This privacy policy identifies relevant SRO policies and procedures for the protection of personal information in accordance with the Privacy and Data Protection Act 2014 (the Act). The Act has three purposes:

  • To establish a regime for the responsible handling of personal information in the public sector,
  • To provide individuals with rights to information held about them by organisations, and
  • To provide remedies for interference with the information privacy of an individual

Under that Act, personal information is any information or an opinion (including information or an opinion forming part of a database) that is recorded in any form and whether true or not about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.

This information is effective as at 30 June 2016.

SRO functions and responsibilities

The SRO is Victoria’s major revenue collection agency. The SRO is responsible for the administration of state taxes and levies, and for payments made under various assistance schemes, such as the Back to Work Scheme and the First Home Owner Grant.

Victorian taxation laws

The following taxes are administered under the Taxation Administration Act 1997.

  • Duties (Duties Act 2000) (Stamps Act 1958)
  • Land tax (Land Tax Act 2005) (Land Tax Act 1958)
  • Payroll tax (Payroll Tax Act 2007) (Pay-roll Tax Act 1971)
  • Congestion levy (Congestion Levy Act 2005)
  • Growth Area Infrastructure Contribution (GAIC) (Part 9B, Planning and Environment Act 1987)

Other levies:

  • Metropolitan Planning Levy (Part 4, Planning and Environment Act 1987)
  • Fire Services Property Levy (Part 4, Fire Services Property Levy Act 2012)

Payments, grants, rebates and subsidies:

  • First Home Owner Grant (First Home Owner Grant Act 2000)
  • Back to Work payments (Back to Work Act 2015)

The Register of Unclaimed Money (Unclaimed Money Act 2008) is also administered by the SRO.

SRO functions under the law

In addition, the SRO has functions under other Acts to which this privacy policy will also apply.

For example, the SRO is responsible for the administration for the Victorian liquor subsidies under the Liquor Control Reform Act 1998 and the payment of water and sewerage rebates under the Water Act 1989.

Information privacy principles

As an agency responsible for the protection of the public revenue under a law administered by it, the SRO is a “law enforcement agency” for the purposes of s3 of the Privacy and Data Protection Act 2014.

Under s15 of that Act, a law enforcement agency is not required to comply with certain information privacy principles to the extent that such non-compliance is necessary for the performance of a law enforcement function or activity. 


In administering these and other Acts, the SRO may collect and use personal information about individuals for the purposes of assessing a tax liability or conferring a benefit. The SRO collects personal information in accordance with the law for the purposes of assessment, collection, management and protection of revenue under Acts it administers.

In most cases, the SRO collects the information directly from the individual or a legal or financial representative authorised to act on their behalf. The SRO may also collect personal information from other sources, such as VicRoads, WorkSafe Victoria, Australian Securities and Investment Commission, Australian Taxation Office and other revenue offices. Specified enrolment information is also received from the Victorian Electoral Commission pursuant to the Electoral Act 2002. Information obtained by the SRO is used for data verification, revenue management and revenue protection purposes and is handled in accordance with the SRO’s legislative obligations.

The SRO commonly collects personal information through:

  • Returns, applications, notices and statements,
  • Requests for private rulings, objections, submissions and enquiries,
  • Customer feedback, surveys and research data,
  • Solicited or unsolicited correspondence and communications from the public

In addition, the SRO may collect personal information from current or prospective employees, or persons seeking to be engaged by the SRO under contract.

Data quality

The SRO takes care to ensure that the personal information it collects about an individual is complete, up to date, and accurate. The SRO conducts data matching activities for the purposes of ascertaining compliance with Acts it administers, to verify or supplement information provided by a customer and to verify eligibility for certain concessions and exemptions.

Use and disclosure of information

The SRO does not use personal information other than in accordance with the law and for the purpose for which it was collected, or for a purpose you would reasonably expect associated with its revenue collection or revenue protection functions.

The SRO may need to provide access to personal information to its contractors to perform functions involved in the administration of its responsibilities, such as for example, provision of IT or printing services. Contractors engaged by SRO are required to comply with the requirements of the Privacy and Data Protection Act 2014, and secrecy provisions.

The SRO does not disclose any information (including personal information) collected by it unless authorised by law, or with your consent.

