ato logo
Search Suggestion:

More information

Last updated 4 July 2019

Our on-disclosure provisions

Division 355 of Schedule 1 to the Taxation Administration Act 1953 sets out the other government agencies we can disclose taxpayer information to, and the circumstances we are permitted to make those disclosures. These include agencies responsible for:

  • state and territory revenue laws
  • payments of social welfare and health and safety programs for determining eligibility for certain types of benefits and rebates
  • overseeing superannuation funds, corporations and financial market operators to ensure compliance with prudential regulations
  • determining entitlement to rehabilitation and compensation payments
  • law enforcement activities to assist with specific types of investigations.
  • policy analysis, costing and effectiveness measurement.

Each request for information by other agencies will be assessed on its merits and must be for an admissible purpose allowed for by taxation laws. In specific permissible circumstances on-disclosures may include de-identified datasets for statistical analysis.

Return to Data matching and user agency

How we undertake data matching

We use sophisticated identity matching techniques to ensure we identify the correct taxpayer when we obtain data from third parties. This technique uses multiple details to obtain an identity match. For example, where a name, address and date of birth are available all items are used in the identity matching process. Very high confidence matches will occur where all fields are matched.

Additional manual processes may be undertaken where high confidence identity matches do not occur, or a decision taken to destroy the data with no further action. Our manual identity matching process involves an ATO officer reviewing and comparing third party data identity elements against ATO information on a one-on-one basis, seeking sufficient common indicators to allow confirmation (or not) of an individual's identity. We commonly call this process manual uplifting.

Data analysts use various models and techniques to detect potential discrepancies, such as under-reported income or over-reported deductions. Higher risk discrepancy matches will be loaded to our case management system and allocated to compliance staff for actioning.

Lower risk discrepancy matches will be further analysed and a decision made to take some form of compliance or educational activity, or to destroy the data.

Destruction of data is conducted in accordance with the timeframes and requirements of the Guidelines and GDA24 or an extension of time is sought from the Information Commissioner.

Where administrative action is proposed, additional checks will take place to ensure the correct taxpayer has been identified. The taxpayers will be provided with the opportunity to verify the accuracy of the information before any administrative action is taken.

Return to Data quality

What we will do before we amend a return

Where we detect a discrepancy that requires verification we will contact the taxpayer - usually by telephone, letter or email.

Before any administrative action is taken, taxpayers will be provided with the opportunity to verify the accuracy of the information obtained by us. Taxpayers will be given at least 28 days to respond before administrative action is taken.

For example, where discrepancy matching identifies that a taxpayer is not reporting all of their income, but in fact they are reporting the income under another entity, the taxpayer will be given the opportunity to clarify the situation.

The data may also be used to ensure that taxpayer’s are complying with their other taxation and superannuation obligations, including registration requirements, lodgment obligations and payment responsibilities.

In cases where taxpayers fail to comply with these obligations, after being reminded of them, escalation for prosecution action may be instigated in appropriate circumstances.

Where a taxpayer has correctly met their obligations, the use of the data will reduce the likelihood of contact from us.

Return to How the data will be used

How we protect your personal information

Our staff are subject to the strict confidentiality and disclosure provisions contained in Division 355 of Schedule 1 to the Taxation Administration Act 1953 and include terms of imprisonment in cases of serious contravention of these provisions.

All ATO computer systems are strictly controlled, with features including:

  • system access controls and security groupings
  • login identification codes and password protection
  • full audit trails of data files and system accesses.

For the HELP, VSL and TSL program we utilise a secure system to system facility to transfer the data between the data providers.

Where this is not possible, data providers will be requested to provide the data on a CD, DVD or USB media storage device encrypted to a standard that satisfies Australian government requirements. The media storage device will be password protected, with the password provided under separate cover.

Where the media storage device is not collected by an authorised ATO officer, an approved courier service will be used to collect the device. In remote locations not serviced by an approved courier service, the Australia Post ‘Express Post Platinum’ service will be utilised (providing both tracking and signature for delivery features).

Return to Data quality

Our quality assurance framework

Quality assurance processes are integrated into our procedures and computer systems and are applied throughout the data matching cycle.

