Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Commissioner’s opening statement — Senate Estimates 22 October 2018

22 October 2018

Thank you very much for the opportunity to make this opening statement this morning, and also, to the committee, for your understanding in permitting me to appear this morning to accommodate an international commitment. It's much appreciated.

I'm honoured to be here today in my capacity as Australian Information Commissioner and Privacy Commissioner, following my appointment in August.

Serving the Australian community and leading the staff of the Office of the Australian Information Commissioner in promoting and upholding privacy and information access rights is indeed a great privilege.

This past year represents somewhat of a milestone in privacy regulation in Australia: 30 years on from the introduction of the Privacy Act in December 1988. We've seen over the past 12 months the most significant reforms in this area since the introduction of the Australian Privacy Principles in 2014. The office has played a key role in implementing these changes.

Establishing and managing the Notifiable Data Breaches Scheme, introduced in February, represents a major new area of work. We received 305 notifications under the scheme between February and June, including 242 in the June quarter. Among the key causes are malicious or criminal attack and human error. We are currently analysing notifications received from July to September in order to produce the next quarterly report later this month. What we are seeing at this point are largely consistent patterns in terms of the number of notifications, the sector and, indeed, the cause.

Our work to prepare for and help embed the new Australian Government Agencies Privacy Code, a legislative instrument under the Privacy Act which commenced in July, has also been a significant aspect of our recent work. To this end, we have provided detailed briefings, guidance and training for agencies, and we will continue to support them to help ensure a consistent and robust approach to managing privacy across the Australian Public Service.

These changes further strengthen our national framework for protecting personal information. The office has guided organisations and the community through these reforms, raising awareness, building capability, auditing compliance, resolving complaints and investigating serious breaches. As well as implementing the new Notifiable Data Breaches scheme and the privacy code, we're actively engaged in providing guidance on privacy and access to information issues in proposals and programs across government and business.

Last year, we provided more guidance on privacy issues than ever before, including 29 submissions on policy and legislative proposals. This includes the proposed consumer data right and the digital platforms inquiry. In formulating our advice, we draw on domestic and international networks to help shape the way organisations and agencies harness emerging technologies and data practices to improve the lives of Australians.

Indeed, a key issue being considered by the International Conference of Data Protection and Privacy Commissioners this week in Brussels is the need to take a multidisciplinary approach to statutory protection for individuals' data, involving both privacy and data protection authorities and consumer protection authorities. From our engagement with government agencies to assistance with business and the community, we are seeing an increasing demand across our core functions. This reflects the heightened awareness in the community of information-handling and information-access issues.

We remain focused on achieving outcomes in disputes arising under the Privacy Act. Last financial year we received 2,947 privacy complaints, an increase of 18 per cent on the previous year. We resolved 2,766 privacy complaints, an increase of 11 per cent on the previous year. We reduced the average time to resolve a complaint to 3.7 months, down from 4.7 months in 2016-17. This reflects the success of our early resolution pilot.

We also conducted 21 privacy assessments in areas such as identity verification, telecommunications and digital health. We conducted preliminary inquiries or commenced Commissioner-initiated investigations into 21 potential privacy breaches. We assisted people with nearly 20,000 inquiries about their privacy rights and responsibilities.

As well as data protection, we're ever mindful of the fact that responsible use of personal data is a key driver for innovation and research. Our guidance for business and government is designed to encourage good personal information practices in order to build community trust in the use of personal information. This objective, to enable better information sharing, extends across our privacy activities to our freedom of information and information policy functions.

The office is a key contributor to Australia's latest Open Government National Action Plan, released in September. A central focus of the plan is improving the sharing, use and reuse of public sector data.

We are engaging with the interim National Data Commissioner on proposed legislation to promote sharing of public sector data to ensure there are strong and consistent safeguards for data privacy and security.

We are continuing to work to encourage proactive publishing by government agencies in line with the Information Publication Scheme and disclosure log provisions embedded in the FOI Act. To this end, we've carried out a survey of government agencies on the operation of the Information Publication Scheme.

We expect to publish a final report this quarter that reflects the continued strong commitment of government agencies to proactive publication and identifies areas for further focus.

Over the past financial year, the office received 801 applications for FOI Information Commissioner reviews, up 27 per cent from the previous year, and finalised 610 applications, an increase of 18 per cent. Eighty-four per cent were finalised within 12 months, exceeding the KPI of 80 per cent completed within that timeframe. The average time taken to resolve Information Commissioner reviews was 6.7 months, up from 6.2 months in the previous financial year.

We also handled nearly 2,000 FOI inquiries and 62 FOI complaints. We continue to provide practical tools and guidance to support agencies' FOI functions and the management of government-held information as a national resource. We're also actively engaging with agencies through forums such as our Information Contact Officer Network, which stands alongside our Privacy Professionals Network as a key engagement tool to help build capability and foster best practice.

That concludes my opening remarks. Thank you.