11 November 2025

Security in Strata Handover Processes

Last week, a client email reminded us of an all-too-common risk that many strata managers inadvertently expose their clients to.  In short, as part of a handover to a new strata manager, the outgoing manager emailed the building’s Tax File Number (TFN) to the incoming one.  While this may seem like a harmless administrative shortcut, it’s actually a significant security risk.

In the accounting and tax compliance space, sending a TFN by email is no longer acceptable practice. Both the Australian Taxation Office (ATO) and the Tax Practitioners Board (TPB) are clear that TFNs must be handled with strict confidentiality and tax agents are expressly instructed never to pass them on in this manner. 

Given that email is not a secure channel, and the potential for misuse or fraud is considerable, strata managers (all professions really) should adopt the same mindset when it comes to the buildings they manage.  


Why TFNs Need Extra Protection
A building’s TFN is its key tax identifier, similar to an individual’s TFN or a company’s ABN. If this information falls into the wrong hands, it can be used to lodge false returns, access financial data, or impersonate the entity in dealings with the ATO or banks.

Despite regular reminders, TFNs are still being shared via email throughout the strata sector, often during management transitions.  It’s understandable, given the pace and workload of handovers, but this small lapse can create major exposure.


Best Practice for Handovers
The simplest safeguard is also the most effective: never email a TFN. Instead:

  1. Phone the new manager and provide the TFN verbally.

  2. If a written record is absolutely necessary, ensure it’s transmitted through an encrypted, secure portal—not standard email.

  3. Update your internal handover templates to include the instruction “please call for TFN” rather than a blank field.

Industry bodies such as Strata Community Association (SCA) could also help by pre-filling their standard templates with this reminder, encouraging consistent practice across the profession.


A Simple Step for Stronger Data Security
So far, we’ve been fortunate not to see any strata managers or buildings suffer consequences from a leaked TFN, but prevention is always easier than remediation. Taking a moment to phone through a TFN rather than emailing it is a simple way to protect both your clients and your professional reputation.

For those who already follow this practice, thank you. Keep reinforcing the message with your peers.  It’s one of those small habits that keeps everyone safer.

Quick Takes

  • Never send a TFN by email, even within your organisation.

  • Use secure portals or phone communication for TFN handovers.

  • Add “please call for TFN” to handover templates.

  • A few extra seconds of caution can prevent major security breaches.