These assurance processes include:

  • registering the intention to undertake a data matching program on an internal register
  • obtaining approval from the Data Steward and relevant Senior Executive Service (SES) officers prior to any activity being undertaken
  • conducting program pilots or obtaining sample data to ensure the data matching program will achieve its objectives prior to full data sets being acquired
  • notifying the Office of the Australian Information Commissioner of our intention to undertake the data matching program and request permission to vary from the data matching guidelines (where applicable)
  • access to the data is restricted to approved users and access management logs record details of who has accessed the data
  • quality assurance processes embedded into compliance activities include:  
    • review of risk assessments, taxpayer profiles and case plans by senior officers prior to client contact
    • ongoing reviews of cases by subject matter technical experts at key points during the life cycle of a case
    • regular independent panel reviews of samples of case work to provide assurance of the accuracy and consistency of case work.

These processes ensure data is collected and used in accordance with our data management policies and principles, and complies with the Information Commissioner's data matching guidelines.

Return to Data quality

Why we undertake data matching

We have considered a range of alternatives to this data matching program to ensure entities are complying with their taxation and superannuation obligations. Relying only on data already held by the ATO is of limited value for the following reasons:

  • the taxation system operates on willing participation so our data is derived from taxpayers that are correctly registered and meeting their lodgment obligations
  • we have no other data to cross-reference to ensure taxpayers are meeting their registration obligations or reporting correctly other than by directly contacting every taxpayer.

This data matching program will allow us to identify taxpayers who are not fully complying with their obligations, as well as those that may be operating outside the taxation and superannuation systems. It will also reduce the likelihood of the ATO unnecessarily contacting taxpayers who are complying with their taxation obligations.

Data matching is an effective method of examining records of thousands of taxpayers to ensure compliance with lodgment and reporting obligations that would otherwise be a resource intensive exercise.

Data matching also assists us in effectively promoting voluntary compliance by notifying the public of areas and activities under scrutiny.

Return to Data quality

Costs and benefits of data matching


There are some incidental costs to us in the conduct of this data matching program, but these will be more than offset by the total revenue protected. These costs include:

  • data analyst resources to identify potential instances of non-compliance
  • compliance resources to manage casework and educational activities
  • governance resources to ensure that the Guidelines and the Privacy Act 1988 are complied with, and quality assurance work to ensure the rigour of the work undertaken by analysts and compliance staff
  • storage of the data.


Benefits from conducting this data matching programs include:

  • maintaining community confidence in both the taxation and superannuation systems by creating a level playing field, as well as maintaining community confidence in the ATO’s capacity to fairly administer those systems
  • integrity of the taxation and superannuation systems – there are inherent risks in taxpayers not complying with their obligations, including those that deliberately abuse these systems – this program will assist the ATO in detecting, dealing with and deterring those that are not meeting their obligations
  • enabling enforcement activity and recovery of taxation revenue – without undertaking this data matching program and subsequent compliance activity there are no assurances that a wider risk to revenue does not exist.

Return to Data quality

Making a privacy complaint

Our privacy policy has detailed information about how we collect, hold and disclose data as well as information about what you can do if you are not satisfied with how your information has been treated. If a taxpayer is not satisfied with how we have collected, held, used or disclosed its personal information, they can make a formal complaint by:

  • using the online complaints form at
  • phoning our complaints line on 1800 199 010
  • phoning the National Relay Service on 13 36 77 (if you have a hearing, speech or communication impairment)
  • sending us a free fax on 1800 060 063
  • writing to us at:

ATO Complaints
PO Box 1271

If a taxpayer is not satisfied with the outcome of the privacy complaint, they can contact the Office of the Australian Information Commissioner. More details on the process can be found on the OAIC website at How do I make a privacy complaint?External Link

See also:

Return to Legal matters

Our lawful role

The Commissioner of Taxation has responsibility for ensuring taxpayers meet their taxation and superannuation obligations. Compliance with these obligations is a matter we take seriously and failure to address non-compliant behaviour has the potential to undermine community confidence in the integrity of the taxation and superannuation systems and our capacity to administer those systems.

Our data matching program is one of the strategies used to identity and deal with non-compliant behaviour. Data matching programs also provide a degree of assurance that taxpayers are meeting their obligations.

Return to Legal matters

Our legal authority to undertake a data matching program


ATO provide the HELP, VSL or TSL debtor population identifier details to DHA under section 355-50 of Schedule 1 of the Taxation Administration Act 1953.

DHA disclose overseas movement data under Part 6 - Secrecy and disclosure provisions of the Australian Border Force Act 2015.

Where appropriate to ensure statutory requirements are met, the data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

This is a coercive power that obligate the data providers to furnish the information requested. We will use the information for taxation and superannuation compliance purposes.

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act 1988 and in particular:

  • APP6.2(b) – the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order.
  • APP6.2(e) – the ATO reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Return to Legal matters