Tough new rules to protect your data and privacy

The Australian Tax Office (ATO) has released an updated ruling which consolidates previous guidance on electronic records.

One of the key principles is that electronic records are subject to the same basic record keeping requirements as paper records, including:

  • They must not be altered or manipulated, and must be stored in a way that restricts the information from being altered or manipulated;
  • They must be retained for five years after the records are prepared or obtained, or the transactions are completed, whichever occurs later;
  • They must be capable of being retrieved and read by the ATO when required; and
  • They must be in English, or in a form that allows them to be accessed and easily converted to English.

These principles also apply to records that are stored in the cloud and records that relate to transactions that were carried out electronically.

The ATO confirms that it is acceptable to keep true and clear electronic reproductions of original paper records as long as the documents created through conversion processes produce a complete and accurate copy of the original documents.

Where systems are updated, the original data must be capable of being reconstructed.

Privacy and your Tax File Number

Changes have also been made to strengthen existing privacy rules and require tax practitioners to take even more care with client Tax File Number (TFN) details.

The net effect of the existing privacy laws and the laws that came into effect on 22 February 2018 is that tax practitioners who are handling documents which contain a TFN and which connects that TFN to a particular person will need to take extra care to ensure that:

  • They have taken all reasonable steps to handle personal information including information pertaining to TFNs to protect that personal information from misuse, interference or loss, and from unauthorised access, modification or disclosure;
  • If there is a suspected or known breach to take immediate steps to limit any further access or distribution of the affected personal information or possible compromise of any information; and
  • If there are reasonable grounds to believe that the data breach is likely to result in serious harm to any individuals whose information is involved, the person responsible must notify the individual concerned and the Australian Information Commissioner of the data breach.

A failure to comply with the new legislation may result in fines of up to $2.1 million for corporations and $420,000 for other entities or individuals.

Stay secure with the MYOB Portal

The MYOB Portal is a secure web-based service that enables us to quickly and easily exchange tax-related forms and documentation online.

Find out why you should start using it today!

Find out how can we help

Stay informed of impacts to your finances