On 11 May 2021 the Australian Government released the 2021-2022 Federal Budget (the Budget). While the Budget places a distinct focus on aged care and family initiatives such as childcare, which have been much discussed, it has also allocated funds for the development of a number of privacy initiatives within Australia.
The Budget has committed $11 million to privacy initiatives in Australia between 2021-2025. Most notably, $1 million has been allocated on a yearly basis between 2021-2025 to assist the Office of the Information Commissioner (OAIC) with its freedom of information (FOI) functions, including the appointment of a standalone Freedom of Information Commissioner who will sit within the OAIC. The position is currently filled by the Privacy Commissioner.
In addition, the OAIC has been allocated $3.5 million annually in 2021-2022 and the following year under the Digital Economy Strategy to resolve privacy complaints, conduct investigations and ensure timely handling of data breach notifications. The Government, by increasing the yearly funding of the OAIC from $26.405 million to $28.487, has evidenced an intention to bolster its regulatory and investigatory capacity.
Finally, $111.3 million has been allocated to the OAIC over two years from 2021-22 to continue the implementation of the Consumer Data Right (CDR) in the banking sector and to accelerate its rollout to other parts of the economy, including the retail energy and telecommunications sectors. This funding has been welcomed by the OAIC, with Australian Information Commissioner and Privacy Commissioner Angelene Falk committing to continue “efforts to ensure the protection of Australians CDR data and… uphold Australians’ right of access to government documents”.
The dedicated funding provided to implement the CDR highlights the Government’s intention to ensure consumers have greater access to and control over their data. This ongoing commitment to an economy-wide CDR has wide-reaching implications for organisations that process personal data in Australia in the sectors subject to CDR, which will be subject to a growing number of consumer data and product data requests in the coming years. As such, organisations in sectors earmarked for CDR should ensure they are taking steps to implement adequate processes and procedures to deal with requests under the CDR, so that they are not in breach of their obligations when the CDR is rolled out across their industry sector.
The increased funding provided to the OAIC under the Digital Economy Strategy evidences efforts by the Government to promote investments in cyber safety and information security generally. The additional funding provided will bolster the operational capacity of the OAIC and, as such, organisations should therefore expect an increasing OAIC presence in cybersecurity in both a regulatory and investigatory role.
The establishment of a dedicated FOI Commissioner will free the Privacy Commissioner and the rest of the OAIC to focus on privacy and CDR.
By increasing the funding allocated to privacy initiatives and with the Attorney-General’s Privacy Act review well under way, the Government is looking to strengthen the investigatory and regulatory capacity of the OAIC. The Government has also committed to the implementation of new initiatives that will likely impact all organisations operating in Australia. As such, organisations should ensure adequate measures and processes are in place so that they are able to effectively and competently respond to the heightened regulatory landscape that is likely to emerge in the next 12-24 months.