A new OAIC or back to the future?

This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will be appointed.

This will mean that the OAIC, once again and as originally intended, will have three statutory office holders:

  • the Australian Information Commissioner (as agency head),
  • a Privacy Commissioner, and
  • a Freedom of Information (FOI) Commissioner.

And presumably three separate offices supporting each of these roles. But why was the OAIC so reduced?

What happened to the OAIC?

The Abbott government and the then Attorney General George Brandis decided almost 10 years ago to unwind the structure of the OAIC, and in particular the three different offices that made up the Commission.

Given this decision, tt provided the OAIC with a budget sufficient to fund it only until the end of 2014 (when it was to be abolished). The House of Representatives passed the bill to abolish the office. Shortly afterwards, however, it became apparent the bill would not be passed in the Senate.

Thwarted by the Senate in its effort to legislate to close the office, the government decidedto significantly reduce the operations of the OAIC, by among other things significantly reducing funding made available for the body.  Not unexpectedly, this had an adverse impact on its ability to fulfil its legislated obligations.

In December 2014, impacted by the lack of support and funding, freedom of information commissioner James Popple left to take up a role on the Administrative Appeals Tribunal and was not replaced.

Former information commissioner John McMillan was the next to go. He resigned to take up more stable employment as the New South Wales Ombudsman in July 2014, and was not replaced either.

This left Timothy Pilgrim as the Privacy Commissioner and also acting in the position of the Information Commissioner, the last commissioner standing.  However, Mr Pilgrim, finished his five-year term as privacy commissioner on July 19 2015, the day before McMillan left the OAIC. Rather than appoint a new commissioner, Mr Pilgrim’s appointment was extended at least three times for the minimum possible length of time possible, until the appointment of Ms Falk in 2018.

A photograph of two women sitting in an office setting for a candidate interview. They are each holding a copy of the applicants CV, which contains their personal information, for the hiring process.

OAIC reduced budget and functions

During the 2012-13 financial year, the OAIC spent $5 million on fulfilling its FOI functions, and just over $15 million in total. However, in the 2015 financial year the government provided roughly $1.7 million for the FOI function and $6.8 million for the privacy function (together, less than half that spent in the 2013 Financial Year).

Needless to say, the office’s functions were cut to cope with the reduction in staff and budget (as the then government intended).

The Commonwealth Ombudsman took over complaints about freedom of information in November, 2014. FOI policy and reporting was transferred to the Attorney-General’s Department and the Canberra office of the OAIC was shut in December, 2014.

Pilgrim told a group of lawyers last September 2015:

This has, naturally, created uncertainty and speculation particularly amongst administrative law and open government advocacy circles about the ability of the OAIC to be effective and perform the important role that it holds for the community in the privacy and FOI spaces.

“So let me be clear about this. Of course, this uncertainty is far from an ideal situation and I hope that soon we will have some clarity about the future of the OAIC.”

It was clear at the time that the government and certainly the Attorney General did not see the OAIC as playing an important role for the community. Reflecting on that time, and the reduction of the OAIC, the current Attorney General Mark Dreyfus said:

The former Coalition government left Australia disgracefully unprepared for this challenge by failing to update privacy laws and scrapping the position of a standalone privacy commissioner.”

OAIC: Increased structure

The attorney general’s announcement this month restores the OAIC to its original structure of an information commissioner, a privacy commissioner and a freedom of information commissioner.

The current information commissioner, Angelene Falk, who is also holding the role of privacy commissioner, will step down from the latter when a new privacy commissioner is appointed but will remain the information commissioner and head of the OAIC.

Toni Pirani has been appointed as an interim freedom of information commissioner, while a new FOI commissioner is recruited.

And of course, there is also an increased budget to go with the increased responsibilities.

OAIC: Increased budget

The Federal budget released this month, provided the OAIC a big jump in funding.  Additional funding to be made available includes:

  • an extra $17.8 million in the 2023–24 financial year
  • over the next four years, $44.3 million to support privacy activities, including work responding to the increased complexity, scale and impact of notifiable data breaches, as reflected in recent large-scale breaches
  • $9.2 million over the next two years to continue to regulate privacy aspects of the Consumer Data Right, My Health Record and Digital Identity.

More on the budget increases here.

All very good news for an office which has been so depleted over recent years and so close to extincton.

Business person sitting at a laptop computer holding an illustrated illuminated letter with multiple other letters flying into the screen (to indicate that they're being sent)

OAIC: Back to the future

So, what’s all this then?

Isn’t it just back to the future? Well, in a sense it is but in announcing the appointment, the Attorney-General cited the distress for millions of Australians caused by the large-scale data breaches of 2022, he reminded his audience of the big new penalties for data misfeasance, the comprehensive review of privacy laws and the commitment to properly fund the OAIC, and he emphasised that the standalone privacy commission would be dealing with what he described as the threats to data security.

It seems that this is a paradigm shift, not only in how seriously the government takes privacy but in the way that many members of the public have begun to think about data privacy and the internet, in terms of the former being actually important and, conversely, the later as being potentially menacing and scary in an almost existential way (as well as being incredibly useful, convenient and entertaining).

Let’s hope that is a position that will be embraced by future governments as well.

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.