Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Chapter Four — Communication and engagement

Overview

The Office of the Australian Information Commissioner (OAIC) had an active year promoting privacy, freedom of information (FOI) and information policy issues to Australian Government agencies, industry and consumer groups, and the general public.

A key focus this year was an education and awareness campaign about the reforms to the Privacy Act 1988 (Privacy Act) that commenced on 12 March 2014. The OAIC delivered a comprehensive campaign, regularly communicating the changes to stakeholder groups via the OAIC's website, stakeholder networks, social media, publications and events.

On 9 October 2013, the OAIC released the results of the 2013 Community Attitudes to Privacy survey. The results confirmed that Australians are becoming more concerned about privacy and that they expect that their personal information will be protected.

The OAIC continued to collaborate internationally, hosting international delegations and providing secretariat support to the Asia Pacific Privacy Authorities (APPA) Forum. The OAIC hosted the 40th APPA Forum in Sydney on 26–27 November 2013. Privacy authorities from Australia (including state and territory authorities), Hong Kong, Japan, Korea, Macao, Mexico and New Zealand participated in the meeting.

The OAIC featured prominently in media coverage about FOI review decisions, privacy law reform, emerging technologies, data breaches and investigations. The OAIC coordinated a national Privacy Awareness Week campaign, and the Commissioners spoke at a range of forums and conferences.

Throughout the year the OAIC was regularly contacted by organisations and individuals requesting advice, assistance and guidance. There was frequent engagement with stakeholders through our social media platforms and the OAIC's networks for public and private sector information professionals.

Back to Contents

2013 Community Attitudes to Privacy survey

On 9 October 2013, the OAIC released the results of the 2013 Community Attitudes to Privacy survey. The results showed that Australians are becoming more concerned about their privacy and expect organisations to take effective steps to safeguard their personal information. The survey results also confirmed the growing community concern about privacy risks associated with new technologies and social media.

The survey report and accompanying infographic and video was launched by the Australian Information Commissioner at an event attended by industry and consumer groups. The event included discussion of the results by Timothy Pilgrim, Privacy Commissioner; Professor Barbara McDonald, Australian Law Reform Commission; Gary Blair, Commonwealth Bank of Australia; and Candice Jansz, Youth Advisory Committee member for the Office of the Victorian Privacy Commissioner.

1 in 3
have issues with how their personal information has been handled in the past year
3 in 4
are more concerned about sharing personal information online than 5 years ago
 
What concerns us most?
ID fraud & theft
25%
Online services and social media
48%
Data security & data breaches
16%
Fraud of financial info
11%

Extract from infographic illustrating key Community Attitudes to Privacy survey results

Key survey results include:

  • 48% of Australians believe that online services, including social media, pose the greatest privacy risk
  • 63% of Australians have decided not to deal with an organisation because of privacy concerns (an increase from 40% in 2007)
  • participants reported that the three most trustworthy industries were health service providers (90%), financial institutions (74%) and Government (69%)
  • 96% of participants expect to be informed if their information is lost
  • 95% feel that they should be made aware of how their personal information is protected and handled on a day-to-day basis
  • 90% of people have concerns about their personal information being sent overseas by businesses
  • 82% of participants were aware of federal privacy laws (up from 69% in 2007)
  • 33% of Australians have had a problem with the way their personal information was handled in the last 12 months.

The research was sponsored by the Commonwealth Bank of Australia (primary sponsor), Henry Davis York (key sponsor) and McAfee (sponsor). The survey was conducted by Wallis Consulting Group on behalf of the OAIC, and involved 1000 people participating via landline and mobile numbers. The research data was de-identified and made publically available through data.gov.au.

Back to Contents

Privacy law reform

A significant challenge for the OAIC in 2013–14 was the delivery of an education and awareness campaign about the Privacy Act reforms. Although the OAIC did not receive additional resources for this work, it delivered a comprehensive campaign about the changes for businesses, agencies and the community.

Information about the changes and key guidance documents were included on a dedicated 'privacy reform' page on the OAIC website, and were regularly communicated via social media and email alerts to the OAIC's networks for public and private sector information professionals. The Commissioners spoke about the reforms in media interviews and at a large number of conferences and forums.

The OAIC Privacy Awareness Week 2014 campaign focused on what the reforms meant for the Australian community, and included the release of information about the reforms in plain English and a number of community languages.

