. These evaluations are provided to the Office of the Australian Information Commissioner on request. |
|
Guideline 10 |
Seeking exemptions from Guideline requirements |
When we intend to vary from the requirements of the guidelines, we seek the approval of the Office of the Australian Information Commissioner and provide documentation to support the variance. |
|
Guideline 11 |
Data matching with entities other than agencies |
We undertake our own data matching programs. This function is not outsourced. Where data is obtained from an entity other than an individual, we usually do so using our formal information gathering powers. In these instances the entities are advised they are able to notify their clients of their participation in the data matching program. |
|
Guideline 12 |
Data matching with exempt agencies |
We don't usually undertake data matching with agencies that are exempt from the operations of the Privacy Act 1988 under section 7 of that Act and that are subject to the operation of the guidelines that is, any data matching undertaken with an exempt agency would usually be for fewer than 5,000 individuals). In the event a data matching activity would otherwise be subject to these guidelines except for the exemption status, we still adhere to the principles of the guidelines and prepare a program protocol, seeking to vary from the guidelines by not publicly notifying of the program and publishing the protocol. We would still lodge a copy of the protocol with the Office of the Australian Information Commissioner. |
|
Guideline 13 |
Enable review by the Office of the Australian Information Commissioner |
We would not prevent the Office of the Australian Information Commissioner from reviewing our data matching activities and processes. These activities and processes have been reviewed by the Australian National Audit Office and Inspector-General of Taxation. |