The ATO says that as your tax agent, we must take reasonable steps to avoid enabling tax fraud. As such, sensitive data are appealing to identity thieves and cybercriminals. Last updated 13 November 2024   QC50499

CPA Australia requires us to take reasoanble steps to protect your information from:

• misuse or loss,
• unauthorised access, modification, or disclosure

The tax practitioner board recommends:

• not sending/receiving TFNs by email as this is not considered to be a secure method of transmission
• validating the email address with the recipient
• if sending documents via email, then pto encrypt or password protect the attachments

The Australian Business Number (ABN) is not considered sensitive information as ABNs are publicly available (CPA Australia)

Reference:

• Last updated 13 November 2024   QC50499
• Tax Practitioner Board (TPB)
  • https://www.tpb.gov.au/protecting-your-clients-tfns
  • https://www.tpb.gov.au/keeping-it-secure
  • https://www.tpb.gov.au/tpb-practice-note-tpbpn-42021-use-and-disclosure-clients-tfn-and-tfn-information-email
• Office of the Australian Information Commissioner (OAIC)
  
  • https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/guide-to-securing-personal-information
  • https://www.oaic.gov.au/privacy/privacy-legislation/the-privacy-act/tax-file-numbers