Julian Plummer, managing director of Kamino Cyber Security and Midwinter Financial Services said that the Australian data notification laws which is set to receive royal assent in February will also affect offshore administrators or service providers used by Australian firms.
The recently introduced laws specify that all businesses with an annual turnover of $3 million or higher will be required to notify individuals and the regulator (OAIC) when cyber security incidents compromise personal information, Mr Plummer explained.
“Any SMSF firms that are using offshore administrators or service providers must also study the obligations closely as the mandatory data breach legislation also impacts overseas located service providers,” he said.
“So if you’ve got an SMSF administrator located overseas, and you’re offshoring that work, and they get hit by a data breach, you will have to report on behalf of them. That’s something that SMSF advisers may not be aware of.”
Mr Plummer said SMSF firms here in Australia that outsource work to offshore firms should ensure they have robust security processes in place.
“There are advantages to dealing with companies that are located in Australia as they are obliged to obey Australian laws, but generally there are ways to ensure that your partners have security front of mind, and that’s to ensure that they have ISO security certification and that information is generally pretty easy to get,” he said.
In relation to some previous comments:
– “Most of these so called ‘ethical’ operators do not even advice (stet) their clients where the work is being done merely relying on a (stet) flimsy engagement letters”. Presumably George has dealt with, or been exposed to, ALL of the offshoring facilities such that he knows what “most” do.
– under the current Engagement Letter requirements of both CAANZ and CPA Australia, the Engagement Letter is required to disclose to clients if their work, or any part of it, is conducted offshore. And we disclose this accordingly.
– I used to take the high moral ground in relation to offshoring and the potential for loss of jobs for our children. As a father and grandfather, this worried me. But, as a result of both outsourcing (to remote Australian locations) and offshoring, I am advertising and promoting higher-level work to new and existing employees. We train employees, and then have them reviewing the outsourced and offshored work. And they enjoy it more. They move-on more quickly to higher level work, and client contact. There is much more to the topic than the obvious emotional first-reaction.
– we use BOSS, and I can vouch for their professionalism and their ethics.
– whether CA firms are “certified archangels”, or not, the point is that they MUST comply with very strict ethical requirements.
– maybe Peter Vickers’ comments were a “self-plug”, but I think, more to the point, he was addressing the issues in the article, he has clearly told anybody who may be interested where the work is being done (so, presumably, he doesn’t fit into George’s “most” category), and he is providing an assurance as to adherence to accepted and high Australian ethical standards.
I totally agree with Peter’s views. We at Accounting Resource Pty Ltd(Accounting Resource) are a leading outsourcing firm based in Australia with a service centre in New Delhi, India. We do hundreds of SMSF’S for accounting firms and take clients confidentiality very seriously and comply with all Australian laws. We are CPA’S and respect the right of our clients to have personal details and information kept secure, private and confidential.
Let’s just wait for the first breach to occur to see how ineffective the Regulators (ASIC/TPB) are.
Nothing short of full disclosure to the client & positive acknowledgement from the client that the work is being undertaken offshore (including 3rd party & in-house arrangements) will do.
The client is informed, understands the arrangement & can make a fully informed decision.
Good SMSF administrators already do this, good offshore firms encourage this.
It those SMSF administrators that hide behind huge engagement letters, PDS & privacy statements that will have a problem in the future.
The sooner the Tax Practitioners Board update the Code of Conduct to include advice of offshore arrangements the better. It requires positive acknowledgement from client that they understand work is undertaken overseas.
It applies to 3rd Party & self owned arrangements.
Presently there is an obligation to disclose to clients 3rd party arrangements (but no need to disclose they operate overseas).
Rob C, in the Tax Practitioner Board “guidance material” in relation to the Code of Professional Conduct, it is required that, where a client’s information is provided to a third party (and third party is defined to include outsourcing), you must advise the client what information is to be disclosed, and “to whom and where the disclosure will be made”.
Mark I agree. But where offshoring is provided by the same firm (IE it is not outsourcing) then the current CPP is deficient. The Exposure Draft issued Aug 17 requires disclosure in the situation where the off shore party is related (IE not a third party).
Mark, Thanks for the clarification. My experience has been with offshore arrangements where ownership is with the onshore administrator. Thus no 3rd party arrangement.
Eg Multiport an Australian firm has offices in Kuala Lumpur.
No disclosure is required.
My understanding is that changes to the PCC as set out in the exposure draft will require disclosure of offshore activities regardless of ownership.
Should be more laws against offshoring jobs and our childrens futures.
Most of these so called ‘ethical’ operators do not even advice their clients where the work is being done merely relying on a flimsy engagement letters.
Great points George. I 100% agree. The lack of transparency is abhorrent and not in the clients best interest.
I run and own Back Office Shared Services Pty Ltd (BOSS) that has a team of accountants in Bangalore, India, doing tax and accoutning for Australian and New Zealand public accountants and businesses. None of this is new to us. we have always run the business ensuring that we comply with all Australian and New Zealand laws and ethical pronouncements. We are Chartered Accountants so of course we take our clients privacy seriously.
Nice segue to a self-plug Peter and of course CA firms are certified archangels 🙂