open it
close it

The Secure Storage and Management of Tax File Numbers and Personal Information: Best Practice Guidance for Australian Business Software Providers investigates best practice controls for managing and securing Tax File Numbers (TFNs) and personal information in software. 

This guidance is intended for document management, financial planning, workforce management and practice management software providers in the broader tax, accounting, employer obligation, superannuation, invoicing and business registry ecosystem that operate outside the scope of government security requirements that typically apply to Digital Service Providers (DSPs). 

The following best practice controls are recommended for DSPs to securely capture and store TFNs and personal data:

Capturing Data:
 		Displaying Data:
  • Data collection
  • Input validation
  • User authentication
  • Secure user interfaces
  • Redaction and masking
  • Role-based access controls
  • Logging and monitoring
Sharing Data:
 		Storing Data:
  • Secure data transmission
  • Secure API configurations
  • Encryption at rest
  • Data minimisation, retention and disposal
  • Secure backups
  • Database security
  • Tokenisation
  • Secure browser storage
  • Security of cloud data centres
  • Regular audits


DSPANZ members can access the full version of the best practice guidance which provides actionable recommendations for securely storing and managing TFNs and personal information here. Non-members can access a preview version of the guidance here

← Best Practice

Become a Member

Get involved! Learn more about our membership options here.

Member Benefits

Member Directory

Browse through DSPANZ Members and learn more about them here.

Browse List