Our reference: 14/000171-12
[Redacted]
Deputy Commissioner of Taxation
Smarter Data
Australian Taxation Office
By email: [redacted]
Dear [redacted]
Request for exemption from Guidelines on Data Matching in Australian Government Administration
I refer to correspondence dated 16 April 2018 from [redacted] regarding the Australian Taxation Office’s (ATO’s) Motor vehicle registries - 2016-17, 2017-18 and 2018-19 financial years data matching program protocol (the data matching program).
I understand the program proposes to match data provided by State and Territory motor vehicle registry authorities against ATO taxpayer records with the intent of identifying those who are not participating in the taxation and superannuation system by meeting their registration, reporting, lodgement and payment obligations.
The ATO is seeking an exemption from the data destruction requirements contained in Guideline 7 of the Guidelines on Data Matching in Australian Government Administration(guidelines) in order to retain the data for a period up to three years after loading all verified data files for each financial year.
Specifically, the ATO considers that destruction of the datasets within 90 days — as required by Guideline 7 — would inhibit the ATO’s ability to protect public revenue.
Consideration of issues under Guideline 10
Under Guideline 10, in seeking an exemption an agency must:
- advise the Commissioner in writing of the details of the proposed data matching program
- in that advice, specify how the proposed data matching program would be inconsistent with the guidelines
- explain the public interest grounds that justify the inconsistency.
In my view, the ATO’s correspondence satisfies these requirements, including by explaining the public interest grounds for the exemption in the program protocol.
The ATO considers that a variation from the usual retention period for this program is justified for the following reasons:
- destroying the data earlier than the requested extension would hinder the ATO’s ability to protect public revenue
- the discrepancy matching that occurs under parts of this program is iterative in nature. For example, one discrepancy match may be used in subsequent and different matching processes and this process can typically occur over multiple financial years
- the data is also used in multiple risk models, including models that establish retrospective profiles over a number of years. Destroying the data in accordance with the Guidelines will reduce the effectiveness of these models
- it would hinder the ATO’s ability to conduct longer-term analysis of the risks associated with asset accumulation
- taxpayers at times lodge income tax returns several years past their due date and retaining this information for a longer period would allow for these delays.
In its correspondence to the Office of the Australian Information Commissioner (OAIC), the ATO has stated in Table 1 on p 13 that varying the destruction conditions of the guidelines will not increase the risks to individuals’ privacy.
The OAIC’s view is that increased data retention periods do increase privacy risks. However, the range of safeguards outlined in your correspondence appear to appropriately manage and minimise this increased risk. These safeguards include:
- storing data on secure computer systems where access is strictly controlled, and full audit logs maintained
- adherence to confidentiality and privacy legislation that prohibits the improper access to, or disclosure of, protected information.
Exemption approval
I have considered the information provided by the ATO and agree that compliance with the data destruction requirements would significantly reduce the effectiveness of the ATO’s data matching program.
I am therefore satisfied that the public interest grounds outlined by the ATO justify departing from the guidelines.
I approve the ATO’s request to retain information collected during the data matching program for a period longer than 90 days. I have agreed to this exemption on the understanding that the information will not be retained beyond three years after loading of all verified data files for each relevant financial year, unless a further exemption is approved.
This exemption is only applicable to the data collected for the Motor vehicle registries –
2016-17, 2017-18 and 2018-19 financial years data matching program.
Publication on the OAIC website
Under Guideline 10.6, it is the OAIC’s normal practice to make exemption requests publicly available. The ATO has not requested that this advice be kept confidential and, as such, we will make it publicly available on the OAIC website.
If you have any questions or concerns regarding this matter please contact Zoe Fitzell, Assistant Director on [redacted].
Yours sincerely
Angelene Falk
Acting Australian Information Commissioner
Acting Privacy Commissioner
25 July 2018
CC: [redacted]