About this policy
This is a policy about the handling of personal information by the Inspector-General of Taxation and Taxation Ombudsman (IGTO). Its purpose is to give you a better understanding of our personal information handling practices and to enhance the transparency of the IGTO's operations. It gives effect to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988.
Outline of this policy
'Part A – Personal Information Management' provides background on the functions and activities of the IGTO and explains in general terms the kinds of personal information collected by us, and how this is collected and held. It also explains how you can ask to see your personal information that we hold and how you can ask to have details of your personal information corrected. This part also explains how you can complain if you believe that your personal information has been mishandled, or there has been a breach of your privacy by us.
'Part B – Records' lists specific kinds of IGTO records that hold personal information. It explains in further detail the management of personal information by reference to specific IGTO functions and activities, such as complaint handling and investigations. You can find out here what sorts of records we keep, what kinds of personal information are typically collected on these records, and the purpose for which this information is collected, held, used and disclosed.
'Part C – Online' explains the IGTO's personal information handling practices when a person visits the IGTO website.
Part A – Personal Information Management
Our obligations under the Privacy Act
1.1 The IGTO must comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 which regulate how agencies may collect, hold, use or disclose personal information, and how individuals may access and correct personal information held about them. Personal information is defined by section 6 of the Privacy Act 1988 as:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
1.2 Sensitive information is defined by section 6 of the Privacy Act 1988 as:
- information or an opinion about an individual's:
that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information; or
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
Functions and activities of the IGTO
1.3 The IGTO is empowered to:
- investigate complaints by taxpayers, tax practitioners or other entities about the administration of taxation laws; and
- investigate administrative action taken under taxation laws, including systemic issues, that affect taxpayers, tax practitioners or other entities.
1.4 The functions and powers of the IGTO are set out in the Inspector-General of Taxation Act 2003 (IGT Act) as amended in 2015.
How does the IGTO collect personal information
1.5 We collect personal information primarily from the individual to whom the information relates or their authorised representative.
1.6 However, in our investigation work we have a broad discretion as to how to investigate matters, including the information that we can ask other agencies, persons or private entities to give to us. For example, to investigate a complaint about the Australian Taxation Office (ATO) or the Tax Practitioners Board (TPB) it is usually necessary to collect personal information from them, either directly from officers of that agency or by remote access to their databases. If you make a complaint to us and we decide to investigate the complaint then you should expect that your personal information will be collected in this way. As part of this process we may also collect information about a person or entity associated with your complaint.
1.7 We will only collect your personal information from someone other than you or your authorised representative if:
- you agree to it; or
- it is authorised by law; or
- it is unreasonable or impractical to collect it from you.
1.8 Sometimes in the course of an investigation, or in other circumstances, we may be given personal information about a person (which is about someone other than the person who made the complaint) that we did not ask for. This is called 'unsolicited personal information' and may have been provided by the complainant, an agency or another person. In these circumstances we will assess whether we would be permitted under the APPs to collect this same information from the person whose personal information it is. If we could have collected it from that person because of our functions and activities, then we will retain it, otherwise we will destroy it. We will not use or disclose unsolicited personal information unless this is permitted by the APPs.
1.9 We collect personal information as a result of face to face meetings, telephone conversations, in writing by mail, fax or electronic communication, photographs, video recordings, and through submissions or complaint forms through our website and newsletter subscriptions (see Part C).
1.10 We also collect personal information in records made during investigations or reviews, and in documents provided by agencies for the purposes of our investigations or reviews.
1.11 The IGTO conducts a number of activities that are incidental to, and necessary for carrying out his statutory functions. These are best described as 'corporate' functions and include finance, accounting, procurement, reporting, employment and human resources activities. Therefore in connection with our corporate activities we collect personal information from a wide range of sources including from job applications of prospective staff, directly from staff, other government agencies and private entities.
How does the IGTO hold personal information
1.12 We hold personal information that we collect in both electronic and paper records. We maintain a case management system as well as online shared hard drives which are hosted on secured servers. We take steps to ensure that personal information we hold is protected against unauthorised access, use, modification or disclosure, or other interferences. These steps include password protection for accessing our electronic system, securing paper files in locked cabinets, safes and secure areas, and physical access restrictions.
1.13 The case management system stores information in an interconnected fashion. This means that we can access personal information directly by searching for a person's name, or indirectly, by searching with reference to a specific case number or another search parameter. Many of these search parameters are set up to enable the IGTO to access material and statistics to comply with his reporting obligations.
1.14 Access to records containing personal information is permitted on a 'need-to-know', work-related basis, and subject to restrictions based on security clearance levels. In some cases access will be more tightly restricted.
