Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Commissioner’s opening statement — Senate Estimates 27 February 2018

27 February 2018

Thank you, Chair.

I would like to make an opening statement and if I may take slightly longer than usual as this will be my last appearance before the Committee as Commissioner as I am retiring effective 24 March 2018.

The Office of the Australian Information Commissioner (OAIC) is charged with regulating two pieces of legislation that enshrine important community rights, the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act). I would like to make some general observations about the operation of these Acts, and advise the Committee of the current status of the OAIC.

Firstly, let me start by saying that the extent of the reach of the Privacy Act into the Australian economy and society more generally is vast. Issues of personal information handling arise in all aspects of our lives as we engage in the digital economy, from health, credit and consumer contexts to law enforcement, national security, government use of data and global data flows.

It is fitting that I note this today, as 2018 will mark the 30th anniversary of the Privacy Act. I would like to table this somewhat dense diagram that sets out in detail the regulatory reach and activities of the OAIC under the Privacy Act and other legislation under which I have specific functions. A very short summation of that reach is that the Commissioner has regulatory functions and powers under:

  • the Privacy Act 1988
  • the National Health Act 1953
  • the My Health Records Act 2012
  • the Crimes Act 1914
  • the Telecommunications Act 1997
  • the Telecommunications (Interception and Access) Act 1979
  • the Data-Matching Program (Assistance and Tax) Act 1990
  • the Student Identifiers Act 2014
  • Anti-Money Laundering and Counter Terrorism Funding laws
  • Personal Properties Security Register
  • I also handle privacy complaints related to Australian Capital Territory public sector agencies under the ACT’s Information Privacy Act 2014 .

The OAIC’s work under this legislation ranges from:

  • responding to enquiries;
  • monitoring and commenting on proposed enactments and agency activities that may impact on individuals’ privacy;
  • providing advice and guidance to the public and private sector entities regulated by the Privacy Act; and
  • compliance activities, such as handling individual complaints, conducting investigations including Commissioner initiated investigations, and conducting privacy audits (or assessments, as they are known under the Privacy Act).

In undertaking these compliance activities, I have powers to compel information, as well as broad ranging enforcement powers, including the power to accept enforceable undertakings from an entity, make a determination, seek an injunction or apply to court for a civil penalty.

As of 22 February, the OAIC has another important function under the Privacy Act: regulating the new Notifiable Data Breaches (NDB) scheme. As the Committee may recall, this scheme obliges all entities covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.

The Notifiable Data Breaches scheme formalises long-standing community expectations for transparency and accountability when a data breach occurs – our 2017 Community Attitudes to Privacy Survey reveals near universal support (at approximately 95%) for this proposition.

As you can see from the variety of work that I have just described, the OAIC plays a vital role in upholding an important right for the Australian community. The significant increase in the workload of my Office over a number of years is evidence of the fact that privacy and data protection continue to be a core, and growing, consumer and community concern.

This is essential to keep in mind particularly in the current environment where data and its use is vital for innovation, research and policy development. Good personal information handling practices will engender community trust and build a social licence for data use, facilitating a vibrant data innovation agenda.

Turning now to provide the Committee with an update on our regulatory activities under the Privacy Act:

  • In the 2016–17 financial year, the OAIC received 2,494 privacy complaints, which was a 17% increase on the previous year.
  • In the current financial year, up to 31 January 2018, we received 1,639 privacy complaints. That’s a 16% increase on the amount we had received at the same time last year.
  • In the 2016–17 financial year, we handled a total of 16,793 privacy enquiries (either in writing or by phone).
  • In the current financial year, up to 31 January 2018, we have handled 11,151 privacy enquiries, a 17% increase on the amount we had received at the same time last year.

In relation to my statutory functions relating to privacy guidance, monitoring and advice, as at 31 January we had completed 314 pieces of external privacy policy advice, a 69% increase in the number provided by the same time last year.

We continue to work to enhance our efficiency in our regulatory activities. As of 31 January, we have closed 20% more privacy complaints than by the same date last year. The trial of an early resolution scheme for privacy complaints is showing positive results, both increasing timely closure rates and receiving favourable feedback from parties.

Turning now to the FOI Act, my Office seeks to promote open government through access to information, in recognition that, as the FOI Act states, ‘information held by the Government… is a national resource.’ This acknowledges the vital role that open government and access to information plays in a healthy democracy. To this end, my Office is engaged in the Open Government Partnership’s National Action Plan, an important initiative that supports open government, access to information and transparency.

It is clear that the public is also engaged in the concept of open government, and the substantial growth in our workload in relation to my FOI functions indicates that there is an increasing emphasis on seeking information from government through the FOI process.

  • In the 2016–17 financial year, we received 632 requests for Information Commissioner review, which was a 24% increase on the previous year.
  • In the current financial year, up to 31 January, we have received 440 requests for review by my Office, a 25% increase in the amount we had received at the same time last year.
  • In the 2016–17 financial year, we handled a total of 2,062 FOI enquiries (either in writing or by phone).
  • In the current financial year, up to 31 January 2018, we have handled 1,085 FOI enquiries, an 8% decrease on last year’s FOI enquiries for the same period.

The efficiencies we are making in our regulatory activities is also evident in our resolution of FOI matters: as of 31 January, we have closed 13% more IC reviews than by the same date last year.

In addition to implementing internal efficiencies, the advice and guidance work that my Office undertakes under the FOI Act aims to assist agencies and ministers to understand and engage with FOI processes more effectively.

My decisions, which are all published on AustLII, seek to provide guidance to agencies and ministers on these issues. My Office regularly publishes guidance about the operation of the FOI Act, which includes regular updates of the FOI Guidelines, and more recently, the first general procedure direction published under the FOI Act. We have also recently published a FOI regulatory action policy, which further outlines and explains my approach to using my FOI regulatory action powers. We support agency staff working in this area through the co-ordination of an Information Contact Officers Network.

In addition, this year the OAIC will be undertaking a review of the Information Publication Scheme (IPS) in consultation with agencies. The IPS aims to have agencies proactively publish information about their operations to lessen the need for FOI requests.

It is clear from the picture I have painted about the work of the OAIC that the community is active in exercising their rights in these important areas. This has consistently been the case over a number of years, as evidenced by the steady increases in the OAIC’s workload. Even with the significant productivity improvements we have made, we are challenged by the fact that the workload continues to increase at a higher rate. I have of course continued to keep the Government informed of these challenges.

I hope that this provides the Committee with a useful overview, albeit a brief summary, of the broad range of activities undertaken by my office, and the challenges and opportunities that arise.

As I mentioned at the beginning of my opening remarks, this will be my last hearing before the Committee, as I will be retiring as of 24 March 2018. This is after a career in the Australian Public Service of 34 years, including, over the last 20 years in the areas of Privacy, FOI and Information management. I would also like to point out that this means I have been appearing regularly before this Committee for 20 years. As such, I would like to note that working in public service has provided me with a rich and rewarding career, and one I would highly recommend.

I also want to acknowledge the support of the Attorney General’s Department over that time. Like any diverse family, we have had our share of disagreements over the years, but those disagreements have been outweighed by the sustained, positive relationship with the Department and I would like to thank the Secretary and his colleagues for that.

But most importantly, I wanted to use this opportunity to pay tribute to the remarkable OAIC staff that I have had the privilege of working with during my time as Australian Information Commissioner and Australian Privacy Commissioner. They have demonstrated unfailing enthusiasm and commitment to their work even during periods of uncertainty for the office, and in the face of an ever-increasing workload. I know that the office will continue to thrive with this skilled and extremely dedicated team, ready to support a new Commissioner.

Thank you.