Go to top of page

Privacy policy

TPB Privacy policy

Background

The Tax Practitioners Board (TPB) is a national statutory body responsible for the registration and regulation of tax practitioners under the Tax Agent Services Act 2009 (TASA).

The TPB consists of a Board and a Chair appointed by the Minister for Revenue and Financial Services and staff made available by the Commissioner of Taxation (Commissioner).

As an Australian Government agency, we are required to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Privacy Act) which regulate how we collect, disclose and hold personal information.

‘Personal information’ is defined under the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether:

  • the information or opinion is true or not; and
  • the information or opinion is recorded in a material form or not.
     

Purpose of policy

The purpose of this policy is to provide information about:

  • the kinds of personal information we collect and hold
  • how we collect, use, disclose and store personal information
  • your rights under the Privacy Act in relation to personal information we hold about you.

The policy is structured as follows:

  • Part 1 – General information about how we collect, use, disclose and store personal information including how to contact us about privacy matters
  • Part 2 – Specific information about the kinds of personal information we collect for the purpose of exercising our powers and administering our functions under the TASA and how we collect, use, disclose and store this personal information
  • Part 3 – Information about the personal information we collect when you visit our website.
     

Part 1

Collection

Generally, we collect personal information directly from the individual concerned.

At times, we may need to collect personal information from third parties, such as other government agencies including the Australian Taxation Office (ATO) and the Australian Securities and Investments Commission (ASIC) if it is for the purpose of exercising our powers and administering our functions under the TASA. We may request this information or it may be provided to us.

Kinds of information collected

We only collect personal information for the purpose of exercising our powers and administering our functions under the TASA which are generally as follows:

  • administer a system to register tax agents, BAS agents and tax (financial) advisers (collectively known as ‘tax practitioners’) including processing and investigating applications for registration
  • investigate conduct that may breach the TASA and imposing sanctions for breaches
  • administer a system to accredit professional associations as recognised tax agent,  BAS agent or tax (financial) adviser associations
  • provide guidelines, policy and information on relevant matters.

As necessary for the general operation of the TPB, we also collect personal information relevant to our human resource and corporate service functions.

Use and disclosure

We only use personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose personal information to other government agencies, entities or individuals unless we are specifically required or authorised by by law to do so.

Data quality

We take steps to ensure that the personal information we collect and store is up-to-date, complete and accurate. The steps we take include:

  • updating personal information upon request or when we become aware that the information requires updating
  • regular reminders to registered tax practitioners to keep their personal information held by the TPB up-to-date
  • providing registered tax practitioners with access to an online portal in which they can update their own details
  • ensuring that there are appropriate systems and procedures in place to accurately collect and consistently record personal information.

Data security

We take steps to protect the personal information we hold against loss, unauthorised access, use, modification, disclosure and misuse. The steps we take include:

  • daily backups of data to prevent data loss
  • password only access to our information technology (IT) system
  • only providing approved users with access to our IT system
  • auditing access to our IT system on a periodic basis to ensure access is only provided to those that require it
  • securing paper files in locked cabinets on-site or storing them in secure off-site facilities that comply with TPB requirements
  • restricting site access, including the requirement to have a security pass to gain access to our offices
  • requiring any external IT contractors working for us to clear security vetting prior to commencing
  • ensuring we have internal quality assurance processes in place to protect personal information including verification of the accuracy of personal information prior to use.

Access to your information

If you make a request for access to personal information that we hold about you, we will respond to your request within 30 days.

We will only refuse access to personal information where we are required or authorised under the TASA, the Freedom of Information Act 1982 (FOI Act) or any other relevant Australian law.

If we refuse to give you access to your information, we will notify you in writing of the reasons why and provide you with further information about how you can complain about the decision.

Correction of your information

If you make a request to correct personal information that we hold about you, we will respond to your request within 30 days.

If we refuse to make the correction:

  • we will notify you in writing of the reasons why and provide you with further information about how you can complain about the decision
  • you may request that we include a statement from you stating that the information in the relevant record is inaccurate, out-of-date, incomplete, irrelevant or misleading.

How to contact us

For any enquiries relating to the collection, use and storage of your information, including how to access and correct your information or to make a privacy complaint, please contact the TPB privacy officer by:

Email: TPBLegalunit [at] tpb.gov.au

Post: Privacy Contact Officer, Tax Practitioners Board, Legal Unit, GPO Box 1200, Brisbane QLD 4001

Complaints will be assessed by our Legal Unit and the outcome determined by the TPB Chair and Secretary.

