{"id":"F2015L00249","name":"Privacy (Tax File Number) Rule 2015","slug":"privacy-tax-file-number-rule-2015","collection":"legislative_instrument","jurisdiction":"commonwealth","status":"in_force","isInForce":true,"actNumber":null,"makingDate":null,"administeringDepartment":null,"currentVersion":{"id":92782,"registerId":"commonwealth-F2015L00249-current","compilationNumber":null,"startDate":"2026-04-02","status":"InForce","reasons":null,"registeredAt":null},"sections":[{"sectionNumber":"Privacy (Tax File Number) Rule 2015","sectionType":"part","heading":"Privacy (Tax File Number) Rule 2015","content":"# ![](image.001.png)\n\n# Privacy (Tax File Number) Rule 2015","sortOrder":0},{"sectionNumber":"Part 1","sectionType":"part","heading":"Preliminary","content":"# ![](image.001.png)\n\n# Privacy (Tax File Number) Rule 2015\n\nI, Timothy Pilgrim, Privacy Commissioner, make this Rule under section 17 of the Privacy Act 1988.\n\nDated: 20 February 2015\n\nTimothy Pilgrim\n\nPrivacy Commissioner\n\n## Privacy (Tax File Number) Rule 2015\n\n# Part 1 - Preliminary\n\n## 1. Name of Rule\n\n    (1) The Rule is the Privacy (Tax File Number) Rule 2015.\n    (2) The Rule may also be cited as the TFN Rule.\n\n## 2. Commencement\n\nThis Rule commences the day it is registered on the Federal Register of Legislative Instruments (FRLI).\n\n## 3. Authority\n\nThis Rule is issued by the Privacy Commissioner under section 17 of the Privacy Act 1988 (Privacy Act).\n\n## 4. Repeal\n\nThe Tax File Number Guidelines 2011 registered on the FRLI (the Federal Register of Legislative Instruments No. F2011L02748) is repealed when this TFN Rule commences.\n\n## 5. Overview\n\n    (1) The TFN Rule replaces the previous Tax File Number Guidelines 2011. The TFN Rule, which is legally binding, regulates the collection, storage, use, disclosure, security and disposal of individuals’ tax file number (TFN) information.\n\n    (2) The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal persons including corporations, partnerships, superannuation funds and trusts.\n\n    (3) A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Information Commissioner. As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 (TAA) and attract penalties including imprisonment and monetary fines.\n\n    (4) Sections 8WA and 8WB of the TAA create offences for unauthorised requirements or requests that a person’s TFN be quoted; and the unauthorised recording, maintaining a record of, use or disclosure of an individual’s TFN respectively, unless an exception applies. However, unlike the TFN Rule, the TAA protects all TFNs and not just those of individuals.\n\n    (5) Provisions regulating TFNs are also contained in the Income Tax Assessment Act 1936. In addition, the Data-matching Program (Assistance and Tax) Act 1990 provides for, and regulates, the matching of records between the Australian Taxation Office and assistance agencies using the TFN in part of the matching process.\n\n    (6) In the context of superannuation, Part 25A of the Superannuation Industry (Supervision) Act 1993 (SIS Act) also contains rules and restrictions on the quotation, use and transfer of TFNs. Furthermore, under the SIS Act, the Australian Prudential Regulation Authority can make legislative instruments which approve the manner of quoting TFNs.\n\n## 6. Meaning of terms\n\n    (1) Unless the contrary intention appears, any term used in the TFN Rule which is defined in the Privacy Act has the same meaning as in that Act.\n\n    (2) In this TFN Rule:\n\nApproved recipient means a TFN recipient that:\n\n    (a) is engaged by an authorised recipient to provide services where it is reasonably necessary to have access to TFN information; or\n    (b) has obtained an individual’s consent to access their TFN, to help manage that individual's taxation, superannuation or personal assistance affairs.\n\nAPRA means the Australian Prudential Regulation Authority.\n\nAssistance agency means:\n\n    (a) the Department of Human Services (which administers the Centrelink, Child Support Agency and Medicare Programs)\n    (b) the Department of Social Services\n    (c) the Department of Education, Employment and Workplace Relations\n    (d) the Department of Veterans' Affairs, or\n    (e) any successor agency to an agency referred to in (a) to (d) above, or any other successor agency or agencies which may have responsibilities under an Administrative Arrangements Order for administration of provisions of a personal assistance law.\n\nAuthorised recipient means a TFN recipient (other than the Commissioner of Taxation or an assistance agency) that is authorised by taxation law, personal assistance law or superannuation law to receive TFNs.\n\nIndividual means a natural person.\n\nPersonal assistance law means:\n\n    (a) an Act or part of an Act referred to in the definition of ‘personal assistance’ in the Data-matching Program (Assistance and Tax) Act 1990\n    (b) sections of the following Acts that deal with handling TFNs:\n    (i) the A New Tax System (Family Assistance) Act 1999\n    (ii) the A New Tax System (Family Assistance) (Administration) Act 1999\n    (iii) the Child Care Act 1972\n    (iv) the Child Support (Assessment) Act 1989\n    (v) the Child Support (Registration and Collection) Act 1988\n    (c) the Paid Parental Leave Act 2010\n    (i) the Social Security Act 1991\n    (ii) the Social Security (Administration) Act 1999\n    (iii) the Student Assistance Act 1973\n    (iv) the Veterans' Entitlements Act 1986\n    (d) the Data-matching Program (Assistance and Tax) Act 1990, or\n    (e) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (c) above.\n\nPrivacy Act means the Privacy Act 1988.\n\nSIS Act means the Superannuation Industry (Supervision) Act 1993.\n\nSuperannuation law means:\n\n    (a) the SIS Act\n    (b) the First Home Saver Accounts Act 2008\n    (c) a law within the meaning of ‘Superannuation Acts’ under the SIS Act and the First Home Saver Accounts Act 2008\n    (d) the Retirement Savings Accounts Act 1997\n    (e) an Act or part of an Act for which APRA has the general administration that deals with the handling of TFNs, and which is not a taxation law, or\n    (f) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (e) above.\n\nTaxation law means:\n\n    (a) an Act or part of an Act for which the Commissioner of Taxation has the general administration\n    (b) the Tax Agent Services Act 2009\n    (c) the Higher Education Support Act 2003\n    (d) an Act or part of an Act under which the Commissioner of Taxation has powers and functions related to the use of TFNs, or\n    (e) legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (d) above.