Australia re-enters Information and Privacy Commissioner limbo

A little over a year after being permanently appointed, Information Commissioner Timothy Pilgrim is set to retire on March 24.

oaic-pilgrim-pokemon.jpg
(Image: OAIC)

Australian Attorney-General Christian Porter has announced that Australian Information Commissioner and Privacy Commissioner Timothy Pilgrim is set to retire at the end of next month, with the search for a replacement to begin "soon".

With Pilgrim's departure, Australia looks set to once again enter the realm of commissioner limbo.

The Office of the Australian Information Commissioner (OAIC) has been in various hobbled states ever since the the Federal Budget of 2014 was handed down and it was slated to be disbanded.

However, the office struggled on without any funding set aside for it, thanks to an obstinate Senate refusing to pass the legislation that would abolish it.

After its near-death experience, the office was eventually handed AU$9.3 million annually for four years in the 2016 Budget, although that funding was mostly siphoned off the Australian Human Rights Commission. In addition, most of its freedom of information duties were sent to other parts of the Attorney-General's Department.

Pilgrim has been in the role of privacy commissioner since July 2010, having previously served as deputy privacy commissioner from 1998, and, after a series of temporary rolling appointments over two years, finally became Australian Information Commissioner in September.

During Pilgrim's time, Australians had their privacy and security eroded under the tenure of former Attorney-General George Brandis, who instituted mandatory data retention, sought to criminalise the re-identification of de-identified government data, and forced telcos to become beholden to the Attorney-General's Department.

Brandis recently left the Senate to become the high commissioner in London.

His replacement praised Pilgrim's "thoughtful and considered approach" during his time.

"Pilgrim has effectively governed the Office of the Australian Information Commissioner and has enhanced the office's relevance in a continually evolving policy environment," Porter said in a statement.

"The government will soon be undertaking a merit-based selection process to identify Mr Pilgrim's replacement."

Australia's Notifiable Data Breaches scheme will take effect from Thursday, and will require organisations covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm" as soon as practicable after becoming aware of a breach.

Related Coverage

Australian agencies need new privacy code to maintain public trust: Pilgrim

The OAIC will create a public service privacy code following a number of privacy incidents with Australian governmental agencies.

Clear-cut definition of de-identified data critical in legislation: Pilgrim

Australia's Privacy Commissioner has said the de-identification of data is an area requiring regulation, and that agreed industry standards could be useful to fill the public with confidence.

OAIC finds a garden shed is not a secure place for medical records (TechRepublic)

The Australian Privacy Commissioner, Timothy Pilgrim, has ruled that storing medical records in a garden shed is a failure to secure sensitive records.

OAIC and Data61 offer up data de-identification framework

The Office of the Australian Information Commissioner and Data61 have released a guide to assist organisations to appropriately de-identify data to meet requirements such as those mandated under the Privacy Act.

OAIC received 114 voluntary data breach notifications in 2016-17

The office led by Information and Privacy Commissioner Timothy Pilgrim received 114 voluntary data breach notifications, 35 mandatory digital health data notifications, and 2,494 privacy-related complaints during the 12-month period.