Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Chapter One — Year in review

The central aim of the Office of the Australian Information Commissioner (OAIC) is to protect the community's information rights and to advance information policy in government. The OAIC's vision is that information will be managed by government as a national resource that is accessible and useable, and that personal information held by government and non-government organisations will be respected and protected.

The pre-eminent feature of the OAIC is that it integrates three functions — protecting the community's right of access to documents under the Freedom of Information Act 1982 (FOI Act), ensuring proper handling of personal information in accordance with the standards of the Privacy Act 1988 (Privacy Act), and providing advice to government on information policy and practice. Those functions cast the OAIC in the roles of regulator, decision maker, adviser, researcher and educator.

A key challenge since the establishment of the OAIC has been the integration of these functions and roles. In 2013–14, the OAIC demonstrated how these functions and roles can be performed effectively by the one office, and the significant benefits that an integrated model can deliver.

Back to Contents

Achievements and challenges in 2013–14

The OAIC's workload continued to grow in 2013–14. This has been the trend since the establishment of the OAIC, and reflects the active interest of the Australian community in both exercising their right to seek access to government information and ensuring that the privacy of their personal information is respected.

In 2013–14 the OAIC:

  • handled 16,491 phone enquiries (down 9.4% on the previous year)
  • answered 3,789 written enquiries (up 20.6%)
  • resolved 2617 privacy complaints (up 74%)
  • handled 71 data breach notifications (up 16.4%)
  • resolved 646 applications for Information Commissioner review (IC review) (up 54.2%)
  • resolved 119 freedom of information (FOI) complaints (down 20.1%)
  • processed 2456 extension of time notifications and requests.

A key workload challenge facing the OAIC during the year was to address an existing backlog of FOI and privacy complaints and IC reviews, while tackling an increase in privacy complaints and IC reviews. The OAIC was successful on both fronts, as discussed in Chapters Seven and Eight of this report.

All new complaints and review applications underwent triage and early resolution assessment. This was an effective strategy in resolving a majority of new matters at an early stage, while escalating complex and sensitive matters for further review and priority handling if necessary. Additional resources were directed to finalising older matters.

Another significant workload challenge for the OAIC in 2013–14 was to implement the substantial changes to the Privacy Act that commenced on 12 March 2014. There was strong government, private sector and community interest in these changes. All looked to the OAIC to provide guidance, assistance and leadership in promoting the changes. As part of a national education campaign, the OAIC conducted 22 consultations, provided 133 written policy advices, made 17 submissions to government and other inquiries, and updated existing guidance material and produced over 20 new publications on FOI, privacy and information policy.

These workload challenges were met during a decrease in the OAIC's overall staffing levels, partly due to budgetary tightening across government. The initial staffing estimate for the OAIC when it was being established was around 100 staff to carry out the three FOI, privacy and information policy functions. At times during 2013–14 the staffing level was closer to 77.55 staff. The OAIC did not receive additional resources for privacy reform implementation.

The OAIC continued to feature prominently in media coverage about FOI review decisions, privacy law reform, data breaches and investigations; the OAIC coordinated a national Privacy Awareness Week campaign; and the Commissioners delivered 75 presentations at a range of forums and conferences.

Back to Contents

Information Policy

In 2013–14, the OAIC continued to engage actively on information policy and open government initiatives, both through issuing guidance material for agencies and through collaborating with other agencies and open government advocates.

During the reporting period, the OAIC continued to work with Government agencies to embed the open public sector information principles and to strengthen links between information policy and the OAIC's other functions — privacy and FOI. For example, in 2013–14 the OAIC participated in the development of the Australian Public Service Big Data Strategy, which is aligned with key open government principles while emphasising the importance of privacy protection in data sharing and release.

In April 2014, the OAIC published a resource for agencies on de-identifying data to encourage greater use and sharing of government information, with appropriate safeguards for privacy — Information policy agency resource 1: De-identification of data and information. The OAIC also published Information Policy agency resource 2: Open data quick wins — getting the most out of agency publications.

