Armed with new funding and support, Australia’s privacy watchdog has signalled a shift in its approach to regulation in order to keep up with “increasingly complex” information handling practices, changing consumer expectations, and new data portability and security schemes.
The Office of the Australian Information Commissioner (OAIC) today released its 2019/20 corporate plan, outlining its priorities and how it intends to to increase public trust and confidence in the protection of personal information and access to government-held information.
In the plan the OAIC welcomed indications from the government that it will begin reforming Australian privacy law this year, particularly to deal with online platforms exposed in the recent ACCC inquiry. But the watchdog also called for more accountability of regulated entities currently benefiting from the use of Australian’s personal information.
“This year’s Corporate Plan is my first as commissioner and signals a shift in the work of my office and the way in which we operate,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said in her foreword. “While our core purpose — to promote and uphold privacy and information access rights — remains constant, the environment in which we regulate has undergone significant change.
“The plan responds to our changing environment and sets a clear vision: to increase public trust and confidence in the protection of personal information and access to government-held information.
“We will achieve this vision by strengthening online privacy protections, influencing and upholding privacy and information rights frameworks, and supporting proactive provision of information by government.”
The OAIC plan sets out four strategic priorities for the year ahead:
- Advance online privacy protections for Australians
- Influence and uphold privacy and information access rights frameworks
- Encourage and support the proactive release of government-held information
- Contemporary approach to regulation.
The plan notes the challenge of increasing expectations of the regulator’s role in a time when trust in institutions is declining.
“More generally, we are observing a shift in community and government expectations of regulators,” the corporate plan says. “In response, we are taking a contemporary approach to the way we regulate, engaging with and being responsive to these expectations.
“This requires us to continue to build our capability and improve the efficiency and effectiveness of our processes. We are also assessing our regulatory frameworks and compliance and enforcement powers in light of these changing expectations.”
The chronically underfunded agency, which the coalition government attempted to kill off in 2014, was promised additional funding in this year’s budget. However the extra funds have reportedly already been earmarked for new duties rather than reducing the current backlog of privacy investigations and FOI requests.
The new plan reiterates the resource challenge, noting current OAIC staff’s “capabilities are tested by an increase in our workload, responsibilities and fast-changing environment”.
The agency has had to deal with increasing privacy complaints and more FOI requests in recent years despite staff levels remaining relatively flat and data practices evolving rapidly. Staff will be further strained, the latest plan says, by new legislative schemes, such as the Notifiable Data Breaches Scheme and the Consumer Data Right which are expected to increase inquiries.