Your monthly update from the OAIC with latest news, resources, decisions and consultations |
|
|
|
|
|
|
|
|
Uber determination finds privacy breach
|
|
Australian Information Commissioner and Privacy Commissioner Angelene Falk has found Uber Technologies, Inc. and Uber B.V. interfered with the privacy of an estimated 1.2 million Australians.
Commissioner Falk found the Uber companies failed to appropriately protect the personal data of Australian customers and drivers, which was accessed in a cyber attack in October and November 2016.
The determination finds the Uber companies breached the Privacy Act 1988 by not taking reasonable steps to protect Australians’ personal information from unauthorised access and destroy or de-identify the data as required. They also failed to take reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles.
“This determination makes my view of global corporations’ responsibilities under Australian privacy law clear,” Commissioner Falk said.
“Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred overseas within the corporate group.”
|
|
|
|
|
|
|
|
ARCA consultation on proposed CR Code variations
|
|
The Australian Retail Credit Association (ARCA) is currently undertaking public consultation about proposed variations to the Privacy (Credit Reporting) Code 2014 (CR Code). ARCA is the Code Developer for the CR Code under Part IIIB of the Privacy Act.
The proposed variations are to give effect to amendments to credit reporting laws, introduced by the National Consumer Credit Protection Amendment (Mandatory Credit Reporting and Other Measures) Act 2021, which passed in February 2021. These amendments introduce reporting of 'financial hardship information' where relevant from 1 July 2022, among other things.
ARCA’s public consultation is open until 4 August 2021. The consultation material can be accessed on the ARCA website and submissions can be emailed to [email protected].
|
|
|
|
|
|
|
|
|
My Health Record emergency access guidance
|
|
The OAIC has published privacy guidance to help healthcare providers understand their privacy obligations when using the My Health Record emergency access function. This guidance includes general advice, case studies, and tips on when and how to use the emergency access function.
We’ve also developed FAQs and a flowchart to help healthcare providers decide whether to use the emergency access function, which can be printed and posted in your workplace.
|
|
|
|
|
|
|
|
|
International Access to Information Day
|
|
On 28 September, the Office of the Australian Information Commissioner will join members of the United Nations and Australian states and territories in marking International Access to Information Day.
This year’s theme — Open by design — promotes a commitment to the proactive release of information commonly sought under the access to information frameworks or identified as valuable or necessary for open and accountable government.
The event began as Right to Know Day in Bulgaria in 2002, and was proclaimed as International Access to Information Day in October 2019. It recognises the importance of the community’s ‘right to know’ and to access information from governments around the globe.
Save the date
To mark the day, the OAIC will host an information session for members of our Information Contact Officer Network (ICON) on Monday 27 September 2021. More information will be shared with ICON members soon.
Watch this space – we will launch this year’s campaign website and supporting materials in the coming weeks. If you have any questions about the campaign, contact us as [email protected].
|
|
|
|
|
|
|
|
Global regulatory cooperation
|
|
International regulatory cooperation and collaboration is an essential part of the OAIC’s work to protect Australians’ personal data wherever it flows.
The Global Privacy Assembly’s (GPA) Strategic Direction Sub-Committee, chaired by Commissioner Angelene Falk, facilitated deep dives with GPA Working Groups focused on COVID-19, the Future of the Conference, and the Role of Personal Data Protection in International Development Aid, International Humanitarian Aid and Crisis Management. At these deep dives, Working Group chairs shared their experiences in delivering against the GPA’s Strategic Plan 2019-21.
The GPA’s Digital Citizen and Consumer Working Group (DCCWG), co-chaired by the OAIC and the Office of the Privacy Commissioner of Canada, considers how privacy intersects with other regulatory spheres. The DCCWG recently commissioned and released an independent academic report into cross-regulatory intersections between Privacy and Competition.
|
|
|
|
|
|
|
|
Recent engagements and upcoming events
|
|
|
|
|
|
|
FOI Commissioner
Join us at the OAIC as we work to increase trust and confidence in access to government-held information.
The Attorney-General's Department is seeking expressions of interest from qualified candidates for appointment as the Freedom of Information Commissioner.
Applications have been extended and should be emailed to [email protected] by 5.00pm (AEST) on Friday 13 August 2021.
|
|
|
|
|
|
|
|
|
A reminder that Australian Government agencies must lodge their annual freedom of information (FOI) statistical returns by 31 July 2021.
The annual return asks for information about the number of staff and the time they spend doing FOI and Information Publication Scheme (IPS) work, as well as non-staff costs directly attributable to FOI and IPS such as legal advice, litigation and training costs.
Statistical returns are required under the Freedom of Information (Prescribed Authorities, Principal Offices and Annual Report) Regulations 2017. The data is collated to provide a picture of how FOI requests are administered across the Australian Government and published in the OAIC’s annual reports and on data.gov.au.
The final quarterly FOIstats return for 2020-21 was due on 21 July. Information contact officers can email questions about their returns to [email protected].
Any agencies and ministers that have not completed their annual returns by the due date may be noted as having not complied with their reporting requirements under the FOI Act.
|
|
|
|
|
|
|
|
Abuse of the Older Person: eLearning Program for Health and Aged Care Professionals
|
|
|
A new online training program for health and aged care professionals to enhance their skills to support older people experiencing abuse has been developed by the Older Persons Advocacy Network, Australia’s peak body for aged care advocacy.
The program includes a segment featuring Commissioner Falk explaining exceptions in the Privacy Act 1988 which permit health service providers to disclose personal information in the context of reporting abuse of older Australians.
The ‘Abuse of the older person’ online training is free and self-paced, covering 40 topics with a range of respected subject matter experts.
|
|
|
|
|
|
|
|
|
|
Latest news and submissions
|
|
|
|
|
|
|
Information Commissioner decisions
|
|
Information Commissioner review decisions are listed on our website and published in full on AustLII. Recent Information Commissioner decisions include:
- ‘XJ’ and Services Australia (Freedom of Information) [2021] AICmr 26
- ‘XK’ and Australian Taxation Office (Freedom of information) [2021] AICmr 27
- Ken Kush and Associates Barristers and Solicitors and the Department of Home Affairs (Freedom of Information) [2021] AICmr 28
- ‘XM’ and Australian Financial Security Authority (Freedom of information) [2021] AICmr 30
- Stefania Maurizi and Department of Foreign Affairs and Trade (Freedom of Information) [2021] AICmr 31
- Rex Patrick and Services Australia (Freedom of information) [2021] AICmr 32
- Josh Taylor and Minister for Foreign Affairs (Freedom of information) [2021] AICmr 33
- 'XN' and Australian Federal Police (Freedom of information) [2021] AICmr 35
|
|
|
|
|
|
|
Please do not reply to this message as you will not get a response. We welcome your feedback at [email protected].
If you would prefer not to continue receiving this monthly newsletter, you can unsubscribe below. If you have been forwarded this newsletter by someone else, we invite you to subscribe.
|
|
|
|
|
|
|
|
|