The OAIC continued to promote administrative access to government information as an alternative to the more formal FOI Act request process. A new and revised administrative access resource sheet for agencies was published. This promoted a flexible approach to information release that was compatible with both the FOI Act and changes to the Privacy Act on access to personal information. The Information Commissioner also re-issued Disclosure Log Determination No 2013 –1 (Exempt documents), which strikes a balance between providing access upon request under the FOI Act, while not being required to publish documents on the agency disclosure log in special circumstances.

Throughout 2013–14, the OAIC was an active participant in a range of forums that considered open government developments. These included the Big Data Strategy Group; the Cross-Jurisdictional Chief Information Officers' Committee (CJCIOC) in relation to the implementation of the Australian Governments Open Access and Licensing (AusGOAL) Framework; the Data Sharing Efficiency Working Group established by the Secretaries Board to enhance the Australian Government's capacity to use and share data; and the Crisp Revisited Reference Group which provided input to a review of Australia's national statistical system.

The Information Advisory Committee continued to provide support to the Australian Information Commissioner on a range of information policy issues.

Back to Contents

Privacy

In 2013–14, the OAIC received 4239 privacy complaints, an increase of 183.3% over the 1496 received in 2012–13. Additionally, the OAIC received 71 voluntary data breach notifications (up 16.4%). Six 'Commissioner initiated investigations' (previously named 'own motion investigations') were commenced and work was undertaken on 13 assessments (previously known as audits). The OAIC responded to 14,192 phone and written enquiries.

A key focus in OAIC privacy work was providing advice to agencies and organisations to assist them to understand their Privacy Act obligations following the commencement of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 on 12 March 2014. The OAIC delivered a comprehensive campaign about the reforms, regularly communicating the changes to stakeholder groups via the OAIC's website, stakeholder networks, social media, publications and events.

The OAIC produced an extensive range of guidelines and legislative instruments to assist agencies, organisations and the public to understand their privacy obligations and rights. In February 2014, the OAIC released a final version of its Australian Privacy Principles guidelines. The OAIC also released guidance on developing Australian Privacy Principle privacy policies, privacy public interest determinations and external dispute resolution schemes. The OAIC published a series of 15 fact sheets about credit reporting, called Credit reporting: Know your rights, developed a number of legislative instruments and registered the Privacy (Credit Reporting) Code.

The 2013–14 reporting year was the second year of operation of the Personally Controlled Electronic Health Record (PCEHR) system, established under the Personally Controlled Electronic Health Records Act 2012. The OAIC's eHealth activities were carried out under a Memorandum of Understanding with the Department of Health and included commencing five audits, contributing to the review of the PCEHR system and reviewing and developing guidance materials for a range of audiences.

Throughout the year the OAIC responded to specific privacy enquiries from Australian Government and Australian Capital Territory Government agencies, private sector bodies and individuals. A selection of these policy advices is described in Chapter Six.

The OAIC also continued to participate actively in international privacy and data protection forums. This enables the OAIC to build collaborative relationships with other privacy regulators and to keep abreast of emerging international privacy protection issues. Chapter Six sets out some of the specific interactions the OAIC had with these forums during 2013–14.

A significant achievement in 2013–14 was the publication of the results of the Community Attitudes to Privacy survey. The results confirmed that Australians are becoming more concerned about privacy and that they expect their personal information to be properly protected by government and industry. The OAIC also coordinated another highly successful national Privacy Awareness Week, with over 200 partners joining the OAIC in awareness-raising activities during the week.

The Privacy Advisory Committee continued to carry out its role of advising the Information Commissioner on matters relevant to his functions and to engage in and promote protection of individual privacy in the private sector, Government and the community.

Back to Contents

Freedom of Information

2013–14 was the third full year of operation for the reforms to the FOI Act that commenced in November 2010. The OAIC undertook a range of activities to monitor compliance with the FOI Act by agencies and ministers, and to provide policy advice and guidance.

