About this policy
This is a policy about the handling of personal information by the Inspector-General of Taxation (IGT). Its purpose is to give you a better understanding of our personal information handling practices and to enhance the transparency of the IGT’s operations. It gives effect to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988.
Outline of this policy
‘Part A – Personal Information Management’ provides background on the functions and activities of the IGT and explains in general terms the kinds of personal information collected by us, and how this is collected and held. It also explains how you can ask to see your personal information that we hold and how you can ask to have details of your personal information corrected. This part also explains how you can complain if you believe that your personal information has been mishandled, or there has been a breach of your privacy by us.
‘Part B – Records’ lists specific kinds of IGT records that hold personal information. It explains in further detail the management of personal information by reference to specific IGT functions and activities, such as complaint handling and investigations. You can find out here what sorts of records we keep, what kinds of personal information are typically collected on these records, and the purpose for which this information is collected, held, used and disclosed.
‘Part C – Online’ explains the IGT’s personal information handling practices when a person visits the IGT website.
Part A – Personal Information Management
Our obligations under the Privacy Act
1.1 The IGT must comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 which regulate how agencies may collect, hold, use or disclose personal information, and how individuals may access and correct personal information held about them. Personal information is defined by section 6 of the Privacy Act 1988 as:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
1.2 Sensitive information is defined by section 6 of the Privacy Act 1988 as:
- information or an opinion about an individual’s:
that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information; or
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
Functions and activities of the IGT
1.3 The IGT is empowered to:
- investigate complaints by taxpayers, tax practitioners or other entities about the administration of taxation laws; and
- investigate administrative action taken under taxation laws, including systemic issues, that affect taxpayers, tax practitioners or other entities.
1.4 The functions and powers of the IGT are set out in the Inspector-General of Taxation Act 2003 (IGT Act) as amended in 2015.
How does the IGT collect personal information
1.5 We collect personal information primarily from the individual to whom the information relates or their authorised representative.
1.6 However, in our investigation work we have a broad discretion as to how to investigate matters, including the information that we can ask other agencies, persons or private entities to give to us. For example, to investigate a complaint about the Australian Taxation Office (ATO) or the Tax Practitioners Board (TPB) it is usually necessary to collect personal information from them, either directly from officers of that agency or by remote access to their databases. If you make a complaint to us and we decide to investigate the complaint then you should expect that your personal information will be collected in this way. As part of this process we may also collect information about a person or entity associated with your complaint.
1.7 We will only collect your personal information from someone other than you or your authorised representative if:
- you agree to it; or
- it is authorised by law; or
- it is unreasonable or impractical to collect it from you.
1.8 Sometimes in the course of an investigation, or in other circumstances, we may be given personal information about a person (which is about someone other than the person who made the complaint) that we did not ask for. This is called ‘unsolicited personal information’ and may have been provided by the complainant, an agency or another person. In these circumstances we will assess whether we would be permitted under the APPs to collect this same information from the person whose personal information it is. If we could have collected it from that person because of our functions and activities, then we will retain it, otherwise we will destroy it. We will not use or disclose unsolicited personal information unless this is permitted by the APPs.
1.9 We collect personal information as a result of face to face meetings, telephone conversations, in writing by mail, fax or electronic communication, photographs, video recordings, and through submissions or complaint forms through our website and newsletter subscriptions (see Part C).
1.10 We also collect personal information in records made during investigations or reviews, and in documents provided by agencies for the purposes of our investigations or reviews.
1.11 The IGT conducts a number of activities that are incidental to, and necessary for carrying out his statutory functions. These are best described as ‘corporate’ functions and include finance, accounting, procurement, reporting, employment and human resources activities. Therefore in connection with our corporate activities we collect personal information from a wide range of sources including from job applications of prospective staff, directly from staff, other government agencies and private entities.
How does the IGT hold personal information
1.12 We hold personal information that we collect in both electronic and paper records. We maintain a case management system as well as online shared hard drives which are hosted on secured servers. We take steps to ensure that personal information we hold is protected against unauthorised access, use, modification or disclosure, or other interferences. These steps include password protection for accessing our electronic system, securing paper files in locked cabinets, safes and secure areas, and physical access restrictions.
1.13 The case management system stores information in an interconnected fashion. This means that we can access personal information directly by searching for a person’s name, or indirectly, by searching with reference to a specific case number or another search parameter. Many of these search parameters are set up to enable the IGT to access material and statistics to comply with his reporting obligations.