The OAIC continues to educate businesses, agencies and the general public about the changes.

Back to Contents

Privacy Awareness Week 2014

Privacy Awareness Week (PAW) is an annual awareness campaign coordinated by members of the APPA Forum to promote privacy rights and responsibilities. This year, PAW was held from 4 to 10 May 2014.

The OAIC's PAW campaign focused on changes to consumer rights under privacy law reform, as well as the education of organisations about new and existing responsibilities.

The campaign was launched by the Australian Information Commissioner at a business breakfast attended by 200 privacy professionals from the private and public sectors. The event theme 'Up front and personal' focused on the need for organisations to be transparent about their privacy practices and to build an organisational culture that respects customer privacy. Attendees heard from guest speakers from Choice, Coles Group and the Commonwealth Bank of Australia. The OAIC launched two new publications — Guide to developing an APP privacy policy and a revised Guide to undertaking privacy impact assessments.

The OAIC also hosted a sold-out workshop for privacy professionals that focused on best practice complaint handling, and a webinar on credit reporting changes aimed at Consumer Credit Legal Centres and External Dispute Resolution schemes. The Australian Information Commissioner and the Privacy Commissioner also spoke at a variety of public and private sector events during the week.

For individuals, the OAIC produced a range of resources in plain English about the reforms. Publications launched during the campaign included: What to look for in a privacy policy (consumer poster), Credit reporting: know your rights (a series of fact sheets on credit reporting changes), and How changes to privacy law affect you (a plain English fact sheet for consumers that was translated into 11 languages). The OAIC also developed specific content for young people about how to protect privacy when online.

PAW was supported by 210 partners from across the public and private sectors, a 33% increase from last year. Our partners played a critical role in assisting the OAIC to communicate key campaign messages to new audiences and networks. For example, the Privacy Commissioner featured in five short videos produced by Facebook Australia that included hints and tips for protecting personal information. These videos were released on the Facebook Australia page during PAW and reached 700,000 Facebook users and were viewed 3210 times.

Photograph of the panel discussion at the Privacy Awareness Week Business Breakfast on Monday 5 May 2014 at The Westin, Sydney.

Panel discussion at the Privacy Awareness Week launch event.

Back to Contents

International and regional engagement

International liaison

The OAIC continued its support and work with privacy and freedom of information authorities across the globe. The OAIC regularly responded to requests for advice and other assistance from international colleagues. This included hosting international delegations.

For example, the Australian Information Commissioner and the Freedom of Information Commissioner hosted a visit from a leading member of Ukrainian civil society in June 2014 to discuss the role of the OAIC in promoting freedom of information, accountability and transparency of government.

The Privacy Commissioner hosted a delegation from Mongolia in September 2013 to discuss sustainable governance frameworks that could be implemented in Mongolia. The visit was organised by the Griffith University Institute of Ethics, Governance and Law. The Privacy Commissioner also met with the newly appointed New Zealand Privacy Commissioner in April 2014 to discuss a range of issues of mutual interest, including privacy regulation and administrative matters.

8th Annual International Conference of Information Commissioners

The Australian Information Commissioner and the Freedom of Information Commissioner attended the 8th International Conference of Information Commissioners, which was held in Berlin in September 2013. Conference participants discussed a range of issues related to transparency and freedom of information, including the role of the media, open data and open government.

The Conference adopted the Berlin Declaration on Strengthening Transparency at the National and International Level, 'Transparency: The fuel of democracy'. In that Resolution, the International Conference of Information Commissioners:

  • advocated the creation of comprehensive and effective legal obligations for access to information upon request
  • supported the recognition of an international fundamental right of information, and drew attention to Article 19 of the International Covenant on Civil and Political Rights
  • reaffirmed that all eligible states should join and actively support the Open Government Partnership
  • noted the Council of Europe Convention on Access to Official Documents (Tromso Convention) and recommended that all states consider ratifying the Convention.

35th International Conference of Data Protection and Privacy Commissioners

The 35th International Conference of Data Protection and Privacy Commissioners (ICDPPC) was held in Warsaw, Poland, in September 2013. The theme of the conference was 'Privacy: A Compass in a Turbulent World'. The Australian Information Commissioner attended the conference and delivered a speech on developing tools for global privacy compliance. The ICDPPC adopted resolutions on a number of matters, including enforcement law coordination, webtracking and digital education and the 'appification' of society. The Privacy Commissioner's role on the ICDPPC Executive Committee expired during the reporting period.

