As an accounting practice, you strive to protect your clients’ details, always ensuring that their sensitive information remains confidential. One essential piece of information is their Tax File Number (TFN).
You might think that a document including a TFN within a secured client portal is harmless. Think again. Storing documents with TFNs in a third-party client portal or your own client portal, not only magnifies the risk of exposure but also places you in risky territory with the legislation.
The Privacy (Tax File Number) Rule 2015 (TFN Rule)*:
As tax agents and accountants, you are considered TFN recipients, meaning that the TFN Rule directly regulates how you collect, store, use, and dispose of TFNs. Under the TFN Rule, any mishandling of the TFN is not just a breach of trust but a violation of the Privacy Act. It is crucial to comply with these guidelines to avoid potential breaches and protect your clients’ privacy.
The TFN Rule requires that TFN recipients take reasonable steps to protect TFN information from unauthorised access, use, modification, or disclosure. This includes securely destroying or permanently de-identifying TFN information where it is no longer required by law to be retained.
Protecting the TFN in portals
It’s easy, simply do not store ATO documents with TFNs in portals.
How to reduce your risk of a TFN breach
Reduce the risk by removing TFNs regardless of how they are stored, including storing in:
– client portals,
– a third-party portal,
– document management systems,
– personal computers,
– cloud servers.
Redaction of TFNs ensures you are meeting your TFN legislative requirements.
The next steps to be TFN compliant
With ATOmate, you’re taking all ‘reasonable steps’ to be TFN compliant:
- TFNs are automatically redacted from ATO documents before they make it to your ATOmate dashboard for review, approval, or escalation.
- Your client’s ATO documents are never stored on ATOmate’s systems, they are stored in your document management system.
- When you email or post to your client, there is no exposed TFN.
Your clients trust you with their most sensitive information and you must take all reasonable steps to protect their TFN information and comply with the TFN Rule. Redacting TFNs from stored ATO documents is non-negotiable.
To find out more about how ATOmate can help you stay TFN compliant click here.
*Reference: TPB(PN) 4/2021 Use and disclosure of a client’s TFN and TFN information in email communications https://www.tpb.gov.au/tpb-practice-note-tpbpn-42021-use-and-disclosure-clients-tfn-and-tfn-information-email