1.14 Access to records containing personal information is permitted on a ‘need-to-know’, work-related basis, and subject to restrictions based on security clearance levels. In some cases access will be more tightly restricted.
1.15 Where appropriate, senior management may authorise the creation of virtual barriers that prevent staff from physically accessing information contained in electronic records.
1.16 When no longer required, personal information is destroyed in a secure manner, or deleted, in accordance with the Archives Act 1983.
What kinds of personal information does the IGT collect and hold
1.17 In accordance with the APPs we collect personal information to enable us to carry out the IGT’s functions and activities. We collect and hold personal information relating to a wide range of people, taxpayers, tax practitioners and staff members of the ATO and the TPB.
1.18 In general the kind of personal information we collect about you may include your name, dates of birth, electronic (email), postal, street addresses, telephone number, occupation, and details of your complaint. We are also authorised to request, but not require you to provide, your tax file number (TFN) to us. We request your TFN so we can get your matter investigated more promptly. We do this by using it to identify your records held by the ATO through direct disclosure to them. We manage your TFN in accordance with the Privacy (Tax File Number) Rule 2015.
1.19 You may complain to us anonymously or by adopting a pseudonym. However, if you do complain anonymously it may be difficult or impossible for us to investigate your complaint as a personal matter.
1.20 We will tell you if we cannot investigate your complaint because you have not supplied sufficient identifying information. If you do not supply a valid communication option, and it is not possible to contact you, we will generally not take any further action on your complaint.
1.21 We will only collect your sensitive information if:
- you agree to us collecting it and it is reasonably necessary for, or directly related to one of our functions or activities; or
- it is required or authorised by law or an order of a court of tribunal; or
- a ‘permitted general situation’ as defined in the Privacy Act 1988 exists.
For what purposes does the IGT collect, hold, use and disclose personal information
1.22 In accordance with the APPs, we collect, hold, use and disclose personal information to enable the IGT to carry out his functions and activities, including investigating complaints you have made about actions of the ATO or the TPB.
1.23 We may also use the information to seek feedback from you or to conduct follow-up surveys to identify opportunities to improve the service we deliver. If you do not wish for your information to be used for this purpose, please let us know.
How can I access or correct my personal information held by the IGT?
1.24 You can ask to see your personal information held by us, and you can ask that it be corrected if you think that it is wrong or not up to date. If you are speaking to an IGT officer you can ask them about this and they will be able to immediately update information such as your address or contact details if these have changed. More formal or extensive requests should be addressed to the ‘Privacy Contact Officer’ and sent by
- post to GPO Box 551, Sydney NSW 2001, or
- email to firstname.lastname@example.org.
1.25 You can also call 1300 44 88 29 and ask to speak with a Privacy Contact Officer.
1.26 Generally your request will be considered by us with reference to the framework of the Freedom of Information Act 1982 (FOI Act).
1.27 If, in considering your request, we believe that a document containing your personal information should be withheld from you because an exemption under the FOI Act would apply then we may withhold that document (or parts of it), and will explain the reason to you in writing. Requests for access will answered within 28 days of the date on which the request is made.
How do I complain about the handling of my personal information by the IGT?
1.28 Complaints about privacy breaches by the IGT must be made in writing. You can address a complaint to the ‘Privacy Contact Officer’ and sent by:
- post to GPO Box 551, Sydney NSW 2001, or
- email to email@example.com.
1.29 You can also call 1300 44 88 29 and ask to speak with a Privacy Contact Officer.
1.30 You should set out how you say we have not handled your personal information in accordance with the APPs.
1.31 We will acknowledge your complaint within 7 days and investigate and resolve all complaints as soon as possible. Your complaint will be referred to a Privacy Contact Officer, usually a member of the IGT management team. Your complaint will be investigated and you will be advised of the outcome of the investigation. Our decision will be explained with reference to the relevant APPs. The time this will take will depend on the nature of your complaint and how complicated it is.
1.32 If you are unhappy with our response or the way we have handled your personal information complaint or a privacy breach, you may complain to the Privacy Commissioner. Details on how to make a complaint to the Privacy Commissioner can be found on the Office of the Australian Information Commissioner website.
Part B – Records
2.1 There are ten (10) specific kinds of records that the IGT holds. These are:
- complaint handling and investigation records;
- own initiative investigation or review records;
- miscellaneous contact records;
- Newsletter subscriptions;
- freedom of information records;
- voicemail records;
- photographs and video recordings;
- personnel records;
- corporate administrative records including policy records; and
- strategic agency liaison records.
