The Tax Practitioners Board (TPB) has issued a practice notice clarifying how tax agents are expected to manage cloud-based activities in the servicing of clients.
Specifically, TPB(PN) 1/2017 has been published to facilitate a better understanding of the obligations applying to tax agents, tax financial adviser and BAS (business activity statement) agents contained in the code of professional conduct outlined in section 30-10 of the Tax Agent Services Act (TASA) in regard to cloud-based computing.
The practice note provides a definition of what cloud-based computing is before identifying some general factors practitioners need to address in this area.
These include elements such as knowing how information will be transferred between systems while maintaining data integrity, how the information is being stored, whether there is offshore storage of information, and the security controls the practitioner and the third-party service provider might have in place.
Most importantly, the TPB has outlined what is required for practitioners to comply with the TASAcode of professional conduct.
This includes obtaining permission from each client, preferably by way of a signed letter of agreement or signed consent, to divulge information to a third party.
The practice note also stipulates practitioners should have appropriate controls in place to maintain data integrity and confidentiality to avoid information leakage.
It recommends this might be achieved via items such as confidentiality agreements between the practitioner and the cloud service provider.
The TPB has also taken the opportunity to remind practitioners that they are also bound by the Privacy Act 1988.
In addition, the consequences of breaching the code have been covered, including the ability of the TPB to impose multiple administrative sanctions ranging from a written warning to the suspension or termination of the registration of a registered practitioner.