Guidance released about the use and disclosure of TFNs in emails
We have now released a practice note to help you understand your obligations when using and disclosing tax file numbers (TFNs) in email communications. This follows consultation on a draft guidance released on 1 September 2020 and incorporating the feedback received.
The Tax Practitioners Board does not administer any specific legislation relating to the use and disclosure of TFNs. However, the Code of Professional Conduct (Code Item 6) in the Tax Agent Services Act 2009 requires you to maintain confidentiality of client information. This means that you cannot disclose any information relating to a client’s affairs to a third party unless you have the client’s permission or there is a legal duty to do so. This includes client TFNs and TFN information.
We recommend you review your practices, procedures and systems when including TFNs and TFN information in emails as email, in itself, is not considered to be a secure form of communication. There are risks of client information being intercepted by third parties during email transmission or when stored on intermediate email servers.
To minimise any risk of a breach of Code Item 6, you should take reasonable steps to protect the security of TFNs and TFN information of clients. This practice note provides some suggested steps for your consideration, including information and communication technology (ICT) and governance measures you can adopt to secure TFN information of clients from unauthorised access, use or disclosure. You may also wish to seek independent professional advice from an ICT security provider regarding what controls are appropriate for your business.
Last modified: 14 April 2021