These activities included finalising 646 applications for IC review (up 54.2% on 2012–13) and 119 FOI complaints (down 20.1%, due to a drop in FOI complaints received), processing 2456 extension of time requests and notifications (up 7.2%) and responding to 1903 phone and written enquiries.

During 2013–14, the OAIC significantly reduced the backlog of FOI reviews and complaints that existed at the start of the reporting year. At the beginning of 2013–14, the oldest un-actioned IC review application was 206 days old. At the end of the year, the oldest such matter was 40 days old. The number of IC reviews on hand was reduced by more than 100.

The OAIC provided a range of advice on FOI matters, including updating eight of the 15 parts of the Guidelines issued by the Australian Information Commissioner under s 93A of the Freedom of Information Act 1982 to reflect legislative changes, IC review decisions, relevant decisions of the AAT and Federal Court, and other developments affecting the operation of the FOI Act.

The OAIC published other guidance material including a new FOI agency resource on third party review rights, and answers to commonly asked agency questions about: how agency websites should explain the FOI Act and other access to information procedures, structuring Commonwealth contracts to comply with the FOI Act, and applying for the Information Commissioner to issue an Information Publication Scheme or disclosure log determination.

On 31 October 2012, the then Attorney-General announced that Dr Allan Hawke AC would undertake a review of the FOI Act and the AIC Act. In the previous reporting period, the OAIC provided two submissions addressing matters raised in the terms of reference and making 35 proposals for reform. The Hawke review was tabled in August 2013 and contained 40 recommendations, some agreeing with the Commissioners' proposals. In October 2013 the Commissioners wrote to the Attorney-General, supporting some of Dr Hawke's recommendations and suggesting alternatives to others.

Back to Contents

Financial performance

The Australian National Audit Office provided an unqualified audit opinion on the OAIC's financial statements for 2013–14.

Back to Contents

Outlook

Australian Government budget decision

On 13 May 2014, the Australian Government announced that the OAIC will be disbanded from 31 December 2014. The Privacy Commissioner will continue to exercise functions under the Privacy Act, supported by staff in an office based in Sydney. The OAIC's FOI functions will be exercised by the Attorney-General's Department (advice, guidelines, annual reporting), the Administrative Appeals Tribunal (merits review) and the Commonwealth Ombudsman (complaints). The information policy advice function currently discharged by the OAIC will cease.

The Australian Information Commissioner, Freedom of Information Commissioner and Privacy Commissioner issued a statement on the same day as the Australian Government's announcement. The statement noted that the OAIC is committed to ensuring that the FOI Act and the Privacy Act continue to operate effectively prior to 1 January 2015 and that a smooth transition to the new arrangements will occur. The statement also referenced the substantial achievements of the OAIC since it commenced operations on 1 November 2010. A list of OAIC achievements appears at page xxi.

From 1 January 2015, the OAIC's website will be archived according to national archive requirements and will be available on the National Library of Australia Pandora website and Australian Government Web Archive, among other web archive resources. Content published on the OAIC website relating to the OAIC's FOI and information policy functions will also be transferred to a number of departments and agencies (including the Attorney-General's Department, the Commonwealth Ombudsman, the Administrative Appeals Tribunal and the Departments of Finance and Communications). This content may be adapted and published on the websites of those departments and agencies.

Content relating to the OAIC's privacy functions will be updated and retained on a website of the new Office of the Privacy Commissioner. The OAIC's Information Contact Officer Network will continue as the Privacy Contact Officer Network, and a number of the OAIC's communication channels (including e-newsletters and social media channels) will be rebranded for the new office.

The new Office of the Privacy Commissioner

It is certain that 2014–15 will be a busy, challenging and rewarding year in the area of privacy protection. The new Office of the Privacy Commissioner will operate in an environment of increasing demand and reduced resources. The financial environment continues to be tight and it is expected to remain so over the next few budget cycles.

The new Office of the Privacy Commissioner has many challenges and opportunities ahead in 2014–15, particularly in establishing the new office and continuing the implementation of privacy law reform, including the exercise of additional functions and powers of the Privacy Commissioner.

Back to Contents