OAIC is stretched to the limit
Angelene Falk: Workload at the Office of the Australian Information Commissioner is ballooning
The government’s data and privacy authority is in urgent need of additional funding to address a backlog of important work, a senate estimates hearing has been told.
Australian Information and Privacy Commissioner Angelene Falk appeared before an estimates hearing on Tuesday morning, and confirmed that she was in discussions with the federal government to secure additional funding for the Office of the Australian Information Commissioner (OAIC) in this year’s budget.
The Commissioner outlined how the agency’s workload was rapidly increasing and leading to longer delays in matters being dealt with.
In the last year, there has been an 18 per cent increase in privacy complaints received by the OAIC, and a 27 percent increase in Freedom of Information access review requests.
In the last six months of 2018, there was a 22 per cent increase in privacy complaints and a 42 per cent increase in Freedom of Information complaints.
The OAIC is also responsible for overseeing the Notifiable Data Breach scheme, with more than 800 breaches reported in the last year, compared with 114 under the previous voluntary scheme.
In total, the OAIC received over 10,000 enquiries across its remit in the second half of 2018.
The agency also has responsibilities within the Consumer Data Right regime.
Despite the significant additional responsibilities and increasing workload, the OAIC has not received any additional funding from the federal government, apart from $2.8 million in last year’s budget for its work on the CDR. This brought the agency’s permanent staffing levels from 75 to 92.
Ms Falk said that the restricted resourcing had led to delays in processing requests and complaints.
“We are looking at what resourcing needs might be moving forward should that workload sustain. The incoming work is greater than that which we are able to resolve and this is impacting on timeliness,” Ms Falk told the estimates hearing.
“In terms of the resourcing of the OAIC, the issues lie in terms of the staffing and case officers to assist to progress the increased workload that we’ve experienced in the last three years,” he said.
Senators at the hearing were frustrated at the commissioner’s apparent reluctance to criticise the government’s funding of the OAIC.
“She is a statutory officer with responsibilities. She has to show leadership in that regard. It’s quite perfunctory actually. I know you do a lot with the resources that you have, but you are of course aware there’s a statutory requirement for FOIs to be dealt with in a timely fashion, and you are at the heart of that when it comes to reviews” independent senator Rex Patrick said.
Senator Patrick later apologised for the comments after Ms Falk said that she had in fact earlier called for more resources from the government.
“I’ve not said that I don’t require additional resources. I have been on the record a number of times in terms of the increased workload and the fact that the ability of the office to keep up with that workload is being challenged,” Ms Falk said.
“I don’t think it’s acceptable as a statutory officer to simply say that the office requires more resources with nothing else added to that - I think that would be simplistic,” she said.
“There would be no regulator in the country who wouldn’t say that inevitably timeframes couldn’t be improved with additional resources, and I am no different to that.”
Ms Falk said that she is currently in discussions with the government over the OAIC’s resources going forward, with the federal budget to be handed down in April.
There have been ongoing concerns surrounding the funding of the OAIC in the face of a series of global data and privacy incidents, and a vastly increased workload and responsibilities.
Last year former Victorian privacy commissioner David Watt said the OAIC was facing “unprecedented challenges” with its resources already “stretched beyond breaking point”.
At an estimates hearing last year it was revealed that only five staff members are handling the entire data breach notification scheme.