Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Chapter Four — Communication and engagement

Overview

The Office of the Australian Information Commissioner (OAIC) had an active year promoting privacy and freedom of information (FOI) issues to Australian Government agencies, industry, consumer groups and the general public.

Following on from reforms to the Privacy Act 1988 (Privacy Act) that commenced on 12 March 2014, the OAIC focused on developing guidance and working with organisations and agencies to assist with implementation and compliance. The OAIC produced a range of tools and resources to ensure business, government agencies and the wider community had the information they needed to understand and implement the changes.

The OAIC continued to collaborate internationally, providing secretariat support to the Asia Pacific Privacy Authorities (APPA) Forum. The OAIC attended the 42nd and 43rd APPA Forums in Canada and Hong Kong respectively.

The OAIC Commissioners presented at a number of domestic and international forums and conferences, including the Australian Information Security Association Conference, Global Integrity Summit, International Conference on Big Data from a Privacy Perspective, and the National Administrative Law Conference, among others.

The OAIC held another successful national Privacy Awareness Week campaign that included training workshops for business and government agencies.

The OAIC continued to consolidate and build on its use of social media platforms to engage with stakeholders.

Back to Contents

Privacy Awareness Week 2015

Privacy Awareness Week (PAW) is an initiative of the APPA Forum and is the primary annual privacy awareness campaign of the Asia Pacific region. This year, PAW was held from 3 to 9 May 2015.

The OAIC's 2015 PAW campaign theme was Privacy everyday. This theme was selected to demonstrate the integrated nature of technology. The theme emphasised the need for organisations and agencies to embed privacy practices into their business-as-usual processes, and for individuals and the community to think about how to protect privacy in their everyday lives.

The campaign was launched by the Australian Information Commissioner (Information Commissioner) at a business breakfast in Sydney attended by 200 privacy professionals. The Privacy Commissioner launched the OAIC's new publication — Privacy management framework: enabling compliance and encouraging good practice. This was followed by an expert panel discussion on the intersection of privacy regulation and technology. The discussion was facilitated by futurist and author Mark Pesce, and panellists included representatives from Facebook, CSIRO, ZDNet, and the University of Queensland.

The OAIC hosted two fully subscribed privacy impact assessment (PIA) workshops in Sydney and Canberra, facilitated by Salinger Privacy. The OAIC also delivered a webinar for new privacy contact officers on the Australian Privacy Principles (APPs). Resources from these events are available on the OAIC website.

The OAIC Executive and other senior staff spoke at a variety of events throughout the week.

PAW partners

The OAIC's campaign was supported by 237 partners from across a variety of sectors. There was a 20% increase in government partners, from 35 in 2014 to 43 in 2015, with an increased number of ACT public sector agency partners. Partners promoted PAW via their websites, stakeholder networks, internal communications, events, media and social media.

The OAIC concentrated its efforts on recognising and engaging with partners in the lead-up to the campaign, and supporting their activities by providing resources and updates.

Resources

In addition to the publication of the Privacy management framework, a number of other resources were released during the campaign including: Privacy business resource 8: Sending personal information overseas and Privacy business resource 9: Ten tips to protect your customers' personal information. For individuals, the OAIC released Privacy fact sheet 8: Ten tips to protect your privacy, and a video in Auslan on how to make a privacy complaint. Privacy business resource 9 and Privacy fact sheet 8were accompanied by posters.

Key media and social media results

The OAIC received a significant amount of media coverage and social media interest in the week prior to and during PAW. Key results included:

  • 853 mentions of the OAIC and 398 mentions of PAW in the Australian online press between 27 April and 9 May 2015.
  • An additional 19,939 page views to the OAIC website during PAW, and 14,291 unique page views in the PAW section of the website.
  • 1438 mentions of #2015PAW, #PrivacyEveryday, Privacy Awareness Week or the OAIC on social media between 27 April and 9 May 2015.
  • The OAIC Facebook page received 433 likes and 203 shares between 3 and 9 May 2015, with a total reach of 68,055 (compared to approximately 60,000 for PAW 2014).

