Skip to main content

Please be advised that our office will be closed from 5pm – Tuesday, 24 December, and will reopen on Thursday, 2 January 2025.

Published 30 May 2024

Read the opening statement delivered by acting Australian Information Commissioner and FOI Commissioner Elizabeth Tydd to the Legal and Constitutional Affairs Legislation Committee on 29 March 2024.

With the chair’s leave, I take this opportunity to acknowledge the committee’s role and, in doing so, provide a brief opening statement outlining the important work of the Office of the Australian Information Commissioner (OAIC).

I appear today as Acting Information Commissioner, noting my substantive role as the Freedom of Information Commissioner. My colleague the Privacy Commissioner Ms Kind and Ms Ago, Assistant Freedom of Information Commissioner, appear with me. Their expertise will assist the committee in its consideration of the operations of the OAIC.

For clarity and consistency, I will firstly turn to OAIC statistics. Our appearance and preparatory papers are informed by data to quarter 3 of 2023–24. That is the most comprehensive suite of data available. However, to ensure that the committee has more current data, I provide the following snapshot of data relevant to OAIC performance.

As at 28 May 2024, the OAIC freedom of information (FOI) statistics are as follows:

  • 1,572 FOI review applications were received. Of these, 929 (59%) are review of applications originating from a deemed access refusal application, where applicants have sought Information Commissioner review (IC review) on the basis that the agency has not made a decision within the statutory processing period. Applicants do not have a right to seek internal review and can only seek IC review.
  • Finalised 1,380 FOI review applications. Of these, 727 (53%) are review of applications originating from a deemed access refusal.
  • 2,200 matters on hand – 768 of these matters (35%) arise because of a deemed refusal by the agency; 1,257 matters are more than 12 months old. There are 12 2019 matters remaining and 168 2020 matters remaining unfinalised.
  • We have issued 178 decisions under s 55K (13%) – this is an increase of 162% from the 68 decisions issued in 2022–23 when s 55K decisions represented only 4% of our outcomes.
  • Received 240 complaints.
  • Finalised 281 complaints. This is more than double the complaints finalised in the 2022–23, when we finalised 124 complaints.
  • 146 complaints on hand – 51 (approx. 35%) are over 12 months old. There is one 2021 complaint remaining and 25 2022 complaints remaining.
  • Our performance against our KPI of 80% finalised within 12 months is at 69%.

These statistics confirm that there is much to do, and our forward agenda is focused both internally and externally. Internally, we are examining and refining processes to maximise efficiencies and, importantly, effectiveness. Externally, I have met with approximately 30 agency heads in the 3 months since my appointment as FOI Commissioner. I have been strongly encouraged by a commitment to serving the objects of the FOI Act and, in doing so, deliver timelier and more robust first instance decisions.

In the last 3 months, we have revised 4 chapters of the FOI Guidelines and issued new procedural directions that are directed to timely engagement by agencies and internal capacity building.

Turning to privacy, we continue in our efforts to shift to a more proactive and enforcement-focused regulatory posture, and we have made significant progress against the 4 major investigations we have on foot. We have initiated 7 investigations this financial year.

In terms of achievement against KPIs, as at 28 May 2024:

  • Our performance against our KPI of 80% of complaints finalised within 12 months is at 79%.
  • We have received 2,847 privacy complaints in the year to date, and have finalised 2,802 privacy complaints.
  • We have 2,312 matters on hand – 639 matters are more than 12 months old. There are 6 from 2018, one from 2019, 5 from 2020 and 12 from 2021.
  • We have finalised 3 Commissioner-initiated investigations this financial year, all of these within 12 months against a KPI target of 80% finalised with 12 months.
  • We have received 910 Notifiable Data Breaches  and finalised 875. Eighty-five per cent of notifications were finalised within a KPI target of 80% in 60 days.

For both information access and privacy, we received 2,869 written enquiries and finalised 2,933. Ninety-eight per cent of written enquiries were finalised within 10 working days against a KPI of 90% finalised within 10 working days.

This positive whole-of-OAIC outcome highlights our success in providing a responsive information governance regulatory service. The statistics also demonstrate the breadth and complexity of some of our work and the compelling case for expertise and guidance. The future direction for the OAIC is informed by the three-commissioner model with each commissioner guiding our performance to deliver a contemporary regulatory model that promotes:

  1. a proactive regulatory approach to minimise harm with a focus on regulatory guidance and prevention of harm
  2. purposeful and effective regulatory action
  3. a proportionate response to harm and a proportionate application of OAIC resources
  4. a people focus to ensure our expertise is promoted and valued.

To achieve these objectives, work is underway to advance the OAIC’s strategic direction. This includes: a focus on growing our internal capacity and culture; process examination and revision; regulatory tools, including harnessing technology; organisational design; and, importantly, external engagement with other regulators and the regulated community.

Finally, Privacy Act reform provides a much-anticipated opportunity to establish Australia’s leadership as a future-focused regulator, and to empower the OAIC to meet the community’s expectation for the protection and prevention of harms in the digital ecosystem. Likewise, our contribution to the digital government agenda and development of a Digital ID will advance access to information and promote privacy safeguards. It is this holistic and authoritative approach to information governance that will position us for the future, elevate capacity and compliance by government and industry, and better serve the Australian people.