\n\nTAA means the Taxation Administration Act 1953.\n\nTFN has the same meaning as ‘tax file number’ in the Privacy Act.\n\nTFN Rule means this Privacy (Tax File Number) Rule 2014 issued under the Privacy Act which regulate the collection, storage, use, disclosure, security and disposal of individuals’ TFN information.\n\nTFN information has the same meaning as ‘tax file number information’ in the Privacy Act.\n\nTFN recipient has the same meaning as ‘file number recipient’ in the Privacy Act, and includes:\n\n    (a) the Commissioner of Taxation\n    (b) an assistance agency\n    (c) an approved recipient\n    (d) an authorised recipient\n    (e) the trustee of a superannuation fund.\n\nTrustee for the purposes of the TFN Rule, has the same meaning as ‘trustee’ in the SIS Act.\n\n# Part 2 – Operational provisions\n\n## 7. General\n\n    (1) The TFN must not be used as part of a national identification system.\n\n    (2) Section (1) does not prevent the Commissioner of Taxation from using the TFN as an identifier in accordance with taxation law, superannuation law or personal assistance law.\n\n    (3) An individual is not legally obliged to quote their TFN, however there may be financial consequences for an individual who chooses not to quote their TFN.\n\n## 8. Collection of TFN information\n\n    (1) TFN recipients must only request or collect TFN information from individuals and other TFN recipients for a purpose authorised by taxation law, personal assistance law or superannuation law.\n\n    (2) When requesting an individual’s TFN, TFN recipients must take reasonable steps to ensure that:\n\n    (a) individuals are informed:\n\n    (i) of the taxation law, personal assistance law or superannuation law which authorises the TFN recipient to request or collect the TFN\n    (ii) of the purpose(s) for which the TFN is requested or collected\n    (iii) that declining to quote a TFN is not an offence\n    (iv) about the consequences of declining to quote a TFN\n\n    (b) the manner of collection does not unreasonably intrude on the individual’s affairs, and\n\n    (c) the TFN recipient only requests or collects information that is necessary and relevant to the purpose of collection under applicable taxation law, personal assistance law or superannuation law.\n\n## 9. TFNs provided incidentally\n\nIf an individual provides information to a TFN recipient which includes a TFN, for a purpose not connected with the operation of a taxation law, personal assistance law or superannuation law:\n\n    (a) the individual providing the information may remove the TFN, and\n\n    (b) if the individual does not remove the TFN, the TFN recipient must not use or disclose the TFN or record the TFN in a way that is inconsistent with the TAA or the TFN Rule.\n\n## 10. Use or disclosure of TFN information\n\nTFN information must only be used or disclosed (including for matching personal information about individuals) by TFN recipients:\n\n    (a) for a purpose authorised by taxation law, personal assistance law or superannuation law, or\n\n    (b) for the purpose of giving an individual any TFN information that the TFN recipient holds about that individual.\n\n## 11. Storage, security and destruction of TFN information\n\n    (1) TFN recipients must take reasonable steps to:\n\n    (a) protect TFN information from misuse and loss, and from unauthorised access, use, modification or disclosure\n\n    (b) ensure that access to records containing TFN information is restricted to individuals who need to handle that information for taxation law, personal assistance law or superannuation law purposes.\n\n    (2) A TFN recipient must take reasonable steps to securely destroy or permanently de-identify TFN information where it is no longer:\n\n    (a) required by law to be retained, or\n\n    (b) necessary for a purpose under taxation law, personal assistance law or superannuation law (including the administration of such law).\n\n## 12. Staff training\n\nTFN recipients must take reasonable steps to ensure that:\n\n    (a) all staff are aware of the need to protect individuals’ privacy when handling TFN information, and\n\n    (b) all staff who collect or access TFN information are aware of:\n\n    (i) the circumstances where TFN information may be collected\n    (ii) the prohibitions on the use and disclosure of TFN information\n    (iii) the need to protect individuals’ privacy when handling TFN information, including under the TFN Rule and under the Privacy Act\n    (iv) the penalties or other sanctions that apply for breaching the TFN Rule or applicable laws relating to the handling of TFNs.\n\n## 13. Obligations of the Commissioner of Taxation and APRA to publish\n\n    (1) The Commissioner of Taxation and APRA must make information publicly available which identifies:\n\n    (a) in APRA’s case: the classes of TFN recipients, who are authorised by or under taxation law or superannuation law to request TFNs\n\n    (b) in the Commissioner of Taxation’s case: the classes of TFN recipients who are authorised by or under taxation law to request TFNs\n\n    (c) the specific purposes for which these TFN recipients may request TFNs\n\n    (d) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (e) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (f) where to find further detail about the matters in (a) – (e) above.\n\n    (2) The Commissioner of Taxation and APRA must publish information in accordance with the requirements of Guideline 8.1 about any amendments to taxation law and superannuation law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Where the Commissioner of Taxation or APRA prescribes or approves practices involving the collection of TFN information, the Commissioner of Taxation or APRA must ensure those practices include informing the individual:\n\n    (a) about the legal basis for collecting the individual’s TFN information\n\n    (b) that declining to quote a TFN is not an offence\n\n    (c) about the consequences of declining to quote a TFN.\n\n    (4) The Commissioner of Taxation and APRA must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.\n\n## 14. Assistance agency obligations to publish\n\n    (1) Assistance agencies that may request a TFN under personal assistance law, or under taxation law, must make information publicly available which identifies:\n\n    (a) the specific purposes for which the agency may request TFNs\n\n    (b) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (c) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (d) where to find further detail about the matters in (a) – (c) above.