GPO BOX 4889 SYDNEY NSW 2001
Mr Mark Diamond
Reply to: GPO Box 4889
Sydney NSW 2001
By email;
xxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx
Our reference: 1-5FK9CHO
Contact officer: Mark McGilchrist
Phone: (02) 9374 8180
Fax: (02) 9374 2698
10 June 2014
Decision regarding your Freedom of Information request
Dear Mr Diamond
RE: FOI Application 1-5FK9CHO
I refer to your request of 26 April 2014 under the Freedom of Information Act 1982 (FOI Act)
seeking access to the following documents:
The Australian Government Tender System (http://www.austender.gov.au) reports contract CN137512
between the Australian Taxation Office and PriceWaterhouseCoopers for the provision of "a Threat Risk
Assessment (TRA) and Privacy Impact Assessment (PIA) on the design of the Standard Business Reporting
(SBR) Authentication Solution"
I request access to a copy of the report of the privacy impact assessment. If the TRA and PIA were
provided in a combined report, I request access only to that part of the report relating to the PIA. I note
that the contract report on AusTender states that no confidentiality issues attached either to the
contract itself or to the contract outputs.
I am an officer authorised under section 23 of the FOI Act to make decisions regarding access to
documents.
I have identified this document relevant to your request. I have decided to release in full the
document as set out in the attached
Schedule of documents.
I notified you on 19 May 2014 that I would consult with the authors (PWC) of this document under
Section 27 of the FOI Act on whether they had any submissions regarding their business affairs. At
that time I notified you that this granted a 30 day extension to the review time, and that the new
due date was 27 June 2014.
Statement of Reasons
In reaching my decision I relied on the following documentary evidence
contents of documents requested
FOI Act
PS LA 2005/5 Provision of third party information under the Freedom of Information Act 1982
LA PS 2005/6 Release of employees' names under the Freedom of Information Act 1982
PS CM 2013/02 Information pro-disclosure
Information Commissioner guidelines
Consultation with PWC under s27A.
Discussion with the ATO AUSkey Implementation team
AUSkey was implemented in May 2010 and holds Department of Finance Public Key Infrastructure
(PKI) Gatekeeper accreditation. Further information supporting AUSkey’s privacy requirements for
accreditation by the PKI Gatekeeper can be found on the following webpages:
•
AUSkey’s condition of use -
https://abr.gov.au/AUSkey/Help-and-support/AUSkey-Terms-
and-Conditions/Conditions-of-use---AUSkey/
•
AUSkey’s Privacy Statement -
https://abr.gov.au/General-information/Privacy/Privacy-
statement---AUSkey/
•
AUSkey’s Certification Practice Statement –
https://abr.gov.au/AUSkey/Help-and-
support/AUSkey-Terms-and-Conditions/AUSkey-Certification-Practice-Statement/
•
Certificate Policy - AUSkey -
https://abr.gov.au/AUSkey/Help-and-support/AUSkey-Terms-
and-Conditions/Certificate-Policy---AUSkey/ and
•
Certificate Policy – Device -
https://abr.gov.au/AUSkey/Help-and-support/AUSkey-Terms-
and-Conditions/Certificate-Policy---Device-AUSkey/
Fees and Charges
I am an officer authorised under section 23 of the FOI Act to make decisions regarding access to
documents. As per Part 4, of the Office of the Australian Information Commissioner guidelines, I
have made no charge for access to this information.
Your rights of review
If you are unhappy with my decision, you can either request an internal review or request an
independent review by the Australian Information Commissioner. You can also apply to the
Australian Information Commissioner after an internal review has been conducted.
A request for an internal review needs to:
be in writing
be sent to us within 30 days of being notified of my decision, and
be sent, quoting reference number
1-5FK9CHO via:
- email at xxx@xxx.xxx.xx or
- mail to:
Freedom of Information
Australian Taxation Office
GPO Box 1797
MELBOURNE VIC 3001
The internal review will be done by an officer who did not make the initial decision.
A request for an independent review by the Australian Information Commissioner needs to:
be sent within 60 days of being notified of my decision
include a copy of this notice
include an address where notices can be sent (eg your email address), and
be sent to:
GPO Box 2999
Canberra City
ACT 2601
For further details regarding the Information Commissioner visit
www.oaic.gov.au
You may also apply to the Information Commissioner if you have not been informed of the outcome
of an internal review within 30 days.
Complaints
Any complaint about the processing of your FOI request can be forwarded to the Information
Commissioner. The complaint needs to be in writing and identify the agency against which the
complaint is made. There is no particular form required to make a complaint, but the complaint
should set out the grounds on which you consider the action should be investigated. The
Information Commissioner can be contacted on 1300 363 992 for the cost of a local call.
The Commonwealth Ombudsman also has the power to investigate the ATO’s actions and make
recommendations where appropriate. The Ombudsman will consult with the Australian Information
Commissioner before deciding who should investigate your complaint.
Yours faithfully
Mark McGilchrist
Mark McGilchrist
Legal Officer
General Counsel
FREEDOM OF INFORMATION ACT 1982
Applicant:
Mark Diamond
SCHEDULE OF DOCUMENTS
File Ref No:
1-5FK9CHO
Doc
Pages
Date
Type of
Author
Description of Contents
Material
Decision
Section
Reasons for
No.
Doc
Findings of
Exemption
Fact
SBR Authentication
DRAFT Privacy Impact
Release in
1
21
Nov 2008
Report
PwC
Assessment
full
Phase 1: High Level Design
November 2008
