OAIC Annual Report – Key Findings

OAIC Annual Report – Key Findings

The Office of the Australian Information Commissioner tabled its annual report for 2018-19 in Parliament. The report shows a rise in privacy complaints, FOI requests and applications to review FOI decisions.

Key statistics for 2018–19 include:

* 3,306 privacy complaints received (up 12% compared to 2017–18)
* 2,920 privacy complaints finalised (up 6%)
* Average time to resolve a privacy complaint: 4.4 months
* 17,445 privacy enquiries received (down 10%)
* 950 notifications under the Notifiable Data Breaches scheme
* 928 applications for Information Commissioner review of FOI requests (up 16%)
* 659 IC reviews finalised (up 8%)
* 61 FOI complaints received (no change from 2017–18)
* Average time taken to finalise an IC review: 7.8 months

These statistics demonstrate the increasing value the community places on information and privacy, as well as the cost and time impact of a privacy breach to an organisation.

The majority were driven by privacy practices in six sectors: finance (13% of complaints), Australian Government (12%), health service providers (10%), telecommunications (7%), retail (5%), and online services (5%).

The most common issues raised with the OAIC were about use and disclosure, security, access, collection and the quality of personal information.

There are various baseline steps that any organisation should take to help avoid privacy breaches, including:

* Ensuring “privacy by design” – not just for new IT systems, but for any business initiative or project that involves identifiable information;
* Conducting Privacy Impact Assessments to ensure appropriate controls are adopted;
* Training staff about how they can help preserve data privacy and security;
* Ensuring appropriate cyber and information security controls;
* Having mechanisms in place to identify privacy and security breaches; and
* Documenting and testing privacy and security breach response plans.