Phishing is when scammers trick you into giving away your personal details, for example by luring you to click on malicious links or attachments in an email that look legitimate. Scammers may impersonate your bank or a government department and ask you to give out information such as your account number, password, or credit card numbers.            

Spear phishing are a class of phishing messages that target specific people and organisations and may contain information that is true to make them appear more authentic.

More information about the different types of scams can found on the Australian cyber security website.

Spoofed hyperlinks and websites are malicious websites that look identical to a legitimate site, but the URL (web address) may use a variation in spelling or a different domain. For example, the URL ends in .net instead of .com.

We do not recommend sending and receiving sensitive information or copies of identity documentation and/or evidence by email as this is not considered to be a secure method of transmission. We strongly recommend that registered tax practitioners arrange for any such information or copies of documents or evidence be provided to them by the client:

• via a secure website, secure online mailbox or secure messaging

• as an encrypted or password protected attachment to an email

• using another secure electronic solution that minimises the risk of interception of the sensitive information, identity document and/or evidence.

If a registered tax practitioner intends to receive sensitive information or copies of identity documentation and/or evidence electronically, we recommend the registered practitioner seek independent professional advice from an information and communication technology security provider about what controls are appropriate for their business and risk circumstances.

The Australian Taxation Office (ATO) can help you in the event of a data breach involving taxpayer information and may apply measures to help protect your business, staff and clients, where necessary. For more information on data breaches and support available for tax professionals, including what steps you need to take and how you can report a data breach, refer to the ATO website.

You may only disclose information relating to your client’s affairs to a third party without your client’s permission if you have a legal duty to do so. This includes providing client information to liquidators.

Some examples of these circumstances include providing information to:

• us under a notice issued under the TASA

• a court or tribunal following a direction, order, or other court process

• information formally requested under section 353-10 of the Taxation Administration Act 1953 (subject to the material being properly withheld under legal professional privilege).

If you are unsure or concerned if there is a legal duty to disclose client information to a third party, you should consider seeking independent legal advice.

To comply with Code item 6, tax practitioners must not disclose information relating to a client (or former client) to a third party unless they have obtained the client’s permission, or they have a legal duty to do so.

Information refers to knowledge acquired or derived about a client, directly, and includes giving a third party access to client information. A ‘third party’ is any entity other than the tax practitioner and the client and would include a third party software provider.

Before giving a third party software provider access to any information relating to a client’s affairs you must inform the client about the disclosure and obtain their permission. In this situation, you should specify what information will be disclosed, and who and where the disclosure will be made.

Using an overseas contractor in connection with the provision of tax agent services is a type of outsourcing and offshoring arrangement.

When outsourcing and offshoring services to an overseas contractor, you need to make sure you comply with your obligations under the Code in the TASA.

There are a number of Code obligations that may be relevant when considering or using this type of arrangement. For example, you need to ensure:

• information relating to the client’s affairs is not disclosed without the client’s permission, unless there is a legal duty to do so (Code item 6)

• services are performed competently on your behalf, and you have adequate supervision and control arrangements in place (Code item 7)

• reasonable care is taken in ascertaining the client's state of affairs and ensuring taxation laws are applied correctly to the client's circumstances when providing advice (Code items 9 and 10)

• professional indemnity insurance is maintained and meets our requirements (Code item 13).

The obligation under Code item 7 is of particular relevance when outsourcing services to an overseas contractor. You should ensure that any services provided to clients from a location outside Australia are provided competently, just like it needs to occur within Australia.

Supervisory arrangements are an important factor in ensuring services are provided to a competent standard. If a tax practitioner outsources all or some tax agent services to:

• an unregistered third party, they must ensure the work performed by the third party is under their supervision and control, or the supervision and control of another tax practitioner. The tax practitioner is ultimately responsible for the quality of their work, including ensuring that there are appropriate supervisory arrangements.

• a registered third party, the tax practitioner is not responsible for reviewing the third party’s work, nor are they required to provide supervision and control.

Having supervisory arrangements in place will not of itself ensure competency. You also need to make sure that:

• there are adequate supervisory and review arrangements, including having a sufficient number of individuals (being registered tax practitioners) for the work being carried out

• internal procedures are used to satisfy supervisory and control requirements, which may include activities such as:

  • training for offshore staff in Australian tax

  • registered tax practitioners or other experts being onsite overseas

  • rotation for overseas staff to gain experience, and

  • appropriate quality assurance and review systems.

• registered tax practitioners are involved so that the work being completed overseas is considered competent for Australian tax law purposes

• registered tax practitioners are meeting their requirements for maintaining knowledge and skills relevant to the services they’re providing

• registered tax practitioners are maintaining competence by continuing awareness, understanding and up-to-date knowledge of relevant technical, legal and business developments.

Read our supervisory Information sheet for more information.

A tax agent cannot transfer a former client’s information, including copies of proof of identity records, to a new tax agent without the client’s consent.