2.2 These are discussed further below.
Complaint handling and investigation records
2.3 These records:
- contain details of complaints made to us in relation to the IGT’s functions under the IGT Act;
- contain details of the actions taken by us in relation to those complaints, including investigation and internal reviews of decisions made about those complaints; and
- contain sensitive information such as your TFN or other confidential information related to your tax affairs or your business.
2.4 Personal information described above is collected to enable us to decide whether your complaint is within the IGT’s jurisdiction, whether there is a reason not to investigate the complaint, the agency about which the complaint is made, and how best to investigate the complaint. It also helps us decide if another body or person could assist you better in resolving your complaint. In some circumstances we may be able to transfer your complaint to the Commonwealth Ombudsman or refer it to another agency that may be better placed to assist you. If we transfer your case to the Commonwealth Ombudsman, we may disclose some information which has been provided to us. Where we refer you to another agency (other than the ATO or the TPB), no personal information is disclosed.
2.5 Information contained on complaint files also assists the IGT to inform broader tax system reviews which aim to improve tax administration for all taxpayers. It also helps to better target inquiries, request relevant information and produce suitably informed reports to government.
2.6 The IGT may, after conducting the reviews, report on these matters publicly. However, in doing so, the IGT seeks to remove all individual names. Moreover, where it is necessary, the IGT will not make any disclosures which would make the identity of the person obvious or lead to its discovery.
2.7 Personal information of the kinds described above may also be held in relation to someone other than the person who has made the complaint. Other people whose personal information may be held on these files include relatives or friends of the complainant, business associates, staff of other government agencies or staff of government service providers.
Own initiative investigation or review records
2.8 The IGT may commence an investigation or review on his or her own initiative. This means that the IGT may investigate or conduct a review into an issue of interest that relates to ATO or TPB administration without a specific complaint, or in relation to a group of similar complaints. We maintain separate files in relation to these investigations and reviews in electronic and paper format.
2.9 The kinds of personal information contained on these files may include information described in the section above. The IGT has broad powers to conduct own initiative investigations in a manner he determines to be most appropriate, and by obtaining information from a wide range of sources, including individual complaint and investigation records.
2.10 As with complaint files, information contained on own motion investigation or review files may be disclosed to the agency or agencies in relation to which the investigation or review is being conducted. However, the IGT in appropriate circumstances will remove individual names from such disclosure.
Miscellaneous contact records
2.11 The purpose of these records is to record details of approaches made to the IGT that do not constitute complaints for the purposes of the IGT Act. Such approaches may be from members of the public, officers of other Australian and foreign agencies, the media and academic researchers. The records may also contain complaints about us and how we may have handled your complaint or relate to alleged breaches of the IGT’s service charter or other matters.
2.12 The kinds of personal information stored on these records are similar to those which may be provided as part of a complaint.
2.13 These records are collected directly from you through subscriptions to our newsletter. The limited personal information in these files includes contact lists of different organisations and individuals that we interact with such as taxpayers, registered tax practitioners, professional and industry associations, other government agencies and representatives of these associations and agencies.
2.14 These records are used to send out periodic IGT newsletters and other updates. You will have the option to unsubscribe and remove your information from this service at any time you choose.
Freedom of Information (FOI) records
2.15 The purpose of these records is to record all requests for information made to the IGT under the FOI Act. These files also record requests for internal review of IGT FOI decisions, as well as requests for annotation and/or amendment of records. We also record our interactions with the Office of the Australian Information Commissioner in respect of FOI complaints and Information Commissioner reviews.
2.16 Personal information on these records may relate to the person who has made the FOI request, complainants to the IGT (whether or not they are also the FOI applicant), IGT staff, staff of other agencies, and any other person whose personal information is contained in the record to which FOI access has been sought.
2.17 Telephone calls to our 1300 44 88 29 number or, to or from our officers in relation to a complaint, are recorded and callers are advised of this. These records are registered on our phone system and may relate to a range of matters, including complaints, general enquiries, media enquiries, and contact by other agencies. The personal information contained in them may include a caller’s name, address and telephone number. Depending on the subject matter of a recording the information contained in it will be placed onto other records either as an audio record or reduced to a written form (not necessarily an exact transcription), and be handled accordingly.