\n\n    (2) Assistance agencies must publish information (in accordance with the requirements of Section (1) about any amendments to personal assistance law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Assistance agencies must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.","sortOrder":2},{"sectionNumber":"1. Name of Rule","sectionType":"part","heading":"1. Name of Rule","content":"## 1. Name of Rule\n\n    (1) The Rule is the Privacy (Tax File Number) Rule 2015.\n    (2) The Rule may also be cited as the TFN Rule.","sortOrder":3},{"sectionNumber":"2. Commencement","sectionType":"part","heading":"2. Commencement","content":"## 2. Commencement\n\nThis Rule commences the day it is registered on the Federal Register of Legislative Instruments (FRLI).","sortOrder":4},{"sectionNumber":"3. Authority","sectionType":"part","heading":"3. Authority","content":"## 3. Authority\n\nThis Rule is issued by the Privacy Commissioner under section 17 of the Privacy Act 1988 (Privacy Act).","sortOrder":5},{"sectionNumber":"4. Repeal","sectionType":"part","heading":"4. Repeal","content":"## 4. Repeal\n\nThe Tax File Number Guidelines 2011 registered on the FRLI (the Federal Register of Legislative Instruments No. F2011L02748) is repealed when this TFN Rule commences.","sortOrder":6},{"sectionNumber":"5. Overview","sectionType":"part","heading":"5. Overview","content":"## 5. Overview\n\n    (1) The TFN Rule replaces the previous Tax File Number Guidelines 2011. The TFN Rule, which is legally binding, regulates the collection, storage, use, disclosure, security and disposal of individuals’ tax file number (TFN) information.\n\n    (2) The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal persons including corporations, partnerships, superannuation funds and trusts.\n\n    (3) A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Information Commissioner. As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 (TAA) and attract penalties including imprisonment and monetary fines.\n\n    (4) Sections 8WA and 8WB of the TAA create offences for unauthorised requirements or requests that a person’s TFN be quoted; and the unauthorised recording, maintaining a record of, use or disclosure of an individual’s TFN respectively, unless an exception applies. However, unlike the TFN Rule, the TAA protects all TFNs and not just those of individuals.\n\n    (5) Provisions regulating TFNs are also contained in the Income Tax Assessment Act 1936. In addition, the Data-matching Program (Assistance and Tax) Act 1990 provides for, and regulates, the matching of records between the Australian Taxation Office and assistance agencies using the TFN in part of the matching process.\n\n    (6) In the context of superannuation, Part 25A of the Superannuation Industry (Supervision) Act 1993 (SIS Act) also contains rules and restrictions on the quotation, use and transfer of TFNs. Furthermore, under the SIS Act, the Australian Prudential Regulation Authority can make legislative instruments which approve the manner of quoting TFNs.","sortOrder":7},{"sectionNumber":"6. Meaning of terms","sectionType":"part","heading":"6. Meaning of terms","content":"## 6. Meaning of terms\n\n    (1) Unless the contrary intention appears, any term used in the TFN Rule which is defined in the Privacy Act has the same meaning as in that Act.\n\n    (2) In this TFN Rule:\n\nApproved recipient means a TFN recipient that:\n\n    (a) is engaged by an authorised recipient to provide services where it is reasonably necessary to have access to TFN information; or\n    (b) has obtained an individual’s consent to access their TFN, to help manage that individual's taxation, superannuation or personal assistance affairs.\n\nAPRA means the Australian Prudential Regulation Authority.\n\nAssistance agency means:\n\n    (a) the Department of Human Services (which administers the Centrelink, Child Support Agency and Medicare Programs)\n    (b) the Department of Social Services\n    (c) the Department of Education, Employment and Workplace Relations\n    (d) the Department of Veterans' Affairs, or\n    (e) any successor agency to an agency referred to in (a) to (d) above, or any other successor agency or agencies which may have responsibilities under an Administrative Arrangements Order for administration of provisions of a personal assistance law.\n\nAuthorised recipient means a TFN recipient (other than the Commissioner of Taxation or an assistance agency) that is authorised by taxation law, personal assistance law or superannuation law to receive TFNs.\n\nIndividual means a natural person.\n\nPersonal assistance law means:\n\n    (a) an Act or part of an Act referred to in the definition of ‘personal assistance’ in the Data-matching Program (Assistance and Tax) Act 1990\n    (b) sections of the following Acts that deal with handling TFNs:\n    (i) the A New Tax System (Family Assistance) Act 1999\n    (ii) the A New Tax System (Family Assistance) (Administration) Act 1999\n    (iii) the Child Care Act 1972\n    (iv) the Child Support (Assessment) Act 1989\n    (v) the Child Support (Registration and Collection) Act 1988\n    (c) the Paid Parental Leave Act 2010\n    (i) the Social Security Act 1991\n    (ii) the Social Security (Administration) Act 1999\n    (iii) the Student Assistance Act 1973\n    (iv) the Veterans' Entitlements Act 1986\n    (d) the Data-matching Program (Assistance and Tax) Act 1990, or\n    (e) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (c) above.\n\nPrivacy Act means the Privacy Act 1988.\n\nSIS Act means the Superannuation Industry (Supervision) Act 1993.\n\nSuperannuation law means:\n\n    (a) the SIS Act\n    (b) the First Home Saver Accounts Act 2008\n    (c) a law within the meaning of ‘Superannuation Acts’ under the SIS Act and the First Home Saver Accounts Act 2008\n    (d) the Retirement Savings Accounts Act 1997\n    (e) an Act or part of an Act for which APRA has the general administration that deals with the handling of TFNs, and which is not a taxation law, or\n    (f) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (e) above.\n\nTaxation law means:\n\n    (a) an Act or part of an Act for which the Commissioner of Taxation has the general administration\n    (b) the Tax Agent Services Act 2009\n    (c) the Higher Education Support Act 2003\n    (d) an Act or part of an Act under which the Commissioner of Taxation has powers and functions related to the use of TFNs, or\n    (e) legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (d) above.\n\nTAA means the Taxation Administration Act 1953.\n\nTFN has the same meaning as ‘tax file number’ in the Privacy Act.\n\nTFN Rule means this Privacy (Tax File Number) Rule 2014 issued under the Privacy Act which regulate the collection, storage, use, disclosure, security and disposal of individuals’ TFN information.