Go to top of page

Confidentiality of client information

Confidentiality of client information

You must not disclose information relating to a client’s affairs to a third party unless you have:

  • obtained your client’s permission; or
  • a legal duty to do so.

This is one of the obligations (item 6) under the Code of Professional Conduct (Code).

‘Information’ refers to knowledge you have acquired or derived about a client, whether directly or indirectly. It is only necessary that the information relates to the affairs of a client. Further, the information does not have to necessarily belong to the client.

A ‘third party’ is any entity other than you and your client and could, for example, include entities:

  • to which you outsource your tax agent services
  • within the same service trust structure, unless the client is defined (for example, in the engagement letter) as the whole structure
  • maintaining offsite data storage systems (including ‘cloud storage’).

We recognise that tax practitioners are increasingly engaging in outsourcing or cloud storage arrangements. However, the obligations under Code item 6 have not changed – you must ensure confidentiality of client information, including appropriate disclosure of such arrangements to your clients to ensure you comply with your obligations under this Code item.
 

Obtain your client’s permission first

Before disclosing any information relating to your client’s affairs to a third party, you should clearly inform your client that such disclosure will be made and obtain their permission. You should advise your client:

  • what client information is to be disclosed; and
  • to whom and where the disclosure will be made.

This permission may be by way of a signed letter of engagement, signed consent or other communication with the client.

It is also important to be mindful of ensuring there are appropriate arrangements to prevent inadvertent disclosure through recklessness.
 

Legal duty to disclose information

You may disclose information relating to your client’s affairs to a third party without your client’s permission if you have a legal duty to do so.

Some examples of these circumstances include providing information to:

  • the TPB under a notice issued pursuant to section 60-100 of the Tax Agent Services Act 2009 (TASA)
  • a court or tribunal pursuant to a direction, order, or other court process
  • the Australian Taxation Office (ATO) under a notice pursuant to section 353-10 in Schedule 1 to the Taxation Administration Act 1953 concerning taxation laws (subject to that material being properly withheld under legal professional privilege).

If you are concerned as to whether there is a legal duty to disclose client information to a third party, you should consider seeking independent legal advice.
 

Failure to maintain confidentiality of your client’s information

If you disclose information relating to a client’s affairs to a third party without the client’s permission or a legal duty to do so, the TPB may find that you have breached the Code and may impose sanctions for that breach.
 

Examples involving confidentiality

The following examples illustrate how to maintain confidentiality of client information, noting that consideration will need to be given to the specific facts and circumstances. While the principles in the content above apply generally to all registered tax practitioners, the following examples are aimed at tax and BAS agents.
 

Example 1 - Obtaining client permission when engaging in outsourcing arrangements with an overseas firm

Situation

Lilly & Co is a large accounting firm and a registered tax agent. To minimise its operating costs, Lilly & Co. enters into an agreement with a bookkeeping/data processing firm in Hong Kong, Zheng & Co, that Zheng & Co will perform the bookkeeping and data processing work for Lilly & Co’s clients.

Obtaining client permission

In order to send the clients’ information to Zheng & Co for processing, Lilly & Co discloses its arrangement with Zheng & Co in its letter of engagement with clients and obtains its clients’ explicit permission by way of a signed client engagement letter to disclose the information to Zheng & Co.

Subject to the terms in the letter of engagement, Lilly & Co will have primary responsibility for the provision of the relevant tax agent services, including the bookkeeping and data processing work undertaken by Zheng & Co.
 

Example 2 - Obtaining client permission to disclose information to another registered agent

Situation

Jackie runs a local coffee shop in Melbourne. Jackie engages Tony’s Tax Services, a registered tax agent, to prepare and lodge her outstanding business activity statements and also to provide tax advice regarding the proposed sale of her coffee shop. Tony’s Tax Services separately engages Bella, a registered BAS agent, to prepare the outstanding business activity statements.

Obtaining client permission

In order to send Jackie’s information to Bella to enable Bella to prepare the outstanding business activity statements, Tony’s Tax Services discloses its arrangement with Bella in its letter of engagement with Jackie. Tony’s Tax Services obtains Jackie’s explicit permission by way of a signed client engagement letter to disclose the information to Bella.
 

Example 3 - Legal duty to disclose information to a third party

Situation

The ATO is conducting an audit on Patricia’s income tax return from the previous financial year, but Patricia does not have all of her receipts and payment summaries. As her registered tax agent, Edward, prepared and lodged her income tax return for the previous financial year, the ATO has issued a notice pursuant to section 353-10 in Schedule 1 to the Taxation Administration Act 1953 (TAA 1953) for Edward to provide it with all relevant information regarding Patricia’s income tax return from the previous financial year.

Legal duty to disclose

Although Edward is required to maintain the confidentiality of the information relating to Patricia’s affairs, the ATO’s notice creates an overriding legal obligation and Edward therefore has a legal duty to disclose the information requested in the notice to the ATO.

Alternatively, if the ATO did not make a request pursuant to section 353-10 in Schedule 1 to the TAA 1953 and instead made a general request, Edward would not have a legal duty to disclose the information to the ATO. It is also noted that the requirement under Code Item 6 is subject to material being properly withheld under legal professional privilege.
 

Further information

For further information on Confidentiality of client information including additional practical examples:

 

Last modified: 1 September 2015