OAIC calls for better government transparency as privacy complaints surge

A steep rise in privacy complaints over the past year reflects the increasing complexity inherent in protecting growing volumes of personal data, the Office of the Australian Information Commissioner (OAIC) has observed as its annual report raises calls for the government to be more open with its handling of citizen data.

The OAIC’s annual report for 2018-19 found that some 3306 privacy complaints were lodged during the reporting year – up 12 percent on the previous year.

Finance providers accounted for 13 percent of complaints, with Australian government bodies (12 percent) and healthcare providers (10 percent) rounding out the three most complained-about industries.

Some 95 percent of privacy complaints were finalised within 12 months of their receipt. Complaints took 4.4 months, on average, to resolve and the agency finalised 2920 complaints – up 6 percent – during the year.

This increase – which came despite average resolution increasing from 3.7 months the previous year – will be addressed by increased funding through fiscal 2022, which Falk said will help the agency investigate and respond to privacy breaches as well as supporting stronger online privacy protections.

“The current focus on digital platforms in Australia and overseas highlights the scale of the issues we face in safeguarding personal data, in our data-driven economy,” Australian information commissioner and privacy commissioner Angelene Falk said in a statement.

The OAIC received 1160 data breaches during the reporting period, including 950 lodged under the mandatory notifiable data breaches (NDB) scheme. Employee education continued to be a crucial part of efforts to reduce privacy breaches, she said.

While there were more privacy complaints, the OAIC received 10 percent fewer privacy enquiries – 17,445, 77 percent of which were by phone – than last year. This may suggest citizens are becoming more comfortable with evolving privacy laws and their rights under those laws.

“Access to personal information also features strongly in both privacy complaints and requests for government-held information, under our national freedom of information (FOI) laws.”

The agency handled a similar increase in FOI requests, of which 38,879 were lodged during the year – an increase of 13 percent over the previous period. It also handled 925 requests for Information Commissioner (IC) reviews of FOI requests – up 16 percent on the previous year – that took an average 7.8 months to finalise, up from 6.7 months in the previous year.

IC reviews, Falk said, “provide important guidance to agencies” about how they should be improving citizens’ access to personal data.

The Departments of Home Affairs, Human Services and Veterans’ Affairs collectively received 69 percent of FOI requests, and some 83 percent of these were for personal information – suggesting to Falk that the government should figure out ways to be more open with its information sharing.

“One of the main ways to reduce pressure on the FOI system is through more proactive publication of government information,” she said. “Combined with administrative access schemes, this will streamline agency operations and make more government information readily available to the community, which increases the transparency of public sector operations and decision-making.”

A significant early result of this focus is the introduction of the Consumer Data Right (CDR), which is driving the government’s efforts to improve consumer access to their data. The OAIC has also been engaged on the formalisation of the Australian Government Agencies Privacy Code, which commenced on 1 July 2018.

Falk has also been appointed as a founding member of the National Data Advisory Council, which will explore ways to streamline the sharing and release of government data in a confidential and secure way.

Copyright © 2019 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)