Privacy complaints hit record levels as OAIC winds down

Privacy complaints made to the Office of the Australian Information Commissioner grew by a record 183 percent over the last year, as the agency prepares to be disbanded and split up following a directive in the Federal Government budget.

In what is likely to be its final annual report [pdf], released today, the OAIC revealed it received 4239 privacy complaints in 2013-14 compared to 1496 the year prior.

The Office attributed the "hefty" rise to two significant data breaches attracting a high level of individual complaints - the inadvertent leak of asylum seeker details at the Immigration department, and the leak of the personal details of 300 employees at superannuation giant Cbus to the construction union in May - as well as changes to the credit-related provisions of the Privacy Act which commenced in March.

Most of the complaints were made about companies in the finance sector, the OAIC reported.

Complaints against government agencies were high, and were predominantly boosted by the 904 individual complaints made against the Immigration department from the February leak.

The Cbus leak received 430 individual complaints, the OAIC reported.

The OAIC closed 65 percent of the complaints without investigation, generally after finding that there had either been no interference to privacy, that the complainant hadn't raised the issue with the respondent first or hadn't given the respondent sufficient time to deal with the complaint, or that the complaint did not fit within certain criteria.

The agency also investigated a number of organisations under its own initiative over the past year, including Telstra, AAPT and Melbourne IT, Multicard and Cupid Media.

Voluntary data breach notifications were made to the OAIC on 71 occasions in the 12 month period, a 16 percent increase on the year prior.

The notifications generally regarded the theft of or unauthorised access to secured personal information, loss or misplacement of devices containing user data, and accidental disclosure of the details.

The agency said it had managed to increase its closure rate of while handling an increased number of complaints and review applications with a reduced number of staff.

The 183 percent rise in privacy complaints was matched by a 74 percent increase in completed matters and a drop in average completion time of 44 percent, to an average of 87 days, it said.

"The OAIC was delighted with this turnaround in individual case handling, occurring at a time when OAIC budget-supported staffing had progressively declined from almost 80 FTE at 30 June 2011 to around 65 FTE at 30 June 2014. "

- OAIC annual report

The OAIC also managed to roll out substantial changes to the Privacy Act, commencing March 12 this year, while dealing with a reduced budget and consequently fewer staff.

"The initial staffing estimate for the OAIC when it was being established was around 100 staff to carry out the three FOI, privacy and information policy functions. At times during 2013–14 the staffing level was closer to 77.55 staff. The OAIC did not receive additional resources for privacy reform implementation."

- OAIC annual report

The latest annual report is expected to be the last for the office, as the Government prepares to abolish the OAIC and split up its functions by December 31.

Privacy Commissioner Timothy Pilgrim will continue his work with an office of staff based out of Sydney, while the OAIC's freedom of information (FOI) functions will be shifted to the Attorney-General's Department.

The role of Information Commissioner, currently filled by Professor John McMillan, will cease to exist.

In remarks accompaying the annual report, McMillan said the OAIC had "great pride in its substantial record of achievement".

‘The OAIC’s vision has been an Australia where privacy and information access rights are respected and public sector information is managed in the public interest," he said.

"We look to that vision being taken forward by others, and the establishment of the office of the Australian Privacy Commissioner from 1 January 2015."

Read iTnews' interview with Privacy Commissioner Timothy Pilgrim about how to make privacy law stick with limited resources