The Tax Practitioners Board takes privacy seriously and we are a proud supporter of Privacy Awareness Week (PAW), running from 2 – 8 May 2022. Led by the Office of the Australian Information Commissioner (OAIC), PAW is an annual event which highlights the importance of protecting personal information and aims to help you and your business navigate the privacy landscape. 

Australians are increasingly relying on digital technologies in their professional and personal lives, meaning safeguarding data is more important than ever. Your personal information is extremely valuable as it’s your identity – the foundation of who you are. As a tax practitioner, you’re also entrusted with the personal information of clients and it’s critical that you handle this sensitive data with integrity and care. 

Highlighting privacy as the foundation of trust 

The theme for this year’s PAW is ‘highlighting privacy as the foundation of trust’, which focuses on creating good privacy practices and fundamentals to help you to build and maintain trust amongst your community. As a registered tax practitioner, you also have obligations under the Code of Professional Conduct (Code item 6) to maintain the confidentiality of client information and other legislation to protect tax file number information. 

To perform your duties as a registered tax practitioner, you are often required to collect, use, and store the personal information of your clients. You can mitigate risks to the loss of personal information of your clients by implementing good privacy practices in your business. We have compiled some tips below to help you implement a best-practice approach to protecting personal information.  

Tips to protect personal information 

• Familiarise yourself with privacy policies, processes, and procedures: 

  • undertake regular privacy training 

  • follow processes and procedures to mitigate privacy risks, including human error risks 

  • provide privacy notices to clients - you could include this in your letter of engagement 

  • understand that everyone has a role to play in ensuring privacy is respected and protected. 

• Only collect personal information you need: 

  • don’t collect information just because it may become necessary or useful later 

  • access personal information on a need-to-know basis 

  • limit the personal information you or your staff need to access to protect the information from unauthorised access, use or disclosure. 

• Keep personal information secure: 

  • take reasonable steps to protect personal information from unauthorised access, modification, or disclosure and also against misuse, interference and loss 

  • follow your policies on information security, including ICT security, physical security, and access security 

  • always destroy and de-identify personal information in accordance with your destruction policies. 

• Create and adhere to your data breach response plan. 

Further information  

• Confidentiality of client information 

• Notifiable data beaches scheme 

• Privacy and securing personal information webinar 

• TPB(PN) 4/2021 Use and disclosure of a client’s TFN and TFN information in email communications