OAIC to focus on big data, start-ups and IoT

With its funding and continued existence now secured, the Office of the Australian Information Commissioner (OAIC) plans to ramp up its privacy-related activity this year, according to Privacy Commissioner Timothy Pilgrim.

Speaking at the Privacy Business Breakfast as part of Privacy Awareness Week 2016, Pilgrim said the OAIC is ready to hit the ground running now that the government’s plans to disband the office have been reversed.

The government announced during the 2014 Budget that it planned to wind up the OAIC, introduce new arrangements for handling freedom of information issues and re-establish a dedicated Office of the Privacy Commissioner.

But as part of the 2016 Budget, the government announced it has abandoned these changes, returned funding to the OAIC and will enable it to continue with a regulating role under the Privacy and FOI Acts.

“As you might expect then, with the funding of the OAIC’s privacy and FOI functions now confirmed, you will be hearing from us a great deal and in a diversity of fora and locations,” Pilgrim said.

Key priorities for the OAIC for 2016 include reconciling the policy and innovation potential of big data with the requirement to protect personal information. The office is consulting on a draft guide to the use of big data in the context of Australian privacy principles.

“This has been developed in recognition of the use of data, and its potential to bring about social and economic benefits. But in order to realise those benefits we need to get privacy right as it is critical to consumer and public trust,” Pilgrim said.

“There is no doubt that big data practices challenge us to think about how key existing privacy principles — including notice and consent, data collection, use limitation and retention minimisation — work in practice.”

A key component of the OAIC’s guide will be the de-identification of personal data to ensure that privacy is maintained as the benefits of big data are realised.

The office also plans to make the IoT and tech start-up sectors a particular focus this year, Pilgrim said.

“We are collaborating with these sectors on the need to get privacy right and are encouraging them to make use of tools like our Privacy Management Framework, and our template for small and medium enterprises,” he said.

“This collaborative approach is our preferred model to regulation but rest assured that it will continue to be supported by a robust calendar of assessments, investigations in a variety of business and government sectors.”

The OAIC’s assessment activities for the year will include a close look at some of Australia’s most popular loyalty schemes. The office has already assessed the Coles and Woolworths loyalty programs.

Another major area of focus will be telecommunications as part of the office’s oversight of the privacy aspects of the controversial telecom metadata retention scheme.

Finally, Pilgrim noted that a pivotal moment for the OAIC and privacy regulation in Australia will come in August, when the full bench of the Federal Court is due to consider the definition of personal information as it applies to the Privacy Act.

The definition was explored by the Administrative Appeals Tribunal during an appeal into Pilgrim’s determination in a case involving journalist Ben Grubb seeking access to his own mobile usage metadata from Telstra.

“The AAT’s decision presents, potentially, a new and different scope to what constitutes personal information under the Privacy Act. I firmly believe that clarity and certainty around that definition are critical to the operation of the Act and to the fair and reasonable expectations of any business or agency which is required to be accountable to it,” Pilgrim said.

“Accordingly, I am of the view that consideration of this issue by the full bench of the Federal Court is essential for both our Office and the entities we regulate.”

Pictured: OAIC Commissioner Timothy Pilgrim.