The SRO is bound by secrecy provisions in the Acts administered by it. In relation to state taxes, the secrecy provisions in the Taxation Administration Act 1997 enable disclosure of information obtained under the taxation laws in the following circumstances:

  • With the person’s consent, or
  • In connection with the administration or execution of Acts administered by the SRO, the Australian Taxation Office, or another state and territory revenue office, as required by another Victorian Act, or
  • For specific purposes outlined in the legislation
  • To the office-holders and agencies listed as authorised to receive disclosures. Authorised recipients include certain Victorian, State, Territory and Commonwealth government authorities

Similarly, secrecy provisions in other laws administered by the SRO – the First Home Owner Grant Act 2000, the Back to Work Act 2014, the Fire Services Property Levy Act 2012 and the Unclaimed Money Act 2008 – set out the purposes and agencies for which disclosures can be made under those laws.

The SRO uses information obtained by it for creation of statistics or consideration of economic trends for the purposes of government reporting, but there is no disclosure of personal information associated with such reporting.

Data security and retention

The SRO takes care to ensure that any personal information it holds about an individual is protected from misuse or loss and from unauthorised access, modification or disclosure. The SRO’s Risk Management Framework aligns with the Victorian Government Risk Management Framework and the AS/NZS ISO 31000:2009 standard.

In addition, the SRO has policies in place to ensure that information (including personal information) is securely stored and is destroyed or disposed of when it is no longer relevant, or necessary for the purposes of Acts administered by SRO or other SRO functions. Documents are stored, retained or destroyed in accordance with the Public Records Act 1973

Online payment security

Ensuring your browser is current with the latest patches applied will protect your confidential information. Failing to do so may compromise the security of your information, including credit card details, and result in you being unable to make payments through the SRO online facilities.


This Information Privacy Policy outlines the key elements of the SRO’s policy on the management of personal information. Where information is collected directly from the person or their representative on a form provided by the SRO, the form will include a Privacy Statement explaining why the SRO requires the information, and the uses and disclosures permitted by the relevant laws.

The SRO may also collect personal information from other sources in order to verify or supplement information required for the assessment, investigation and enforcement of tax obligations and/or the determination of entitlements to grants and payments.

Access to your personal information and correction

The Privacy and Data Protection Act 2014 and Freedom of Information Act 1982 (FOI Act) provide individuals with a statutory rights of access to their own personal information held by government agencies about them.

However, there are a limited number of exceptions and exemptions under the FOI Act. For example, in cases where the SRO’s law enforcement function would be prejudiced, the SRO may not be required to provide access to personal information held about an individual.

Under the FOI Act, requests for access to personal information or correction of personal information can be made to the Information Officer.

Transborder data flows

The SRO may, in some circumstances, transfer personal information or information collected from you outside Victoria, to another state or territory revenue office, or to the federal Commissioner of Taxation.

The principle of Transborder Data Flows is governed by secrecy laws which authorise the SRO to provide data to other jurisdictions. 

The SRO administers three Acts which permit the provision of information to other agencies and jurisdictions. These are the Taxation Administration Act 1997, the First Home Owner Grant Act 2000, and the Unclaimed Money Act 2008. The agencies permitted to receive information from the SRO under these laws are listed in the attachment below.

Sensitive information

The SRO does not collect sensitive information from individuals, unless necessary for the purposes of Acts it administers or in managing its employees or contractors.

Unique identifiers

A unique identifier is a series of alphabetical or numeric characters, which may be applied to an individual and distinguishes them from other individuals.

The SRO may assign, use or disclose unique identifiers to individuals where this necessary to do so to carry out its functions. For example, assessment and customer numbers are needed for the administration of taxes and grants administered by the SRO.


It may not be possible for the SRO to properly administer its Acts or carry out its functions unless an individual provides personal information to the SRO (as required by law). However, in some very limited circumstances – for example if a person is  making a general inquiry, or providing a tip-off information to the SRO –the SRO may permit personal information identifying the source of details supplied to the SRO to be removed or withheld.


If you have a complaint about how the SRO has handled your personal information, consider your privacy has been breached or have an enquiry about how the SRO handles personal information, please contact the Privacy Officer, (Paula Thorne) in the first instance on 9628 6105 or in writing:

Privacy Officer
State Revenue Office
GPO Box 1641

If you are not satisfied with the way in which the SRO has handled your complaint through its internal complaints procedure, you may contact the Commissioner for Privacy and Data Protection:

Commissioner for Privacy and Data Protection
PO Box 24014

Phone: 1300 666 444

Fax: +61 3 8684 1667