OAICnet — 10 March 2014

Consultation — OAIC’s privacy regulatory action policy

The OAIC’s privacy regulatory action enforcement policy is now available for consultation.

The OAIC’s privacy regulatory action policy explains the OAIC’s range of powers and its approach to using its privacy regulatory powers and making related public communications.

The OAIC has developed this guidance to outline and explain the approach to using its privacy regulatory action powers. The guidance covers both existing powers and the new powers conferred on the Information Commissioner under privacy law reform.

The OAIC is currently developing the Guide to the OAIC’s privacy regulatory action, which will outline the situations and manner in which the OAIC will take regulatory action.

The OAIC welcomes comments by close of business Friday 28 March 2014.

Read the draft policy
Read the consultation paper

Consultation — Guide to undertaking privacy impact assessments

The OAIC has updated the Guide to undertaking privacy impact assessments to take account of changes under privacy law reform. This updated guide is now available for public consultation.

The OAIC welcomes comments by close of business Friday 28 March 2014.


Read the draft guide

Read the consultation paper


APP guidelines HTML now available

The OAIC has published an HTML version of the APP guidelines.

Access the guidelines

Statement — Cyber-attacks do not mean businesses are ‘off the hook’

The OAIC has released a statement confirming that while an organisation may not be found to have ‘disclosed’ personal information following a data breach or cyber-attack (under APP 6), the organisation may still be found in breach of APP 11 if it did not take reasonable steps to protect the information from unauthorised access, such as a cyber-attack.

Read the statement

Privacy (Persons Reported as Missing) Rule 2014 and guide

The Privacy (Persons Reported as Missing) Rule 2014 has now been registered on the Federal Register of Legislative Instruments (FRLI).

Subsection 16A(2) of the amended Privacy Act states that the Commissioner may make rules relating to the collection, use or disclosure of personal information by APP entities to assist in the location of missing persons.

The OAIC has released a guide to assist APP entities and others to understand and use this new legislative instrument. 

Privacy Amendment (External Dispute Resolution Scheme — Transitional) Regulation 2014

The Information Commissioner, under s 35A of the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012, can recognise external dispute resolution (EDR) schemes to handle particular privacy-related complaints.

A transitional 12 month exemption from the requirement to be a member of a recognised EDR scheme has been put in place for energy and water utilities and commercial credit providers. Further information on the reasons for the temporary exemption can be found in the explanatory statement to the Privacy Amendment (External Dispute Resolution Scheme—Transitional) Regulation 2014.

FOI Guidelines updated

The OAIC recently updated Parts 3 (Processing requests for access), 4 (Charges for providing access), 7 (Amendment and annotation of personal records), 14 (Disclosure Logs) and 15 (Reporting) of the FOI Guidelines to reflect the Privacy Act amendments commencing on 12 March 2014. Updates to Part 6 (Conditional exemptions) will be released soon.

Agencies must have regard to these guidelines when they are performing a function or exercising a power under the Act. The guidelines are intended to be read alongside the Information Commissioner’s APP guidelines.

Read updated FOI guidelines

FOI vexatious applicant declaration

Comcare and Price [2014] AICmr 24 (28 February 2014)
Vexatious applicant declaration — Whether applicant should be declared a vexatious applicant — Whether applicant has repeatedly engaged in access actions that involve an abuse of process — Freedom of Information Act 1982 ss 89K, 89L, 89M

Information Commissioner review decisions

'BK' and Australian Taxation Office [2014] AICmr 23 (28 February 2014)
Refusal of access to documents — Whether reasonable steps taken to find documents — (CTH) Freedom of Information Act 1982 s 24A(1)

‘BJ’ and Australian Taxation Office [2014] AICmr 22 (26 February 2014)
Whether document contains deliberative matter — Whether disclosure would have a substantial adverse effect on the proper and efficient conduct of the operations of an agency — Whether contrary to public interest to release conditionally exempt document — (CTH) Freedom of Information Act 1982 (FOI Act) ss 11A(5), 47C, 47E

Stanistreet and Therapeutic Goods Administration [2014] AICmr 21 (26 February 2014)
Documents disclosing trade secrets — (CTH) FOI Act s 47(1)(a)

‘BI’ and Professional Services Review [2014] AICmr 20 (26 February 2014)
Whether unreasonable to disclose personal information of applicants in recruitment process — Whether disclosure would have adverse effect on management or assessment of personnel — Whether disclosure contrary to the public interest (CTH) FOI Act ss 47F, 47E

Please refer to our website for a full list of Information Commissioner reviews

Event — iappANZ workshops

iappANZ will hold a series of workshops during March in Melbourne, Sydney and Brisbane.

For more information about the events see the iappANZ website.

Privacy Awareness Week 2014

Privacy Awareness Week (PAW) will be held from 4–11 May 2014. Get involved early and sign up as a PAW partner. This is the perfect way to demonstrate to your staff and stakeholders that your agency is committed to best privacy practice. Being a partner is a non-financial arrangement; we just ask that you actively promote privacy awareness during the Week.

More information about our events will be available soon. Please get in touch with the OAIC to find out more.

If you would like to subscribe to the OAICnet eNewsletter please subscribe on our website.


Share this page

Protecting information rights — advancing information policy