1.15 Where appropriate, senior management may authorise the creation of virtual barriers that prevent staff from physically accessing information contained in electronic records.
1.16 When no longer required, personal information is destroyed in a secure manner, or deleted, in accordance with the Archives Act 1983.
What kinds of personal information does the IGTO collect and hold
1.17 In accordance with the APPs we collect personal information to enable us to carry out the IGTO's functions and activities. We collect and hold personal information relating to a wide range of people, taxpayers, tax practitioners and staff members of the ATO and the TPB.
1.18 In general the kind of personal information we collect about you may include your name, dates of birth, electronic (email), postal, street addresses, telephone number, occupation, and details of your complaint. We are also authorised to request, but not require you to provide, your tax file number (TFN) to us. We request your TFN so we can get your matter investigated more promptly. We do this by using it to identify your records held by the ATO through direct disclosure to them. We manage your TFN in accordance with the Privacy (Tax File Number) Rule 2015.
1.19 You may complain to us anonymously or by adopting a pseudonym. However, if you do complain anonymously it may be difficult or impossible for us to investigate your complaint as a personal matter.
1.20 We will tell you if we cannot investigate your complaint because you have not supplied sufficient identifying information. If you do not supply a valid communication option, and it is not possible to contact you, we will generally not take any further action on your complaint.
1.21 We will only collect your sensitive information if:
- you agree to us collecting it and it is reasonably necessary for, or directly related to one of our functions or activities; or
- it is required or authorised by law or an order of a court of tribunal; or
- a 'permitted general situation' as defined in the Privacy Act 1988 exists.
For what purposes does the IGTO collect, hold, use and disclose personal information
1.22 In accordance with the APPs, we collect, hold, use and disclose personal information to enable the IGTO to carry out his functions and activities, including investigating complaints you have made about actions of the ATO or the TPB.
1.23 We may also use the information to seek feedback from you or to conduct follow-up surveys to identify opportunities to improve the service we deliver. If you do not wish for your information to be used for this purpose, please let us know.
How can I access or correct my personal information held by the IGTO?
1.24 You have a right to access the personal information we hold about you, and you can ask that it be corrected if you think that it is wrong or not up to date. The first step is to contact us. In many instances, we will be able to either provide you with access or correct any inaccuracies immediately without you needing to make any formal requests.
1.25 For more extensive requests, including for access to telephone call recordings, we may ask that you submit the request in writing so that we can process it appropriately.
1.26 Where a written request is needed, it should be addressed to the 'Privacy Officer' and may be sent by:
- post to GPO Box 551, Sydney NSW 2001, or
- email to firstname.lastname@example.org.
1.27 You can also call 1300 44 88 29 and ask to speak with the Privacy Officer if you need further advice about how best to request access or corrections to your personal information.
1.28 Generally your request will be considered by us with reference to the framework of the Freedom of Information Act 1982 (FOI Act).
1.29 If, in considering your request, we believe that a document containing your personal information should be withheld from you because an exemption under the FOI Act would apply then we may withhold that document (or parts of it), and will explain the reason to you in writing. Requests for access will answered within 30 days of the date on which the request is made.
How do I complain about the handling of my personal information by the IGTO?
1.30 We take our privacy obligations seriously and have robust processes in place to protect your personal information. If you have any concerns about the manner in which we collect, hold or use your personal information, you have the right to lodge a complaint with us. We ask that such complaints be made in writing, setting out the reasons why you believe that we have not handled your personal information in an appropriate manner. This will assist us to fully investigate and address your concerns.
1.31 You can lodge a privacy complaint to the 'Privacy Officer' by:
- post to GPO Box 551, Sydney NSW 2001, or
- emailing it to email@example.com.
1.32 We understand that sometimes you may be unable to raise your concerns in writing. Where that occurs, please call us on 1300 44 88 29 and one of our officers will assist you to record the complaint and will refer it to the Privacy Officer for investigation.
1.33 We will acknowledge your complaint within 7 days and investigate and resolve all complaints as soon as possible. Your complaint will be investigated by the Privacy Officer or another senior member of the team who has not been involved in your case and you will be advised of the outcome of the investigation. Our decision will be explained with reference to the relevant APPs. The time this will take will depend on the nature of your complaint and how complicated it is.
1.34 If you are unhappy with our response or the way we have handled your personal information complaint or a privacy breach, you may lodge a complaint with the Privacy Commissioner. Details on how to lodge a complaint to the Privacy Commissioner can be found at www.oaic.gov.au/privacy/privacy-complaints.