Photograph of the panel discussion at the Privacy Awareness Week Business Breakfast. From left to right: Mark Pesce, Dr Mark Burdon (University of Queensland), Dr Christine M O’Keefe (CSIRO), Chris Duckett (ZDNet) and Mia Garlick (Facebook).

PAW 2015 business breakfast panellists

Back to Contents

Consumer education

During 2014–15, the OAIC prioritised improving consumer knowledge of privacy rights. As part of this consumer education campaign, the OAIC developed a range of plain English, accessible and multi-platform appropriate publications.

In August 2014, the OAIC launched a series of five animated videos dealing with common privacy questions. The videos were widely promoted by the Australian Human Rights Commission, CHOICE, state and territory rental tenancy associations, state and territory community justice/mediation centres, and the National Indigenous Radio Service. This series of videos has been viewed over 7000 times.

Ten tips to protect your privacy poster

During Privacy Awareness Week 2015, the OAIC launched Privacy fact sheet 8: Ten tips to protect your privacy, a new fact sheet with practical tips to help individuals protect their privacy. This fact sheet was accompanied by a poster and a series of social media images to remind people to be privacy-aware in everyday situations. These resources are, collectively, the OAIC's most effective social media output to date, reaching approximately 40,000 people via the OAIC's Facebook page.

To further our commitment to providing information to all individuals about how to exercise their rights, the OAIC has also released a video in Auslan about making privacy complaints. This video was developed in conjunction with the Deaf Society of NSW and distributed through its channels, as well as through Deaf Australia and the Deafness Forum. This video has also reached approximately 20,000 people via the OAIC's Facebook page.

Back to Contents

International and regional engagement

International liaison

The OAIC continued to support and work with privacy and FOI authorities across the globe. The OAIC regularly responded to requests for advice and other assistance from international colleagues. This included hosting international delegations.

The OAIC met with representatives from the Office of the Privacy Commissioner, New Zealand, in November 2014, to share information about functions and branches and facilitate a better understanding of the work of different privacy regulators.

The Information Commissioner met with a Congresswoman from the Philippines in April 2015 to discuss Australian FOI legislation and its implementation, as well as discussing resources and guidance developed by the OAIC to support public sector agencies in implementing transparent information policy practices.

The OAIC also cooperated with international privacy enforcement authorities in its regulatory work, sharing information with global data protection authorities through the Global Privacy Enforcement Network (GPEN), under memorandums of understanding, and under the Asia-Pacific Economic Cooperation's (APEC) Cross-border Privacy Enforcement Arrangement (CPEA). For example, in order to maximise investigation efficiency and avoid regulatory duplication, the Privacy Commissioner liaised with the Office of the Data Protection Commissioner of Ireland under a memorandum of understanding, and the Office of the Privacy Commissioner, Canada under the APEC CPEA, during an own motion investigation into Adobe Systems Software Ireland Pty Ltd.

Asia Pacific Privacy Authorities

The OAIC continued to be actively involved in the APPA Forum by providing secretariat services and maintaining the Forum's two websites, available at www.appaforum.org and www.privacyawarenessweek.org. As at 30 June 2015, there were 17 APPA members.

Two APPA Forum meetings took place during the reporting period. In December 2014, members met in Vancouver, Canada for the 42nd APPA Forum. At the meeting, members discussed a range of topics including global privacy developments, wearable technology, cross-border trade and privacy regulation, and the Right to be Forgotten. The meeting was hosted by the Office of the Privacy Commissioner, Canada and the Office of the Information and Privacy Commissioner, British Columbia.

The 43rd APPA Forum was hosted by the Office of the Privacy Commissioner for Personal Data, Hong Kong and was held in June 2015. Topics discussed included the privacy implications of big data, online behavioural advertising, accountability as the basis for privacy compliance in technology innovations, and managing health and research data.

