The Office of the Australian Information Commissioner (OAIC) continued to uphold and advance information access and privacy rights for the Australian community throughout 2023-24. The year was also marked by the commencement of a program of change designed to promote the effectiveness of our regulatory action and better serve the Australian community.
Releasing the OAIC’s annual report for 2023–24, Australian Information Commissioner Elizabeth Tydd said the OAIC’s move to a three-Commissioner model, which came into effect in February 2024, has provided a welcome platform from which to progress the OAIC’s regulatory priorities.
“With strong foundational work undertaken across 2023-24, we see 2024-25 as an important opportunity to further position the OAIC as a proactive and purpose-driven regulator and an effective contributor to Australia’s integrity framework,” she said.
“The past years have seen an overall increase in work in the privacy and FOI domains. We have been stepping up to that challenge, whilst also responding to areas of backlog, where they have arisen.
“Our annual report speaks to that balance as we have sought to best position the OAIC to deliver the regulatory expertise required in a dynamic environment and to deliver the services required by the Australian community. Privacy reform is an important part of that picture, as is the evolving technology landscape and its use of data,” she said.
During the year the OAIC commenced civil penalty proceedings into Australian Clinical Labs and Medibank Private following investigations of their data breaches. The OAIC also contributed to a range of other areas of legislation, inquiry and policy in the privacy space, including on digital health, credit reporting and the Consumer Data Right. The government’s Digital ID initiative has been another key privacy focus.
“Pleasingly, our Freedom of Information caseload outcomes demonstrate that the 8-year growth of the FOI backlog within the OAIC is being arrested , positioning the OAIC to be a more contemporary and effective regulator,” Commissioner Tydd said.
The OAIC also conducted a five-yearly review of the Information Publication Scheme (IPS), in conjunction with Australian Government agencies. This was the OAIC’s third IPS review, addressing agencies’ compliance with IPS obligations, and management and publication of public sector information.
“We are seeing a welcome focus on privacy and access to information in Australia, and the OAIC will continue our work to foster better awareness and better practices in these crucial areas, that are integral to accountability and integrity” said Commissioner Tydd. “That will require targeted and effective enforcement that can minimise harms in the community and assist in strengthening trust and transparency in the digital economy.”
Key 2023–24 statistics
- Handled 10,476 privacy enquiries, and finalised 97% of written privacy and information access enquiries from the public within 10 working days, exceeding our target of 90%.
- Finalised 3,104 privacy complaints, compared to 2,576 in 2023–24 (a 20% increase), resolving 78% within 12 months, and issued 12 determinations. We also made significant progress in reducing the number of aged complaints on hand.
- Finalised 994 notifications under the Notifiable Data Breaches (NDB) scheme, with 85% of notifications finalised within 60 days, exceeding our target of 80%.
- Increased the number of freedom of information (FOI) complaints finalised by 204%. Agencies accepted 96% of the recommendations made following FOI complaint investigations.
- Finalised 1,748 Information Commissioner (IC) reviews – a 15% increase in finalisations, notwithstanding the 7% increase in applications received, and issued 207 IC review decisions, compared to 68 in 2022–23.
