The recently published Office of the Australian Information Commissioner (OAIC) Annual Report for the 2022-2023 fiscal year offers a comprehensive evaluation of the work performed by the OAIC to uphold data protection and privacy in Australia. The OAIC’s functions include conducting investigations, managing complaints, reviewing decisions under freedom of information legislation, monitoring agency administration, and providing advice to the government and the wider community.
Key highlights of the report include:
- Receipt of 1647 applications for the Information Commissioner to review freedom of information decisions (down by 16% from the previous year)
- Receipt of 202 freedom of information complaints (down by 2% from the previous year)
- Receipt of 3402 privacy complaints (up by 34% from the previous year)
- Receipt of an increase of 34% in privacy complaints than the previous year, with the average time taken to finalise a complaint being 6.4 months
- Receipt of 895 notifications under the Notifiable Data Breaches scheme (up by 5% from the previous year), with the average time taken to finalise a data breach notification being 55 days
- Managed 11,672 privacy enquiries (up by 7% from the previous year
- Managed 1637 freedom of information enquiries (down by 15% since the previous year)
- Investigated Optus, Medibank, Latitude and the Australian Clinical Labs in relation to their data breaches
- Investigated Bunnings and Kmart with respect to personal information handling practices, particularly the use of facial recognition technology
- Continued to regulate and advise on the Consumer Data Right in collaboration with the Australian Competition and Consumer Commission
- Contributed to the Attorney-General’s Department review of privacy legislation
- Top sectors reporting privacy complaints include finance, health service, telecommunications, government, and retail
The report is available here.