OAIC privacy complaints pass 4,000

Before the Office of the Australian Information Commissioner is disbanded at the end of the year, its final annual report has revealed that privacy complaints increased to more than 4,000 for the year as the government's new privacy policy came into effect in March.
Written by Aimee Chanthadavong, Contributor

More than 4,000 privacy complaints were lodged with the Office of the Australian Information Commissioner (OAIC) during the financial year ending June 2014, with the 183 percent surge largely the result of the new privacy laws.

In what is likely to be the final annual report in its brief four-year life, the OAIC revealed that it had received 4,239 privacy complaints during the 12-month period, a marked increase from the 1,496 complaints it received the previous year.

The Australia Information Commissioner professor John McMillan said that the increase in privacy complaints was largely due to the changes made to the Privacy Act in March.

"There was a heightened focus this year on privacy protection, because of the commencement in March 2014 of significant reforms to the Privacy Act," he said. "The changes aimed to modernise privacy law in response to developments in technology, data acquisition and management, domestic and global information flows, and heightened community privacy awareness and concern."

The OAIC also revealed that it handled a record number of complaints and review applications, while also managing to increase the closure rate of matters during the 12 months ending June 2014.

In its 2013-14 annual report (PDF), the OAIC said it completed 646 information commissioner reviews, an increase of 54 percent from last year. It also reduced the backlog of reviews and complaints that existed at the start of the report year, from 206 to 40 days.

McMillan said the OAIC made "excellent progress" in resolving freedom of information (FOI) matters, with particular focus on finalising older cases, the early assessment of new cases, and informal resolution through OAIC-led discussion and negotiation among the parties.

"The OAIC was delighted with this turnaround in individual case handling. This success stems from two years of the OAIC actively seeking and trialling different methods of efficient case handling," he said.

"The OAIC also processed 2,456 extension of time requests and notifications, and responded to 1,903 phone and written enquiries about FOI."

The average completion time for privacy complaints was reduced by 44 percent to an average of 86.7 days. The privacy workload also included a 30 percent increase in written enquiries to 2,455; a 9 percent increase in phone enquiries to 11,737; a 16 percent increase in data breach notifications to 71; and a 60 percent increase in privacy audits to eight.

Australian governmental, finance, and credit reporting bodies were the most commonly complained about sectors during the year. More specifically, organisations and agencies that received the largest number of complaints were the Department of Immigration and Border Protection, Veda Advantage Information Services and Solutions, and Cbus Superannuation. Australia's four major banks were also listed in the top 10 organisations that received the most complaints.

The complaints were around topics concerning personal information being collected, held, used, or disclosed by an organisation; personal information being handled by an Australian government agency in a manner that did not comply with the Australian privacy policy; and credit-worthiness information held by credit providers and credit reporting agencies being mishandled.

In 2013-14, the OAIC closed 64.7 percent of complaints without investigation, which meant that they were referred to an organisation or agency that was able to assist them, and only 10.8 percent of complaints required investigation.

"The chief interest of nearly all complainants and applicants is to get a swift resolution of their matter in terms acceptable to them and with the least formality. Meeting this expectation has been at the forefront of OAIC case handling," McMillan said.

During the year, reforms to the Privacy Act took effect in March, so there was a heightened focus on privacy protection. This was reflected by the 30 percent increase in the number of written privacy enquiries and a hefty 183 percent increase in the number of privacy complaints the OAIC received during the year. It was notable that for the first time, two significant data breaches resulted in a large number of individual complaints being lodged with the OAIC.

Throughout the year, the OAIC responded to specific privacy enquiries from the Australian government and Australian Capital Territory government agencies, private sector bodies, and individuals.

The report also showed that agencies and ministers covered by the FOI Act received 28,463 FOI requests during the year, an increase of 14 percent on the previous year — the highest increase rate since the 2010 reforms.

The Department of Immigration and Border Protection (DIBP), the Department of Human Services (DHS), and the Department of Veterans’ Affairs (DVA) together continued to receive the majority of FOI requests, making up 70.2 percent of the total. Individually, the DIBP, DHS, and DVA experienced, respectively, increases of 26.1 percent and 22.2 percent, and a decrease of 13.3 percent compared to 2012-13.

The bulk of requests to these agencies were from customers or clients seeking access to documents containing their own personal information or case file information. In fact, the number of non-personal information requests grew by almost 13 percent this year. Agencies and ministers decided 23,106 requests, and access to documents was granted, in full or in part, in just over 86 percent of all requests determined.

Meanwhile, the cost to government of administering the FOI Act decreased by 7.5 percent from AU$41.837 million on the previous year's total of AU$45.231 million. This decrease occurred despite an increase of 6.2 percent in requests determined and an increase of 10.4 percent in requests finalised over the same period.

Meanwhile, issues raised in FOI complaints during the year surrounded processing delays, unsatisfactory customer service, and agency failure to acknowledge request.

"This year was the third full year of operation for the reforms to the FOI Act that commenced in November 2010. The OAIC's general impression is that FOI principles are, on the whole, better understood and respected across government. However, there is still room for improvement," McMillan said.

The 2013-14 annual report is expected to be the last for the OAIC. During the federal Budget, it was announced that the OAIC will be disbanded by year's end, and instead its functions will be redistributed amongst four other government agencies.

The OAIC FOI merits review function will be transferred to the Administrative Appeals Tribunal (AAT), and the AAT will be the first avenue of external merit reviews of FOI decisions. The Commonwealth Ombudsman will resume sole responsibility for investigating FOI complaints. The Attorney-General's Department will take on the OAIC's function of issuing FOI guidance material for agencies and collecting and collating FOI statistics. At the same time, the handling of privacy law issues will be administered to the soon-to-be-established Office of the Privacy Commissioner.

"OAIC commissioners and staff have acted promptly to implement the government decision. We nevertheless have great pride in the OAIC’s substantial record of achievement," McMillan said.

"The OAIC's vision has been an Australia where privacy and information access rights are respected and public sector information is managed in the public interest. We look to that vision being taken forward by others, and the establishment of the office of the Australian privacy commissioner from January 1, 2015."

Editorial standards