\n\nTFN information has the same meaning as ‘tax file number information’ in the Privacy Act.\n\nTFN recipient has the same meaning as ‘file number recipient’ in the Privacy Act, and includes:\n\n    (a) the Commissioner of Taxation\n    (b) an assistance agency\n    (c) an approved recipient\n    (d) an authorised recipient\n    (e) the trustee of a superannuation fund.\n\nTrustee for the purposes of the TFN Rule, has the same meaning as ‘trustee’ in the SIS Act.","sortOrder":8},{"sectionNumber":"Part 2","sectionType":"part","heading":"Operational provisions","content":"# ![](image.001.png)\n\n# Privacy (Tax File Number) Rule 2015\n\nI, Timothy Pilgrim, Privacy Commissioner, make this Rule under section 17 of the Privacy Act 1988.\n\nDated: 20 February 2015\n\nTimothy Pilgrim\n\nPrivacy Commissioner\n\n## Privacy (Tax File Number) Rule 2015\n\n# Part 1 - Preliminary\n\n## 1. Name of Rule\n\n    (1) The Rule is the Privacy (Tax File Number) Rule 2015.\n    (2) The Rule may also be cited as the TFN Rule.\n\n## 2. Commencement\n\nThis Rule commences the day it is registered on the Federal Register of Legislative Instruments (FRLI).\n\n## 3. Authority\n\nThis Rule is issued by the Privacy Commissioner under section 17 of the Privacy Act 1988 (Privacy Act).\n\n## 4. Repeal\n\nThe Tax File Number Guidelines 2011 registered on the FRLI (the Federal Register of Legislative Instruments No. F2011L02748) is repealed when this TFN Rule commences.\n\n## 5. Overview\n\n    (1) The TFN Rule replaces the previous Tax File Number Guidelines 2011. The TFN Rule, which is legally binding, regulates the collection, storage, use, disclosure, security and disposal of individuals’ tax file number (TFN) information.\n\n    (2) The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal persons including corporations, partnerships, superannuation funds and trusts.\n\n    (3) A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Information Commissioner. As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 (TAA) and attract penalties including imprisonment and monetary fines.\n\n    (4) Sections 8WA and 8WB of the TAA create offences for unauthorised requirements or requests that a person’s TFN be quoted; and the unauthorised recording, maintaining a record of, use or disclosure of an individual’s TFN respectively, unless an exception applies. However, unlike the TFN Rule, the TAA protects all TFNs and not just those of individuals.\n\n    (5) Provisions regulating TFNs are also contained in the Income Tax Assessment Act 1936. In addition, the Data-matching Program (Assistance and Tax) Act 1990 provides for, and regulates, the matching of records between the Australian Taxation Office and assistance agencies using the TFN in part of the matching process.\n\n    (6) In the context of superannuation, Part 25A of the Superannuation Industry (Supervision) Act 1993 (SIS Act) also contains rules and restrictions on the quotation, use and transfer of TFNs. Furthermore, under the SIS Act, the Australian Prudential Regulation Authority can make legislative instruments which approve the manner of quoting TFNs.\n\n## 6. Meaning of terms\n\n    (1) Unless the contrary intention appears, any term used in the TFN Rule which is defined in the Privacy Act has the same meaning as in that Act.\n\n    (2) In this TFN Rule:\n\nApproved recipient means a TFN recipient that:\n\n    (a) is engaged by an authorised recipient to provide services where it is reasonably necessary to have access to TFN information; or\n    (b) has obtained an individual’s consent to access their TFN, to help manage that individual's taxation, superannuation or personal assistance affairs.\n\nAPRA means the Australian Prudential Regulation Authority.\n\nAssistance agency means:\n\n    (a) the Department of Human Services (which administers the Centrelink, Child Support Agency and Medicare Programs)\n    (b) the Department of Social Services\n    (c) the Department of Education, Employment and Workplace Relations\n    (d) the Department of Veterans' Affairs, or\n    (e) any successor agency to an agency referred to in (a) to (d) above, or any other successor agency or agencies which may have responsibilities under an Administrative Arrangements Order for administration of provisions of a personal assistance law.\n\nAuthorised recipient means a TFN recipient (other than the Commissioner of Taxation or an assistance agency) that is authorised by taxation law, personal assistance law or superannuation law to receive TFNs.\n\nIndividual means a natural person.\n\nPersonal assistance law means:\n\n    (a) an Act or part of an Act referred to in the definition of ‘personal assistance’ in the Data-matching Program (Assistance and Tax) Act 1990\n    (b) sections of the following Acts that deal with handling TFNs:\n    (i) the A New Tax System (Family Assistance) Act 1999\n    (ii) the A New Tax System (Family Assistance) (Administration) Act 1999\n    (iii) the Child Care Act 1972\n    (iv) the Child Support (Assessment) Act 1989\n    (v) the Child Support (Registration and Collection) Act 1988\n    (c) the Paid Parental Leave Act 2010\n    (i) the Social Security Act 1991\n    (ii) the Social Security (Administration) Act 1999\n    (iii) the Student Assistance Act 1973\n    (iv) the Veterans' Entitlements Act 1986\n    (d) the Data-matching Program (Assistance and Tax) Act 1990, or\n    (e) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (c) above.\n\nPrivacy Act means the Privacy Act 1988.\n\nSIS Act means the Superannuation Industry (Supervision) Act 1993.\n\nSuperannuation law means:\n\n    (a) the SIS Act\n    (b) the First Home Saver Accounts Act 2008\n    (c) a law within the meaning of ‘Superannuation Acts’ under the SIS Act and the First Home Saver Accounts Act 2008\n    (d) the Retirement Savings Accounts Act 1997\n    (e) an Act or part of an Act for which APRA has the general administration that deals with the handling of TFNs, and which is not a taxation law, or\n    (f) relevant legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (e) above.\n\nTaxation law means:\n\n    (a) an Act or part of an Act for which the Commissioner of Taxation has the general administration\n    (b) the Tax Agent Services Act 2009\n    (c) the Higher Education Support Act 2003\n    (d) an Act or part of an Act under which the Commissioner of Taxation has powers and functions related to the use of TFNs, or\n    (e) legislative instruments made under any Act (including such a part of an Act) referred to in (a) to (d) above.\n\nTAA means the Taxation Administration Act 1953.\n\nTFN has the same meaning as ‘tax file number’ in the Privacy Act.