"A continuing issue with the ATO is that they require us to release information to them without us having any proof of their identity, or authority.
The National Privacy Principles (NPP) probably do not apply to many small practices, however it is obviously best practice to adhere to them since we hold sensitive personal information. NPP 2 allows us to disclose information required or authorised under law. Thus obviously we can disclose info to the ATO. However, the Guide to Privacy for Small Business issued by the Privacy Commissioner in relation to NPP2 refers to “Get clear consent from the individual, in writing or other method that is robust enough to satisfy you of the person’s identity.”
I would contend that a person identified as 'Bill for Albury Tax Office' wanting a phone number of a client is no way robust. We have in the past required the ATO to put requests for personal client information in writing but they never do, only state (warn or threaten) that they will escalate the matter because we don’t give out info over the phone in these circumstances. Debt collection officers and lodgment enforcement officers being the main ones.
The rhetorical question for other members is should the ATO be abetting us into not complying with NPP? Also, should Tax Agents not use the NPP as best practice?"