Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Commissioner’s opening statement — Senate Estimates 19 February 2019

Good morning and thank you very much for the opportunity to make some opening remarks. I'm accompanied here today by my recently appointed Deputy Commissioner, Ms Elizabeth Hampton.

If I can touch briefly on some of our key activities to update the committee since the last occasion. As the committee is aware, the OAIC's purpose is to promote and uphold privacy and information access rights.

We work proactively with Australian government agencies and organisations to promote good personal information handling practices and access to government held information. Individuals can also make complaints to my office regarding possible interferences with their privacy or request an Information Commissioner review of an agency decision under the FOI Act. As Information Commissioner, I also exercise a range of proactive regulatory functions in order to detect, deter and remedy.

There has been a lot happening in the domestic privacy and information access environment. Community, business and government engagement across the personal information management and information access landscape remains strong.

In the six months from July 2018 to December 2018 we received over 10,000 enquiries about privacy, freedom of information and related matters. We received 524 requests to review freedom of information decisions of Australian government agencies, up 42 per cent on the same period the previous year, and we finalised 318 reviews, a 20 per cent increase on the same period the previous year.

We continue to seek efficiencies in our FOI review processes and through our early resolution procedures and other measures, we are seeing an improvement in the finalisation rates. However, nonetheless the incoming work is greater than that which we are able to resolve, and this is impacting on timeliness across both FOI and privacy regulatory work.

During the July to December period, we received 1,716 privacy complaints, an increase of 22 per cent on the same period last year. We resolved 1,410 privacy complaints over the same period, which is largely consistent with the numbers in the previous year.

We have also had 12 months of implementing the Notifiable Data Breaches scheme. That scheme began one year ago this week. The scheme provides twofold protection to Australians: entities are required to notify individuals and my office when they experience a data breach that is likely to result in serious harm to anyone whose personal information is involved in the breach.

In total, 812 breaches have been notified to my office since the scheme began in February 2018, with 262 reports in the most recent quarterly report, from October to December 2018. That's up slightly from 245 the previous quarter.

Individuals whose personal information has been compromised have also been notified, providing an opportunity for people to take action to reduce their risk of serious harm, such as by changing passwords or notifying their financial institution.

But the scheme also has a broader purpose, with the potential to help entities avoid data breaches. Our proactive, educative role plays an important role in that regard. The publication of statistical information under the Notifiable Data Breaches scheme encourages entities to take action to mitigate the risks before their businesses are affected.

We also regulate the privacy provisions that apply to the My Health Record system. While this is not new business for the office, our role has recently increased with the closure of the opt-out period and heightened awareness of the scheme. In addition to managing any complaints and enquiries about the scheme, we continue our work to raise awareness of the privacy controls available for My Health Record, and we will soon release additional material to help the community understand these options.

In other regulatory developments, we are working closely with the Australian Competition and Consumer Commission on two key areas of co-regulation—digital platforms and the Consumer Data Right—to secure strong data protection outcomes for all Australians.  Our focus is on enabling the consumer and economic benefits that can flow from data sharing by ensuring the system has a robust data protection and privacy framework and effective oversight.

This interaction between consumer and competition law and privacy law can have great benefits for Australians and is of interest to regulators across the world. It's one of the many areas where we are actively engaging with our international networks. I am a member of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners, and we are looking specifically at the convergence of these two areas of law, to achieve outcomes in the public interest.

The OAIC is an active contributor to global thinking around privacy and information access. Through our strong international regulatory partnerships, Australia leverages emerging regulatory trends, cooperates in cross-jurisdictional enforcement and seeks to facilitate globally interoperable privacy and information access practices. We are committed to ensuring that privacy and information access rights are protected as a necessary foundation for facilitating innovation, transparency and business engagement in the global digital economy. That concludes my opening remarks.

Check against delivery