\n\nTFN Rule means this Privacy (Tax File Number) Rule 2014 issued under the Privacy Act which regulate the collection, storage, use, disclosure, security and disposal of individuals’ TFN information.\n\nTFN information has the same meaning as ‘tax file number information’ in the Privacy Act.\n\nTFN recipient has the same meaning as ‘file number recipient’ in the Privacy Act, and includes:\n\n    (a) the Commissioner of Taxation\n    (b) an assistance agency\n    (c) an approved recipient\n    (d) an authorised recipient\n    (e) the trustee of a superannuation fund.\n\nTrustee for the purposes of the TFN Rule, has the same meaning as ‘trustee’ in the SIS Act.\n\n# Part 2 – Operational provisions\n\n## 7. General\n\n    (1) The TFN must not be used as part of a national identification system.\n\n    (2) Section (1) does not prevent the Commissioner of Taxation from using the TFN as an identifier in accordance with taxation law, superannuation law or personal assistance law.\n\n    (3) An individual is not legally obliged to quote their TFN, however there may be financial consequences for an individual who chooses not to quote their TFN.\n\n## 8. Collection of TFN information\n\n    (1) TFN recipients must only request or collect TFN information from individuals and other TFN recipients for a purpose authorised by taxation law, personal assistance law or superannuation law.\n\n    (2) When requesting an individual’s TFN, TFN recipients must take reasonable steps to ensure that:\n\n    (a) individuals are informed:\n\n    (i) of the taxation law, personal assistance law or superannuation law which authorises the TFN recipient to request or collect the TFN\n    (ii) of the purpose(s) for which the TFN is requested or collected\n    (iii) that declining to quote a TFN is not an offence\n    (iv) about the consequences of declining to quote a TFN\n\n    (b) the manner of collection does not unreasonably intrude on the individual’s affairs, and\n\n    (c) the TFN recipient only requests or collects information that is necessary and relevant to the purpose of collection under applicable taxation law, personal assistance law or superannuation law.\n\n## 9. TFNs provided incidentally\n\nIf an individual provides information to a TFN recipient which includes a TFN, for a purpose not connected with the operation of a taxation law, personal assistance law or superannuation law:\n\n    (a) the individual providing the information may remove the TFN, and\n\n    (b) if the individual does not remove the TFN, the TFN recipient must not use or disclose the TFN or record the TFN in a way that is inconsistent with the TAA or the TFN Rule.\n\n## 10. Use or disclosure of TFN information\n\nTFN information must only be used or disclosed (including for matching personal information about individuals) by TFN recipients:\n\n    (a) for a purpose authorised by taxation law, personal assistance law or superannuation law, or\n\n    (b) for the purpose of giving an individual any TFN information that the TFN recipient holds about that individual.\n\n## 11. Storage, security and destruction of TFN information\n\n    (1) TFN recipients must take reasonable steps to:\n\n    (a) protect TFN information from misuse and loss, and from unauthorised access, use, modification or disclosure\n\n    (b) ensure that access to records containing TFN information is restricted to individuals who need to handle that information for taxation law, personal assistance law or superannuation law purposes.\n\n    (2) A TFN recipient must take reasonable steps to securely destroy or permanently de-identify TFN information where it is no longer:\n\n    (a) required by law to be retained, or\n\n    (b) necessary for a purpose under taxation law, personal assistance law or superannuation law (including the administration of such law).\n\n## 12. Staff training\n\nTFN recipients must take reasonable steps to ensure that:\n\n    (a) all staff are aware of the need to protect individuals’ privacy when handling TFN information, and\n\n    (b) all staff who collect or access TFN information are aware of:\n\n    (i) the circumstances where TFN information may be collected\n    (ii) the prohibitions on the use and disclosure of TFN information\n    (iii) the need to protect individuals’ privacy when handling TFN information, including under the TFN Rule and under the Privacy Act\n    (iv) the penalties or other sanctions that apply for breaching the TFN Rule or applicable laws relating to the handling of TFNs.\n\n## 13. Obligations of the Commissioner of Taxation and APRA to publish\n\n    (1) The Commissioner of Taxation and APRA must make information publicly available which identifies:\n\n    (a) in APRA’s case: the classes of TFN recipients, who are authorised by or under taxation law or superannuation law to request TFNs\n\n    (b) in the Commissioner of Taxation’s case: the classes of TFN recipients who are authorised by or under taxation law to request TFNs\n\n    (c) the specific purposes for which these TFN recipients may request TFNs\n\n    (d) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (e) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (f) where to find further detail about the matters in (a) – (e) above.\n\n    (2) The Commissioner of Taxation and APRA must publish information in accordance with the requirements of Guideline 8.1 about any amendments to taxation law and superannuation law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Where the Commissioner of Taxation or APRA prescribes or approves practices involving the collection of TFN information, the Commissioner of Taxation or APRA must ensure those practices include informing the individual:\n\n    (a) about the legal basis for collecting the individual’s TFN information\n\n    (b) that declining to quote a TFN is not an offence\n\n    (c) about the consequences of declining to quote a TFN.\n\n    (4) The Commissioner of Taxation and APRA must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.\n\n## 14. Assistance agency obligations to publish\n\n    (1) Assistance agencies that may request a TFN under personal assistance law, or under taxation law, must make information publicly available which identifies:\n\n    (a) the specific purposes for which the agency may request TFNs\n\n    (b) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (c) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (d) where to find further detail about the matters in (a) – (c) above.