IPA hits back at data laws scaremongering

The Institute of Public Accountants is calling on the regulators to issue firm guidance on data laws for tax agents, before “jumping to extremes” like registration cancellation and harsh penalties.

Data breach notification laws came into effect on February 22, and they require agencies, organisations and certain other entities to provide notice to the Office of the Australian Information Commissioner (OAIC) and affected individuals of a data breach.

Entities that are already covered by the Privacy Act must comply with the new scheme. This includes Australian Privacy Principle (APP) entities, as well as tax file number (TFN) recipients to the extent that TFN information is involved in a data breach.

Since the laws came into effect, tax agents have been hit with warnings from the regulators about the potential penalties for non-compliance with the new rules. For example, the  the Tax Practitioners Board (TPB) released guidance last month announcing that tax practitioners who failed to comply with the NDB scheme could face possible sanctions from the body.

Senior tax adviser at the IPA, Tony Greco, would first like to see more official and practical guidance handed to tax agents before they are hit with major “ad dramatic” warnings.

“Accountants need to be told, in black and white, what is reasonable and what they need to do,” Mr Greco told SMSF Adviser.

“The penalties are there for good reason, but our members need to be told how to avoid getting there in the first place,” he said.

Consistent with messaging from industry and the regulators, Mr Greco’s sense is that those captured by the laws are in “catch up mode” as they come to grips with the enormity of cyber security in practice management.

“Most people need to be aware that a cyber breach is now a case of when, not if,” Mr Greco said.

2 thoughts on “IPA hits back at data laws scaremongering

  • March 23, 2018 at 4:40 pm

    In our technology world today with dealing with clients all over the world and sending returns through the internet we have to be diligent to block the TFN and relevant bank details when sending those returns. Most software have that function available. Their is also an encryption function which can be sent to clients to download to email out of the public email sector. However most clients do not want to engage in that function especially small clients. They get frustrated and find it to encumber sum. The second issue is that you can’t find an insurance company that will cover for cyber security. Please inform me of one if you know. Clients can often send their information without informing you and have detailed information contained therein. Does that than make the Accountant/Tax Agent responsible if their information is breached by cyber attack? Breaches can happen within a phone call, internet or transfer of documents within a secure platform as you don’t know where or how that beach occured. It could be the other person or platform that has been breached. I feel that if you are doing as much as you can to protect your client information to the best of your ability there has to be a line of fair and reasonably. All our clients are informed that we never disclose identity numbers. They can inform that themselves. However in saying that some official documents require disclosure of all. So that puts the Accountant in a predicament. As those documents will not be accepted without full disclosure. So client permission of disclosure is the key to disclosure and should not impinge on the Accountant/Tax Agent if the client has requested you to do so in writing.

  • March 26, 2018 at 11:19 am

    Why are accountants caught up in this rubbish?
    Again our accounting bodies have failed us

Leave a Reply

Your email address will not be published. Required fields are marked *