Newsroom

Search our media releases, articles, interviews and speeches

Data breach report highlights supply chain risks

The risk of outsourcing personal information handling to third parties is highlighted in the latest data breach statistics.

Media release
Data breach
Privacy

22 February 2024

OAIC opens investigation into HWL Ebsworth over data breach

The Australian Information Commissioner has commenced an investigation into the personal information handling practices of HWL Ebsworth Lawyers.

Media release
Data breach
Enforcement
Investigation
Privacy

21 February 2024

Representative complaints update

The OAIC has received multiple representative complaints following the major data breaches

Article
Complaints

13 December 2023

OAIC says appointment of new commissioners a significant step

Australian Information Commissioner Angelene Falk today welcomed the appointments of a standalone Privacy Commissioner and a new Freedom of Information Commissioner.

Media release
Freedom of Information
Privacy

27 November 2023

Digital platform regulators release working papers on algorithms and AI

The Digital Platform Regulators Forum has published working papers on algorithms and the large language models used in generative artificial intelligence to mark the launch of its website.

Media release
Privacy

23 November 2023

Association of Information Access Commissioners meeting communique

The Association of Information Access Commissioners (AIAC) met in Perth on 3 November 2023 for its second biannual meeting.

Statement
Freedom of Information
Information access

17 November 2023

Commissioner Falk to conclude with second term

The Australian Information Commissioner Angelene Falk has advised the Attorney-General that after having the privilege of serving two terms she will not be seeking a third term

Media release
Information access
Privacy

10 November 2023

OAIC commences Federal Court proceedings against Australian Clinical Labs Limited

The Australian Information Commissioner has commenced civil penalty proceedings in the Federal Court against Australian Clinical Labs Limited following a February 2022 data breach of its Medlab Pathology business.

Media release
Data breach
Enforcement
Investigation

3 November 2023

Australian Government Solicitor FOI and Privacy Law Conference 2023

Read the keynote address prepared for delivery by Commissioner Angelene Falk for the Australian Government Solicitor FOI and Privacy Law Conference 2023.

Speech
Events
Information access
Privacy

1 November 2023

Annual report highlights OAIC’s work to uphold privacy and information access rights

The OAIC delivered work for the Australian community through unprecedented times in 2022–23 as millions of Australians were impacted by the biggest data breaches the country had experienced since the commencement of the Notifiable Data Breaches

Media release
Information access

19 October 2023

OAIC welcomes reforms critical to Australia’s privacy future

The OAIC welcomed the Australian Government’s response to the Attorney-General’s Department’s review of the Privacy Act 1988 as a crucial step in ensuring Australia’s privacy framework is strengthened for the future.

Media release
Legislation
Privacy

28 September 2023

Information commissioners and ombudsmen recognise importance of the online space in accessing information

Australia’s information commissioners and ombudsmen join in their commitment to promote and uphold the fundamental right of the community to access government information.

Statement
Freedom of Information
Information access

28 September 2023

Information commissioners and ombudsmen release survey results on community attitudes

Australian information commissioners and ombudsmen released the findings of their third cross-jurisdictional study of community attitudes on access to government information.

Media release
Freedom of Information
Information access

27 September 2023

Digital platform regulators make joint submission on AI

Members of the Digital Platform Regulators Forum have outlined the opportunities and challenges presented by rapid advances in artificial intelligence in a joint submission.

Media release
Privacy
Submission

11 September 2023

Ongoing vigilance in data protection measures essential

The need for organisations to strengthen data security and promptly respond to suspected breaches is highlighted in the latest Notifiable data breaches report.

Media release
Data breach
Privacy

5 September 2023

Showing 1 to 15 of 151 results

1 to 15 of 151 search results
filter icon

Refine your search

2

Refine your search

Type

Topic

Can you confirm you have been notified of a data breach?

The OAIC generally will not comment publicly about the content of data breach notifications.

Where a particular incident is of community concern and has already been reported in the media, we may confirm publicly that we have received a notification or are investigating or making inquiries into the matter. We will generally not comment further until the investigation or our inquiries are complete.

We may also comment publicly on a matter where there is public interest in us doing so, for example, to enable members of the public to respond to a data breach.

Why don’t you list the names of organisations that have notified data breaches?

There is no specific provision that provides for the OAIC to make available a list of names of organisations that notify data breaches. The NDB scheme does have specific provisions regarding how organisations must notify individuals at likely risk of serious harm from a data breach and the OAIC. Accordingly, the OAIC will not generally disclose a list of names of organisations that notify data breaches.

Can you advise when an investigation will be completed?

Some investigations can be finalised quickly, but some take longer because of the type of inquiries and the volume of material that needs to be reviewed. We aim to finalise all investigations as quickly as possible.

Will you publish a report on the investigation?

Where the Commissioner makes a determination, a decision will be published. If the Commissioner takes proceedings for civil penalties, the Commissioner will file a statement of claim.

There’s more information on Commissioner-initiated investigations, including our approach to publication, in our Guide to Privacy Regulatory Action.

What penalties are available to the OAIC for an interference with privacy?

Section 80W of the Privacy Act 1988 empowers the Commissioner to apply to the FederalCourt or Federal Circuit Court for an order that an entity that is alleged to have contravened a civil penalty
provision in that Act pay the Commonwealth a penalty.

Under section 13G of the Privacy Act, since 13 December 2022 the maximum penalty for serious or repeated interferences with privacy are:

  • for a body corporate, the greater of either:
    • $50million; or
    • the value of any benefit the relevant court has determined that the body corporate, or any body corporate related to it, has obtained directly or indirectly that is reasonably attributable to the contravention, multiplied by three;
    • or if the court cannot determine the value of that benefit, 30% of the annual turnover of the body corporate during the 12-month period ending at the end of the month in which the contravention happened or began.
  • for a person other than a body corporate, the maximum penalty amount is $2.5million.

The Federal Court or Federal Circuit Court ultimately determines the penalty awarded, taking into account matters including:

  • the nature and extent of the contravention
  • the nature and extent of any loss or damage suffered because of the contravention
  • the circumstances in which the contravention took place
  • whether the person has previously been found by a court to have engaged in any similar conduct.

There is more information on civil penalties, including provisions in other legislative frameworks, in our Guide to Privacy Regulatory Action.

How to contact us if you have a media enquiry or interview request
Photographs of Australian Information Commissioner Angelene Falk
Photograph of Freedom of Information Commissioner Elizabeth Tydd
Photograph of Privacy Commissioner Carly Kind