Tax agent Sam Rizkallah, the sole director and supervising agent of Le’Sam Accounting Pty Ltd, has now had his registration cancelled and has been barred from re-registration for a three-and-a-half-year period.
The AAT heard that Mr Rizkallah had asked an employee to access the records of a former long-standing client on the tax agent portal in March 2019, even though she had not been a client since 2013.
This was done despite the fact that the former client had commenced legal proceedings against Mr Rizkallah for a separate dispute over property.
Mr Rizkallah said he had been contacted by the former client’s ex-husband — a client of his — to ascertain whether she was still a client of his practice, and he saw no reason to withhold that information.
He then handed the former client’s tax file number to an employee who was new to the job, who subsequently logged into the portal on two occasions to access the former client’s details.
The new tax agent for the former client was alerted to the unauthorised access, triggering a complaint to the Tax Practitioners Board.
The tribunal heard that Mr Rizkallah failed to respond to requests for information from the TPB in a timely and reasonable manner and had instead made “extravagant” attacks on the integrity of the TPB’s investigation and processes, including accusing the regulator of behaving like a star chamber.
AAT deputy president Bernard McCabe said it was hard to believe that the unauthorised access was made merely for client confirmation purposes and that Mr Rizkallah’s “scandalous attacks” on the TPB was a strategy to evade responsibility for his improper conduct.
“It is difficult to credit Mr Rizkallah’s central claim that he had to check the portal to see if Mrs B was still a client. He plainly knew she had ceased being a client some time before, even if Mr Rizkallah was not aware of the identity of her new agent,” Mr McCabe said.
“I note Mr Rizkallah conceded in cross-examination it would be complete nonsense to think he might retain a professional relationship with a former client who was in the process of suing him.
“It is not clear what else he was hoping to achieve by accessing the portal, but I am not persuaded he was simply checking the status of Mrs B.”
However, the tribunal was unable to confirm who had actually accessed the portal, with Mr Rizkallah’s employee testifying that she had done so, despite portals logs revealing that Mr Rizkallah’s AusKey password had been used.
Mr Rizkallah explained that his office used four different AusKey credentials across several different computers, and staff were able to access the portal using a general office password that was known to them.
The AAT’s Mr McCabe noted the seriousness of the issue, pointing out that Mr Rizkallah’s lax approach to data security had put clients’ privacy at risk.
In determining the three-and-a-half-year banning order, Mr McCabe found that Mr Rizkallah was not a fit and proper person and that a significant banning period would act as a warning to other tax agents.
“Mr Rizkallah knew the complaint was legitimate, yet he resisted the investigation, made scandalous attacks on the Board and refused to comply with the s 60-100 notice,” said Mr McCabe.
“He also demonstrated a lax approach to data security, and failed to anticipate the obvious concerns that would arise when the portal was used to access information about somebody he must have known was a former client — an individual who was involved in legal proceedings against Mr Rizkallah at the time.
“Importantly, a significant exclusion period also sends a signal of general deterrence: it reminds other tax agents of the importance of data security, of the need to avoid conflicts of interest when handling information about former clients, and — in particular — the need to respond appropriately and honestly to the Board as it carries out its functions.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.