Budget backs OAIC probe of Optus data breach


Australia’s privacy watchdog will receive a $5.5 million funding boost to respond to the massive Optus data breach that compromised the personal information of almost 10 million customers last month.

Budget papers released on Tuesday night reveal the two-year investment for the Office of the Australian Information Commissioner (OAIC), which has struggled with its growing workload in recent years.

OAIC will use the funding to “investigate and respond to the Optus data breach”, previously described by Information Commissioner Angelene Falk as the country’s largest since the arrival of the Notifiable Data Breaches scheme in 2018.

The watchdog has already begun making preliminary inquiries with Optus, which initially failed to disclose to the government that Medicare card numbers were stolen in the breach, which also saw driver’s licences and passport numbers compromised.

Data breaches and their effects on the privacy of Australians are a growing source of work for the OAIC, with a spate of major data breaches in the private sector in recent weeks, including health insurer Medibank.

New legislation expected to be introduced this week would radically increase the maximum penalty against companies for serious or repeated data breaches, from its current $2.22 million penalty to up to $50 million

Ahead of the Budget, Ms Falk appealed to the government for more funding, warning that her office was “unable to keep up” with its increased workload. Last week, the regulator revealed it had achieved less than two thirds of its key performance indicators.

The resource constraints are particularly acute in the Freedom of Information (FOI) system. More than a quarter of FOI complaints the regulator handles now take more than a year to be resolved, with the average wait-time sitting at 10.5 months.

Average staffing levels (ASL) at OAIC are now forecast to grow from 118 in the 2021-22 financial year to 166 in 2022-23. It is not clear from Budget documents whether new staff will be involved in freedom of information or privacy work.

Do you know more? Contact James Riley via Email.

Leave a Comment