\n\n    (2) Assistance agencies must publish information (in accordance with the requirements of Section (1) about any amendments to personal assistance law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Assistance agencies must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.","sortOrder":9},{"sectionNumber":"7. General","sectionType":"part","heading":"7. General","content":"## 7. General\n\n    (1) The TFN must not be used as part of a national identification system.\n\n    (2) Section (1) does not prevent the Commissioner of Taxation from using the TFN as an identifier in accordance with taxation law, superannuation law or personal assistance law.\n\n    (3) An individual is not legally obliged to quote their TFN, however there may be financial consequences for an individual who chooses not to quote their TFN.","sortOrder":10},{"sectionNumber":"8. Collection of TFN information","sectionType":"part","heading":"8. Collection of TFN information","content":"## 8. Collection of TFN information\n\n    (1) TFN recipients must only request or collect TFN information from individuals and other TFN recipients for a purpose authorised by taxation law, personal assistance law or superannuation law.\n\n    (2) When requesting an individual’s TFN, TFN recipients must take reasonable steps to ensure that:\n\n    (a) individuals are informed:\n\n    (i) of the taxation law, personal assistance law or superannuation law which authorises the TFN recipient to request or collect the TFN\n    (ii) of the purpose(s) for which the TFN is requested or collected\n    (iii) that declining to quote a TFN is not an offence\n    (iv) about the consequences of declining to quote a TFN\n\n    (b) the manner of collection does not unreasonably intrude on the individual’s affairs, and\n\n    (c) the TFN recipient only requests or collects information that is necessary and relevant to the purpose of collection under applicable taxation law, personal assistance law or superannuation law.","sortOrder":11},{"sectionNumber":"9. TFNs provided incidentally","sectionType":"part","heading":"9. TFNs provided incidentally","content":"## 9. TFNs provided incidentally\n\nIf an individual provides information to a TFN recipient which includes a TFN, for a purpose not connected with the operation of a taxation law, personal assistance law or superannuation law:\n\n    (a) the individual providing the information may remove the TFN, and\n\n    (b) if the individual does not remove the TFN, the TFN recipient must not use or disclose the TFN or record the TFN in a way that is inconsistent with the TAA or the TFN Rule.","sortOrder":12},{"sectionNumber":"10. Use or disclosure of TFN information","sectionType":"part","heading":"10. Use or disclosure of TFN information","content":"## 10. Use or disclosure of TFN information\n\nTFN information must only be used or disclosed (including for matching personal information about individuals) by TFN recipients:\n\n    (a) for a purpose authorised by taxation law, personal assistance law or superannuation law, or\n\n    (b) for the purpose of giving an individual any TFN information that the TFN recipient holds about that individual.","sortOrder":13},{"sectionNumber":"11. Storage, security and destruction of","sectionType":"part","heading":"11. Storage, security and destruction of TFN information","content":"## 11. Storage, security and destruction of TFN information\n\n    (1) TFN recipients must take reasonable steps to:\n\n    (a) protect TFN information from misuse and loss, and from unauthorised access, use, modification or disclosure\n\n    (b) ensure that access to records containing TFN information is restricted to individuals who need to handle that information for taxation law, personal assistance law or superannuation law purposes.\n\n    (2) A TFN recipient must take reasonable steps to securely destroy or permanently de-identify TFN information where it is no longer:\n\n    (a) required by law to be retained, or\n\n    (b) necessary for a purpose under taxation law, personal assistance law or superannuation law (including the administration of such law).","sortOrder":14},{"sectionNumber":"12. Staff training","sectionType":"part","heading":"12. Staff training","content":"## 12. Staff training\n\nTFN recipients must take reasonable steps to ensure that:\n\n    (a) all staff are aware of the need to protect individuals’ privacy when handling TFN information, and\n\n    (b) all staff who collect or access TFN information are aware of:\n\n    (i) the circumstances where TFN information may be collected\n    (ii) the prohibitions on the use and disclosure of TFN information\n    (iii) the need to protect individuals’ privacy when handling TFN information, including under the TFN Rule and under the Privacy Act\n    (iv) the penalties or other sanctions that apply for breaching the TFN Rule or applicable laws relating to the handling of TFNs.","sortOrder":15},{"sectionNumber":"13. Obligations of the Commissioner of T","sectionType":"part","heading":"13. Obligations of the Commissioner of Taxation and APRA to publish","content":"## 13. Obligations of the Commissioner of Taxation and APRA to publish\n\n    (1) The Commissioner of Taxation and APRA must make information publicly available which identifies:\n\n    (a) in APRA’s case: the classes of TFN recipients, who are authorised by or under taxation law or superannuation law to request TFNs\n\n    (b) in the Commissioner of Taxation’s case: the classes of TFN recipients who are authorised by or under taxation law to request TFNs\n\n    (c) the specific purposes for which these TFN recipients may request TFNs\n\n    (d) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (e) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (f) where to find further detail about the matters in (a) – (e) above.\n\n    (2) The Commissioner of Taxation and APRA must publish information in accordance with the requirements of Guideline 8.1 about any amendments to taxation law and superannuation law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Where the Commissioner of Taxation or APRA prescribes or approves practices involving the collection of TFN information, the Commissioner of Taxation or APRA must ensure those practices include informing the individual:\n\n    (a) about the legal basis for collecting the individual’s TFN information\n\n    (b) that declining to quote a TFN is not an offence\n\n    (c) about the consequences of declining to quote a TFN.