Australian Taxation Office

Comprehensive scope statement covering multiple user types, specific contact methods including dedicated privacy hotline, clear last updated date, and policy availability in multiple formats. Strong introductory section explaining policy purpose and transparency commitment.

Clear primary purposes for tax and superannuation administration, explicit secondary uses for audit, data matching, and research. Specific purposes for call recordings and biometric data, though limited explicit consent requirements for secondary uses beyond biometrics.

Regular review commitment with website publication, designated Privacy Officer and Champion under APP Code 2017, privacy impact assessment register, comprehensive compliance framework, and dedicated privacy hotline. Strong governance structure with specific security measures.

Exceptionally detailed enumeration of personal information types collected, comprehensive collection methods including direct, third-party, cookies, and web browsing data. Clear legal basis statements, specific biometric data handling with consent mechanisms, and detailed Google Analytics collection practices.

Specific named categories of recipients with clear purposes, detailed disclosure to law enforcement and prescribed taskforces, comprehensive overseas disclosure under tax treaties with named countries. Strong contractual obligations for contractors and clear voice biometric restrictions.

Industry best practice security measures including audits and penetration testing, clear staff access controls, specific biometric data geographic restrictions, contractor security obligations, and detailed authentication logging. However, lacks specific encryption or certification details.

Comprehensive disclosure with specific named countries under tax treaties and TIEAs, clear purposes for international tax cooperation, specific Google Analytics data location in USA with anonymization, and explicit restrictions on voice biometric transfers.

Comprehensive access and correction rights with specific 30-day timeframes, no-charge commitments, multiple complaint mechanisms with 3-day response commitment, clear OAIC escalation path, and specific deletion rights for voiceprints with opt-out mechanisms.

General disclosure of data matching, biometric identification, and compliance analysis systems with some transparency about purposes. However, lacks specific details about decision logic, human review rights, or comprehensive opt-out mechanisms beyond biometrics.

No relevant claims found in policy.

No specific findings.