The Tax Practitioners Board (TPB) is a national statutory body responsible for the registration and regulation of tax practitioners under the Tax Agent Services Act 2009 (TASA).

The TPB consists of a Board and a Chair appointed by the Minister for Revenue and Financial Services and staff made available by the Commissioner of Taxation (Commissioner).

As an Australian Government agency, we are required to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Privacy Act) which regulate how we collect, disclose and hold personal information.

‘Personal information’ is defined under the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether:

• the information or opinion is true or not

• the information or opinion is recorded in a material form or not.

Purpose of policy

The Privacy Act requires entities bound by the APPs to have a privacy policy. This privacy policy sets out how we comply with our obligations relating to our collection, storage, use and disclosure of personal information under the Privacy Act and the associated APPs. It also provides information about your rights under the Privacy Act in relation to personal information we hold about you.

This policy is written in simple language. If you would like to review the specific legal obligations of the TPB when collecting and handling your personal information and your rights, please refer to the Privacy Act and in particular the APPs found in that Act.

Purposes for which we collect, hold, use and disclose your personal information

We only collect personal information for the purpose of exercising our powers and administering our functions under the TASA which are generally as follows:

• administer a system to register tax agents and BAS agents (collectively known as ‘tax practitioners’) including processing and investigating applications for registration

• investigate conduct that may breach the TASA and imposing sanctions for breaches

• administer a system to accredit professional associations as recognised tax agent or BAS agent associations

• maintain a publicly available register of registered and deregistered tax practitioners as required by the TASA

• respond to requests for access under the Freedom of Information Act 1982 (FOI Act) and requests for official information from the ATO, ASIC and authorised law enforcement agencies

• provide guidelines, policy and information on relevant matters

• publish communications such as media releases, speeches, event details, newsletters, surveys, publication preparation and social media posts.

We only use personal information for the purpose for which it was given to us, or for purposes which are directly related to one of our functions under the TASA.

We will not disclose personal information to other government agencies, entities or individuals unless we are specifically required or authorised by law to do so.

Disclosure overseas

We generally do not disclose personal information to overseas recipients. Where required, we may disclose your personal information to an overseas entity for purpose of exercising our powers and administering our functions under the TASA. For example, to a professional association that is located overseas for the purposes of processing an application for registration, if the applicant is a member of that association.

How we collect and hold your personal information

Generally, we collect personal information directly from the individual concerned for the particular function or activity we are carrying out. For example, we collect your personal information when you apply for registration or renewal as a tax practitioner. 

We may also collect personal information from a third party, for example:

• if we receive a complaint relating to a tax practitioner

• in the course of undertaking risk assessments, preliminary enquiries and investigations into conduct that may breach the TASA

• in the course of legal proceedings.

The personal information we collect is generally held electronically on our IT system, although some personal information is held in paper files that are securely stored in locked cabinets.

Kinds of personal information we collect and hold

The personal information we collect and hold for the purpose of exercising our powers and administering our functions under the TASA may include:

• your personal details, such as your name, age, gender

• your contact details, such as home address, office address, phone numbers and email addresses

• your practice details, such as practice name, details of directors and supervising agents, professional association details

• registration details, such as registration type, registration number, registration date, details of conditions, suspensions, sanctions and terminations, professional indemnity insurance details, renewal date your career and academic qualifications, character references

• sensitive personal information, such as financial information, health details, criminal record, tax file numbers (TFNs), bankruptcy details, copies of ATO and ASIC reports

• records of your communications and other interactions with us

• regulatory files, such as copies of ATO and ASIC reports, transcripts of any relevant AAT and Court hearings, conviction notices, statements and transcripts of interviews with the Board, investigation reports

• policy files, such as submissions in relation to exposure drafts that we have invited comment upon and information regarding membership and attendance at the TPB consultative forum

• personal information relevant to our human resource and corporate service functions.

Data quality 

We take steps to ensure that the personal information we collect and store is up-to-date, complete and accurate. The steps we take include:

• updating personal information upon request or when we become aware that the information requires updating

• regular reminders to registered tax practitioners to keep their personal information held by the TPB up-to-date

• providing registered tax practitioners with access to an online portal in which they can update their own details

• ensuring that there are appropriate systems and procedures in place to accurately collect and consistently record personal information.

Data security 

We take steps to protect the personal information we hold against loss, unauthorised access, use, modification, disclosure and misuse. The steps we take include:

• daily backups of data to prevent data loss

• password only access to our information technology (IT) system

• only providing approved users with access to our IT system

• auditing access to our IT system on a periodic basis to ensure access is only provided to those that require it

• securing paper files in locked cabinets on-site or storing them in secure off-site facilities that comply with TPB requirements

• restricting site access, including the requirement to have a security pass to gain access to our offices

• requiring any external IT contractors working for us to clear security vetting prior to commencing

• ensuring we have internal quality assurance processes in place to protect personal information including verification of the accuracy of personal information prior to use.

Access to your information 

If you make a request for access to personal information that we hold about you, we will respond to your request within 30 days.

We will only refuse access to personal information where we are required or authorised under the TASA, the FOI Act or any other relevant Australian law.

If we refuse to give you access to your information, we will notify you in writing of the reasons why and provide you with further information about how you can complain about the decision.

Correction of your information 

If you make a request to correct personal information that we hold about you, we will respond to your request within 30 days.

If we refuse to make the correction:

• we will notify you in writing of the reasons why and provide you with further information about how you can complain about the decision

• you may request that we include a statement from you stating that the information in the relevant record is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Information collected when you visit our website

Our website is operated by using both Commonwealth and commercial web hosting facilities. When visiting this site, a record of your visit is logged.

The following information is supplied by your browser, recorded for statistical purposes and is used to help improve the site:

• user's server address

• user's operating system (for example Windows, Mac etc)

• user's top level domain name (for example .com, .gov, .au, .uk etc)

• date and time of the visit to the site

• pages accessed and the documents downloaded

• previous site visited

• type of browser used.

No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet web server logs.

How to contact us

If you have an enquiry relating to how the TPB collects, uses and stores your information, including how to access and correct your information or to make a privacy complaint, email it to privacy@tpb.gov.au or by post to:

Privacy Contact Officer
Tax Practitioners Board
Legal Unit
GPO Box 1620
SYDNEY NSW 2001

Complaints will be assessed by our Legal Unit and the outcome determined by the CEO/Secretary.

We will handle personal information security breaches in accordance with the relevant guidance issued by the Office of the Australian Information Commissioner.