• Security of information

    The Australian Taxation Office (ATO) operates the Australian Business Register (ABR) website and the ABR and AUSkey transaction sites. A range of security controls is applied to protect the sites from unauthorised access, and information is protected while it is collected by, stored on or passing through the ABR.

    Taxation Acts have secrecy provisions that prohibit ABR personnel, any officer of the ATO or any other government department from accessing, recording or disclosing anyone's taxation information except in performing their duties or in specific situations permitted by taxation laws. The Crimes Act 1914 also governs Australian Government agencies and their personnel’s use and disclosure of information. There are severe penalties for breaches of these provisions.

    Personal information will not be released unless the law permits it or permission is given.

    The ABR sites operate in a secure environment and a reliable system but users should be aware that there may be inherent risks associated with the transmission of information via the Internet.

    For more information you can read our privacy statement or contact us.

    Confidentiality and integrity

    The ABR sites have two forms of protection:

    • SSL (Secure Socket Layer): encryption, which provides the secure connection between the user and the ABR Web server. Users seeking more information about SSL in general are referred to W3C ‘The world wide web consortium’ where a search on the word ‘SSL’ or browsing the Security FAQs will provide current information.
    • PKI (Public Key Infrastructure): a digital credential (AUSkey), used to verify that the user is who they claim to be which helps ensure the security of electronic transactions with the ABR.

    Precautions are taken to help ensure the confidentiality and integrity of the data transmitted to and from the ABR’s web servers. Users can be confident that the information supplied is unlikely to be read by anyone other than ABR personnel or tampered with while in transit to the ABR. Information will be only used for the purposes which the law authorises (see also the privacy statement).

    User awareness of location

    It is intended that users of the ABR sites will be able to determine whether, at any given time, they are interacting with the ABR.

    A user can confirm they are interacting with an ABR site by checking the digital certificate used to provide SSL encryption. This can be checked by clicking on the SSL padlock located along the bottom of the browser window. The user should confirm the following:

    • the certificate has been issued to 'abr.gov.au'
    • the certificate has been issued by 'Thawte Server CA'
    • the certificate has a validity period of two years
    • the certificate path/hierarchy shows only 'Thawte Server CA' followed by 'abr.gov.au'.

    How these details are displayed depends on the type of browser being used.

    Online security

    We take the security and privacy of your personal information very seriously, and have a range of systems and controls to ensure that your information and transactions with us are safe.

    We will never ask you for your tax file number (TFN), bank details or other personal identification information in an electronic communication to you (including email or text message).

    If you've received fraudulent communication, you're unsure of the legitimacy of a communication that claims to be from the ABR or you think you have been a victim of a tax-related scam, call us on 13 28 61.

    If you receive an SMS or email asking for personal information, forward the entire email to ReportEmailFraud@ato.gov.au.

    • Last modified: 10 Aug 2018QC 202