We take privacy seriously and that’s why this year we are again proudly supporting Privacy Awareness Week (PAW). PAW is an annual event led by the Office of the Australian Information Commissioner (OAIC) to raise awareness of privacy issues and the importance of protecting personal information. This year, PAW runs from 16 – 22 June and we encourage you to get involved and share this year’s message ‘Privacy - it's everyone's business’. 

Join an event or learn about the range of simple actions we can all take to be more proactive in protecting privacy both at work, and in our day-to-day lives.

Together, we can build trust and maintain the security of personal information. For you and your business, good privacy practices are key to building and maintaining the community’s trust in the handling of their personal information.

In our recent webinar, we shared tips for protecting personal information:

• First and foremost, don't leave privacy to chance and remember your obligations under Code item 6 – confidentiality of client information. Unless there is a legal duty to do so, tax practitioners must not disclose any information relating to a client’s affairs to a third party without the client’s permission.
• Familiarise yourself with privacy principles:
  • Undertake regular privacy training. 
  • Follow internal processes and procedures to mitigate privacy risks, including human error risks. 
  • Provide privacy notices to clients - you could include this in your letter of engagement.
  • Understand that everyone has a role to play in ensuring privacy is respected and protected.
• Only collect personal information you need: 
  • Don’t collect information just because it may become necessary or useful later. 
  • Access personal information on a need-to-know basis. 
  • Limit the personal information you or your staff need to access to protect the information from unauthorised access, use or disclosure.
• Keep personal information secure:
  • Take reasonable steps to protect personal information from unauthorised access, modification or disclosure and also against misuse, interference and loss.
  • Follow your policies on information security, including IT security, physical security and access security. 
  • Always destroy and de-identify personal information in accordance with your destruction policies. This is especially important when you are verifying a client’s identity. 
• Familiarise yourself with your data breach response plan. All entities should have a data breach response plan.

Other things you can do to protect privacy and reduce cyber threats include:

• Protect client records or files using encryption, where possible.
• Be careful of email attachments, web links and voice calls from unknown numbers.
• Ensure staff are educated not to click on a link or open an attachment you are not expecting.
• Use separate personal and business computers, mobile devices, and accounts.
• Don’t download software from an unknown web page.
• Never give out your username or password.
• Consider the use of a password management application to store your passwords for you. Never write them down!

Get involved!

There are a range of events being held during PAW 2025 and we encourage you to be proactive and get involved in ‘powering up’ your privacy. You can find out more about online and face-to-face events on the PAW website.

Further information

• Confidentiality of client information
• Notifiable Data Breaches scheme
• Privacy - it's everyone's business webinar
• TPB(PN) 4/2021 Use and disclosure of a client’s TFN and TFN information in email communications
• Our Privacy policy.