Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Chapter One — Year in review

The central aim of the Office of the Australian Information Commissioner (OAIC) is to promote and uphold information privacy and information access rights through organisational excellence.

The OAIC integrates three key functions by:

  • protecting the public's right of access to documents under the Freedom of Information Act 1982 (FOI Act)
  • ensuring proper handling of personal information in accordance with the standards of the Privacy Act 1988 (Privacy Act)
  • providing advice to government on information policy and practice.

Those functions cast the OAIC in the various roles of regulator, decision maker, adviser, researcher and educator.

Key achievements and challenges in 2014–15

The key challenge for the OAIC in 2014–15 was responding to the Australian Government's announcement in the 2014–15 Budget that new arrangements for privacy and freedom of information (FOI) regulation would commence from 1 January 2015.

As the Freedom of Information Amendment (New Arrangements) Bill 2014 to abolish the OAIC was not considered by the Senate before the end of the 2014 sitting period, the OAIC remains responsible for the full breadth of privacy functions, including:

  • privacy complaint resolution
  • a strategic assessment program
  • Commissioner initiated investigations
  • exercising the monitoring, advice and guidance functions, including through the provision of education materials for the community, agencies and organisations.

While some functions relating to FOI policy were transferred to the Attorney-General's Department (AGD), and FOI complaints are now handled by the Commonwealth Ombudsman, the OAIC continues to carry out the Information Commissioner review (IC review) function.

The Australian Information Commissioner Act 2010 confers information policy functions on the Australian Information Commissioner (Information Commissioner). In anticipation of the abolition of the OAIC, information policy documents and work was provided to other government agencies with an interest in information policy. Since that time the OAIC has not undertaken a specific work program in relation to the information policy functions, due to resourcing constraints. However, information policy issues form part of the OAIC's work on both privacy and FOI generally.

Nonetheless, 2014–15 was another busy year for the OAIC. In 2014–15 the OAIC:

  • handled 14,640 phone enquiries
  • answered 3409 written enquiries
  • finalised 1976 privacy complaints
  • received 117 data breach notifications (including 110 voluntary data breach notifications)
  • commenced four Commissioner initiated investigations
  • commenced 12 privacy assessments involving 85 entities
  • finalised 482 applications for IC review
  • finalised 64 FOI complaints
  • finalised 4384 extension of time notifications and requests
  • issued seven privacy determinations
  • coordinated a successful annual national Privacy Awareness Week campaign
  • published 32 pieces of privacy guidance material
  • conducted seven public consultations
  • provided 197 pieces of external policy advice
  • made 36 submissions on legislative or other formal policy development processes
  • made six legislative instruments
  • delivered 36 speeches and presentations.

The OAIC's workload reflects the active interest of the Australian community in exercising their right to seek access to government information and ensuring the privacy of their personal information is respected.

The OAIC dealt with this workload during a period of decreasing staffing levels, as a result of staff departures following the closure of the OAIC's Canberra office. The initial staffing estimate for the OAIC when it was being established was around 100 staff to carry out the three FOI, privacy and information policy functions. The average staffing level during 2014–15 was closer to 64 staff.

The OAIC also continued to feature prominently in media coverage about FOI IC review decisions, privacy law reform, privacy determinations, data breaches, investigations, and the Australian Government's decision to disband the OAIC.

Back to Contents

Privacy

A key focus in the OAIC's privacy work in 2014–15 was providing advice to organisations and agencies to assist them to implement and comply with their Privacy Act obligations, following the commencement of amendments to the Privacy Act on 12 March 2014. The OAIC worked to promote privacy as a tool to enhance customer trust and confidence, and emphasised the need for organisations and agencies to build privacy into their business-as-usual processes.

To promote and support these messages, the OAIC produced a comprehensive range of privacy resources to assist organisations, agencies and the public to understand their privacy obligations and rights. The OAIC launched the Privacy management framework, a tool to help organisations and agencies ensure compliance with Australian Privacy Principle 1.2 and embed a culture of privacy into their everyday processes. The OAIC also published business and agency resources on sending personal information overseas, and a Guide to securing personal information.

The privacy reforms also gave the Information Commissioner new regulatory and enforcement powers. The Privacy Commissioner exercised a number of these new powers throughout the year, conducting privacy assessments of the private sector and accepting the first enforceable undertaking made under the amended Privacy Act. The OAIC also published two key documents that explain the OAIC's range of privacy regulatory powers and its approach to using these powers: the Privacy regulatory action policy and the Guide to privacy regulatory action.

