A 1108 Table of Contents 1110 1261

The Law Handbook 2024

Chapter 12.2: Privacy and your rights 1109 – subject to the exception that a person cannot be denied access to documents containing their own personal information. A person dissatisfied by the decision of an agency or government minister regarding access to their personal information can apply to the Information Commissioner for a review. In most cases, the request for review must be made within 60 days of being notified of the agency’s or minister’s decision. Tax file numbers Tax file numbers ( TFNs ) are unique numbers issued to individuals by the Australian Taxation Office ( ATO ). The enhanced TFN scheme, introduced in 1988, allows the ATO to identify those who lodge income tax returns, and to match information provided in tax returns with other sources of information (e.g. records of interest). Because of concerns about the earlier proposal of an Australia Card, a central feature of the TFN scheme is that supplying a personal TFN is voluntary. However, in 1990 – through the Data-matching Program (Assistance and Tax) Act 1990 (Cth) (‘ Data‑matching Act ’) and the Guidelines for the Conduct of Data-matching Programs (‘ Data‑matching guidelines ’) – the government extended the scheme to make providing a TFN a condition of receiving assistance from a number of Australian Government agencies (e.g. Centrelink and the Department of Veterans’ Affairs). The government also extended the scheme to allow TFNs to be used to compare income reported to the ATO with income reported to federal assistance agencies. This is subject to strict controls and safeguards, and the Information Commissioner monitors Australian Government agencies’ compliance with the Data- matching Act, the Data-matching guidelines, and the PA 1988. A breach of the Data-matching Act or Data- matching guidelines is an interference with privacy under the PA 1988 (s 13). If a person’s privacy has been breached under section 13, they can complain to the Information Commissioner. Certain uses of the TFN in relation to superannuation administration are also authorised by law. Tax File Number Rule 2015 On 20 February 2015, the then Privacy Commissioner made a Privacy (Tax File Number) Rule 2015 (‘ TFNR 2015 ’), issued under section 17 of the PA 1988. The TFNR 2015 replaced and repealed the Tax File Number Guidelines 2011. The TFNR 2015 applies to individuals’ TFN information. A breach of the TFNR 2015 is an interference with privacy under the PA 1988. An individual who believes that the rule has been breached can complain to the Information Commissioner. Under the TFNR 2015, ‘TFN recipient’ has the same meaning as under section 11 of the PA 1988 and covers any person, agency, organisation or other entity in possession or control of a record that contains TFN information, whether lawfully or not. Under the TFNR 2015, a TFN recipient must not record, collect, use or disclose TFN information unless permitted under taxation, superannuation or other laws. In addition to the TFNR 2015, TFN recipients must abide by the Taxation Administration Act 1953 (Cth). Obligations of APP entities (who are TFN recipients) to comply with the rule are in addition to their responsibilities under the APPs. Detailed information about the Information Commissioner’s functions regarding the handling of TFNs is available at www.oaic.gov.au. NOTE It is a criminal offence under taxation law to make an unauthorised request for, or to record, use or disclose, another person’s TFN. All TFN recipients are bound by the Notifiable Data Breaches scheme in relation to security breaches involving TFNs. This includes Victorian public sector entities that collect TFNs. Medical research Section 95 guidelines The guidelines under section 95 of the PA 1988 (‘ section 95 guidelines ’) – issued by the Australian Government’s National Health and Medical Research Council ( NHMRC ) – apply to medical and epide­ miological research that involves personal information held by an Australian Government agency where the agency intends to use or disclose personal information for the purposes of research in a way that may breach the APPs. The section 95 guidelines are a framework under whichHuman Research Ethics Committees ( HRECs ) must assess, and decide whether to approve, research proposals before they proceed. Approval by a HREC

RkJQdWJsaXNoZXIy MTkzMzM0