Part B – Records
2.1 There are ten (10) specific kinds of records that the IGTO holds. These are:
- complaint handling and investigation records;
- own initiative investigation or review records;
- miscellaneous contact records;
- Newsletter subscriptions;
- freedom of information records;
- voicemail records;
- photographs and video recordings;
- personnel records;
- corporate administrative records including policy records; and
- strategic agency liaison records.
2.2 These are discussed further below.
Complaint handling and investigation records
2.3 These records:
- contain details of complaints made to us in relation to the IGTO's functions under the IGT Act;
- contain details of the actions taken by us in relation to those complaints, including investigation and internal reviews of decisions made about those complaints; and
- contain sensitive information such as your TFN or other confidential information related to your tax affairs or your business.
2.4 Personal information described above is collected to enable us to decide whether your complaint is within the IGTO's jurisdiction, whether there is a reason not to investigate the complaint, the agency about which the complaint is made, and how best to investigate the complaint. It also helps us decide if another body or person could assist you better in resolving your complaint. In some circumstances we may be able to transfer your complaint to the Commonwealth Ombudsman or refer it to another agency that may be better placed to assist you. If we transfer your case to the Commonwealth Ombudsman, we may disclose some information which has been provided to us. Where we refer you to another agency (other than the ATO or the TPB), no personal information is disclosed.
2.5 Information contained on complaint files also assists the IGTO to inform broader tax system reviews which aim to improve tax administration for all taxpayers. It also helps to better target inquiries, request relevant information and produce suitably informed reports to government.
2.6 The IGTO may, after conducting the reviews, report on these matters publicly. However, in doing so, the IGTO seeks to remove all individual names. Moreover, where it is necessary, the IGTO will not make any disclosures which would make the identity of the person obvious or lead to its discovery.
2.7 Personal information of the kinds described above may also be held in relation to someone other than the person who has made the complaint. Other people whose personal information may be held on these files include relatives or friends of the complainant, business associates, staff of other government agencies or staff of government service providers.
Own initiative investigation or review records
2.8 The IGTO may commence an investigation or review on his or her own initiative. This means that the IGTO may investigate or conduct a review into an issue of interest that relates to ATO or TPB administration without a specific complaint, or in relation to a group of similar complaints. We maintain separate files in relation to these investigations and reviews in electronic and paper format.
2.9 The kinds of personal information contained on these files may include information described in the section above. The IGTO has broad powers to conduct own initiative investigations in a manner he determines to be most appropriate, and by obtaining information from a wide range of sources, including individual complaint and investigation records.
2.10 As with complaint files, information contained on own motion investigation or review files may be disclosed to the agency or agencies in relation to which the investigation or review is being conducted. However, the IGTO in appropriate circumstances will remove individual names from such disclosure.
Miscellaneous contact records
2.11 The purpose of these records is to record details of approaches made to the IGTO that do not constitute complaints for the purposes of the IGT Act. Such approaches may be from members of the public, officers of other Australian and foreign agencies, the media and academic researchers. The records may also contain complaints about us and how we may have handled your complaint or relate to alleged breaches of the IGTO's service charter or other matters.
2.12 The kinds of personal information stored on these records are similar to those which may be provided as part of a complaint.
2.13 These records are collected directly from you through subscriptions to our newsletter. The limited personal information in these files includes contact lists of different organisations and individuals that we interact with such as taxpayers, registered tax practitioners, professional and industry associations, other government agencies and representatives of these associations and agencies.
2.14 These records are used to send out periodic IGTO newsletters and other updates. You will have the option to unsubscribe and remove your information from this service at any time you choose.
Freedom of Information (FOI) records
2.15 The purpose of these records is to record all requests for information made to the IGTO under the FOI Act. These files also record requests for internal review of IGTO FOI decisions, as well as requests for annotation and/or amendment of records. We also record our interactions with the Office of the Australian Information Commissioner in respect of FOI complaints and Information Commissioner reviews.
2.16 Personal information on these records may relate to the person who has made the FOI request, complainants to the IGTO (whether or not they are also the FOI applicant), IGTO staff, staff of other agencies, and any other person whose personal information is contained in the record to which FOI access has been sought.
2.17 Telephone calls to our 1300 44 88 29 number or, to or from our officers in relation to a complaint, are recorded and callers are advised of this. These records are registered on our phone system and may relate to a range of matters, including complaints, general enquiries, media enquiries, and contact by other agencies. The personal information contained in them may include a caller's name, address and telephone number. Depending on the subject matter of a recording the information contained in it will be placed onto other records either as an audio record or reduced to a written form (not necessarily an exact transcription), and be handled accordingly.