We will handle personal information security breaches in accordance with the relevant guidance issued by the Office of the Australian Information Commissioner.
 

Part 2

This section provides further information about the personal information we specifically collect for the purpose of exercising our powers and administering our functions under the TASA.

The type of personal information we may collect has been grouped under the following categories for ease of reference:

  1. registration files
  2. regulatory files
  3. accreditation files
  4. litigation files
  5. policy files
  6. information management files
  7. communication files
  8. administrative files
  9. Board and committee meeting files.

1. Registration files

Purpose

The purpose of collecting this information is to:

  • process applications for registration under Part 2 of the TASA and investigate applications for registration where necessary
  • maintain a publicly available register of registered and deregistered tax practitioners (TPB Register) as required by section 60-135 of the TASA and Regulation 12 of the Tax Agent Services Regulations 2009 (TASR).

The personal information we collect and hold in relation to an application for registration may include:

  • name
  • practice name
  • registration type
  • registration number
  • address
  • age
  • gender
  • phone number
  • email address
  • registration date
  • renewal date
  • professional indemnity insurance details
  • details of conditions, suspensions, sanctions and terminations.

The sensitive information we collect and hold in relation to an application for registration may include:

  • career and academic qualifications
  • character references
  • financial information
  • health details
  • employment history for five years or ten years preceding application to the TPB
  • criminal and civil convictions
  • tax file numbers (TFNs)
  • bankruptcy details
  • business and professional information including professional association details
  • copies of ATO and ASIC reports
  • transcripts of any relevant Administrative Appeals Tribunal (AAT) and Court hearings
  • conviction notices
  • statements and transcripts of interviews with the TPB
  • investigation reports, including detailed reports from a recognised professional association in so far as these matters relate to the applicant’s status as a ‘fit and proper person’
  • other types of information dependent on the circumstances surrounding the application for registration.

The personal information we hold will be about applicants for registration under the TASA, currently registered tax practitioners, formerly registered tax practitioners , and members of partnerships and company officers.

Collection

We generally collect personal information directly from the individual concerned.

Where authorised under the TASA, we may also collect personal information about an individual who has applied for registration from third parties (including other government agencies such as the ATO and ASIC) in order to assess an application for registration.

We may also collect personal information about an individual applying for registration from another registered tax practitioner as generally, an individual applicant will be required to provide a statement of relevant experience certified by another registered tax practitioner.

Sometimes we may collect personal information from publicly available sources such as websites.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We may use the personal information to contact the applicant or any other relevant individual, agency or organisation. We may undertake further enquiries with a registered tax practitioner who has provided a statement of relevant experience if necessary.

Where authorised or required by law to do so, we may also disclose the personal information we collect to other government agencies and entities such as:

  • the ATO, if it is considered to be relevant to the Commissioner’s administration of the taxation laws or if we are specifically required under the TASA to notify the ATO of a particular decision
  • ASIC, if it is considered to be relevant to the Commission performing any of its functions or exercising any of its powers
  • a professional association accredited by the TPB, if an individual is a member of that association.

Some of the personal information we collect is disclosed to any person who accesses the TPB Register on our website. We are required by law to make certain registration information publicly available.

We may also disclose personal information to the AAT or Federal Court if an entity seeks a review of our registration decisions.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information we collect is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Staff in our Registration, Regulatory assurance and Legal areas and the Secretary have access to this information. Staff in the Chair’s office and Board members who are required to decide applications for registration also have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

2. Regulatory files

Purpose

The purpose of collecting this information is to:

  • respond to enquiries and complaints
  • risk assess, undertake preliminary enquiries and investigate conduct that may breach the TASA and impose sanctions for breaches.

The information may relate to registered tax practitioners, unregistered practitioners, members of partnerships, company officers, complainants and witnesses.

The personal information we collect and hold may include:

  • name
  • address
  • age
  • gender
  • occupation
  • other types of information dependent upon the individual case.

The sensitive information we collect and hold may include:

  • career and academic qualifications
  • character references
  • financial information
  • employment history
  • criminal and civil convictions
  • TFNs
  • bankruptcy details
  • business and professional information
  • copies of ATO and ASIC reports
  • transcripts of any relevant AAT and Court hearings
  • conviction notices
  • statements and transcripts of interviews with the Board
  • investigation reports
  • reports from professional associations
  • health information
  • relationship details
  • other types of information dependent on the individual case.

