You are here

This privacy policy identifies relevant SRO policies and procedures for protecting personal information in accordance with the Privacy and Data Protection Act 2014, which has three purposes:

  • To establish a regime for the responsible handling of personal information in the public sector,
  • To provide individuals with rights to information held about them by organisations, and
  • To provide remedies for interference with the information privacy of an individual

Under the Act, personal information is any information or an opinion (including information or an opinion forming part of a data base) that is recorded in any form, whether true or not, about an individual whose identity is apparent or can be reasonably ascertained from the information or opinion.

The SRO's functions and responsibilities

As Victoria’s major revenue collection agency, the SRO is responsible for administering state taxes and levies, and for payments made under various assistance schemes, such as the Back to Work Scheme and the First Home Owner Grant.  

Victorian taxation laws

The following taxes are administered under the Taxation Administration Act 1997:

  • Duties - Duties Act 2000, Stamps Act 1958
  • Land Tax - Land Tax Act 2005, Land Tax Act 1958
  • Payroll Tax - Payroll Tax Act 2007, Pay-roll Tax Act 1971
  • Congestion Levy - Congestion Levy Act 2005
  • Growth Area Infrastructure Contribution - Part 9B, Planning and Environment Act 1987

Other levies:

  • Metropolitan Planning Levy - Part 4, Planning and Environment Act 1987
  • Fire Services Property Levy - Part 4, Fire Services Property Levy Act 2012

Payments, grants, rebates and subsidies:

  • First Home Owner Grant - First Home Owner Grant Act 2000
  • Back to Work payments - Back to Work Act 2015

The Register of Unclaimed Money (Unclaimed Money Act 2008) is also administered by the SRO.

The Register of Unclaimed Money

The Registrar is obliged to keep a comprehensive register for administering the Unclaimed Money Act 2008 and has the ability to confine published details to the minimum amount needed for that purpose. The published version of the register provides sufficient details for an owner to identify a claim, but also withholds certain details to ensure  there is still undisclosed information against which an applicant’s claim can be assessed.

The SRO’s functions under other laws

In addition, the SRO has functions under other Acts to which this privacy policy also applies. For example, the SRO is responsible for administering the Victorian liquor subsidies under the Liquor Control Reform Act 1998 and paying water and sewerage rebates under the Water Act 1989.

Information privacy principles

As an agency responsible for protecting public revenue under a law administered by it, the SRO is a “law enforcement agency” for the purposes of section 3 of the Privacy and Data Protection Act 2014. Under section 15 of that Act, a law enforcement agency is not required to comply with certain Information Privacy Principles to the extent that such non-compliance is necessary to perform a law enforcement function or activity.


In administering these and other Acts, the SRO may collect and use personal information about individuals for the purposes of assessing a tax liability or conferring a benefit. The SRO collects personal information in accordance with the law for the purposes of assessing, collecting, managing and protecting revenue under the Acts it administers.

In most cases, the SRO collects information directly from the individual or a legal or financial representative authorised to act on their behalf.

The SRO may also obtain personal information from other sources, such as VicRoads, WorkSafe Victoria, the Australian Securities and Investment Commission, the Australian Taxation Office, the Department of Immigration and Border Protection, and other revenue offices.

Enrolment information is also received from the Victorian Electoral Commission pursuant to the Electoral Act 2002. Information obtained by the SRO is used for verifying data, managing revenue, and protecting revenue and is handled in accordance with the SRO’s legislative obligations.

The SRO commonly collects personal information through:

  • Returns, applications, notices and statements,
  • Requests for private rulings, objections, submissions and enquiries,
  • Customer feedback, surveys and research data,
  • Solicited or unsolicited correspondence and communications from the public

In addition, the SRO may collect personal information from current or prospective employees, or persons seeking to be engaged by the SRO under contract. The SRO’s Human Resources functions are administered in accordance with the Public Administration Act 2004.

Where the SRO is collecting information that will also be used and disclosed for Commonwealth reporting purposes, the SRO’s Collection Statement identifies the relevant details and the additional purposes for which they may be used and disclosed. 

Data quality

The SRO takes care to ensure that the personal information it collects about an individual is complete, up to date, and accurate. The SRO conducts data matching activities for the purposes of ascertaining compliance with the Acts it administers, verifying or supplementing information provided by a customer, and verifying eligibility for certain concessions and exemptions.

