Published:
The OAIC’s regulatory approach uses both encouragement and deterrence to promote and protect privacy and information access rights. We apply a proactive and harm-focussed approach to prioritise our efforts. We take regulatory action to encourage and support compliance by regulated entities and to address high-risk matters with the greatest potential for harm. We will be more likely to take regulatory action in response to issues:
- that create a risk of substantial harm to individuals and the community, especially to vulnerable people and groups
- that concern systemic harms or contraventions
- where our action is likely to change sectoral or market practices, or have an educative or deterrent effect
- that are subject to significant public interest or concern
- where our action will help clarify aspects of policy or law, especially newer provisions of the Acts we administer.
We take regulatory action in a consistent, transparent and proportionate manner. When deciding on which regulatory tools to use, and how to use them, we:
- identify the risks of harm we are responding to, and the likelihood and possible consequences of those risks
- respond in ways that are proportionate, consistent with the expectations of the community and the Government, and manage risks to adequately protect the public
- take timely and necessary action
- seek to minimise regulatory burden and cost.
