Office of the Australian Information Commissioner

Annual report highlights ’s work to uphold privacy and information access rights

Retrieved on: 
Sunday, October 29, 2023
Government, FOI, Foundation, Office of the Australian Information Commissioner, Australian Competition & Consumer Commission, Budget, Legislation, Bunnings Warehouse, Privacy Commissioner, Medibank, Leadership, Australian Government Information Management Office, Kmart, IC, Risk, Annual report, Information commissioner, Review, Privacy, Confidentiality, Consumer Data Right, Culture, Community, CDR, OAIC, Australian Competition and Consumer Commission v Baxter Healthcare Pty Ltd, NDB, Department, Competition, Privacy Act 1988, Whaling, Birth control, Cryptocurrency, Customer service, Optus

Releasing the OAIC’s annual report for 2022–23, Australian Information Commissioner and Privacy Commissioner Angelene Falk said the volatile events of the financial year had underscored the need for the regulator to have the right foundations in place to promote and protect information access and privacy rights.

Key Points: 
  • Releasing the OAIC’s annual report for 2022–23, Australian Information Commissioner and Privacy Commissioner Angelene Falk said the volatile events of the financial year had underscored the need for the regulator to have the right foundations in place to promote and protect information access and privacy rights.
  • “Throughout the year, the OAIC has continued to develop and advocate for these foundations to support a proportionate and proactive approach to regulation.
  • This includes appropriate laws, resources, capability – the right people with the right tools – effective engagement with risk, appropriate governance and, importantly, collaboration,” Commissioner Falk said.
  • Investigations were also opened into the personal information handling practices of retailers Bunnings and Kmart, focusing on the companies’ use of facial recognition technology.
  • “The OAIC has a strong foundation on which to build, and it will move from strength to strength with the leadership of 3 expert commissioners.”
    Read the
    OAIC Annual report 2022–23.

Key 2022–23 statistics

Footnotes


[1] During 2022-23, the OAIC ceased classifying certain communications about FOI as ‘enquiries’ where these are more complex, or require a specific response, and are therefore dealt with by the FOI Branch instead of the OAIC’s enquiries team. This has reduced the numbers of FOI enquiries reported this financial year.

Information commissioners and ombudsmen release survey results on community attitudes

Retrieved on: 
Friday, September 29, 2023
Freedom, Office of the Australian Information Commissioner, UK Open Government National Action Plan 2016-18, Democracy, Awareness, Goulburn Ovens Institute of TAFE, Capital districts and territories, Research, Information access, Government, Ombudsman, NSW, Territory, Privacy Commissioner, Information commissioner, Whaling, Nursing, Retail, Private investigator, Online shopping, Public utility, Health insurance
Key Points: 

welcomes reforms critical to Australia’s privacy future

Retrieved on: 
Friday, September 29, 2023
Exercise, Review, Small business, Office of the Australian Information Commissioner, Australian Government, AGD, Privacy Act, Privacy, Record, Privacy Act 1988, Government, Parliament, OAIC, Compliance, Digital, Enforcement, Legislation, Online shopping

“This is a vital set of proposals that will deliver significant gains for the Australian community,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

Key Points: 
  • “This is a vital set of proposals that will deliver significant gains for the Australian community,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
  • “As the privacy regulator, it is pleasing to see support for the positive obligation that personal information handling is fair and reasonable, as a new keystone of the Australian privacy framework,” Commissioner Falk said.
  • “Key developments include enabling individuals to exercise new privacy rights and take direct action in the courts if their privacy is breached.
  • The proposed privacy reforms follow the passing in November 2022 of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which introduced significantly increased penalties for serious and repeated privacy breaches and greater powers for the OAIC to resolve breaches.

