Announcements
We’re doing scheduled maintenance on ATO Community to bring you a bigger, better and brighter online community.
You may see us go into read-only mode over the weekend while we do this. Don’t worry! You’ll still be able to search the site to find your answers.

ATO Community

Re: lost/stolen phone privacy breach MyGovID

This post is archived and may not be up-to-date.

Newbie

Views 1289

Replies 3

If a team member has the MyGovID app on their personal phone and it is lost/stolen, we have been advised that this is a potential privacy breach and that we have to report this to all of our clients as a potential breach. 

 

The reason it has been said that it is a breach is because the phone has MyGovID on it and the password is most likely stored on the phone or the personal accesses their phone using faceID.

 

We have an issue with this as it doesn’t look good to our clients reporting something like this and reduces their level of trust in us.

 

We also have the issue that legally we cannot control our team members private phones and tell them how to store information and what kind of security it should have on the phone. Therefore there is an increased risk of our tax agent portal data being accessed by organised thieves or even maliciously from disgruntled employees who haven’t left our employ yet.

1 ACCEPTED SOLUTION

Accepted Solutions

Most helpful response

ATO Certified Response

VIP

Replies 0

Hi Angela,

 

If a staff member loses their phone they are able to create their ID again using their new phone.

If the phone is locked then no access will possible to the app.

As an administrator, clients have the ability to immediately remove the RAM authorisation which prevents anyone from accessing the system as permissions are managed in RAM.

 

Information on this is avialable on the RAM website - www.authorisationmanager.gov.au.

 

Thanks

Business Lead
Digital Communication and Identity Services
3 REPLIES 3

Newbie

Replies 1

More reason to buy a cheap office phone for each computer, never do they leave the office or computer.

This is what I have done and it means there are no "I left my phone at home" excuses or a reason why someone is using their persoanl phone at work.

 

Newbie

Replies 0

Thats exactly what we have been considering

Most helpful response

ATO Certified Response

VIP

Replies 0

Hi Angela,

 

If a staff member loses their phone they are able to create their ID again using their new phone.

If the phone is locked then no access will possible to the app.

As an administrator, clients have the ability to immediately remove the RAM authorisation which prevents anyone from accessing the system as permissions are managed in RAM.

 

Information on this is avialable on the RAM website - www.authorisationmanager.gov.au.

 

Thanks

Business Lead
Digital Communication and Identity Services