Speaking on the Australian Taxation Office’s (ATO) newly launched Tax inVoice podcast, deputy commissioner of superannuation James O’Halloran said data accuracy, member protection and cyber security are all issues that the industry and, as such, the ATO is grappling with.
He was speaking to senior partner at Mercer, and co-chair of the ATO’s superannuation industry stewardship group, Dr David Knox.
“I think as the ATO and particularly in the last couple of years since SuperStream, the truth is that we are part of industry as much as industry is part of us,” Mr O’Halloran said, noting the prevalence of big, and important, data sets.
“It’s data that's important to people.
“[And that] clearly raises the issue for all of us together around cyber security, member protection as well as obviously data accuracy.”
Responding to a question from Dr Knox around the ATO’s operational framework, Mr O’Halloran said the framework is one part of the ATO’s strategy to manage risk for members and funds so that secure exchanges of information can occur.
He said, “A small point perhaps … is obviously software and … the use of APIs is continued to be mainstream business in many ways.
“So we need to make sure and work with the industry that our systems are secure.
“Certainly cyber security has never been more important to make sure it's up to date, particularly with things around information in the cloud as well as some of the way superannuation funds operate.”
Mr O’Halloran said it’s in everyone’s interests to have “a common security”, as well as to hit the best balance of access and security.
Both Dr Knox and Mr O’Halloran agreed that the importance of security is not going to decrease in the future, and in fact will grow.
The ATO’s cyber security standards received media attention last year, with an audit calling on it to boost its defences. This guidance followed an audit that found the ATO had “insufficient protection against cyber security attacks from external sources”.
"To progress to being cyber resilient, the Australian Taxation Office and the Department of Immigration and Border Protection (DIBP) need to improve their governance arrangements and prioritise cyber security," the audit said.
Arguing that it was especially critical that the ATO improved its standards due to its access to Australians’ private and sensitive data, the audit said there could be “potentially significant consequences for Australian citizens” if improvements did not occur.
The ATO has a Cyber Security Stakeholder Group that is scheduled to meet four times a year and provides key message updates on its meetings. The last update was provided in October 2017 and said the ATO was focusing on telephone scams, the global scam environment and ATO impersonation scams.
It also noted that the stakeholder group was the evolution of a working group.
“Our ongoing need to respond to cyber threats and the changing legislative environment made the transition necessary,” the group said.