Australian Privacy Foundation home

The association that campaigns for privacy protections

Privacy Oversight Agencies

This document contains information about the various agencies throughout Australia that have some form of regulatory responsibility in relation to privacy:

You may find others in the membership list of the Asia Pacific Privacy Authorities (APPA) and the WorldLII index of Privacy Protection Agencies worldwide.

If you're aware of a relevant agency that isn't listed here, or of a material error in the content, please tell us!


Commonwealth of Australia

The Office of the Australian Privacy Commissioner was disestablished in 2010, and folded into Office of the Australian Information Commissioner (OAIC). The resources were also pillaged (although doubtless the term 'rationalised' would be preferred in bureaucratic hallways), as a result of the new Information Commissioner and the new FOI Commissioner being given fewer resources than they'd been promised, and the Privacy Commissioner being the junior player.

Here are relevant laws.

Some aspects of privacy may also come within the ambit of the Australian Human Rights Commission (HRC) – with which the Privacy Commissioner had varying relationships 1989-2010, but a less close relationship following the absorption into OAIC in November 2010.

The appointment of Privacy Commissioner was established in 1989. The first Commissioner was a Sydney resident, and the office has always been located there. From 1989 until 2010, the office was referred to variously as the Office of the Privacy Commissioner (OPC – which risked confusion with the other Offices with similar names in other jurisdictions), the Office of the Federal Privacy Commissioner (OFPC), or – particularly after the Howard Government changed the style of federal government agencies in about 2000 – the Office of the Australian Privacy Commissioner (OAPC).

In November 2010, the Office was disestablished, and absorbed into the new Office of the Australian Information Commissioner (OAIC). This encompasses information policy generally, including new FOI supervisory functions and the existing privacy functions. The Privacy Commissioner retains a few powers, but most were ceded to the more senior Information Commissioner. It appears that the Privacy Commissioner now operates as a first-level reporting executive to the Information Commissioner, with the privacy role subjugated to information policy more generally.

The first Information Commissioner is the immediate past Ombudsman 2003-10, John McMillan (2010-). The first FOI Commissioner is James Popple (2010-). (Because of the very low quality of the web-managers that the public service outsources to, the URLs may well break, again).

On at least some occasions the position of Privacy Commissioner has been advertised. However, a small selection committee of senior public servants recommends the successful applicant to the relevant Minister, who accepts it. There has never been any form of public involvement or consultation. The Privacy Commissioners have been:

From the time that the Office established a web-site in the mid-1990s, it used the domain privacy.gov.au. By early 2011, the content of the web-site was to be shifted to a sub-site within http://www.oaic.gov.au. Assurance was provided by OAIC on 15 November 2010 that "current deep links to the www.privacy.gov.au site will be maintained through a redirect function to the relevant documents after it's migrated to the new site". That turned out not to be a 'core promise', and many links were broken when the privacy.gov.au site was eventually closed down in 2013.


N.S.W.

After the State led the world in the late 1970s, the intransigence of the NSW public service, combined with the deep pit that is NSW politics, has ensured that the State's privacy protection regime has been a complete basket case for decades. A small privacy role exists within the Information and Privacy Commission (NSW IPC), with no specialist staff, and a Privacy Commissioner appointed from within the public service's own ranks, working part-time, as a minor player to an Acting Information Commissioner. Details are provided at the end of this section.

The Privacy Commission's scope extends to the health care sector, although a separate Health Care Complaints Commission also exists. It too has never earned much credibility.

Here are relevant laws.

History

An oversight agency operated 1975-1998 as a Committee, and since 1999 as a Commission. The Commissioner has only ever been part-time, and for long periods there has be an Acting Commissioner, including 2003-07 and 2009-2011.

The history of the Office is a thorough mess, indicative of the power of the public service to protect itself against nuisances.

The powers of the original Committee were (quite properly, for the time) limited to research and complaint-investigation and conciliation, although some Executive Members, particularly the first, made effective use of the media, including 'naming and shaming' privacy-invaders. The Committee had been intended as a short-term agency, to lay foundations and gather experience; but it remained in its original form for 24 years. The first Executive Member of the Committee was Bill Orme (1975-82), followed by Jim Nolan (1982-87?), ..., Maureen Tangney (1990?-93?), ..., and Catherine Riordan (1996?-1998).

In 1998, a (very weak) data protection law, commonly called PPIPA, was passed. Among other things, it disestablished the Privacy Committee. The part-time Chair at the time became the part-time Privacy Commissioner, and the full-time Executive Member became the full-time Deputy Privacy Commissioner. The Commission has very limited powers, and has been very poorly resourced throughout its life, but particularly since 2004.

During 2010, the Office of the Information Commissioner was established, with oversight responsibilities in relation to FOI and open government. Deirdre O'Donnell held that position July 2010 to May 2013.

