Regardless of turnover, small businesses that handle Tax File Numbers (TFNs) have legal obligations to protect them.

This includes every employer

The Australian Privacy Act 1988 (Cth) states  “if a business is a recipient of TFN information it must comply with the Privacy (Tax File Number) Rule 2015 (TFN Rule)”.

Many small business owners assume they do not have any obligations under the Act on account of the size of their annual turnover. However, in these circumstances, small businesses do have legal obligations regarding privacy.

What is the Privacy TFN Rule 2015 ?

This rule regulates the collection, storage, use, disclosure, security and disposal of individuals’ Tax File Number information.

A breach of the TFN Rule under the Privacy Act could result in civil penalties and compensation for damages. Not to mention loss of trust and reputation, and possible loss of clients and revenue.

Individuals who consider their TFN information has been mishandled may make a complaint to the Privacy Commissioner.

Why is it important to protect TFNs ?

  1. They are unique identifiers which are issued to individuals for life.
  2. They could potentially be used by all TFN recipients as part of a national identification system.
  3. They could be used to match, or link records of personal information held by many different TFN recipients.

What does your business need to do ?

As TFN recipients, your business should at least :

  1. have clearly defined TFN policies and practices
  2. restrict access to records containing TFN information to only staff who need to handle this information
  3. ensure staff are fully aware of their responsibilities
  4. have appropriate security controls
  5. have plans to handle a breach when it occurs

If you would like to know more about the TFN Rule, your obligations and how Privacy Proactive could help your business, please contact me.