Association of Information Access Commissioners

During 2013–14, the Association of Information Access Commissioners (AIAC) met twice; in November 2013 (Sydney) and in March 2014 (Melbourne).

The AIAC was established in 2010 by the statutory officers in each Australian jurisdiction responsible for protection of access to information rights. The membership of the AIAC comprises Information Commissioners (Federal, NSW, NT, Queensland and WA), Ombudsmen (New Zealand, SA and Tasmania) the Federal Freedom of Information Commissioner, Queensland Right to Information Commissioner and Victorian Freedom of Information Commissioner.

The AIAC aims to exchange information and experience between offices about the exercise of oversight responsibilities, and to promote best practice and consistency in information access policies and laws. Matters discussed at meetings included case law developments, work practices for handling complaints and reviews, audit activity, staff training, public awareness activities, national regulatory reform, and international links and developments.

Asia Pacific Privacy Authorities

The OAIC continued to be actively involved in the APPA Forum by providing secretariat services and maintaining the Forum's two websites available at APPA Forum and Privacy Awareness Week. In 2013–14, the APPA membership expanded to 17 with one new member authority joining the Forum — the Personal Data Protection Commission, Singapore.

Three APPA Forum meetings took place during the reporting period. In July 2013, members met in Auckland, New Zealand for the 39th APPA Forum. At the meeting, members discussed a range of topics including global privacy developments, children's privacy, privacy impact assessments and the interoperability between Europe and APEC's privacy rules. The meeting was hosted by the Office of the Privacy Commissioner, New Zealand.

The OAIC hosted delegates at the 40th APPA Forum in Sydney in November 2013. This forum covered topics such as cross-border disclosure of personal information, big data, unmanned aircraft systems, and ethical dilemmas and best practice privacy regulation.

The Personal Information Protection Commission hosted the 41st Forum in Seoul, South Korea in June 2014. Topics discussed included international collaboration, recent developments on the 'Right to be Forgotten', and enforcement activities relating to technologies such as cloud computing, social networking, smart phone applications and geo-location technology.

Privacy Authorities Australia

Privacy Authorities Australia (PAA) is a group of Australian privacy authorities that meets on an ad-hoc basis to promote best practice and consistency of privacy policies and laws. PAA membership includes the OAIC, privacy representatives from all states and territories, and the Attorney-General's Department as the Australian Government department responsible for privacy policy and advice. The PAA did not meet during the reporting period.

OECD Global Privacy Enforcement Network

The Global Privacy Enforcement Network (GPEN) builds on the Organisation for Economic Co-operation and Development (OECD) Recommendation on Privacy Law Enforcement Cooperation (2007). The Recommendation states that member countries should foster the establishment of an informal network of privacy enforcement authorities and other appropriate stakeholders to discuss the practical aspects of privacy law enforcement cooperation.

The OAIC continued its involvement in the GPEN during 2013–14. As at 30 June 2014, GPEN had 45 member authorities, including 25 nations, five subnational authorities, and the European Union.

In May 2014, the OAIC joined enforcement authorities from around the globe to participate in the second GPEN Privacy Sweep. The OAIC examined 50 of Australia's most popular apps, including whether the apps had a privacy policy and whether those policies were designed to be viewed on smart phone screens. Results of the sweep will be released in late 2014.

More information about GPEN can be found at Global Privacy Enforcement Network.

Asia-Pacific Economic Cooperation

In 2007, Asia-Pacific Economic Cooperation (APEC) economies endorsed the APEC Data Privacy Pathfinder (the Pathfinder) to guide implementation of the APEC Privacy Framework.

The Cross-border Privacy Enforcement Arrangement (CPEA) has been developed as part of the Pathfinder initiative, and provides a framework for privacy regulators to cooperate and seek information and advice from each other on cross-border enforcement matters. The CPEA came into force in July 2010 and as of 30 June 2014, 28 privacy regulatory bodies were signed up to CPEA, representing eight economies. The OAIC resigned as co-administrator of the CPEA in November 2013, but continues to be involved as a CPEA member.