\n\n    (4) The Commissioner of Taxation and APRA must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.","sortOrder":16},{"sectionNumber":"14. Assistance agency obligations to pub","sectionType":"part","heading":"14. Assistance agency obligations to publish","content":"## 14. Assistance agency obligations to publish\n\n    (1) Assistance agencies that may request a TFN under personal assistance law, or under taxation law, must make information publicly available which identifies:\n\n    (a) the specific purposes for which the agency may request TFNs\n\n    (b) the prohibitions on the collection, recording, use and disclosure of TFN information\n\n    (c) the penalties that apply to unauthorised acts and practices relating to TFNs and TFN information\n\n    (d) where to find further detail about the matters in (a) – (c) above.\n\n    (2) Assistance agencies must publish information (in accordance with the requirements of Section (1) about any amendments to personal assistance law that allow TFNs to be requested. Where practicable, this information should be published before the amendments commence.\n\n    (3) Assistance agencies must comply with all other relevant obligations in the TFN Rule, including as a TFN recipient.","sortOrder":17}],"analysis":{"kimi_summary":{"content_quality":"ok","complexity_score":4,"scope_assessment":{"changed":false,"description":"The legislation maintains its original scope as a privacy protection instrument specifically for individual TFN information. It replaces the 2011 Guidelines with a legally binding Rule but does not expand beyond the original purpose of regulating collection, storage, use, disclosure, security and disposal of TFN information. The coverage remains limited to individuals (not corporations) and the core obligations are consistent with the original Guidelines, now simply enforceable as a legislative instrument."},"complexity_factors":["14 defined terms in section 6, with several terms ('personal assistance law', 'superannuation law', 'taxation law') incorporating by reference multiple external Acts and legislative instruments","Cross-references to the Privacy Act 1988 for core definitions ('TFN', 'TFN information', 'TFN recipient')","Nested definitions: 'approved recipient' and 'authorised recipient' are defined in terms of 'TFN recipient', which itself refers back to the Privacy Act","Multiple overlapping regulatory regimes referenced (Taxation Administration Act, Privacy Act, Superannuation Industry (Supervision) Act, Data-matching Program Act) creating a web of compliance obligations","Differential obligations for three categories of entities: Commissioner of Taxation/APRA, assistance agencies, and general TFN recipients","Reasonable steps' standards throughout (sections 8, 11, 12) requiring subjective judgment rather than prescriptive rules","Exception in section 7(2) allowing the Commissioner of Taxation to use TFN as identifier despite general prohibition on national identification systems","Typographical error in section 6: 'TFN Rule means this Privacy (Tax File Number) Rule 2014' when instrument is dated 2015"],"plain_english_summary":"This legislation sets out legally binding rules for how organisations must handle your Tax File Number (TFN). It replaced non-binding guidelines from 2011 with enforceable standards.\n\n**Who it affects:**\n- **TFN recipients** – organisations authorised to collect TFNs, including the Australian Taxation Office (ATO), Centrelink and other government agencies, superannuation funds, and certain service providers\n- **Individuals** – every Australian with a TFN\n\n**What it does:**\n- **Collection:** Organisations can only ask for your TFN when specifically allowed by tax, social security or superannuation law. They must tell you why they need it, that you don't have to give it (though there may be financial consequences), and what happens if you refuse.\n- **Use and disclosure:** Your TFN can only be used for authorised purposes – basically tax, benefits, or superannuation matters. It cannot be used as a general national ID system.\n- **Security:** Organisations must protect TFN information from misuse, loss, or unauthorised access, and restrict access to staff who actually need it.\n- **Destruction:** When no longer legally required, TFN information must be securely destroyed or permanently de-identified (made anonymous).\n- **Training:** Staff handling TFNs must be trained on privacy protections and penalties for breaches.\n- **Transparency:** The ATO, APRA (superannuation regulator), and assistance agencies must publish information about who can request TFNs and for what purposes.\n\n**Why it matters:**\nYour TFN is a key identifier that links your tax, superannuation and government benefit records. Misuse can lead to identity theft or fraud. This Rule gives you rights if your TFN is mishandled – you can complain to the Information Commissioner. Breaches can also attract criminal penalties including fines and imprisonment under separate tax laws.\n\n**Important limitation:** This Rule only protects individuals, not companies, trusts or partnerships. However, other laws (like the Taxation Administration Act) protect all TFNs including those of organisations."},"flash_summary":{"complexity_score":5,"scope_assessment":{"changed":true,"description":"The instrument expressly repeals the Tax File Number Guidelines 2011 and replaces them with a legally binding Rule (Section 4; Section 5(1)). That change is a scope shift from guidance to binding obligations for TFN recipients. The Rule also narrows its own substantive coverage to TFN information of individuals only (Section 5(2)), while noting that overlapping criminal protections in the Taxation Administration Act apply more broadly (Section 5(3)–(4))."},"complexity_factors":["Cross‑references to multiple external statutes and regimes (Taxation law, personal assistance law, superannuation law, TAA, SIS Act) that define when TFNs may be handled (Sections 5, 6, 8, 10).","Multiple classes of regulated actors with different roles (Commissioner of Taxation, APRA, assistance agencies, authorised recipients, approved recipients, trustees) (Section 6; Sections 13–14).","Use of the open standard \"reasonable steps\" in key obligations (collection, security, destruction, training), which creates interpretive discretion and variable compliance paths (Sections 8(2), 11(1)–(2), 12).","Overlap and difference in coverage between this Rule (individual TFNs only) and the TAA (which protects all TFNs), creating potential legal interaction issues (Section 5(2)–(4)).","Publication and timing obligations that depend on administrative practicability (Sections 13(2), 13(3), 14(2)).","Multiple operational requirements across life‑cycle of TFN data (collection, incidental receipt, use/disclosure, storage, destruction, staff training) that require procedural, technical and documentation changes for recipients (Sections 8–12)."],"plain_english_summary":"What this instrument does (mechanically)\n\n- The Privacy (Tax File Number) Rule 2015 (the TFN Rule) repeals the earlier Tax File Number Guidelines 2011 (Section 4) and establishes legally binding rules about how individuals' tax file number (TFN) information must be collected, stored, used, disclosed, secured and destroyed (Section 5(1)).