|
|
|
|
From the Privacy
Commissioner’s desk
I’m delighted to be writing my inaugural missive from the Privacy Commissioner’s desk, and to be doing so with Privacy Awareness Week on the horizon (6-12 May). As a passionate privacy advocate, I’m extremely excited about the privacy landscape in 2024. With privacy reform on the way, and developments in technology continuing to evolve and challenge privacy practices, there has never been a more pressing moment for individuals, businesses and governments to pay attention to privacy.
Strong privacy practices are good for everyone: for consumers, who feel more confident participating in the digital economy; for businesses, which can boldly innovate knowing that guardrails are in place to protect customers; and for government, which can realise the benefits of new technologies with the trust of its citizens.
I am urging Australian businesses, agencies and other organisations to step up and ‘power up’ privacy and make a real difference for the community. For PAW this year the OAIC is putting a spotlight on the key principles of transparency, accountability and security.
If you haven’t already, now is a great time to explore our paw.gov.au website, where you can also sign up your workplace to support PAW, check out some PAW events, and access a range of resources. |
|
|
|
|
|
|
|
Strong privacy practices are good for everyone: for consumers, who feel more confident participating in the digital economy; for businesses, which can boldly innovate knowing that guardrails are in place to protect customers; and for government, which can realise the benefits of new technologies with the trust of its citizens.
|
|
|
|
|
|
|
Latest news |
|
|
|
|
|
A Legislated Framework for Digital ID is Coming
The Digital ID Bill 2024 recently passed the Senate and is set to move to the House of Representatives alongside the Digital ID (Transitional and Consequential Provisions) Bill 2024, in the next sitting period.
These bills will establish a legislative framework to expand Australia’s Digital ID system.
The OAIC will be the privacy regulator for the Digital ID scheme, and will use a range of enforcement powers to ensure that individuals’ privacy is protected as the system is expanded. We will also provide information to consumers and entities participating in the system to support compliance with the privacy safeguards for Digital ID.
We are currently seeking expressions of interest from qualified professionals who are interest in being involved in this work at the OAIC.
Read more about the Digital ID Bill 2024 on the Parliament of Australia website, and see the Digital Identity Privacy – Employment Register on the OAIC website. |
|
|
|
|
|
The OAIC will be the privacy regulator for the Digital ID scheme, and will use a range of enforcement powers to ensure that individuals’ privacy is protected as the system is expanded.
|
|
|
|
|
|
Consultation on application to vary the Credit Reporting Code
The OAIC is conducting a public consultation on the application made by the Australian Retail Credit Association to vary the Privacy (Credit Reporting) Code 2014.
The application is to give effect to the proposals from the 2021 independent review of the CR Code.
We invite interested individuals, agencies and organisations to provide comments on the application.
Submissions can be made via email at [email protected]. The closing date for submissions is COB Tuesday 7 May 2024.
|
|
|
|
|
|
Reminder: National Health (Privacy) Rules 2021 consultation closes tomorrow
The OAIC is reviewing the National Health (Privacy) Rules 2021 to ensure they remain fit for purpose.
The rules set out how Australian Government agencies may use, store, disclose and link Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Schedule (PBS) claims information.
We’re seeking submissions from interested individuals, agencies and organisations on the new draft rules, including:
- their effect on individuals
- the operation of MBS and PBS processes
- public sector operations and policy development
- open data and associated research initiatives.
Interested individuals, agencies and organisations may provide feedback on the new draft rule through our consultation until COB tomorrow, Wednesday 1 May 2024.
|
|
|
|
|
|
|
|
Updates and advice — freedom of information |
|
|
|
|
|
Part 9 FOI Guidelines
The OAIC has revised Part 9 of the FOI Guidelines: ‘Internal agency review of decisions’, following a public consultation process.
A number of significant additions have been introduced, such as the factors agencies should take into account when deciding whether to grant an extension of time for internal review, and clarification that FOI applicants should not apply for internal review and IC review at the same time.
