You must not disclose information relating to a client’s (or a former client's) affairs to a third party unless you have:
- obtained the client’s permission; or
- a legal duty to do so.
This is one of the obligations (item 6) under the Code of Professional Conduct (Code).
‘Information’ refers to knowledge you have acquired or derived about a client, whether directly or indirectly. It is only necessary that the information relates to the affairs of a client. Further, the information does not have to necessarily belong to the client.
A ‘third party’ is any entity other than you and your client and could, for example, include entities:
- to which you outsource your tax agent services
- within the same service trust structure, unless the client is defined (for example, in the engagement letter) as the whole structure
- maintaining offsite data storage systems (including ‘cloud storage’).
We recognise that tax practitioners are increasingly engaging in outsourcing or cloud storage arrangements. However, the obligations under Code item 6 have not changed – you must ensure confidentiality of client information, including appropriate disclosure of such arrangements to your clients to ensure you comply with your obligations under this Code item.
Before disclosing any information relating to your client’s affairs to a third party, you should clearly inform your client that such disclosure will be made and obtain their permission. You should advise your client:
- what client information is to be disclosed; and
- to whom and where the disclosure will be made.
This permission may be by way of a signed letter of engagement, signed consent or other communication with the client.
It is also important to be mindful of ensuring there are appropriate arrangements to prevent inadvertent disclosure through recklessness.
You may disclose information relating to your client’s affairs to a third party without your client’s permission if you have a legal duty to do so.
Some examples of these circumstances include providing information to:
- the TPB upon a notice issued under section 60-100 of the Tax Agent Services Act 2009 (TASA)
- a court or tribunal under a direction, order, or other court process
- the Australian Taxation Office (ATO) upon a notice issued under section 353-10 in Schedule 1 to the Taxation Administration Act 1953 concerning taxation laws (subject to that material being properly withheld under legal professional privilege)
- AUSTRAC to meet reporting obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
If you are concerned as to whether there is a legal duty to disclose client information to a third party, you should seek independent legal advice.
You need to ensure there are appropriate arrangements to prevent inadvertent disclosure of client information. Some examples of situations where you must ensure there are appropriate controls to prevent third parties from viewing or accessing client information include:
- the use of mobile temporary booths in shopping centres
- the use of recycled paper which includes personal details of other clients
- disposing of IT equipment that contains/stores data of clients
- the use of shredding or data disposal services
- the use of external service providers such as IT consultants and cleaners.
If you disclose information relating to a client’s affairs to a third party without the client’s permission or a legal duty to do so, the TPB may find that you have breached the Code and impose sanctions for that breach.
The following examples illustrate how to maintain confidentiality of client information, noting that consideration will need to be given to the specific facts and circumstances. While the principles in the content above apply generally to all registered tax practitioners, the following examples are aimed at tax and BAS agents.
Example 1 - Obtaining client permission when engaging in outsourcing arrangements with an overseas firm
Lilly & Co is a large accounting firm and a registered tax agent. To minimise its operating costs, Lilly & Co. enters into an agreement with a bookkeeping/data processing firm in Hong Kong, Zheng & Co, that Zheng & Co will perform the bookkeeping and data processing work for Lilly & Co’s clients.
Obtaining client permission
In order to send the clients’ information to Zheng & Co for processing, Lilly & Co discloses its arrangement with Zheng & Co in its letter of engagement with clients and obtains its clients’ explicit permission by way of a signed client engagement letter to disclose the information to Zheng & Co.
Subject to the terms in the letter of engagement, Lilly & Co will have primary responsibility for the provision of the relevant tax agent services, including the bookkeeping and data processing work undertaken by Zheng & Co.
Example 2 - Obtaining client permission to disclose information to another registered agent
Jackie runs a local coffee shop in Melbourne. Jackie engages Tony’s Tax Services, a registered tax agent, to prepare and lodge her outstanding business activity statements and also to provide tax advice regarding the proposed sale of her coffee shop. Tony’s Tax Services separately engages Bella, a registered BAS agent, to prepare the outstanding business activity statements.
Obtaining client permission
In order to send Jackie’s information to Bella to enable Bella to prepare the outstanding business activity statements, Tony’s Tax Services discloses its arrangement with Bella in its letter of engagement with Jackie. Tony’s Tax Services obtains Jackie’s explicit permission by way of a signed client engagement letter to disclose the information to Bella.
Example 3 - Legal duty to disclose information to a third party
The ATO is conducting an audit on Patricia’s income tax return from the previous financial year, but Patricia does not have all of her receipts and payment summaries. As her registered tax agent, Edward, prepared and lodged her income tax return for the previous financial year, the ATO has issued a notice pursuant to section 353-10 in Schedule 1 to the Taxation Administration Act 1953 (TAA 1953) for Edward to provide it with all relevant information regarding Patricia’s income tax return from the previous financial year.
Legal duty to disclose
Although Edward is required to maintain the confidentiality of the information relating to Patricia’s affairs, the ATO’s notice creates an overriding legal obligation and Edward therefore has a legal duty to disclose the information requested in the notice to the ATO.
Alternatively, if the ATO did not make a request pursuant to section 353-10 in Schedule 1 to the TAA 1953 and instead made a general request, Edward would not have a legal duty to disclose the information to the ATO. It is also noted that the requirement under Code Item 6 is subject to material being properly withheld under legal professional privilege.
For further information on Confidentiality of client information including additional practical examples:
Last modified: 9 January 2020