2.18 These records may also be used for training and quality assurance purposes.
Photograph and video records
2.19 These records are collected from video surveillance cameras installed at, and in the vicinity, of our offices. The records are used for the purpose of ensuring the safety and security of IGTO staff and property.
2.20 The IGTO has duties and powers as an agency head under the Public Service Act 1999 and has other associated obligations including those arising under the Disability Discrimination Act 1992, the Sex Discrimination Act 1984, the Fair Work Act 2009, the Safety Rehabilitation and Compensation Act 1988, the Superannuation Act 2005, the Long Service Leave (Commonwealth Employees) Act 1976, the Maternity Leave (Commonwealth Employees) Act 1976 and the Work Health and Safety Act 2011. Records are kept to enable the IGTO to carry out his functions, obligations and responsibilities for staff, employees and contractors.
2.21 Personnel files are kept to maintain records about all aspects of employment including; recruitment, employment history, payroll, leave, equal employment opportunity data, workplace relations, security clearances, performance, workplace health and safety, rehabilitation and compensation. These records are kept in relation to all permanent, contracted and temporary staff members/employees of the IGTO.
2.22 Access to personnel files is controlled on a 'need to know' basis.
2.23 Personal information is disclosed on a 'need to know' basis for the purposes of administering our payroll, and to travel providers under the 'whole of government' travel arrangements. In addition we are required to give personal information to various bodies including the Australian Public Service Employment Database, the Australian Government Security Vetting Agency, the ATO and Comcare
Corporate administrative records including policy records
2.24 The purpose of administrative records, including policy records is to hold information relating to corporate functions, including office governance, financial management, procurement, legal services, privacy, information, communications and technology, public affairs and both physical and information security.
2.25 Such files may contain a range of personal information relating to complainants, contracted service providers, IGTO staff (and staff of other agencies) as well as members of the wider community. Such information is likely to be similar to the kinds described above regarding complaints investigations.
Strategic/agency liaison records
2.26 The purpose of these files is to record information and activities relating to policy aspects of the IGTO's work, for example the development of directions, aids or systems to support our decision-making and the performance of statutory functions. Information on these records may also help us make contributions to policy debates across government.
2.27 Some of these files may include material relevant to closed or ongoing investigations or reviews (where it is related to, or may inform consideration of, a broader policy issue), and include personal information about complainants or agency staff.
2.28 These files may also contain interagency protocols or memoranda of understanding and details of interagency meetings including the names of attendees and their positions within agencies.
3.1 This part applies to your interactions with the IGTO website.
3.2 We are committed to the protection of your privacy in accordance with the Australian Information Commissioner's Guidelines for Federal and ACT Government World Wide Websites. These guidelines outline the requirements for transparent collection, appropriate and ethical use and secure storage of personal information. Our aim is to provide an online environment which will ensure the information you provide to us is handled in a secure, efficient and confidential manner.
3.3 When visiting our sites, a record of your visit is logged. This 'clickstream data' is recorded for statistical purposes only and is used to help improve the website. The following information is supplied by your browser (e.g: Internet Explorer):
- the user's server address;
- the user's top level domain name (for example .com, .edu, .gov, .au, .uk etc);
- the date and time of the visit to the site;
- the pages accessed and the documents downloaded;
- the previous site visited; and
- the type of browser used.
3.4 This information is used for statistical purposes only. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency (or other government agency) exercises a legal authority to inspect Internet Service Provider (ISP) logs (eg. by warrant, subpoena or notice to produce).
Collection of personal information
3.6 When you e-mail us:
- we will record your e-mail address;
- we will only use your e-mail address for the purpose for which you provided it;
- it will not be added to a mailing list, unless provided by you specifically for that purpose;
- we will not use your e-mail address for any other purpose; and
- we will not disclose it without your consent or otherwise in accordance with the APPs.
3.7 Our site does not generally provide facilities for the secure transmission of information across the Internet. The only exception to this is that users can submit complaints using our Lodge a Complaint form which uses an encrypted connection. Nonetheless, users should be aware that there are inherent risks in transmitting information across the Internet. As an alternative, users are able to use the communication channels set out below:
Inspector-General of Taxation and Taxation Ombudsman
GPO Box 551, Sydney NSW 2001
Phone: 1300 44 88 29
Fax: 02 8239 2100
Links to other sites
3.9 If you have any questions about this privacy statement, your dealings with the IGTO, or this website, please contact us at firstname.lastname@example.org