In addition to attending the 43rd Forum meeting the Privacy Commissioner addressed a number of conferences in Hong Kong, held as side events to the APPA Forum meeting. These included the International Conference on Big Data from a Privacy Perspective (organised by the Office of the Privacy Commissioner for Personal Data, Hong Kong), the 7th Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws, and the Internet Society of Hong Kong's Privacy and Innovation Conference.

Privacy Authorities Australia

Privacy Authorities Australia (PAA) is a group of Australian privacy authorities that meets on an adhoc basis to promote best practice and consistency of privacy policies and laws. PAA membership includes the OAIC and privacy representatives from all states and territories. PAA met on 18 February 2015 to discuss topics including national consistency in health privacy regulation, interoperability, the development of health privacy guidance, and privacy issues relating to new technologies that are relevant to state, territory and Commonwealth privacy regulators.

Global Privacy Enforcement Network

GPEN builds on the Organisation for Economic Co-operation and Development's (OECD) Recommendation on Privacy Law Enforcement Cooperation(2007). This Recommendation states that member countries should foster the establishment of an informal network of privacy enforcement authorities and other appropriate stakeholders to discuss the practical aspects of privacy law enforcement cooperation.

The OAIC continued its involvement in GPEN during 2014–15. As at 30 June 2015, GPEN had 56 member authorities.

In May 2015, the OAIC joined enforcement authorities from around the globe to participate in the third GPEN Privacy Sweep. The OAIC examined 38 websites and mobile apps that are targeted at children aged 12 and under, to see how well they protect privacy. This included checking if the website or app collects children's personal information, and if so, whether protective controls exist to limit that collection. Results of the sweep will be released in late 2015.

More information about GPEN can be found at www.privacyenforcement.net.

Asia-Pacific Economic Cooperation

In 2007, APEC economies endorsed the APEC Data Privacy Pathfinder (Pathfinder) to guide implementation of the APEC Privacy Framework.

The CPEA has been developed as part of the Pathfinder initiative, and provides a framework for privacy regulators to cooperate and seek information and advice from each other on cross-border enforcement matters. The CPEA came into force in July 2010 and as of 30 June 2015, 25 privacy regulatory bodies were signatories to it, representing nine economies. The OAIC is a CPEA member, and cooperated with the Office of the Privacy Commissioner, Canada under the CPEA in its own motion investigation into Adobe Systems Software Ireland Pty Ltd, conducted over the 2014–15 financial year.

The Pathfinder also involves the development and implementation of a Cross-border Privacy Rules (CBPR) system. The system will provide guidance on how the CBPR of businesses can meet the standards of the APEC Privacy Framework and be recognised across APEC economies. More information about CPEA and CBPR can be found at www.apec.org.

Administrative Review Council

The Information Commissioner is an ex officio member of the Administrative Review Council (ARC) under the Administrative Appeals Tribunal Act 1975 (s 49(1)). The ARC did not hold any meetings during the reporting period. In the May 2015 Budget, the Australian Government announced its intention to abolish the ARC.

Back to Contents

Media

In 2014–15, the OAIC published 15 media releases and responded to 209 media enquiries. Media interest was high around the anniversary of the privacy law reforms, with the majority of media enquiries concerning reflections on the first year of new laws, and high-profile data breaches. There was also significant media interest in a number of OAIC determinations and own motion investigation reports, data retention legislation, and the proposed abolition of the OAIC.

The OAIC Commissioners participated in a number of interviews during the year across a range of media platforms, including television, radio, print and online publications. This included the Privacy Commissioner's interview on the ABC's Lateline during PAW.

Back to Contents

Speeches

The OAIC Executive and other senior staff delivered 36 speeches and presentations on a range of information-related issues. These speeches were delivered to a wide variety of audiences from the public and private sectors as well as community groups, industry associations and universities. Speeches covered privacy law, open government, FOI reform, cultural change, information law, policy reform, and the newInformation Privacy Act 2014 (ACT).

A list of all speeches delivered by the OAIC is in Appendix 5.