Collection

We generally collect personal information directly from complainants (which may include a government agency) or the entity that has been complained about.

Where we are authorised under the TASA to do so and it is considered relevant to an enquiry or investigation, we may also seek personal information from third parties. Third parties include other government agencies such as the ATO and ASIC.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We may use the personal information to contact the applicant or any other relevant individual, agency or organisation.

Where we are authorised or required by law to do so, the personal information we collect may be provided to:

  • the entity that has been complained about
  • other government agencies, including the ATO, ASIC and law enforcement agencies
  • other entities, such as a professional association accredited by the TPB (this may involve the disclosure of information to a professional association that is located overseas).

We may also disclose personal information to the AAT or Federal Court if an entity seeks a review of our decision to impose a sanction or if we commence civil penalty proceedings in the Federal Court.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically in our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Staff in our Regulatory assurance and Legal areas and the Secretary have access to this information. Staff in the Chair’s office and Board members who are required to decide enquiries and investigations into conduct that may breach the TASA also have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

3. Accreditation files

Purpose

The purpose of collecting this information is to:

  • process applications for accreditation as a recognised tax agent,  BAS agent or tax (financial) adviser association under the TASR
  • maintain particular information regarding these recognised associations on our website as required by Regulation 6 of the TASR.

Information collected and held by us in relation to an application for accreditation may include organisation name, association type, address, phone number and email address.

The limited personal information we collect and hold may relate to the management personnel of the organisation that has applied for accreditation and its particular members.

The limited sensitive information we collect and hold may include financial information and membership details.

Collection

We generally collect any personal information directly from the organisation applying for accreditation.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We may use the personal information to contact the applicant or any other relevant individual, agency or organisation.

As required under the TASA, a list of recognised tax agent, BAS agent and tax (financial) adviser associations is also made available on our website.

We may also disclose personal information to the AAT or Federal Court if an organisation seeks a review of an accreditation decision we make.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Staff in our the Legal unit and the Secretary have access to this information. Staff in the Chair’s office and Board members who are required to decide applications for accreditation also have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

4. Litigation files

Purpose

The purpose of these files is to:

  • maintain files on litigation matters we are involved in
  • maintain records of precedent opinions and cases.

The information may relate to registered tax practitioners, unregistered practitioners, members of partnerships, company officers, complainants and witnesses and may include correspondence between parties to litigation, notices from Courts and the AAT, case summaries, written submissions and legal opinions.

The personal information we collect and hold may include:

  • name
  • address
  • age
  • gender
  • occupation
  • other types of information dependent upon the individual case.

The sensitive information we collect and hold may include:

  • career and academic qualifications
  • character references
  • financial information
  • employment history
  • criminal and civil convictions
  • TFNs
  • bankruptcy details
  • business and professional information
  • copies of ATO and ASIC reports
  • transcripts of any relevant AAT and Court hearings
  • conviction notices
  • statements and transcripts of interviews with the Board
  • investigation reports
  • reports from professional associations
  • health information
  • relationship details
  • other types of information dependent on the individual case.

Collection

We generally collect personal information directly from the individual concerned.

Where authorised under the TASA and if considered relevant, we may also collect personal information about an individual from relevant third parties, including other government agencies like the ATO and ASIC.

Sometimes we may collect personal information from publicly available sources such as websites.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We may disclose personal information to the AAT or Federal Court if we are responding to an application for review or we make an application to the Federal Court.

Data quality

We update the personal information we hold upon request or when we become aware it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Our Secretary and staff in the Legal unit have access to this information. Staff in the Chair’s office and Board members who are required to provide strategic direction in relation to litigation matters also have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

5. Policy files

Purpose

The purpose of these files is to store policy correspondence, working papers and other documents that relate to our functions to:

  • provide guidance and awareness in relation to the tax agent services regime
  • issue guidelines by way of legislative instruments.

The limited personal information we collect and hold in these files may include:

  • submissions from persons either in an individual capacity or on behalf of an organisation, such as a professional association or an educational body, in relation to exposure drafts that we have invited comment upon
  • information regarding membership and attendance at the TPB consultative forum.

Collection

We generally collect personal information directly from the individual concerned or the organisation that they represent.