The 2014–15 reporting year was the third year of operation of the Personally Controlled Electronic Health Record system, established under the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act). The OAIC's eHealth activities were carried out under a memorandum of understanding with the Department of Health, and included:

  • commencing three assessments
  • responding to eight mandatory data breach notifications (including one that was received in the previous reporting period and finalised in 2014–15)
  • providing advice to a range of stakeholders on privacy compliance obligations
  • providing advice to the Department of Health on privacy issues raised by proposed changes to the PCEHR Act and the possible move to a national opt-out eHealth record system.

Throughout the year the OAIC responded to specific privacy enquiries from Australian Government and Australian Capital Territory public sector agencies, private sector bodies and individuals. A selection of these policy advices and enquiries are described in Chapter Five: Privacy advice and law and Chapter Six: Privacy compliance.

The OAIC also continued to actively participate in international privacy and data protection forums. These enable the OAIC to build collaborative relationships with other privacy regulators, keep abreast of emerging international privacy protection issues and enhance global regulatory cooperation. Chapter Four: Communications and engagement sets out some of the specific interactions the OAIC had with these forums during 2014–15.

The OAIC coordinated another highly successful national Privacy Awareness Week in May 2015, with over 200 partners joining the OAIC in awareness-raising activities during the week. The OAIC released a series of resources to raise awareness of privacy rights for individuals, including Privacy fact sheet 8: Ten tips to protect your privacy, a 'How to make a privacy complaint' (Auslan) video, and a 'Protect your customers' privacy' poster for businesses and Australian Government agencies.

Back to Contents

Freedom of Information

In 2014–15, the OAIC undertook a range of activities to conduct IC reviews and handle FOI complaints, monitor compliance with the FOI Act by agencies and ministers, and provide policy advice and guidance.

The OAIC finalised 482 applications for IC review, 64 FOI complaints, 4384 extension of time requests and notifications, and responded to 1900 FOI related enquiries. The OAIC issued 128 IC review decisions under s 55K of the FOI Act.

During 2014–15, the OAIC significantly reduced the backlog of IC reviews and complaints that existed at the start of the reporting year. The OAIC implemented a streamlined IC review process focused on early resolution. The OAIC also conducted an own motion investigation under the FOI Act into the Department of Human Services' FOI practices.

The OAIC provided a range of advice on FOI matters, and updated eight of the 15 parts of the Guidelines issued by the Australian Information Commissioner under s 93A of the Freedom of Information Act 1982.

As of 30 June 2015, the legislation to transfer FOI functions to other agencies had not been considered by the Senate. The OAIC therefore undertook a full year of FOI functions in 2014–15, other than handling complaints, which have been handled by the Commonwealth Ombudsman since 1 November 2014, and FOI policy activities which are currently undertaken by AGD.

Back to Contents

Information Policy

Following the Australian Government's Budget decision, resourcing constraints have meant that the OAIC has not undertaken a specific work program in relation to the information policy functions. However, information policy issues form part of the OAIC's work on privacy and FOI generally.

Back to Contents

Financial performance

The Australian National Audit Office provided an unqualified audit opinion on the OAIC's financial statements for 2014–15.

Back to Contents

Outlook

Australian Government Budget decision

As of 30 June 2015, the Freedom of Information Amendment (New Arrangements) Bill 2014 had not been considered by the Senate. As such, the OAIC continues to undertake the full breadth of privacy functions, and to carry out the FOI IC review function.

Resources have been provided to the OAIC for the exercise of the FOI IC review function for 2015–16. Funding for the privacy functions has been appropriated to the OAIC for the period 2015–16. The OAIC's budget allocation for 2015–16 does not include activities in the area of information policy.

The OAIC will also undertake privacy functions relating to the implementation of mandatory telecommunications data retention and the Counter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Cth). Additional funding has been provided for these functions.

The OAIC anticipates a continuing high volume of privacy and FOI review matters during 2015–16, consistent with increases since the OAIC's establishment in 2010. Additional work is anticipated with the Australian Government announcing its intention to introduce a mandatory data breach notification scheme.

It is certain that 2015–16 will be another busy, challenging and rewarding year in the area of FOI and privacy protection.

Back to Contents