The Pathfinder also involves the development and implementation of a Cross-border Privacy Rules (CBPR) system. The system will provide guidance on the how the CBPR of businesses can meet the standards of the APEC Privacy Framework and be recognised across APEC economies. More information about CPEA can be found at Asia-Pacific Economic Cooperation.


Administrative Review Council

The Information Commissioner is an ex officio member of the Administrative Review Council under the Administrative Appeals Tribunal Act 1975 (s 49(1)). Other ex officio members of the Council are the Commonwealth Ombudsman, President of the Administrative Appeals Tribunal, President of the Australian Law Reform Commission, and President of the Australian Human Rights Commission. Administrative support to the Council is provided by the Attorney-General's Department. The Council did not hold any meetings during the reporting period.

Back to Contents

Media

In 2013–14, the OAIC published 15 media releases and responded to 307 media enquiries. Media interest was high in the lead up to the commencement of the privacy law reforms, with the majority of media enquiries concerning the new Australian Privacy Principles (AAPs), enforcement powers and changes to credit reporting. Media interest was also driven by a number of high profile data breaches and the release of own motion investigation reports and FOI review decisions.

The OAIC Commissioners participated in a large number of interviews during the year across a range of media platforms including television, radio, print and online publications. One highlight was the Privacy Commissioner's participation in the ABC's The Checkout segment 'If I could say one thing', which aired on 19 June 2014.

Back to Contents

Speeches

The Commissioners delivered 75 speeches and presentations on a range of information-related issues — nearly a 25% increase from last year. These speeches were delivered to a wide variety of audiences from the public and private sectors as well as community groups and universities. Speeches covered privacy law reform, open government, FOI reform and cultural change and information law and policy reform.

A list of all speeches given by Commissioners is in Appendix Six.

Back to Contents

Publications

A number of new publications were released during 2013–14. A selection of these publications appears below.

Freedom of Information

  • FOI agency resource 15: Personal and business information — third party review rights
  • Updated FOI Guidelines

Privacy

  • Australian Privacy Principles guidelines
  • Australian Privacy Principles quick reference tool
  • 2013 Community Attitudes to Privacy survey research report
  • Guide to developing an APP privacy policy
  • Guide to developing an APP privacy policy — summary
  • Guide to the Privacy (Persons Reported as Missing) Rule 2014
  • Guide to undertaking privacy impact assessments (revised)
  • Guide to undertaking privacy impact assessments — summary
  • Guidelines for developing codes
  • Guidelines for recognising External Dispute Resolution schemes
  • Mobile privacy: A better practice guide for mobile app developers
  • Privacy business resource 4: De-identification of data and information
  • Privacy (Credit Reporting) Code 2014 (Version 1.2)
  • Privacy (Credit Related Research) Rule 2014
  • Privacy fact sheet 24: How changes to privacy law affect you
  • Privacy fact sheet 25: Credit reporting in Australia — summary
  • Privacy fact sheets 26 to 40: Credit reporting 'know your rights' series
  • Privacy fact sheet 41: Commonwealth spent convictions scheme
  • Privacy (Persons Reported as Missing) Rule 2014
  • Privacy public interest determination guide

Information Policy

  • Information policy agency resource 1: De-identification of data and information
  • information policy agency resource 2: Open data quick wins — getting the most out of agency publications

All OAIC publications can be accessed on the OAIC website.

Back to Contents

Website

In 2013–14, the OAIC's website received 1,079,670 unique visitors, 1,510,859 website visits and 4,581,858 viewed web pages.

The OAIC's new website available at www.oaic.gov.au was launched on 5 June 2013. The website was designed to comply with the Web Content Accessibility Guidelines (WCAG) 2.0. The OAIC is aiming for the WCAG 2.0 AA standard by December 2014 and has engaged an accessibility expert to audit and report on the OAIC website's level of compliance.

Back to Contents

Social media

The OAIC uses social media, e-newsletters and other web 2.0 platforms to promote and inform stakeholders about the work of the OAIC. In 2013–14, the OAIC increased the use of social media channels (Facebook, Twitter and YouTube) and integrated them into all communications.

Twitter

The OAIC greatly increased its use of Twitter during 2013–14. The OAIC tweeted 773 times and was re-tweeted 623 times. At 30 June 2014, the OAIC's Twitter account had 2041 followers, a 30% increase from last year.