Sometimes we may collect personal information from publicly available sources such as websites.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose personal information to other government agencies, entities or individuals unless we are specifically required or authorised by law to do so.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Our Secretary and staff in the Chair’s office, Legal unit, Registrations and Regulatory assurance areas and Board members have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

6. Information management files

Purpose

The purpose of these files is to store correspondence, decisions and other documents that relate to requests for information we receive. This includes requests for access under the FOI Act and requests for official information from the ATO, ASIC and authorised law enforcement agencies.

The personal information we collect and hold:

  • relates to the individual requesting the information which may be an individual requesting on behalf of another government agency, such as a law enforcement agency, the ATO or ASIC
  • may include personal information about an individual who is the subject of the relevant request for information.

Collection

We generally collect personal information directly from the individual making the request.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose personal information to other government agencies, entities or individuals unless we are required or authorised by law to do so.

Subsection 70-40(4) of the TASA specifically provides that official information acquired by the TPB under the TASA may only be disclosed:

  • in the course of performing duties under or in relation to the TASA or the TASR
  • if the information was already available to the public
  • to the Commissioner of Taxation (Commissioner) for the purpose of administering a taxation law
  • to an authorised law enforcement agency officer in particular circumstances
  • to ASIC for the purpose of the Commission performing any of its functions or exercising any of its powers.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Our Secretary, staff in the Chair’s office and the Legal unit, and Board members have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

7. Communication files

Purpose

The purpose of these files is to store details of our communication activities, including contact with the media, speeches, event details, newsletters, surveys, publication preparation and social media use.

The limited personal information in these files includes contact lists of different organisations and individuals that we interact with such as registered tax practitioners, professional associations, other agencies and representatives of these associations and agencies.

Collection

We generally collect personal information directly from the individual concerned.

Sometimes we may collect personal information from publicly available sources such as websites.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose this personal information to other government agencies, entities or individuals unless we are specifically required or authorised by law to do so.

We use Twitter in accordance with Twitter’s terms of service and LinkedIn in accordance with LinkedIn user agreement. Use of Twitter and LinkedIn to engage with us may involve the disclosure of certain personal information in accordance with Twitter’s terms of service and Linkedin user agreement.

Data quality

We update the personal information we hold upon request or when we become aware that the information requires updating. We will remove contact information of individuals who advise us that they no longer wish to be contacted by us.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Personal information may be provided to a service provider contracted to distribute our communication products (for example, our enewsletter). The information is only used for our communication purposes and is securely stored on the service providers IT system.

Our Secretary and staff in the Chair’s office, Corporate services, Regulatory assurance, Registrations and Legal areas have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

8. Administrative files

Purpose

The purpose of these files is to store Board member contact details, biographical information, travel documentation, pay related records and other documents that relate to providing secretariat support for the Board and the necessary record keeping requirements.

The personnel records of our staff are held by the ATO. This is because the Commissioner must make available to the TPB, staff from the ATO to provide administrative assistance.

Collection

We generally collect personal information directly from the Board members.

Use and disclosure

We only use the personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose this personal information to other government agencies, entities or individuals unless we are specifically required or authorised by law to do so.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Our Secretary and staff in the TPB Secretariat have access to this information.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

9. Board and committee meeting files

Purpose

The purpose of these files is to store meeting papers, agendas, minutes of meetings and other documents that relate to Board and committee meetings.

As the Board and its committees may be required to consider and decide upon a number of different matters under the TASA, the personal information we may collect and hold in these files is outlined in subsections [1] to [7] of Part 2 of this policy.

Collection

The way that we collect this personal information is outlined in subsections [1] to [7] of Part 2 of this policy.

Use and disclosure

The way that we use and disclose this personal information is outlined in subsections [1] to [7] of Part 2 of this policy.

Data quality

We update the personal information we hold upon request or when we become aware that it requires updating.

Data security

The personal information collected is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Board members, our Secretary and staff have access to this information as outlined in subsections [1] to [7] of Part 2 of this policy.

Access and correction

Information about how to access or correct personal information is outlined in Part 1 of this policy.
 

Part 3

Our website is operated by using both Commonwealth and commercial web hosting facilities. When visiting this site, a record of your visit is logged.

The following information is supplied by your browser, recorded for statistical purposes and is used to help improve the site:

  • user's server address
  • user's operating system (for example Windows, Mac etc)
  • user's top level domain name (for example .com, .gov, .au, .uk etc)
  • date and time of the visit to the site
  • pages accessed and the documents downloaded
  • previous site visited
  • type of browser used

No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet web server logs.

Last modified: 8 November 2016