Go to top of page

Privacy awareness week

23 April 2021

Supporting Privacy Awareness Week

Privacy Awareness Week (PAW) is an annual event run by the Office of the Australian Information Commissioner (OAIC). We support PAW as it highlights the importance of protecting personal information and helps organisations, agencies and the public navigate the privacy landscape. Safeguarding data is more important than ever, as the COVID-19 pandemic continues to affect the way we work and socialise and many Australians are spending more time online. PAW runs from 3 to 9 May this year.

We understand that to perform your duties as a registered tax practitioner you are often required to collect, use and store personal information of your clients. You also have obligations under the Code of Professional Conduct (Code item 6) to maintain the confidentiality of client information and other legislation to protect tax file number information. 

You can mitigate risks to loss of personal information of clients by implementing good privacy practices in your business.  

Make privacy a priority

The theme for this year’s PAW is for all Australians to ‘Make privacy a priority’ and will focus on providing tips on how to create good privacy practices, both at an individual as well as organisational level. These tips are designed to be easily understood and help you grasp the fundamental rules that are contained within the Privacy Act 1988. To view this advice or learn more about the program, visit the OAIC website.

Tips to protect personal information

  • Familiarise yourself with privacy policies, processes, and procedures: 
    • undertake regular privacy training 
    • follow processes and procedures to mitigate privacy risks, including human error risks 
    • provide privacy notices to clients - you could include this in your letter of engagement
    • understand that everyone has a role to play in ensuring privacy is respected and protected. 
  • Only collect personal information you need: 
    • don’t collect information just because it may become necessary or useful later
    • access personal information on a need-to-know basis 
    • limit the personal information you or your staff need to access to protect the information from unauthorised access, use or disclosure.
  • Keep personal information secure:
    • take reasonable steps to protect personal information from unauthorised access, modification, or disclosure and also against misuse, interference and loss
    • follow your policies on information security, including ICT security, physical security and access security 
    • always destroy and de-identify personal information in accordance with your destruction policies.
  • Create and adhere to your data breach response plan. 

Further information

Last modified: 23 April 2021