The Office of the Australian Information Commissioner (OAIC) is the independent national regulator for privacy and freedom of information. It promotes the rights of all Australians to access government-held information and have their personal information protected.
In October 2021, the government issued its Ministerial Statement of Expectations for the OAIC outlining how it expects the OAIC will achieve its objectives, carry out its functions and exercise its powers.
In December 2021, the OAIC responded to the Government’s Statement of Expectations with a Statement of Intent.
This article explores the Statement of Intent and how the OAIC intends to continually safeguard the rights of Australians regarding information privacy and freedom.
The OAIC Statement of Intent
The Statement was prepared by the Australian Information Commissioner and Privacy Commissioner, Angele Falk.
Commissioner Falk points out that under the Australian Information Commissioner Act 2010 (Cth), the OAIC’s functions are:
- Privacy functions that are conferred by the Privacy Act 1988 (Cth) and other legislation including resolving privacy complaints and conducting privacy assessments.
- Oversight of the operation of the Freedom of Information Act 1982 (Cth), including reviewing decisions made by agencies and ministers under that Act, resolving freedom of information (FOI) complaints and conducting investigations.
- Government information policy functions, including reporting on matters relating to Australian government information management policy and practice, and providing advice on FOI and privacy in relation to proposals for legislative change.
Principles of regulator best practice
The OAIC will exercise its functions and powers in accordance with the principles set out in the Regulator Performance Guide 2021.
Continuous improvement and building trust
The OAIC will promote a regulatory approach that facilitates voluntary compliance with privacy and FOI obligations including engaging with regulated entities and promoting privacy impact assessments.
Ensuring transparency and publicising actions taken to address noncompliance will help to promote public confidence in the regulatory activities of the OAIC.
Risk-based and data-driven actions
The OAIC will engage in effective risk management and cultivate a positive risk culture through its Risk Management Framework. This will help to prioritise strategic activities such as responses to the COVID-19 pandemic.
The OAIC engages with industry, government, and the broader community in the development of regulatory practices. The OAIC states that it is dedicated to promoting transparency, receiving and acting on stakeholder feedback, and providing compliance guidance to regulated entities.
The OAIC also seeks to engage with Commonwealth, state, territory and international regulators cooperatively on interjurisdictional regulatory issues and to take regulatory action to protect Australians’ personal information including through cross-border investigations.
Addressing Australian government policy priorities and objectives
The OAIC sets out how it intends to address key government priorities.
The OAIC will contribute to the deregulation process by seeking opportunities to remove duplication and streamline processes to improve efficiency and lift productivity. It will continually apply regulator best practices, assess performance, and engage with stakeholders.
The OAIC is committed to helping Australians manage privacy choices online and to enhancing protections for children and other vulnerable groups. It will work closely with industry on the development of the Online Privacy Code.
Consumer Data Right
The OAIC is a co-regulator of the Consumer Data Right, together with the Australian Competition and Consumer Commission (ACCC). The Consumer Data Right develops compliance and enforcement policies, project planning and risk management activities for specific sectors.
The Office of the Australian Information Commissioner (OAIC) protects the rights of Australians relating to privacy and freedom of information. In responding to the government’s Statement of Expectations, the OAIC has set out its Statement of Intent, outlining how it intends to uphold its functions under the Australian Information Commissioner Act.
This includes ensuring regulator best practice through continuous improvement and building trust, taking risk-based and data-driven actions, and engaging with stakeholders. The OAIC will also address key government priorities including the deregulation agenda, online privacy, and consumer data right.