Privacy (Tax File Number) Rule 2015 is in full force and requires TFN recipients to take special care on how we receive, store and disclose TFNs. I am a TFN recipient, and it's quite likely that you could be as well! Examples include:
Collection of TFN information
TFN recipients must only request or collect TFN information for a purpose authorised by taxation law, personal assistance law or superannuation law. Remember that it is not an offence for an individual to not disclose their TFN.
Use or disclosure of TFN information
TFN information must only be used or disclosed by TFN recipients for a purpose authorised by taxation law, personal assistance law or superannuation law, or for the purpose of giving an individual any TFN information that the TFN recipient holds about that individual. It is imperative that TFNs are not disclosed via email due to the security risk (especially for free email addresses where emails can be scrutinised by the provider) unless the information is password protected or encrypted. This type of breach used to happen frequently with Employee PAYG Payment Summaries being emailed directly to staff, however the Single Touch Payroll system has helped to fix this.
Storage, security and destruction of TFN information
TFN recipients must take reasonable steps to protect TFN information from misuse and loss, and unauthorised access or disclosure and ensure that access to records containing TFN information is restricted to individuals who need to handle that information for taxation law, personal assistance law or superannuation law purposes.
A TFN recipient must take reasonable steps to securely destroy or permanently de-identify TFN information where it is no longer required by law to be retained, or necessary for a purpose under taxation law, personal assistance law or superannuation law (including the administration of such law). Banking systems do this well. Once your TFN is entered into their system, it is no longer accessible by staff.
TFN recipients must take reasonable steps to ensure that all staff are aware of the need to protect individuals' privacy when handling TFN information, and all staff who collect or access TFN information are aware of the Privacy (TFN) rule.
What are the penalties for breaching the TFN rule?
You could in some circumstances face criminal penalties, civil penalties and orders to pay damages and a large fine and/or up to 2 years' imprisonment can apply for this type of breach. As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 (TAA) and attract penalties including imprisonment and monetary fines.