Go to top of page

Stolen taxpayer data can cost you and your clients

18 January 2021

Stolen taxpayer data can cost you and your clients

Break-ins of tax practitioner practices can result in criminals stealing valuable taxpayer information stored at these premises and attempting tax related fraud. These activities can lead to significant impacts to both your business and that of your clients.

Criminals will take every opportunity to attempt to steal valuable data to commit tax and identity fraud. It is important that you review both physical and digital security frequently to minimise the risk of information being stolen (physically and electronically).

Ways to increase physical security measures

You can take some simple measures to increase the physical security at your premises by:

  • making sure accesses to your premises is removed for employees that no longer work for your business, this includes returning keys and building passes and removing system access
  • securing portable devices that contain client information e.g. laptops and tablets
  • ensuring all computers and other devices have up to date security controls and software
  • creating unique passwords that are difficult for others to guess, change them regularly and do not share them
  • ensuring records are destroyed using a secure record destruction service
  • minimising paper records, keeping them in secure, locked cabinets or secure offsite storage
  • considering security systems including alarms or surveillance cameras for your premises.

You should also be careful when meeting clients in public places, locking computer screens and making sure no paperwork is left behind.

Encourage your clients to report any suspicious activity or communication in relation to their tax and super affairs to you and the Australian Taxation Office (ATO) as soon as practical.

Digital security

To increase digital security and loss of client information through cyber-attacks, you should have sufficient IT controls in place.

For further information refer to Protect your practice from cyber-attacks

Failure to protect client information

As a registered tax practitioner, you have an obligation under the Code of Professional Conduct (Code) to maintain confidentiality of client information. 

Failure to have sufficient security measures to protect client information may be considered a breach of the Code. 

If you experience a break-in resulting in stolen data, you must contact us at the Tax Practitioners Board (TPB) on 1300 362 829 or by completing our contact us form providing details of any break-ins and their circumstances.

Further information

If you experience a break-in, you must contact the ATO on 1800 467 033 in addition to reporting the matter to the police and TPB. This will help the ATO to take measures to protect your business, staff and clients where necessary.

For further information refer to:

Last modified: 18 January 2021