ABR security policy
The Australian Taxation Office (ATO) operates the Australian Business Register (ABR) website. A range of security controls is applied to protect the website from unauthorised access and information is protected while it is collected by, stored on or passing through the Australian Business Register (ABR) website.
In spite of these protections, users should be aware that the World Wide Web is an insecure public network that gives rise to a potential risk of a user’s transactions being viewed, intercepted or modified by third parties or that files which the user downloads may contain computer viruses, disabling codes, worms or other devices or defects.
The Australian Business Register (ABR) accepts no liability for any interference with or damage to a user’s computer system, software or data occurring in connection with or relating to this website or its use. Users are encouraged to take appropriate and adequate precautions to ensure that whatever is selected from this site is free of viruses or other contamination that may interfere with or damage the user’s computer system, software or data (see also the Disclaimer Statement).
Where connection to a system outside the control of the Australian Business Register (ABR) website compromises the objectives of this statement, the Australian Business Register (ABR) personnel will take steps to rectify the situation.
Learn how to protect yourself against security scams and transact safely online.
The Australian Business Register (ABR) website has two forms of protection:
- SSL (Secure Socket Layer): encryption, which provides the secure connection between the user and the Australian Business Register (ABR) Web server. Users seeking more information about SSL in general are referred to W3C ‘The World Wide Web Consortium’ where a search on the word ‘SSL’ or browsing the Security FAQs will provide current information.
- PKI (Public Key Infrastructure): a digital certificate, used to verify that the user is who they claim to be. PKI certificates are used to ensure the security of electronic transactions with the Australian Business Register (ABR). For more information, see What does the ATO’s Public Key Infrastructure really mean? below.
Precautions are taken to help ensure the confidentiality and integrity of the data transmitted to and from the Australian Business Register’s (ABR’s) web servers. Users can be confident that the information supplied is unlikely to be read by anyone other than Australian Business Register (ABR) personnel or tampered with while in transit to the Australian Business Register (ABR). Information will be only used for the purposes which the law authorises (see also the Privacy Statement).
It is intended that users of the Australian Business Register (ABR) website will be able to determine whether, at any given time, they are interacting with Australian Business Register (ABR) website.
A user can confirm they are interacting with the Australian Business Register (ABR) website by checking the digital certificate used to provide SSL encryption. This can be checked by clicking on the SSL padlock located along the bottom of the browser window. The user should confirm the following:
- the certificate has been issued to 'abr.gov.au'
- the certificate has been issued by 'Thawte Server CA'
- the certificate has a validity period of two years
- the certificate path/hierarchy shows only 'Thawte Server CA' followed by 'abr.gov.au'.
- these details are displayed depends on the type of browser being used.
Some transactions will provide the user with a 'receipt' after a transaction is submitted. The receipt is intended to inform the user that the transaction has been successfully processed by the Australian Business Register (ABR) site to which it has been sent. Transactions which provide receipts are clearly identified at the outset, so that the user will know what kind of receipt to expect and what to do if one is not received.
Australian Business Register (ABR) personnel will undertake auditing and logging of all security related events, including the recording of all necessary information to identify the causes of an event and the person or entity which was responsible for the event. Where a malicious event occurs, steps will be taken to minimise the risk of such an event from occurring in the future. Such steps may lead to further investigation and possible prosecution.
Taxation Acts have secrecy provisions that prohibit ABR Personnel, any officer of the Australian Taxation Office (ATO) or any other Government Department from accessing, recording or disclosing anyone's taxation information except in performing their duties or in specific situations permitted by taxation laws. The Commonwealth Crimes Act 1914 also governs Commonwealth government agencies and their personnel’s use and disclose of information. There are severe penalties for breaking these provisions.
Personal information will not be released unless the law permits it or permission is given. The Australian Business Register (ABR) website is a secure environment and a reliable system but users should be aware that there may be inherent risks associated with the transmission of information via the Internet. For those who do not wish to use the Internet, there are alternative ways of obtaining and providing information. For more information on these alternative, users can telephone the Australian Taxation Office (ATO) on 13 28 66.
The Australian Taxation Office (ATO) uses Public Key Infrastructure (PKI) to provide a secure means for accessing and changing Australian Business Register (ABR) information over the Internet. Public Key Infrastructure (PKI) is a system of high level encryption which uses asymmetrical key pairs. More information about Public Key Infrastructure (PKI) is given here. Public Key Infrastructure (PKI) keys contain the Australian Business Number (ABN) of the client. The security systems in place restrict access so that only details of that Australian Business Number (ABN) can be viewed and changed. In effect, the privacy of the information passing between the user computer and the Australian Business Register’s (ABR’s) web server is provided by the use of Public Key Infrastructure (PKI).
Business clients will need to have registered to use the Australian Taxation Office’s (ATO’s) Public Key Infrastructure (PKI) in order to look at and change their own details over the Internet. Tax agents will need to have registered to use the Australian Taxation Office’s (ATO’s) Public Key Infrastructure (PKI) in order to access and change details on behalf of their clients. Government agencies authorized to access Australian Business Register (ABR) information, will either need to have registered to use the ATO’s PKI in order to look at details over the Internet or, where agencies access information through the Corporate External Gateway, have a valid user-ID and password.
|
ABR Help
