Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Message from the Australian Information Commissioner, Prof. John McMillan

Photograph of John McMillan

This is expected to be the last annual report of the Office of the Australian Information Commissioner (OAIC). As discussed in this report, a Budget announcement in May 2014 foreshadowed that the OAIC would be disbanded by 31 December 2014 and new arrangements made for the exercise of the OAIC's privacy and freedom of information (FOI) functions.

OAIC Commissioners and staff acted promptly to acknowledge and implement the Government decision. We nevertheless have great pride in the OAIC's substantial record of achievement since it commenced on 1 November 2010. This is reflected in the activity of the last year, as recorded in this annual report.

An appropriate starting point is the OAIC's statistical record in privacy and FOI oversight in 2013–14. The OAIC handled an increased number of complaints and review applications, while also managing to raise the closure rate.

There was an increase of 183% in privacy complaints (from 1496 to 4239), matched by a 74% increase in matters completed (1504 to 2617). The average completion time for privacy complaints was reduced by 44% to an average of 86.7 days. The privacy workload also included a 30% increase in written enquiries (2455) a 9% increase in phone enquiries (11,737), a 16% increase in data breach notifications (71), and a 60% increase in privacy audits (8).

Applications for Information Commissioner review (IC review) of FOI decisions rose by 3%, from 507 to 524. More significant though was that the number of IC reviews completed this year jumped by 54% (from 419 to 646). The number of IC reviews on hand at the end of the reporting year decreased by 27% (from 447 to 325), and the oldest unactioned IC review had been reduced from 206 to 40 days. The number of FOI complaints on hand fell by 56% (from 75 to 33).

The OAIC was delighted with this turnaround in individual case handling, occurring at time when OAIC budget-supported staffing had progressively declined from almost 80 Full-Time Equivalent (FTE) at 30 June 2011 to around 65 FTE at 30 June 2014. The success is built upon an active internal program over the last two years to explore and trial different methods for efficient case handling. Particular attention has been given to finalising older cases, the early assessment of new cases, and informal resolution through OAIC-led discussion and negotiation among the parties. The chief interest of nearly all complainants and applicants is to get a swift resolution of their matter in terms acceptable to them and with the least formality. Meeting this expectation has been at the forefront of OAIC case handling.

At the same time, we are aware that outcomes in individual cases can be valuable precedents that provide future guidance. Equal emphasis was accordingly given to this dimension of OAIC oversight work. There was, for example, a 10% increase in the number of published IC review decisions (89 to 98), and work was in train to raise the rate of Privacy Act 1988 (Privacy Act) determinations. The OAIC's experience and insights were also conveyed publicly in 20 new guideline items on privacy and FOI law, 133 policy advices to agencies and businesses, 17 submissions to government and other inquiries, 22 consultations on proposed legal and administrative reforms and 75 conference and seminar presentations by Commissioners.

The other major dimension of OAIC work is to influence and shape the culture of government, business and the community as regards the areas of information policy and practice for which the OAIC is responsible.

There was a heightened focus this year on privacy protection, because of the commencement in March 2014 of significant reforms to the Privacy Act. The changes aimed to modernise privacy law in response to developments in technology, data acquisition and management, domestic and global information flows, and heightened community privacy awareness and concern. The OAIC played a pivotal role in publicising the changes and providing expert guidance on legal principles and practical implementation steps.

We were delighted with the strong response we received across government, business and the community. They participated actively in OAIC consultations and were generally keen to change information handling practices to accord with the new rules and the OAIC's guidance.

The tenor of the government and business response was an express acknowledgement that the object in managing personal information is to move beyond a minimalist culture of legal compliance to a culture that regards personal information protection as both an important human rights endeavour and as good business sense. Enlightened administrative practice can be a more effective driver for change than regulator pressure.

There was ready acceptance also by government and business of another OAIC theme, drawn from the title to new Australian Privacy Principle 1, that entities must embrace 'Open and Transparent Management of Personal Information'. In a digital information age, privacy protection must shift from a traditional association with confidentiality and secrecy towards transparency about how personal information is handled, the choices available to consumers for sharing personal information with entities, and the privacy enhancing practices, procedures and systems adopted by entities.

This theme echoes an OAIC precept, that a pre-eminent challenge facing all organisations is to manage transparency. Obligations of security, privacy, secrecy and confidentiality can be vital, but are nevertheless relative and contingent — an outcome, not the starting point. This new focus upon managing transparency stems from many pressures that include the Australian Privacy Principles, the Freedom of Information Act 1982 (FOI Act) (applying to government), service delivery trends in government and business, community expectations in an age of online engagement, the connection between open data and innovation, the exigencies of representative democracy, and the practical reality that information that is not properly managed and released proactively may reach the public domain by unlawful disclosure through insider release or external hacking.