A full list of the revisions are available on the Summary of version changes to s93A guidelines page on our website. |
|
|
|
|
|
Agency resource: managing increased volume of FOI requests
The FOI Act requires agencies and ministers to comply with statutory timeframes for processing FOI requests.
At times, agencies may experience increases in FOI requests which may pose challenges in ensuring decisions are finalised within these timeframes. The OAIC’s FOI agency resource 16: Managing an increased volume of FOI requests sets out practical strategies and other guidance to assist agencies. |
|
|
|
|
|
Reminder for FOI practitioners: use Smartforms for EOTs
Agencies should request an extension of time to process an FOI request, or notify an agreed extension of time using the OAIC’s online smart form.
Remember, if an agency does not provide the Information Commissioner with adequate reasons, we may refuse the extension of time request. Our website provides further guidance and advice for agencies about extension of time for processing requests, including the details to be included in a request. |
|
|
|
|
|
Reminder for FOI practitioners: Providing links to OAIC smartforms
Any decision letter, or other notice setting out review rights, should link to the OAIC’s smart forms to assist in timely lodgement of IC review applications.
Please ensure your templates link to the OAIC’s:
|
|
|
|
|
|
FOI Complaints and IC reviews: meeting timeframes
Agencies should refer to our previous ICON alert on 15 March 2024, where we provided information about the OAIC’s expectations for meeting timeframes for requesting information for both FOI complaints and IC reviews. Requests for extension of times will only be granted by the OAIC in exceptional circumstances. |
|
|
|
|
|
Smartforms for applicants
FOI Information Commissioner (IC) Review Applications should be submitted via our online smartform to prevent delay in the processing. IC review applications received via email require manual registration and acknowledgement which may delay the progress of these applications. |
|
|
|
|
|
|
Notable events
The OAIC is holding a series of webinars for FOI practitioners working with the Australian Public service.
- 30 April 2024: General FOI obligations
- 23 July 2024: FOI Stats
- 26 August 2024: IC review practice update
- 10 September 2024: Extensions of Time
- 22 October 2024: Complaints
- 19 November 2024 (TBC): Vexatious applicant declarations.
If you are an APS employee and would like to attend the first webinar on 30 April 2024 at 12:00 to 1:00 pm AEST please email us at [email protected]. This webinar on FOI obligations will provide an overview of the FOI Act, the role of the OAIC, processing of FOI requests, and proactive publication.
Registration details for future sessions will be circulated closer to the date. We will additionally host two webinars on the 2023 Information Publication Scheme review (dates TBA). |
|
|
|
|
|
Updates and advice — privacy |
|
|
|
|
|
Submission to Cyber Security Legislative Reforms Consultation Paper
The OAIC made a submission to the 2023-2030 Australian Cyber Security Strategy: Cyber Security Legislative Reforms Consultation Paper.
In the submission, the OAIC outlines its support for addressing gaps in existing regulatory frameworks and amendments to the SOCI Act, and makes six recommendations to assist in ensuring the interoperability of these frameworks with the Privacy Act.
The OAIC welcomes the commitment to coordinating with other adjacent programs of work across Government, including the Privacy Act Review. There is an important opportunity to ensure a whole-of-government approach to reducing the risk of cyber harm.
|
|
|
|
|
|
Australian Digital Health Agency podcast
Assistant Director of the OAIC’s Health and Government team Emily McPhee recently spoke on the Australian Digital Health Agency podcast.
Emily spoke alongside health professionals on the topic of My Health Record security and access policies and why healthcare provider organisations are required to have one to connect to My Health Record. |
|
|
|
|
|
|
For your information |
|
|
|
|
|
|
|
|
|
|
|
|
Please do not reply to this message as you will not get a response. We welcome your feedback at [email protected].
If you would prefer not to continue receiving this monthly newsletter, you can unsubscribe below. If you have been forwarded this newsletter by someone else, we invite you to subscribe.
|
|
|
|
|
|
|
|