Stamp duty or an annual property tax for NSW first home buyers?
First home buyers purchasing property in NSW of up to $1.5m will have a choice of paying stamp duty or an annual property tax from 16 January 2023.
The annual property tax payments will be based on the land value of the purchased property. The property tax rates for 2022-23 are:
- $400 plus 0.3% of land value for properties whose owners live in them
- $1,500 plus 1.1% of land value for investment properties.
Property tax assessments will be issued annually to home buyers who take the annual property tax option. As an example, a first buyer purchasing a $1.2m NSW property with a land tax value of $720,000, could pay stamp duty of $50,875 or opt to pay the annual property tax ($2,560 for 2022-23). The property tax rates will be indexed annually.
Eligible first home buyers who sign a contract of purchase on or after 16 January 2023 will be eligible to opt into the property tax. If the property tax option is selected, first home buyers must move into the property within 12 months of purchase and live in it continuously for at least 6 months.
The annual property tax is only applicable to the purchaser. If the property is sold, the property tax does not apply to subsequent purchasers. For eligibility details, see
First Home Buyer Choice on the NSW Government website.
Legislation enabling the property tax is expected before the NSW Parliament this month. If passed, eligible first home buyers who sign a contract of purchase between the passage of the legislation and 15 January 2023 will be eligible to opt into the property tax. These purchasers will pay land stamp duty but will be able to apply for and receive a refund of that duty if they opt into property tax.
COVID downgraded but not gone
National Cabinet agreed to end the mandatory isolation requirements for COVID-19 effective from 14 October 2022. Each state and territory has, or will, implement the end of the isolation rules.
The Pandemic Leave Disaster Payment, the payment to workers who have lost income they needed to self isolate or care for someone with COVID-19, also end on 14 October. The Pandemic Leave Disaster Payment was extended beyond its 30 June end date but restricting the number of times claims can be made in a 6 month period.
While the Pandemic Leave Disaster Payment will end, National Cabinet agreed to continue targeted financial support for casual workers, on the same basis as the disaster payment, for workers in aged care, disability care, aboriginal healthcare and hospital care sectors. Final details of this new payment are yet to be released.
1 October minimum wage increase
Minimum wages in 10 awards in the aviation, tourism and hospitality sectors increased from 1 October 2022. The increase happens from the first full pay period on or after 1 October 2022. See the
Fair Work Ombudsman for more details.
Director ID number deadline looming
If you are a Director of a company or registered foreign company and have not applied for your
Director ID Number, the deadline is 30 November 2022. Don’t leave it until the last minute!
Lessons from a data breach
The Optus data breach is top of mind for a lot of Australians, particularly those who have had their data breached.
For business, the breach is a timely warning on the importance of understanding what data is held on your customers (and should you hold it?), how it is secured, how your systems work and the process to identify gaps and deficiencies, the appropriate actions if and when a breach occurs, and the impact on your relationship to your customer. This is not something that can be outsourced to IT but a whole of business issue.
The obligations on business
We all know that no system is 100% secure. For Optus, this is not the first time. In 2015, Optus agreed to an enforceable undertaking for breaching the Privacy Act in 2015.
A data breach happens when personal information is accessed or disclosed without authorisation or is lost. If the Privacy Act 1988
covers your business, you must notify affected individuals and the
Office of the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. The notification must be as soon as practicable but is expected to be no later than 30 days. Every day counts.
A business must take all reasonable steps to comply with its obligations to prevent data breaches occurring. These obligations are not limited to preventing cyber attacks. Malicious or criminal attacks represent 55% of all reported data breaches. But, human error is responsible for 41% and 4% through system faults. Where human error was involved, 43% was where personal information was emailed to the wrong recipient and 21% the unintended release or publication of personal information.
Helping to protect against data breaches
- Understand your Privacy Act obligations. Specific industries and businesses that hold specific types of data often have advanced requirements.
- Review the personal information held on customers. Is their full date of birth a necessary part of what your business does? If you need to verify identify, do those identification documents really need to be stored once they have been validated? Or is positive confirmation enough? Is the data held securely and is access limited to only those who require access?
- Ensuring systems have multifactor authentication
- Improving staff awareness of not only cyber threats and how to prevent them - phishing, fraudulent messages etc, but reviewing how personal data is managed and accessed.
- Understanding your systems and how they work together to prevent security gaps or ‘backdoor’ systems access.