Digital platform regulators make joint submission on AI

Retrieved on: 
Tuesday, September 26, 2023
Department, Technology, Australian Communications and Media Authority, Industry, Shuichi Shigeno, Awareness, Safe, Australian Competition & Consumer Commission, Media, PSM, Privacy, Government, Competition, ACMA, Office of the Australian Information Commissioner, OAIC, Artificial intelligence, Australian Competition and Consumer Commission v Baxter Healthcare Pty Ltd, Growth, AI, ACCC, Privacy Commissioner, Australian Information Commissioner, Department of Industry, Science and Resources, Chair, Medical device, Whaling, Furniture, Science

11 September 2023

Key Points: 
  • 11 September 2023
    In a joint submission to the Department of Industry, Science and Resources consultation on the Safe and responsible AI in Australia discussion paper, members of the Digital Platform Regulators Forum (DP-REG) have outlined the opportunities and challenges presented by rapid advances in artificial intelligence (AI).
  • In its submission, DP-REG highlighted the potential impacts of AI in relation to each member’s existing regulatory framework.
  • The submission also flags that coordination between DP-REG members and other arms of government to leverage complementary strengths and expertise will remain crucial to Australia’s response to AI.
  • Through DP-REG, members engage in ongoing collaboration, information sharing and coordination on digital platform regulation.

A national digital ID scheme is being proposed. An expert weighs the pros and (many more) cons

Retrieved on: 
Monday, September 25, 2023
ACT, Optus, Department, Australian Information Industry Association, State, Private sector, MyGov, Honey, Accreditation, MyGovID, Speech, Internet, Tax, Identity theft, Finance, Australian Competition & Consumer Commission, Hope, Privacy, ID, Identification, Government, Competition, Medibank, Medicare, National Disability Insurance Scheme, Association, NSW, ABC, IDS, Australian Competition and Consumer Commission v Baxter Healthcare Pty Ltd, Federation, Department of Home Affairs (Australia), Office of the Australian Information Commissioner, National digital identity systems, Legislation, Mobile phone, Private investigator, Security printing, Medical device, Cryptocurrency

To address such costs, the federal government is proposing a national digital identity scheme that will let people prove their identity without having to share documents such as their passport, drivers licence or Medicare card.

Key Points: 
  • To address such costs, the federal government is proposing a national digital identity scheme that will let people prove their identity without having to share documents such as their passport, drivers licence or Medicare card.
  • Finance Minister Katy Gallagher opened consultations for the draft bill last week, with plans to introduce the legislation to parliament by the end of the year.

What would change?

    • The draft bill package includes strong updates to security requirements for how organisations store people’s IDs, as well as the reporting of data breaches and suspected identity fraud.
    • In her speech to the Australian Information Industry Association, Gallagher outlined a four-phase rollout.

How would it work?

    • To prove your identity to a participating organisation, you would log into the organisation’s website and select MyGovID as your verification method.
    • You would then log into your MyGovID app and give consent for your identity to be verified with that organisation.

The upside of the proposal

    • The Medibank, Optus and Latitude data breaches of 2022-23 have demonstrated the lack of regulation and enforcement of identity protection legislation in Australia.
    • The bill also outlines minimum cybersecurity standards, and requires regular review of organisations dealing with identity data.

Unresolved MyGovID security flaws

    • In releasing the draft bill, the government has highlighted a voluntary national digital identity – the MyGovID – which is already being used by more than 6 million Australians and 1.3 million businesses.
    • In 2020, security researchers warned the public against using MyGovID due to security flaws in its design.
    • According to Webber Insurance, 14 of the 44 recorded data breaches between January to June this year were reported by government authorities.
    • More worryingly, the privacy act has a loophole which allows state and government authorities to remain exempt from compulsory data breach reporting.

A honey trap for hackers

    • Also, streamlining distributed identification systems in this way will create an irresistible target for hackers.
    • In cybersecurity this is called a honeypot, or honey trap.
    • Just as honey is irresistible to bears, these data lures are irresistible to hackers.

What can you do?

    • However, you don’t have much time to have your say: public submissions are being sought until October 10.
    • This extremely short consultation period doesn’t provide much confidence a fit-for-purpose solution will be created.