With effect from 1 Jan 2011, the Information and Privacy Commission (NSW IPC) was formed, Privacy NSW was disestablished, its functions absorbed within NSW IPC, and the Information Commissioner functions swamped the privacy role. Kathrina Lo was Acting Information Commissioner from July 2013 to December 2013. Elizabeth Tydd, a career bureaucrat, was appointed with effect from (curiously) 23 December 2013.

During 1999 to 2013, the (often very) part-time Commissioners have been:

The full-time Deputy Privacy Commissioner post was held by:


Victoria

Office of the Victorian Privacy Commissioner (OVPC, or Privacy Victoria), Melbourne.

Privacy in the health care sector is partly within the jurisdiction of the Office of the Health Services Commissioner.

Some aspects of privacy in the law enforcement arena are within the jurisdiction of the Commissioner for Law Enforcement Data Security. (This was created because of the continual leaks of sensitive personal that occur).

Some aspects of privacy may also come within the ambit of the Victorian Equal Opportunity and Human Rights Commission.

Here are relevant laws.

The Privacy Commissioners have been:

In contrast to NSW, Privacy Victoria has been regarded reasonably seriously by agencies. The resources provided – although small in comparison with European norms – are significantly greater than those in NSW, and the effectiveness of the Office has been proportionately much higher throughout its life.


Queensland

Privacy Commissioner, within the OQIC

Here are relevant laws.

Until mid-2010, there was no oversight agency in Queensland, and the post of Privacy Commissioner has been problematic, even chaotic, throughout its life. The Office comprises a mere 3 EFTS within the 35-strong Office of the Queensland Information Commissioner (OQIC), whose primary functions are Information Policy and FOI (Right To Information – RTI). The level of interest by successive governments is amply demonstrated by the long delays in creating the role, in making an initial appointment, and in appointing a successor to the first and to date only Commissioner. The role has been formally filled during only 25% of the first 5 years of its existence:

The history of the post of Information Commissioner is also chequered:

Privacy in the health care sector is partly within the jurisdiction of the Health Quality and Complaints Commission.


Western Australia

There is no privacy oversight agency.

After years of promises, an Information Privacy Bill was finally introduced into the Parliament in March 2007. It did not progress. It would have created a (very) part-time Privacy and Information Commissioner, but the function was to be very limited, and instead of being assigned to the Information Commissioner, it was to be assigned to the the Ombudsman (aka the Parliamentary Commissioner for Administrative Investigations), where it would have paled into insignificance.

Privacy in the health care sector is partly within the jurisdiction of the Office of Health Review.

Here are relevant laws.


South Australia

There is no privacy oversight agency.

There is a Privacy Committee of South Australia, run out of the State Records Office, but it is unclear whether it has ever actually done anything that could be reasonably regarded as being privacy-protective. An unenforceable set of Principles exists, but the primary function of the Committee is to exempt agencies from complying with it.

Privacy in the health care sector is partly within the jurisdiction of the Health and Community Services Complaints Commissioner.

Here are relevant laws


Tasmania

There is no privacy oversight agency.

The Tasmanian Ombudsman is empowered to receive and investigate complaints, but the scope of the powers is extremely limited, and it is unclear whether the incumbent, Simon Allston, has done anything in relation to privacy since his office had the responsibility imposed on it in September 2005. Privacy barely warrants a mention on the web-site or in his Annual Reports.

Privacy in the health care sector is partly within the jurisdiction of the Health Complaints Commissioner.

Here are relevant laws.


A.C.T.

The A.C.T. adopted the Privacy Act (Cth) 1994-2014.
In 2014, it passed its own Information Privacy Act.
This adopted (the relevant parts of) the Commonwealth's approach and of the Clth APPs.
The A.C.T. government has an MOU with the Australian Privacy Commissioner.

The Act is administered by the ACT Justice and Community Safety Directorate.
Yet it appears that the agency's web-site has absolutuely nothing on it about privacy, even under human rights.
It appears that very little has ever happened. For example, Personal Information Digests were nominally published
by the ACT Dept of Justice, but when checked in August 2010, the site failed to provide access to them.

The Privacy Commissioner provides an information page

Privacy in the health care sector is partly within the jurisdiction of the Community & Health Services Complaints Commissioner.

Some aspects of privacy may also come within the ambit of the A.C.T. Human Rights Commission (HRC).

Some aspects of privacy may also come within the ambit of the A.C.T. Public Advocate.

Here are relevant laws.


N.T.

Office of the Northern Territory Information Commissioner

The Privacy Commissioners have been:

Privacy in the health care sector is partly within the jurisdiction of the Health and Community Services Complaints Commission.

Here are relevant laws.


APF thanks its site-sponsor:     Hosted by GoWeb image This web-site is periodically mirrored by
the Australian National Library's Pandora Archive
Free PageRank Checker

Created: 17 December 1998 - Last Amended: 15 September 2014 by Roger Clarke - Site Last Verified: 11 January 2009
© Australian Privacy Foundation Inc., 1998-2011  -   Mail to Webmaster
Site Map   -   This document is at http://www.privacy.org.au/Resources/Contacts.html  -   Privacy Policy