19 October 2022
The Office of the Australian Information Commissioner (OAIC) navigated work of increasing volume and complexity in 2021-22 as it continued to promote and uphold privacy and information access rights.
Releasing the OAIC’s annual report for 2021-22 today, Australian Information Commissioner and Privacy Commissioner Angelene Falk said regulatory collaboration and the appointment of Leo Hardiman PSM KC as Freedom of Information Commissioner were significant developments during the year.
“While the accelerating development of the digital world provides great opportunity, it also creates risks to privacy and access to information rights,” Commissioner Falk said.
“That’s why we have focused our efforts on preventing risks and harms and supporting entities to take a proactive approach to building in access to information and privacy protections by design. We are also joining with other regulators to ensure efficient and effective action in the public interest.”
Commissioner Falk said there had been high demand for the OAIC’s services throughout the year under review.
This was seen in the significant increase of 60% in applications for Information Commissioner review (IC review) of FOI decisions of agencies and ministers and a 42% increase in FOI complaints (215). The OAIC finalised 35% more IC reviews and finalised 28% more FOI complaints.
“While the OAIC continues to finalise more applications for IC reviews year on year, the increased volume, together with the complexity of some matters, is a major challenge. While we continually review our processes to create further efficiencies, we are also identifying where systemic improvements can be made in the FOI system.
“Importantly, proactive publication of information supports timely access to information, reduces the need for members of the community to make FOI applications and minimises FOI processing costs for agencies,” Commissioner Falk said.
The release of open by design principles, a collaboration by Australian information commissioners and ombudsmen, recognises that making government-held information open by design as a default setting supports our democracy and innovation.
In 2021–22, the OAIC received a 3% increase in privacy complaints (2,544) and finalised 2% more.
The OAIC also finalised a number of significant privacy Commissioner-initiated investigations (CIIs) that focused on the collection of biometric information and the use of high privacy impact facial recognition technologies.
“As new technologies are developed that have high risk privacy impacts, collaboration both domestically and internationally has become more critical to ensure targeted, informed and proportionate regulation,” Commissioner Falk said.
An example was the OAIC’s joint investigation with the UK’s Information Commissioner’s Office into Clearview AI Inc and the recently announced co-ordinated investigations by the OAIC and the Australian Communications and Media Authority (ACMA) into the Optus data breach.
Collaboration was also seen in the formation of the Digital Platform Regulators Forum (DP-REG) by the OAIC, ACMA, the Australian Competition and Consumer Commission (ACCC) and the Office of the eSafety Commissioner. The proactive initiatives of DP-REG aim to promote proportionate, cohesive, well-designed and efficient digital platform regulation that best serves the public interest.
A significant regulatory program for the OAIC is the Consumer Data Right, in its second year of operation in the banking sector and being expanded to new sectors, including energy and telecommunications. The OAIC co-regulates CDR with the ACCC.
The Notifiable Data Breaches scheme also marked its fourth year of operation in 2022. Since its launch, the OAIC has finalised almost 4,000 data breach notifications, working with notifying organisations to support better practice in responding to data breaches.
“Recent high profile data breaches have both elevated public concern about the handling of personal data, and increased momentum to strengthen the Privacy Act,” Commissioner Falk said.
“Combined with increasing demand for our FOI review functions, we expect another active year as we strive to promote and uphold privacy and information access rights for the community.”
Key 2021-22 statistics
- Received 1,956 applications for Information Commissioner (IC) review of FOI decisions (up 60% compared to 2020-21) and finalised 1,377 (up 35%).
- Received 215 FOI complaints (up 42%) and finalised 223 FOI complaints (up 28%)
- Received 2,544 privacy complaints (up 3%) and finalised 2,203 privacy complaints (up 2%)
- Received 853 notifications under the Notifiable Data Breaches (NDB) scheme (from 967) and finalised 81% of NDBs within 60 days against a target of 80%
- Handled 10,931 privacy enquiries (down 6%) and 1,940 FOI enquiries (up 6%).
 The IC review figures differ from the published annual report. A transcription error resulted in 39 IC reviews incorrectly reported as received in 2021-22. There were 1,956 IC reviews received (1,995 in the annual report). A technical fault resulted in 15 IC Reviews being incorrectly reported as closed in 2021-22. There were 1,377 IC reviews closed (1,392 in the annual report).