Ongoing vigilance in data protection measures essential

Retrieved on: 
Wednesday, September 6, 2023
Office of the Australian Information Commissioner, Privacy Act, Notifiable disease, Privacy, Privacy Act 1988, Government, Community, OAIC, Risk, Legislation, Risk management, Medical device, Cryptocurrency, Online shopping

5 September 2023

Key Points: 
  • 5 September 2023
    The need for organisations to strengthen data security and promptly respond to suspected breaches is highlighted in the latest Notifiable data breaches report, released today.
  • “As the guardians of Australians’ personal information, organisations must have the security measures required to minimise the risk of a data breach,” Commissioner Falk said.
  • “The longer organisations delay notification, the more the chance of harm increases.”
    The January to June 2023 period saw 409 data breaches reported to the OAIC.
  • - The OAIC has published guidance on securing personal information and data breach preparation and response, as well as advice for individuals on responding to a data breach notification.

Global expectations of social media platforms and other sites to safeguard against unlawful data scraping

Retrieved on: 
Friday, August 25, 2023
Steps, Review, Technique, Submarine, YouTube, Theft, Reputational damage, Agility, Office of the Australian Information Commissioner, Meta Platforms, Clearview, Internet, Introduction, Policy, Disclosure, Privacy, Facial recognition, Webster's Dictionary, Intelligence, California Consumer Privacy Act, IP, Social media, Sale, X Corps, Human, Microsoft, Outline, OAIC, Trust, Time, Risk, PCMag, Sina Corporation, CAPTCHA, Conclusion, Clearview AI, Knowledge, Program, Alphabet Inc., Privacy Commissioner, Computer, SMC, Online shopping, Medical device, Cryptocurrency, Tissue paper, Information technology, Risk management, Private investigator, Thread
Key Points: 

Joint statement on data scraping and data protection

Retrieved on: 
Thursday, August 24, 2023
Commissioner, Commission nationale de l'informatique et des libertés, ICO, Personal data, Privacy, National Institute, Transparency, Social media, Federal Data Protection and Information Commissioner, Agency, Access, Privacy Commissioner, Information commissioner, Office of the Australian Information Commissioner, Online shopping, Cryptocurrency, Information, Bolsa de Comercio de Bahía Blanca

The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.

Key Points: 
  • The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.
  • The joint statement published today sets expectations for how social media companies should protect people’s data from unlawful data scraping.
  • “This joint statement helps provide certainty, and consistency across borders, in how data protection applies to information people post online.
  • “Social media companies have obligations under UK data protection law to protect the information people post on their platforms.

Data breaches seen as number one privacy concern, survey shows

Retrieved on: 
Wednesday, August 9, 2023
Review, YouTube, Awareness, Life, Distrust, ACAPS, Education, Friends, Internet, Parent, Privacy Act, Privacy, Intelligence, Research, Privacy Act 1988, Office of the Australian Information Commissioner, Trust, OAIC, Collection, Risk, Reading, Artificial intelligence, Government, Federation, Ageing, Health, Family, News, Social media, Legislation, Online shopping, Customer service, Whaling, Satellite navigation device, Tutoring, Facebook
Key Points: 

Association of Information Access Commissioners of Australia and New Zealand (AIAC) meeting communique

Retrieved on: 
Saturday, July 22, 2023
Democracy, Culture, Solution, Policy, Trust, Consultant, Government, Public sector, Ombudsman, Office of the Australian Information Commissioner, Association, Environment, Legislation, Public utility, Management, Audit, NSW

The Association of Information Access Commissioners of Australia (AIAC) met in Sydney, NSW on 2 June 2023 for its first meeting of the year, hosted by the Office of the Australian Information Commissioner.

Key Points: 
  • The Association of Information Access Commissioners of Australia (AIAC) met in Sydney, NSW on 2 June 2023 for its first meeting of the year, hosted by the Office of the Australian Information Commissioner.
  • The AIAC is comprised of independent Information Commissioners and Ombudsmen of Australia and New Zealand who have oversight responsibilities, under their respective state and national jurisdictions, for access to government information laws.
  • Members affirmed the important role of the right to access government information in promoting integrity and accountability by government.
  • Leaders of government are responsible for promoting public sector values and behaviours including fearlessly upholding the public’s right to access information.