//
© 2026 Zoe. All rights reserved.
Zoe is a legal information platform. Always consult the official source for authoritative text.
Commonwealth legislation
What this instrument does (mechanically)
The Privacy (Tax File Number) Rule 2015 (the TFN Rule) repeals the earlier Tax File Number Guidelines 2011 (Section 4) and establishes legally binding rules about how individuals' tax file number (TFN) information must be collected, stored, used, disclosed, secured and destroyed (Section 5(1)).
It imposes duties on entities that receive or handle TFN information ("TFN recipients") to limit collection to authorised purposes, to inform individuals when collecting TFNs, to secure and destroy TFN information when no longer required, to train staff, and to publish certain information about who may request TFNs and why (Sections 6, 8, 10, 11, 12, 13 and 14).
Who is affected
Individuals (natural persons) whose TFN information is the subject of the Rule (Section 6). The Rule applies only to TFN information of individuals (Section 5(2)).
TFN recipients. The Rule adopts the Privacy Act’s definitions and explicitly lists classes of TFN recipients (for example: the Commissioner of Taxation, assistance agencies, authorised recipients, approved recipients and superannuation trustees) (Section 6). These recipients carry the primary compliance obligations (Sections 8, 11, 12, 13, 14).
The Commissioner of Taxation and APRA have specific publication duties to identify classes of authorised TFN recipients and the purposes for which TFNs may be requested (Section 13). Assistance agencies have parallel publication duties (Section 14).
Want the full deep dive?
Zoe can write the in-depth analysis on top of the summary above: how it works, who it affects and what each part actually does.
Direct links to the current provisions in Privacy (Tax File Number) Rule 2015.
Zoe has indexed the source text for search and analysis. Use the official register for the original document and download formats.
View on official registerSourced from the Federal Register of Legislation (legislation.gov.au), CC BY 4.0.
Why it matters (official purpose and what that implies)
Costs, incentives and trade-offs (mechanisms, not judgments)
Compliance costs fall on TFN recipients. The Rule requires them to: limit collection to legally authorised purposes (Section 8(1)); take "reasonable steps" to inform individuals and to ensure collection methods are not unreasonably intrusive (Section 8(2)); protect, restrict access to, and securely destroy or de-identify TFN information when it is no longer required (Section 11); and train staff about handling and penalties (Section 12). Those steps imply administrative, technical and training costs for organisations handling TFNs.
The Rule constrains private use of TFNs. TFN recipients may only collect, use or disclose TFN information for purposes authorised by taxation, personal assistance or superannuation law (Sections 8(1) and 10). This limits private enterprise and other actors from repurposing TFNs for unrelated commercial or identification uses (see also Section 7(1) which prohibits TFNs being used as part of a national identification system).
Individual choice is preserved in form: an individual is not legally required to quote a TFN (Section 7(3)). The Rule also requires recipients to tell individuals that refusing to quote is not an offence and to explain consequences (Section 8(2)(a)(iii)–(iv)). At the same time, the Rule recognises that there may be financial consequences if an individual declines to quote a TFN (Section 7(3)), which creates an incentive for individuals to supply TFNs in contexts authorised by law.
Implementation risk and timing
The Rule relies on agencies (Commissioner of Taxation and APRA, and assistance agencies) to publish lists of authorised recipients and purposes and to update that information when laws change (Sections 13 and 14). Section 13(2) asks that such information be published, where practicable, before amendments commence. The "where practicable" wording may create timing gaps between legal changes and public guidance.
Several obligations are expressed as taking "reasonable steps" (for example Sections 8(2), 11(1)–(2), 12). That language delegates judgement to TFN recipients and ultimately to regulators and courts when assessing compliance, which creates scope for differing interpretations and implementation variance across organisations.
Enforcement and overlap with other law
Practical effects on private actors and markets
Businesses or service providers that are not authorised under taxation, personal assistance or superannuation law cannot lawfully request or use a person’s TFN for other purposes (Sections 8(1), 10). Approved recipients engaged by authorised recipients may access TFNs where it is reasonably necessary for their contracted services or where they have obtained the individual's consent (Definition of "approved recipient", Section 6).
The rule therefore restricts how TFNs can be used as identifiers outside the statutory domains listed, preserves an individual's option to withhold a TFN (with possible statutory consequences), and requires published transparency about who may request TFNs and for what purposes (Sections 7, 8, 13, 14).
Concentrated benefits and diffuse costs (mechanism-based)
Key sources in the text: see Sections 3–6 (authority and definitions), Section 5 (overview), Sections 7–12 (operative duties), and Sections 13–14 (publication obligations).