Back to Contents

Publications

The OAIC produced a range of new or updated publications during 2014–15, including:

  • Handling privacy complaints
  • Privacy management framework: enabling compliance and encouraging good practice
  • Guide to securing personal information: 'Reasonable steps' to protect personal information
  • Privacy agency resource 3: Information Privacy Act 2014 — Checklist for ACT agencies
  • Privacy agency resource 4: Sending personal information overseas
  • Privacy fact sheet 8: Ten tips to protect your privacy
  • Privacy fact sheet 42: Australian Capital Territory Privacy Principles
  • Privacy fact sheet 43: Making a privacy complaint under the Territory Privacy Principles
  • Privacy business resource 7: Credit reporting — information held beyond its retention period
  • Privacy business resource 8: Sending personal information overseas
  • Privacy business resource 9: Ten tips to protect your customers' personal information

All OAIC publications can be accessed on the OAIC website.

Back to Contents

Other media resources

In 2014–15, the OAIC produced a number of rich media resources to facilitate awareness of individuals' rights and agencies' and organisations' responsibilities, and to assist with training.

Videos

  • How to make a privacy complaint (Auslan video)
  • What is privacy? (animated video)
  • How do I make a privacy complaint? (animated video)
  • How do I access my personal information? (animated video)
  • What can I do about my neighbour's security camera? (animated video)
  • Is my real estate agent allowed to take photos in my house? (animated video)
  • Privacy Awareness Week message from the Privacy Commissioner

Posters

  • 10 tips to protect your privacy poster and social media tiles
  • Protect your customers' personal information poster

Training Resources

  • PIA workshop slides
  • APP training slides

Back to Contents

Website

In 2014–15, the OAIC's website received 1,033,506 unique visitors, 1,390,423 website visits and 3,749,290 viewed web pages.

The OAIC commenced work in October 2014 to improve the usability and accessibility of its website. It is anticipated that the upgraded website will be launched in the 2015–16 financial year.

Back to Contents

Social media

The OAIC uses social media, eNews alerts and other web 2.0 platforms to promote and inform stakeholders about its work. In 2014–15, the OAIC increased the use of social media channels (Facebook, Twitter, YouTube) and integrated them into all communications.

Twitter

The OAIC continued to use Twitter to promote messaging during 2014–15. The OAIC tweeted 432 times and was re-tweeted 657 times. At 30 June 2015, the OAIC's tweets led to 1205 click through links to OAIC website and resources.

YouTube

The OAIC produced seven videos over 2014–15 that were hosted on YouTube. The OAIC's YouTube channel received 11,561 views in total during the year.

Facebook

The OAIC used Facebook to support a number of education campaigns during the year, particularly during PAW 2015. In 2014–15, the OAIC made 119 posts to its Facebook page, with a total reach of 210,640. The OAIC page received 2800 page visits and 1037 page 'likes', bringing the total to 1579 since the page was created in 2011. This is a 238% increase in page likes compared with the previous year.

eNews alerts

The OAIC communicates regularly with stakeholders through subscription based eNews alerts. In 2014–15, the OAIC's general alert, OAICnet, had 5296 subscribers. The OAIC also produces an alert for the Information Contact Officer Network (ICON). Twenty-nine OAICnet and OAICicon alerts were distributed in total during the reporting period. The OAIC's eNews alerts are published on the OAIC's website.

Back to Contents

External networks

Information Contact Officer Network

The OAIC did not hold any ICON meetings in 2014–15, as a result of the Australian Government's Budget decision to disband the OAIC from 31 December 2014. The OAIC is considering future plans for the network.

Back to Contents

Committees

The OAIC administers two statutory committees, the Information Advisory Committee (IAC) and the Privacy Advisory Committee (PAC). Following the Australian Government's Budget decision to disband the OAIC, the IAC and PAC meetings that were scheduled to be held during 2014–15 were cancelled by the OAIC. A list of PAC members can be found in Appendix 6. The IAC members' terms have now expired.

Back to Contents