|
Your monthly update from the OAIC with latest news, resources, decisions and consultations |
|
|
|
|
|
|
|
|
|
|
|
Notifiable Data Breaches Report
|
|
|
Our latest Notifiable Data Breaches Report highlights how we expect entities to prevent and respond to data breaches caused by ransomware and impersonation fraud.
The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents.
Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Today we published our Corporate Plan 2021–22 which sets out our strategic priorities and key activities for the coming years.
As Australian Information Commissioner and Privacy Commissioner Angelene Falk writes:
"The past 12 months has been an unprecedented year marked by the impact of the COVID-19 pandemic. But it has also set new benchmarks for practice in privacy and information access, as government and business responded to heightened community awareness and expectations for open and timely information sharing and strong privacy protections in areas of higher risk.
As we look to a future in which new businesses are 'born' digital and more government services are available online, increasing public trust and confidence in digital interactions through the protection of personal information and access to government-held information remains at the heart of our vision."
The OAIC’s strategic direction during this financial year includes:
- strengthening protections for personal information online through regulatory action, privacy law reform advice and the Online Privacy Code
- regulating compliance with personal information security obligations through the Notifiable Data Breaches scheme and Consumer Data Right
- overseeing new personal information handling practices arising from COVID-19 to support the pandemic response and recovery
- promoting the proactive release of government-held information and developing the FOI capabilities of Australian Government agencies and ministers.
|
|
|
|
|
|
|
|
|
|
|
International Access to Information Day
|
|
 |
|
On Tuesday 28 September 2021 we will join members of the United Nations and Australian states and territories in marking International Access to Information Day.
This event recognises the importance of the community’s right to access information held by governments around the globe.
Our theme this year – Open by design – highlights the need for governments to consider how they will make information accessible from the start in policy development, projects and service delivery, and release information proactively. This includes information that is commonly sought or identified as valuable or necessary for open and accountable government.
The event also promotes the value of access to information in fostering innovation and helping everyone participate in our democracy.
Our campaign website is now live and features a range of resources and events to support a greater understanding of information access rights and responsibilities.
We've also created a toolkit to help Australian Government agencies mark #AccessToInfoDay, which will be distributed this week through our Information Contact Officers Network (ICON).
|
|
|
|
|
|
|
|
|
ICON session: save the date
The OAIC will host an information session for ICON members on the morning of Monday 27 September 2021 featuring a keynote address from our Commissioner Angelene Falk and an international guest speaker.
Acting FOI Commissioner Elizabeth Hampton will also lead a discussion on information access through times of heightened activity and significant public scrutiny.
Please note this event is for representatives of Australian Government agencies and ministers only. An alert will be sent to ICON members with more information about this year’s campaign soon.
|
|
|
|
|
|
|
|
|
|
|
We’ve launched 3 new Consumer Data Right (CDR) videos to help businesses and consumers understand some of the privacy aspects of the CDR:
Visit our website for more CDR privacy guidance and advice for consumers and businesses participating in the system.
|
|
|
|
|
|
|
|
|
|
|
|
|
Commissioner Angelene Falk was recently reappointed for another 3-year term, to August 2024. The reappointment was announced this month by Attorney-General Michaelia Cash.
|
|
|
|
|
|
|
|
|
Deputy Commissioner Elizabeth Hampton was appointed to act as Freedom of Information Commissioner from 13 August 2021 for a period of up to 3 months.
|
|
|
|
|
|
|
|
|
|
COVID-19 guidance and advice
|
|
|
Our new COVID-19 check-in apps privacy FAQs cover the privacy protections in place for check-in apps, section 94H of the Privacy Act 1988, and where to go to make a privacy enquiry or complaint.
We have developed a range of privacy and FOI guidance and advice during the COVID-19 outbreak for individuals, Australian Government agencies and organisations covered by the Privacy Act, including guidance on vaccinations:
|
|
|
|
|
|
|
|
|
|
Creation of the Data-matching Rules
|
|
|
The Australian Information Commissioner and Privacy Commissioner recently issued the Data-matching Program (Assistance and Tax) Rules 2021. These replace previous guidelines that were due to sunset on 1 October.
The Data-matching Rules regulate how the Australian Taxation Office and assistance agencies, including the Department of Social Services, Services Australia, and Department of Veterans’ Affairs, use tax file numbers to compare personal information so they can detect incorrect payments. The OAIC oversees compliance with these rules.
The Data-matching Rules were made following targeted consultation with agencies and a public consultation period. The Rules were tabled in the House of Representatives and Senate on 15 June 2021, before commencing on 25 August 2021.
|
|
|
|
|
|
|
|
|
|
Privacy Officer training webinars
|
|
|
Our next Australian Government Privacy Officer training webinars in September and October have sold out, but we are seeking expressions of interest for future sessions.
The webinar is for staff who are new to the Privacy Officer role or seeking a refresher and covers the Australian Government Agencies Privacy Code, privacy impact assessments, data breaches and recent developments.
Register your interest in future Privacy Officer training by emailing us at [email protected]. In your email, please include the number of places you are seeking to book for your agency.
And don’t forget to check out our other resources including the Privacy in Practice e-learning program and Privacy Officer Toolkit.
|
|
|
|
|
|
|
|
|
|
Recent engagements and upcoming events
|
|
|
Last week Commissioner Angelene Falk presented the work of the OAIC and Global Privacy Assembly on ensuring privacy practices remain central to COVID-19 responses to an Asia-Pacific Economic Cooperation (APEC) virtual event, Digital Tools for Addressing Infectious Diseases in the Asia-Pacific Region: Challenges and Opportunities.
Acting FOI Commissioner Elizabeth Hampton spoke about developing culture and awareness to improve cyber security and resilience at the Canberra leg of the Public Sector Network Cyber Security Executive Meeting Series.
In September, Assistant Commissioner David Stevens will present on the Notifiable Data Breaches scheme to members of the Australian Banking Association and at the APEC virtual forum on Improving Cross-Border Effectiveness of Personal Data Breach Notification Systems.
|
|
|
|
|
|
|
|
|
|
Latest news and submissions
|
|
|
|
|
|
|
|
|
|
Information Commissioner decisions
|
|
|
Information Commissioner review decisions are listed on our website and published in full on AustLII. Recent Information Commissioner decisions include:
- 'XR' and Department of Home Affairs (Freedom of Information) [2021] AICmr 38
- Rex Patrick and Department of Defence (Freedom of Information) [2021] AICmr 39
|
|
|
|
|
|
|
|
|
Please do not reply to this message as you will not get a response. We welcome your feedback at [email protected].
If you would prefer not to continue receiving this monthly newsletter, you can unsubscribe below. If you have been forwarded this newsletter by someone else, we invite you to subscribe.
|
|
|
|
|
|
|
|
|
|
|
|
