30 April 2018

In this issue

Privacy Awareness Week site now live


This year’s Privacy Awareness Week (PAW) is all about promoting privacy as part of your everyday business. Running from 13 to 19 May, this year’s theme is ‘Privacy: from principles to practice’.

Throughout this week, we encourage Australian organisations to review how they handle personal information to ensure they are transparent and accountable, in line with community expectations and legislative requirements. Building these principles into internal practices supports greater public and consumer trust, and can ensure organisations are well positioned to navigate an increasingly data-rich environment.

To help businesses and agencies promote good privacy practice and PAW, we have launched the #2018PAW campaign site. The site hosts a range of downloadable promotional supplies, links to resources for businesses and individuals, and information on the week’s events. We are also celebrating the 30th anniversary of the Australian Privacy Act 1988 (Cth) (Privacy Act) with an interactive timeline highlighting 10 key moments in the history of the Act.

We encourage you to visit the Privacy Awareness Week website to find out more, and to become a 2018 supPAWter.

Upcoming events


PAW business breakfast

7.30am, Monday 14 May 2018
The Westin, Sydney

The acting Australian Information Commissioner and acting Privacy Commissioner, Ms Angelene Falk, will open the breakfast and launch PAW 2018.

Recognised European Union (EU) and international data protection law expert, Sheila FitzPatrick, will headline the 2018 PAW Business Breakfast.

A business panel will follow to reflect on how businesses are responding to new privacy developments. Currently joining the panel is Lisa Schutz – Founder and CEO of InFact Decisions and Verifier, and Emma Hossack – CEO at Extensia.


Do you know your credit history?

7.30am to 1.30pm, 17 May
Wynyard Park, Sydney

Have you ever thought about your credit health and the important role it plays in life’s big moments? To find out more, come along to Wynyard Park in the Sydney CBD and speak with representatives from the Office of the Australian Information Commissioner (OAIC) and the Australian Retail Credit Association’s CreditSmart consumer education team and supporters.

Pick up a free coffee and learn why having good credit history is important and why you should be keeping track of it.


OAIC at the Sydney Disability Expo

9.00am to 3.00pm, 25 May
Southee Complex, Sydney Olympic Park

The OAIC will hold a stall along with the Australian Human Rights Commission at the Sydney Disability Expo on Friday 25 May.

Come and say hello to the OAIC and have a chat to us about ways you can improve privacy practice within your organisation.

Registration for the event is free. Please note that the Expo runs over two days and the OAIC stall will be present on the Friday.

Information Awareness Month

The OAIC will be celebrating Information Awareness Month (IAM) during May. The purpose of IAM is to increase public awareness of information and its place in all aspects of daily life.

To find out more about IAM, visit the IAM website. You can also follow us on Twitter, Facebook and LinkedIn for the latest updates, information and guidance materials.

Investigation into Facebook opened

On 5 April 2018, the OAIC opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorisation.

The investigation will consider whether Facebook has breached the Privacy Act. Given the global nature of this matter, the OAIC will confer with regulatory authorities internationally.


Notifiable Data Breaches first Quarterly report released

The OAIC published the first quarterly report on data breach notifications received under the Notifiable Data Breaches (NDB) scheme, which came into force on 22 February 2018.

The OAIC received 63 data breach notifications under the scheme during the first six weeks of the scheme’s operation. In the 2016–17 financial year, the OAIC received 114 data breach notifications on a voluntary basis.

Does the EU General Data Protection Regulation (GDPR) apply to Australian government agencies?
Resource for government agencies

There is some complexity involved in assessing whether the EU GDPR applies or is intended to apply to Australian government agencies. Read our new FAQ to learn more about what you need to consider as part of this assessment.

What does the term due and payable mean?
Resource for businesses

The term ‘due and payable’ in s 6V of the Privacy Act means that the credit provider has a legal entitlement to maintain an action for recovery against a consumer in respect of a missed monthly payment.

Read our FAQs and other Privacy Factsheets for more information.

Speech on digital media and advertising

Recently, the acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk, was invited to attend the Interactive Advertising Bureau (IAB) Australia Industry Briefing: Privacy Update & the GDPR event. In her keynote speech, Angelene talked about privacy in digital media and digital advertising.

The full speech is available on the OAIC website.

Recent privacy determinations

The Australian Privacy Commissioner made three privacy determinations in March 2018.

All privacy determinations are available on the OAIC website.

OAIC careers


A new exciting opportunity to join the OAIC as an Adviser (APS 6) in the Strategic Communications and Coordination team has opened up. Reporting to the Assistant Director, Strategic Communications and Coordination, this role has a focus on writing, editing, managing external suppliers such as design agencies, and project management to deliver key publications and resources.

For more information and to apply for the role, please visit the OAIC careers page.
oaic.gov.au YouTube Twitter Facebook