ICON — 10 March 2014

Consultation — OAIC’s privacy regulatory action policy

The OAIC’s privacy regulatory action enforcement policy is now available for consultation.

The OAIC’s privacy regulatory action policy explains the OAIC’s range of powers and its approach to using its privacy regulatory powers and making related public communications.

The OAIC has developed this guidance to outline and explain the approach to using its privacy regulatory action powers. The guidance covers both existing powers and the new powers conferred on the Information Commissioner under privacy law reform.

The OAIC is currently developing the Guide to the OAIC’s privacy regulatory action, which will outline the situations and manner in which the OAIC will take regulatory action.

The OAIC welcomes comments by close of business Friday 28 March 2014.

Read the draft policy
Read the consultation paper

Consultation — Guide to undertaking privacy impact assessments

The OAIC has updated the Guide to undertaking privacy impact assessments to take account of changes under privacy law reform. This updated guide is now available for public consultation.

The OAIC welcomes comments by close of business Friday 28 March 2014.

Read the draft guide
Read the consultation paper

APP guidelines HTML now available

The OAIC has published an HTML version of the APP guidelines.

Access the guidelines

Statement — Cyber-attacks do not mean organisations are ‘off the hook’

The OAIC has released a statement confirming that while an organisation may not be found to have ‘disclosed’ personal information following a data breach or cyber-attack (under APP 6), the organisation may still be found in breach of APP 11 if it did not take reasonable steps to protect the information from unauthorised access, such as a cyber-attack.

Read the statement

Privacy (Persons Reported as Missing) Rule 2014 and guide

The Privacy (Persons Reported as Missing) Rule 2014 has now been registered on the Federal Register of Legislative Instruments (FRLI).

Subsection 16A(2) of the amended Privacy Act states that the Commissioner may make rules relating to the collection, use or disclosure of personal information by APP entities to assist in the location of missing persons.

The OAIC has released a guide to assist APP entities and others to understand and use this new legislative instrument. 

FOI Guidelines updated

The OAIC recently updated Parts 3 (Processing requests for access), 4 (Charges for providing access), 7 (Amendment and annotation of personal records), 14 (Disclosure Logs) and 15 (Reporting) of the FOI Guidelines to reflect the Privacy Act amendments commencing on 12 March 2014. Updates to Part 6 (Conditional exemptions) will be released soon.

Agencies must have regard to these guidelines when they are performing a function or exercising a power under the Act. The guidelines are intended to be read alongside the Information Commissioner’s APP guidelines.

Read updated FOI guidelines

FOI vexatious applicant declaration

Comcare and Price [2014] AICmr 24 (28 February 2014)
Vexatious applicant declaration — Whether applicant should be declared a vexatious applicant — Whether applicant has repeatedly engaged in access actions that involve an abuse of process. Freedom of Information Act 1982 ss 89K, 89L, 89M

Information Commissioner review decisions

 'BK' and Australian Taxation Office [2014] AICmr 23 (28 February 2014)
Refusal of access to documents — Whether reasonable steps taken to find documents — (CTH) Freedom of Information Act 1982 s 24A(1)

‘BJ’ and Australian Taxation Office [2014] AICmr 22 (26 February 2014)
Whether document contains deliberative matter — Whether disclosure would have a substantial adverse effect on the proper and efficient conduct of the operations of an agency — Whether contrary to public interest to release conditionally exempt document — (CTH) FOI Act 1982 ss 11A(5), 47C, 47E

Stanistreet and Therapeutic Goods Administration [2014] AICmr 21 (26 February 2014)
Documents disclosing trade secrets — (CTH) FOI Act s 47(1)(a)

‘BI’ and Professional Services Review [2014] AICmr 20 (26 February 2014)
Whether unreasonable to disclose personal information of applicants in recruitment process — Whether disclosure would have adverse effect on management or assessment of personnel — Whether disclosure contrary to the public interest (CTH) FOI Act ss 47F, 47E

Please refer to our website for a full list of Information Commissioner reviews.

Privacy Awareness Week 2014

Privacy Awareness Week (PAW) will be held from 4–11 May 2014. Get involved early and sign up as a PAW partner. This is the perfect way to demonstrate to your staff and stakeholders that your agency is committed to best privacy practice. Being a partner is a non-financial arrangement; we just ask that you actively promote privacy awareness during the Week.

More information about our events will be available soon. Please get in touch with the OAIC to find out more.


If you would like to subscribe to this eNewsletter please send an email to icon@oaic.gov.au 









Changes to privacy law

Content found in this section or on this page may no longer reflect the current law.

> Read more: Privacy law reform

Share this page

Protecting information rights — advancing information policy