Use and disclosure of information

The SRO does not use personal information other than in accordance with the law and for the purpose for which it was collected, and for a purpose you would reasonably expect to be associated with its revenue collection or revenue protection functions. The SRO may need to provide access to personal information to its contractors to perform functions involved in administering its responsibilities, such as providing IT or printing services. Contractors engaged by the SRO are required to comply with the requirements of the Privacy and Data Protection Act 2014 and secrecy provisions.

The SRO does not disclose any information, including personal information, collected by it unless authorised by law or with your consent.

The SRO is bound by secrecy provisions in the Acts it administers. In relation to state taxes, the secrecy provisions in the Taxation Administration Act 1997 enable disclosure of information obtained under the taxation laws in the following circumstances:

  • With the person’s consent,
  • In connection with administering or executing Acts administered by the SRO, the Australian Taxation Office, or another state and territory revenue office, as required by another Victorian Act, 
  • For specific purposes outlined in the legislation,
  • To the office-holders and agencies listed as authorised to receive disclosures, with authorised recipients including certain Victorian, state, territory and Commonwealth government authorities

Similarly, secrecy provisions in other laws administered by the SRO – the First Home Owner Grant Act 2000, the Back to Work Act 2014, the Fire Services Property Levy Act 2012 and the Unclaimed Money Act 2008 – set out the purposes and authorised recipients of disclosures made under those laws.

List of authorised recipients

The SRO uses information it obtains for creating statistics or considering economic trends for the purposes of government reporting, but there is no disclosure of personal information associated with such reporting.

Data security and retention

The SRO takes care to ensure that any personal information it holds about an individual is protected from misuse or loss and from unauthorised access, modification or disclosure. The SRO’s Risk Management Framework aligns with the Victorian Government Risk Management Framework and the AS/NZS ISO 31000:2009 standard.

In addition, the SRO has policies to ensure that information, including personal information, is securely stored and destroyed or disposed of when it is no longer relevant or necessary for the purposes of the Acts it administers or other SRO functions. Documents are stored, retained or destroyed in accordance with the Public Records Act 1973

Ensuring your browser is current with the latest patches applied will protect your confidential information. Failing to do so may compromise the security of your information, including credit card details, and result in you being unable to make payments through the SRO's online facilities.


This Information Privacy Policy outlines the key elements of the SRO’s policy on managing personal information. Where information is collected directly from the person or their representative on a form provided by the SRO, the form will include a Collection Statement explaining why the SRO requires the information and the uses and disclosures permitted by the relevant laws.

The SRO may also collect personal information from other sources in order to verify or supplement information required for the assessing, investigating and enforcing tax obligations and/or determining entitlements to grants and payments.

Access to your personal information and correction

The Privacy and Data Protection Act 2014 and Freedom of Information Act 1982 (FOI Act) provides individuals with statutory rights of access to their own personal information held by government agencies about them.

Under the FOI Act, formal requests for accessing personal information or correcting personal information can be made to the Information Officer. If a customer wishes to correct their records an informal request for correction can be directed to the Privacy Officer.    

Transborder data flows

The SRO may, in some circumstances, disclose personal information or information collected from you to other agencies in other jurisdictions, or to the federal Commissioner of Taxation.

Transborder data flows are governed by secrecy laws authorising the SRO to provide information obtained under revenue laws, including personal information, to specified agencies in other jurisdictions. The SRO administers Acts which permit it to provide information to other agencies and jurisdictions

Sensitive information

The SRO does not collect sensitive information from individuals unless necessary for the purposes of the Acts it administers or managing its employees or contractors.

Unique identifiers

A unique identifier is a series of alphabetical or numeric characters which can be applied to an individual to distinguish them from other individuals. The SRO may assign, use or disclose unique identifiers to individuals where it is necessary to do so to carry out its functions. For example, assessment and customer numbers are needed for administering taxes and grants.


It may not be possible for the SRO to properly administer its Acts or carry out its functions unless an individual provides personal information to the SRO, as required by law. However, in some very limited circumstances, for example if a person is  making a general inquiry or providing a tip-off to the SRO, the SRO may remove or withhold personal information identifying the source of the details supplied to the SRO.


If you have a complaint about how the SRO has handled your personal information, or you believe your privacy has been breached, or you have a question about how the SRO handles personal information, please contact our Privacy Officer in the first instance on 9628 6105 or in writing to:

Privacy Officer
State Revenue Office
GPO Box 1641

If you are not satisfied with the way in which your complaint has been handled through our internal complaints procedure, you can contact the Privacy and Data Protection Deputy Commissioner:

Privacy and Data Protection Deputy Commissioner
PO Box 24014

Phone: 1300 666 444
Fax: +61 3 8684 1667