2.18 These records may also be used for training and quality assurance purposes.
Photograph and video records
2.19 These records are collected from video surveillance cameras installed at, and in the vicinity, of our offices. The records are used for the purpose of ensuring the safety and security of IGT staff and property.
2.20 The IGT has duties and powers as an agency head under the Public Service Act 1999 and has other associated obligations including those arising under the Disability Discrimination Act 1992, the Sex Discrimination Act 1984, the Fair Work Act 2009, the Safety Rehabilitation and Compensation Act 1988, the Superannuation Act 2005, the Long Service Leave (Commonwealth Employees) Act 1976, the Maternity Leave (Commonwealth Employees) Act 1976 and the Work Health and Safety Act 2011. Records are kept to enable the IGT to carry out his functions, obligations and responsibilities for staff, employees and contractors.
2.21 Personnel files are kept to maintain records about all aspects of employment including; recruitment, employment history, payroll, leave, equal employment opportunity data, workplace relations, security clearances, performance, workplace health and safety, rehabilitation and compensation. These records are kept in relation to all permanent, contracted and temporary staff members/employees of the IGT.
2.22 Access to personnel files is controlled on a ‘need to know’ basis.
2.23 Personal information is disclosed on a ‘need to know’ basis for the purposes of administering our payroll, and to travel providers under the ‘whole of government’ travel arrangements. In addition we are required to give personal information to various bodies including the Australian Public Service Employment Database, the Australian Government Security Vetting Agency, the ATO and Comcare
Corporate administrative records including policy records
2.24 The purpose of administrative records, including policy records is to hold information relating to corporate functions, including office governance, financial management, procurement, legal services, privacy, information, communications and technology, public affairs and both physical and information security.
2.25 Such files may contain a range of personal information relating to complainants, contracted service providers, IGT staff (and staff of other agencies) as well as members of the wider community. Such information is likely to be similar to the kinds described above regarding complaints investigations.
Strategic/agency liaison records
2.26 The purpose of these files is to record information and activities relating to policy aspects of the IGT’s work, for example the development of directions, aids or systems to support our decision-making and the performance of statutory functions. Information on these records may also help us make contributions to policy debates across government.
2.27 Some of these files may include material relevant to closed or ongoing investigations or reviews (where it is related to, or may inform consideration of, a broader policy issue), and include personal information about complainants or agency staff.
2.28 These files may also contain interagency protocols or memoranda of understanding and details of interagency meetings including the names of attendees and their positions within agencies.
3.1 This part applies to your interactions with the IGT website.
3.2 We are committed to the protection of your privacy in accordance with the Australian Information Commissioner’s Guidelines for Federal and ACT Government World Wide Websites. These guidelines outline the requirements for transparent collection, appropriate and ethical use and secure storage of personal information. Our aim is to provide an online environment which will ensure the information you provide to us is handled in a secure, efficient and confidential manner.
3.3 When visiting our sites, a record of your visit is logged. This ‘clickstream data’ is recorded for statistical purposes only and is used to help improve the website. The following information is supplied by your browser (e.g: Internet Explorer):
- the user’s server address;
- the user’s top level domain name (for example .com, .edu, .gov, .au, .uk etc);
- the date and time of the visit to the site;
- the pages accessed and the documents downloaded;
- the previous site visited; and
- the type of browser used.
3.4 This information is used for statistical purposes only. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency (or other government agency) exercises a legal authority to inspect Internet Service Provider (ISP) logs (eg. by warrant, subpoena or notice to produce).
Collection of personal information
3.6 When you e-mail us:
- we will record your e-mail address;
- we will only use your e-mail address for the purpose for which you provided it;
- it will not be added to a mailing list, unless provided by you specifically for that purpose;
- we will not use your e-mail address for any other purpose; and
- we will not disclose it without your consent or otherwise in accordance with the APPs.
3.7 Our site does not generally provide facilities for the secure transmission of information across the Internet. The only exception to this is that users can submit complaints using our Lodge a Complaint form which uses an encrypted connection. Nonetheless, users should be aware that there are inherent risks in transmitting information across the Internet. As an alternative, users are able to use the communication channels set out below:
Inspector-General of Taxation
GPO Box 551, Sydney NSW 2001
Phone: 1300 44 88 29
Fax: 02 8239 2100
Links to other sites
3.9 If you have any questions about this privacy statement, your dealings with the IGT, or this website, please contact us at firstname.lastname@example.org