Office Of The Australian Information Commissioner (OAIC)

The Office of the Australian Information Commissioner (OAIC) is the independent national regulator for privacy and freedom of information. It is an agency within the Attorney-General’s department. It upholds privacy and information access rights by administering the Privacy Act 1988, the Freedom of Information Act 1982 and the Australian Information Commissioner Act 2010. It  conducts investigations, handles complaints, reviews Freedom of Information decisions, monitors agency administration and advises the public, organisations and agencies.

The Australian Information Commissioner Act states the OIAC’s overarching responsibility is for the Commonwealth Government’s policy, practice and systems for the collection, use, disclosure, management, administration or storage of, or access to, information held by the government.

OAIC and Freedom Of Information (FOI)

One of the OAIC’s main functions is to oversee the operation of the Freedom of Information Act. This incudes to:

• promote awareness and understanding of FOI;
• help agencies publish FOI information;
• provide information, advice, assistance and training to any person or agency about FOI;
• issues FOI guidelines;
• make reports and recommendations to government about legislative change or administrative action needed in relation to the FOI Act,
• review FOI decisions;
• collect FOI information and statistics from agencies and governments.

OAIC and Privacy

The OAIC has privacy functions conferred by the Privacy Act. These include to:

• manage complaints from the public about the handling of their personal information;
• conduct an investigation into an act or practice that might breach the Act;
• conduct a privacy assessment of whether an entity is handling information in accordance with the Act;
• require an entity to develop an enforceable code and register it;
• direct an agency to provide a privacy impact assessment about a proposed activity or function;
• approve external dispute resolution schemes to handle privacy complaints.

It also has functions under other laws including those related to data matching, eHealth, spent convictions and Tax File Numbers.

Guidance

The Privacy Act confers guidance functions on the OAIC. These include to:

• make guidelines to prevent acts or practices that interfere with the privacy of individuals;
• promote understanding and acceptance of privacy laws and codes;
• conduct educational programs to promote the protection of individual privacy.

This task includes to promote the Australian Privacy Principles, which are the foundation for privacy protection under the Act. They govern the collection, use and disclosure of personal information; agency governance and accountability; the integrity of personal information and rights to access personal information.

Monitoring

The Privacy Act also confers monitoring functions on the OAIC. These include to:

• monitor the security an accuracy of information held by an entity;
• assessing entities to ensure they are not using information for unauthorised purposes and are taking adequate measures to prevent unlawful disclosure;
• assess the Australian Tax Office (ATO) to ensure tax file number information is not being used for an unauthorised purpose and the ATO is taking adequate measures to prevent unlawful disclosure of such information;
• examine proposed commonwealth laws or data-matching proposals that might interfere with individual privacy;
• undertake research into data processing and technology to ensure it minimises adverse effects on individual privacy.

Advice

The Privacy Act also confers advice functions on the OAIC. This involves providing advice to government about action that need to be taken by an agency to comply with privacy laws, and making reports and recommendations to government about legislative change or administrative action needed in relation to the Act. It also involves advising tax file number recipients about their obligations in relation to confidentiality.

OAIC investigations

The OAIC can investigate any act or practice that might breach privacy laws. If it does find a breach has occurred, it must provide a report to the government that includes its findings and reasons, any recommendations to prevent repetition or continuation of the breach. It can also recommend the payment of compensation to someone who has suffered loss or damage as a result of the breach, or other action to remedy or reduce that loss or damage. A copy must be given to the agency concerned and the person affected. If action is not taken to deal with the breach within 60 days of the report being served, the OAIC can issue a second report which can be tabled in Parliament.

For advice or representation in any legal matter, please contact Armstrong Legal.