Striking the right balance between confidentiality and transparency — between the right to privacy and the right to know — is no longer straightforward or two-dimensional. It is a balance to be struck at the intersection of law, policy, administration and technology.

That theme has also been at the centre of the OAIC's work on FOI and open government, following the reforms that accompanied the establishment of the OAIC in November 2010. Those reforms were built around three principles — simpler procedures for obtaining information upon request, information sharing through proactive release of information, and a presumption of openness and public engagement.

Opinions will differ from one instance to the next on whether a denial of access is justified, but the OAIC's general impression from its work in 2013–14 is that the FOI reform principles from 2010 are, on the whole, better understood and respected across government. We see this in many ways — the OAIC's greater success in resolving access disputes on terms agreeable to agencies and applicants; the range of documents published on disclosure logs and proactively released by agencies; agency take-up of the OAIC's messages on administrative access to supplement FOI access; and that, while the number of FOI access requests to agencies increased by 14% in 2013–14, the reported cost of FOI Act compliance was down by 7.5%.

The OAIC's information policy work provides an opportunity not only to reiterate core FOI and privacy themes, but to connect and unify them in a broader policy setting focussed on responsible information management. This has been another OAIC precept — the need for an integrated approach to open government, privacy protection and advanced information management.

Chapter Five of this report sets out the key information policy positions the OAIC promoted in 2013–14 — government information is a national resource; open access to government information should be the default position; open government is not just about open access and open data; agencies should embrace proactive release and administrative access; and nothing in the FOI Act restricts release of information.

Those positions have been articulated in a range of documents from 2010 to 2014, including an Issues Paper on Towards an Australian Government Information Policy (2010), an Issues Paper on Understanding the Value of Public Sector Information in Australia (2011), the Principles on Open Public Sector Information (2011) and a report on implementation of the Principles, Open Public Sector Information: From Principles to Practice (2013).

Three agency resource guides that build on those papers were released in 2013–14: De-identification of data and information, to encourage greater use and sharing of government information with appropriate safeguards; Open data quick wins – getting the most out of agency publications, to provide practical guidance on how agencies can convert agency publications into an open data format that supports re-use by others; and Administrative access, to encourage agencies to take a flexible approach to information release.

We were struck in 2013–14 by the frequent recognition in government reports of the importance of ensuring transparency and information sharing in the structure and processes of government, policy formulation, decision making and stimulating innovation. Examples include:

  • The Report of the National Commission of Audit, Towards Responsible Government (March 2014) defined ten Principles of Good Government, including: 'Be transparent and honest. Transparency and honesty are fundamental to accountability. … Transparency in government will better illuminate the choices we face and the decisions needed for the overall good of the nation.'

  • The Australian Public Service Big Data Strategy (August 2013) defined six Big Data Principles, including: 'Principle 1: Data is a national asset. Data sets that government holds are a national asset and should be used for public good. Sharing this data … will enhance the culture of engagement. … Principle 2: Privacy by Design. Big data projects will incorporate “privacy by design” [in] data sharing. … Principle 3: Enhancing open data. … [A]gencies are encouraged to release information with the objective of outsourcing and encouraging innovation. Government agencies will approach big data analytics projects under the [OAIC] Principles on Open PSI [which] rest on the Gov 2.0 premise that PSI is a national resource that should be available and discoverable for community access and use.'

  • The Australian National Audit Office Better Practice Guide: Public Sector Governance (June 2014) counsels that strong leaders can shape the success of organisations by focusing on three areas, one of which is: 'Openness, transparency and integrity. … Appropriate levels of openness, transparency and integrity are required to ensure that stakeholders have confidence in public sector decision-making processes and actions.'

  • The Productivity Commission Annual Report 2012–13 (September 2013) contained a theme chapter, 'Using administrative data to achieve better policy outcomes', which noted that administrative data sets held by government agencies offer 'a largely untapped opportunity to evaluate policies and programs and develop more effective and efficient ones', and referred to the FOI Act objects clause declaring that information held by government is a national resource to be managed for public purposes.

  • The Review of the Personally Controlled Electronic Health Record (PCEHR) (December 2013) noted that transparency and accountability are two of the seven governance principles for the National eHealth Strategy, and the Review made recommendations for strengthening those principles in the PCEHR governance arrangements.

In closing, it has been a pleasure along with Timothy Pilgrim and James Popple to lead the OAIC for nearly four years. We have been fortunate to have the support of committed, talented and energetic staff, many of whom joined us at the beginning and stayed throughout. We have enjoyed similarly strong support from the members of the Information Advisory Committee and the Privacy Advisory Committee, and from government agencies, private entities, civil society organisations and information activists and commentators. All shared our vision of an Australia where privacy and information access rights are respected and public sector information is managed in the public interest. We look to that vision being taken forward by others.