\n\n- It imposes duties on entities that receive or handle TFN information (\"TFN recipients\") to limit collection to authorised purposes, to inform individuals when collecting TFNs, to secure and destroy TFN information when no longer required, to train staff, and to publish certain information about who may request TFNs and why (Sections 6, 8, 10, 11, 12, 13 and 14).\n\nWho is affected\n\n- Individuals (natural persons) whose TFN information is the subject of the Rule (Section 6). The Rule applies only to TFN information of individuals (Section 5(2)).\n\n- TFN recipients. The Rule adopts the Privacy Act’s definitions and explicitly lists classes of TFN recipients (for example: the Commissioner of Taxation, assistance agencies, authorised recipients, approved recipients and superannuation trustees) (Section 6). These recipients carry the primary compliance obligations (Sections 8, 11, 12, 13, 14).\n\n- The Commissioner of Taxation and APRA have specific publication duties to identify classes of authorised TFN recipients and the purposes for which TFNs may be requested (Section 13). Assistance agencies have parallel publication duties (Section 14).\n\nWhy it matters (official purpose and what that implies)\n\n- The Rule’s stated purpose is to regulate TFN handling for individuals by converting previous guidance into a legally binding instrument (Section 5(1)). It also creates an enforceable privacy interference under the Privacy Act, giving individuals a complaints route to the Information Commissioner (Section 5(3)). The Rule co-exists with criminal offences in the Taxation Administration Act 1953 (TAA) that apply to unauthorised TFN use or requests (Sections 5(3)–(4)).\n\nCosts, incentives and trade-offs (mechanisms, not judgments)\n\n- Compliance costs fall on TFN recipients. The Rule requires them to: limit collection to legally authorised purposes (Section 8(1)); take \"reasonable steps\" to inform individuals and to ensure collection methods are not unreasonably intrusive (Section 8(2)); protect, restrict access to, and securely destroy or de-identify TFN information when it is no longer required (Section 11); and train staff about handling and penalties (Section 12). Those steps imply administrative, technical and training costs for organisations handling TFNs.\n\n- The Rule constrains private use of TFNs. TFN recipients may only collect, use or disclose TFN information for purposes authorised by taxation, personal assistance or superannuation law (Sections 8(1) and 10). This limits private enterprise and other actors from repurposing TFNs for unrelated commercial or identification uses (see also Section 7(1) which prohibits TFNs being used as part of a national identification system).\n\n- Individual choice is preserved in form: an individual is not legally required to quote a TFN (Section 7(3)). The Rule also requires recipients to tell individuals that refusing to quote is not an offence and to explain consequences (Section 8(2)(a)(iii)–(iv)). At the same time, the Rule recognises that there may be financial consequences if an individual declines to quote a TFN (Section 7(3)), which creates an incentive for individuals to supply TFNs in contexts authorised by law.\n\nImplementation risk and timing\n\n- The Rule relies on agencies (Commissioner of Taxation and APRA, and assistance agencies) to publish lists of authorised recipients and purposes and to update that information when laws change (Sections 13 and 14). Section 13(2) asks that such information be published, where practicable, before amendments commence. The \"where practicable\" wording may create timing gaps between legal changes and public guidance.\n\n- Several obligations are expressed as taking \"reasonable steps\" (for example Sections 8(2), 11(1)–(2), 12). That language delegates judgement to TFN recipients and ultimately to regulators and courts when assessing compliance, which creates scope for differing interpretations and implementation variance across organisations.\n\nEnforcement and overlap with other law\n\n- A breach of the TFN Rule is an \"interference with privacy\" under the Privacy Act and can be the subject of a complaint to the Information Commissioner (Section 5(3)). Separately, unauthorised TFN use or requirements may be offences under the TAA and attract criminal penalties (Section 5(3)–(4)). The text notes the TAA protects all TFNs (not just individual TFNs) while the TFN Rule applies to individuals (Section 5(4)).\n\nPractical effects on private actors and markets\n\n- Businesses or service providers that are not authorised under taxation, personal assistance or superannuation law cannot lawfully request or use a person’s TFN for other purposes (Sections 8(1), 10). Approved recipients engaged by authorised recipients may access TFNs where it is reasonably necessary for their contracted services or where they have obtained the individual's consent (Definition of \"approved recipient\", Section 6).\n\n- The rule therefore restricts how TFNs can be used as identifiers outside the statutory domains listed, preserves an individual's option to withhold a TFN (with possible statutory consequences), and requires published transparency about who may request TFNs and for what purposes (Sections 7, 8, 13, 14).\n\nConcentrated benefits and diffuse costs (mechanism-based)\n\n- The Rule concentrates legal clarity and enforceable obligations on TFN recipients (concentrated compliance obligations) while the benefit of added statutory protection accrues to all individuals whose TFNs are covered (diffuse beneficiaries) (Section 5(1)–(3), Sections 8–14).\n\nKey sources in the text: see Sections 3–6 (authority and definitions), Section 5 (overview), Sections 7–12 (operative duties), and Sections 13–14 (publication obligations)."},"flash_summary_failed":{"failed":true,"reason":"Unauthenticated. Configure AI_GATEWAY_API_KEY or use a provider module. Learn more: https://ai-sdk.dev/unauthenticated-ai-gateway","source":"analysis-cron"}},"importantCases":[],"_links":{"self":"/api/acts/privacy-tax-file-number-rule-2015","history":"/api/acts/privacy-tax-file-number-rule-2015/history","analysis":"/api/acts/privacy-tax-file-number-rule-2015/analysis","conflicts":"/api/acts/privacy-tax-file-number-rule-2015/conflicts","importantCases":"/api/acts/privacy-tax-file-number-rule-2015/important-cases","documents":"/api/acts/privacy-tax-file-number-rule-2015/documents"}}