YouTube

The OAIC produced three videos in 2013–14 that were hosted on YouTube. The OAIC's YouTube channel received 10,505 views in total during the year, a 68% increase from 2012–13.

Facebook

The OAIC used Facebook to support a number of education campaigns during the year, particularly during Privacy Awareness Week 2014. In 2013–14, the OAIC's Facebook account had 11,699 individual views and received 279 'likes', bringing the total to 467. This is a 60% increase in page likes, and an 87% increase in views compared to the previous year.

eNews alerts

The OAIC also communicates with stakeholders through subscription based eNews alerts. In 2013–14, the OAIC's general eNews alerts, OAICnet, had 4929 subscribers, a 22.8% increase compared to last year. Seventeen OAICnet alert were distributed during the reporting period. The OAIC also produces an eNews alert for the Information Contact Officer Network and Privacy Connections (both discussed below). The OAIC's eNews alerts are published on the OAIC website.

Back to Contents

External networks

Information Contact Officer Network

The Information Contact Officer Network (ICON) is a network for FOI, privacy and information policy contact officers in Australian Government agencies. ICON also includes the Norfolk Island administration and, in relation to privacy, ACT Government agencies.

During 2013–14, ICON membership increased from 771 to 852, an increase of 10.5%. The OAIC held four ICON meetings during 2013–14, three in Canberra and one in Sydney. The meetings are an important forum for information contact officers in government agencies to hear about and engage in the work of the OAIC. It also gives participants the opportunity to network and share knowledge with information professionals from other government agencies.

Topics discussed included processing of FOI requests and review applications, updates on Information Commissioner reviews, data breach notification and privacy law reform. Guest speakers at ICON meetings included representatives from the Department of Communications, Department of Finance, Cofluence and Open Australia. Twenty three eNews alerts (ICONalerts) were sent out to members.

Privacy Connections

The Privacy Connections Network is a dedicated network for privacy professionals in the private sector. As at 30 June 2014, the network had 2132 members. Throughout the year, the OAIC communicated with Privacy Connections members about the latest developments in privacy law reform, including the release of key guidance. Seventeen eNews alerts were sent to members this year.

Back to Contents

Committees

The OAIC administers two statutory committees, the Information Advisory Committee (IAC) and the Privacy Advisory Committee (PAC). The IAC and PAC held a joint meeting in November 2013. The meeting discussed the Hawke Review of the Freedom of Information Act 1982 and the Australian Information Commissioner Act 2010, open government and Australian Government archiving requirements, eHealth, privacy law reform and the release of the OAIC's Community Attitudes to Privacy Survey report.

Given the Australian Government's Budget decision on Tuesday 13 May 2014 to disband the OAIC from 31 December 2014, the OAIC cancelled IAC and PAC meetings that were scheduled to be held in July and November 2014. The OAIC thanks all IAC and PAC members for their support and enthusiasm over the past three years. Both Committees have played a valuable role in shaping the new information regulation agenda that the OAIC was developing. Further information about the committees and their activities during the year is set out below.

Information Advisory Committee

The IAC, established by the Australian Information Commissioner Act 2010 (s 27), met once during the reporting period, in November 2013. The IAC is chaired by the Information Commissioner and other members are appointed by the Minister. The IAC's role is to assist and advise the Information Commissioner in the performance of the information commissioner functions.

Ms Elizabeth Kelly, Deputy Secretary, Attorney-General's Department, resigned from the IAC on 3 October 2013. A list of IAC members can be found in Appendix Seven. Minutes of IAC meetings are published on the OAIC website.

Privacy Advisory Committee

The PAC, established by the Privacy Act 1988 (s 82), met once during 2013–14, in November 2013. The PAC is chaired by the Information Commissioner and other members are appointed by the Governor-General. The PAC's role is to advise the Information Commissioner on matters relevant to his functions, and to engage in and promote protection of individual privacy in the private sector, government and the community.

During the reporting period, the terms of Dr Christine O'Keefe, Mr Leon Carter and Associate Professor Moira Paterson expired. Mr Richard Glenn resigned from the PAC on 23 August 2013. A list of PAC members can be found in Appendix Seven. Minutes of PAC meetings are published on the OAIC website.

Back to Contents