Newsroom

Search our media releases, articles, interviews and speeches

Information Publication Scheme review identifies areas to improve access to government information

The OAIC’s third five-yearly review of the Information Publication Scheme highlights how a concerted effort is required by government agencies to support proactive release of information.

Media release
Freedom of Information
Information access
Information Publication Scheme

12 June 2024

OAIC to support greater information access through international body

The OAIC has been elected to the Executive Committee of the International Conference of Information Commissioners.

Media release
Freedom of Information
Information access
International

6 June 2024

OAIC takes civil penalty action against Medibank

The Australian Information Commissioner has filed civil penalty proceedings in the Federal Court against Medibank in relation to its October 2022 data breach.

Media release
Data breach
Enforcement
Investigation
Privacy

5 June 2024

The Australian opinion piece – ‘New laws needed to stop TikTok and other social media giants ‘harvesting’ data’

Read Privacy Commissioner Carly Kind’s opinion piece published in The Australian on Tuesday 28 May 2024.

Article
Enforcement
Privacy

3 June 2024

Senate estimates opening statement May 2024

Read the opening statement delivered by acting Australian Information Commissioner and FOI Commissioner Elizabeth Tydd to the Legal and Constitutional Affairs Legislation Committee.

Statement
Estimates

30 May 2024

Innovate Australia Showcase 2024

Read the keynote address prepared for delivery by Privacy Commissioner Carly Kind for the Innovate Australia Showcase.

Speech
Digital ID
Events
Privacy

29 May 2024

Statement on TikTok preliminary inquiries

Read Privacy Commissioner Carly Kind’s statement on the closure of the OAIC’s preliminary inquiries into TikTok.

Statement
Enforcement
Privacy

29 May 2024

National Archives and OAIC call for proactive approach to government information management

National Archives of Australia and the OAIC have joined together to mark Open Government Week and to champion best practice in government information creation, management, protection, use and access.

Statement
Freedom of Information
Information access
Privacy

27 May 2024

Advice on MediSecure cyber security incident

The Australian Government is working with former prescription delivery service provider MediSecure to respond to a cyber incident affecting the company.

Statement
Data breach
Privacy

24 May 2024

Biometrics Institute Asia-Pacific Conference 2024

Read the keynote address prepared for delivery by Privacy Commissioner Carly Kind for the Biometrics Institute Asia-Pacific Conference on Wednesday 22 May 2024.

Speech
Digital ID
Privacy

22 May 2024

Statement on MediSecure data breach

Read the OAIC’s media statement about the data breach involving MediSecure.

Statement
Data breach
Enforcement
Privacy

21 May 2024

Statement on the Federal Budget 2024–25

Read the OAIC’s statement on our operating budget set by the Federal Budget 2024–25.

Statement
Funding

15 May 2024

Appointment of next Australian Information Commissioner

The Attorney-General has announced the appointment of Elizabeth Tydd as Australian Information Commissioner and head of the OAIC.

Media release

9 May 2024

Privacy Commissioner Carly Kind radio interview – ABC RN Breakfast

Read the transcript of Privacy Commissioner Carly Kind’s radio interview with Patricia Karvelas on ABC RN Breakfast.

Interview
Privacy

8 May 2024

IAPP Sydney KnowledgeNet May 2024

Read the keynotes address prepared for delivery by Privacy Commissioner Carly Kind for the IAPP Sydney KnowledgeNet event.

Speech
Events
Privacy

7 May 2024

Showing 1 to 15 of 172 results

1 to 15 of 172 search results
filter icon

Refine your search

2

Refine your search

Type

Topic

Can you confirm you have been notified of a data breach?

The OAIC generally will not comment publicly about the content of data breach notifications.

Where a particular incident is of community concern and has already been reported in the media, we may confirm publicly that we have received a notification or are investigating or making inquiries into the matter. We will generally not comment further until the investigation or our inquiries are complete.

We may also comment publicly on a matter where there is public interest in us doing so, for example, to enable members of the public to respond to a data breach.

Why don’t you list the names of organisations that have notified data breaches?

There is no specific provision that provides for the OAIC to make available a list of names of organisations that notify data breaches. The NDB scheme does have specific provisions regarding how organisations must notify individuals at likely risk of serious harm from a data breach and the OAIC. Accordingly, the OAIC will not generally disclose a list of names of organisations that notify data breaches.

Can you advise when an investigation will be completed?

Some investigations can be finalised quickly, but some take longer because of the type of inquiries and the volume of material that needs to be reviewed. We aim to finalise all investigations as quickly as possible.

Will you publish a report on the investigation?

Where the Commissioner makes a determination, a decision will be published. If the Commissioner takes proceedings for civil penalties, the Commissioner will file a statement of claim.

There’s more information on Commissioner-initiated investigations, including our approach to publication, in our Guide to Privacy Regulatory Action.

What penalties are available to the OAIC for an interference with privacy?

Section 80W of the Privacy Act 1988 empowers the Commissioner to apply to the FederalCourt or Federal Circuit Court for an order that an entity that is alleged to have contravened a civil penalty
provision in that Act pay the Commonwealth a penalty.

Under section 13G of the Privacy Act, since 13 December 2022 the maximum penalty for serious or repeated interferences with privacy are:

  • for a body corporate, the greater of either:
    • $50million; or
    • the value of any benefit the relevant court has determined that the body corporate, or any body corporate related to it, has obtained directly or indirectly that is reasonably attributable to the contravention, multiplied by three;
    • or if the court cannot determine the value of that benefit, 30% of the annual turnover of the body corporate during the 12-month period ending at the end of the month in which the contravention happened or began.
  • for a person other than a body corporate, the maximum penalty amount is $2.5million.

The Federal Court or Federal Circuit Court ultimately determines the penalty awarded, taking into account matters including:

  • the nature and extent of the contravention
  • the nature and extent of any loss or damage suffered because of the contravention
  • the circumstances in which the contravention took place
  • whether the person has previously been found by a court to have engaged in any similar conduct.

There is more information on civil penalties, including provisions in other legislative frameworks, in our Guide to Privacy Regulatory Action.

How to contact us if you have a media enquiry or interview request
Photographs of Australian Information Commissioner Angelene Falk
Photograph of Freedom of Information Commissioner Elizabeth Tydd
Photograph of Privacy Commissioner Carly Kind