{ "entity_id": "O-000792", "folder": "Office-of-the-Australian-Information-Commissioner", "name": "Office of the Australian Information Commissioner", "type": "Non-corporate Commonwealth Entity", "jurisdiction": "Commonwealth", "portfolio": "Attorney-General's", "website": "http://www.oaic.gov.au", "data_status": "rich", "completeness": { "has_strategy_brief": true, "has_strategy_structured": true, "has_vision": false, "has_kpi_targets": true, "has_kpi_results": true, "has_strategy_overview": true, "has_legislation_text": true, "has_legislation_structured": true, "has_global_initiatives_text": true, "has_ideas": true, "has_artifacts": true, "n_ideas": 8, "n_legislation": 9, "n_artifacts": 13, "n_kpi_targets": 4, "n_kpi_results": 4, "n_outcomes": 1, "verified_own_data": true }, "strategy_profile": { "status": "published", "confidence": "high", "summary": "To promote and uphold privacy and information access rights.", "official_site_url": "http://www.oaic.gov.au", "source_documents": [ { "type": "annual_report", "title": "OAIC_Annual-Report-2023-24 (PDF, 5918 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "period": "2023-24", "confidence": "high" }, { "type": "annual_report", "title": "Annual report 2022-23 (PDF, 5450 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0029/94295/OAIC_Annual-Report-2022-23.pdf", "period": "2022-23", "confidence": "high" }, { "type": "annual_report", "title": "Download the print version", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0021/23097/OAIC_annual-report-2021-22_final.pdf", "period": "2021-22", "confidence": "high" }, { "type": "annual_report", "title": "Download the print version", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf", "period": "2020-21", "confidence": "high" }, { "type": "annual_report", "title": "Download the print version (PDF, 6681 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf", "period": "2019-20", "confidence": "high" }, { "type": "corporate_plan", "title": "Corporate plan 2025–26 (PDF, 5144 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "period": "2025-26", "confidence": "high" }, { "type": "corporate_plan", "title": "OAIC Corporate plan 2024–25 (PDF, 2154 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf", "period": "2024-25", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 8373 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf", "period": "2023-24", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 12841 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf", "period": "2022-23", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 6761 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf", "period": "2021-22", "confidence": "high" } ], "purpose": { "text": "To promote and uphold privacy and information access rights.", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 9, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9" }, "vision": null, "strategic_priorities": [ { "title": "Rights preservation in new and emerging technologies", "description": "Rights preservation in new and emerging technologies", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Rebalancing power and information asymmetries", "description": "Rebalancing power and information asymmetries", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Ensuring timely access to government information", "description": "Ensuring timely access to government information", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Excessive collection and retention of personal information", "description": "Excessive collection and retention of personal information", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Systemic failures to enable timely access to government information", "description": "Systemic failures to enable timely access to government information", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Advertising technology (Ad tech) such as pixel tracking", "description": "Advertising technology (Ad tech) such as pixel tracking", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" } ], "values": [ { "name": "Independent", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "Agile", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "Engaged", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "Targeted", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "Expert", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null } ], "outcomes": [ { "name": "Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions", "description": "The OAIC’s activities support the effective regulation of the Consumer Data Right (CDR) and the advancement of online privacy protections.", "activities": [ "Influence and uphold privacy and information access rights frameworks", "Advance online privacy protections for Australians", "Encourage and support proactive release of government information", "Take a contemporary, harms-based approach to regulation" ], "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 7, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7" } ], "performance_measures": [ { "code": "PRI01", "measure": "Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback", "target": "Baseline to be set", "latest_result": "71", "status": "Achieved", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 26, "result_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "result_source_page": 23 }, { "code": "PRI02", "measure": "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "target": "Baseline to be set", "latest_result": "78%", "status": "Not achieved", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 28, "result_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "result_source_page": 23 }, { "code": "FOI01", "measure": "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "target": "90%", "latest_result": "65%", "status": "Not achieved", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 30, "result_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "result_source_page": 26 }, { "code": "FOI02", "measure": "Initial assessments are completed and recorded on all proactive regulatory activities to ensure appropriate and proportionate regulatory responses", "target": "100%", "latest_result": "97%", "status": "Achieved", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 31, "result_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "result_source_page": 26 } ], "document_alignment_terms": { "must_support": [ "To promote and uphold privacy and information access rights.", "Rights preservation in new and emerging technologies", "Rebalancing power and information asymmetries", "Ensuring timely access to government information", "Excessive collection and retention of personal information", "Systemic failures to enable timely access to government information", "Advertising technology (Ad tech) such as pixel tracking" ], "watch_terms": [ "Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback", "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "Initial assessments are completed and recorded on all proactive regulatory activities to ensure appropriate and proportionate regulatory responses" ], "avoid_claiming_without_evidence": [] }, "review_note": "" }, "strategy_brief_md": "# Office of the Australian Information Commissioner — Strategy Brief\n\n**Reporting period**: 2023-24\n**Corporate plan in force**: 2025-26\n**Annual Report**: [2023-24](https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)\n**Corporate Plan**: [2025-26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)\n\n## Our purpose / purposes\n\n> To promote and uphold privacy and information access rights. [[CP p.9](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)]\n\n## How we deliver\n\n> The OAIC promotes an organisational culture that supports best regulator practice. We are committed to supporting and building the capability of our staff, guided by four pillars which apply across all aspects of our work: We are proactive and adopt a risk-based, enforcement-focused posture. Our approach is proportionate to seek opportunities to engage and consult genuinely with stakeholders; provide up-to-date, clear and accessible guidance and information to assist regulated entities with compliance; be receptive to feedback and diverse stakeholder views; seek to increase transparency in decision-making processes, and seek continuous improvement against these principles. [[CP p.10](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=10)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=10)]\n\n## Government priorities for this department\n\n- Rights preservation in new and emerging technologies [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Rebalancing power and information asymmetries [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Ensuring timely access to government information [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Excessive collection and retention of personal information [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Systemic failures to enable timely access to government information [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Advertising technology (Ad tech) such as pixel tracking [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n\n## Outcomes\n\n### Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions\nThe OAIC’s activities support the effective regulation of the Consumer Data Right (CDR) and the advancement of online privacy protections. [[CP p.7](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7)]\n\n**Key activities:**\n- Influence and uphold privacy and information access rights frameworks\n- Advance online privacy protections for Australians\n- Encourage and support proactive release of government information\n- Take a contemporary, harms-based approach to regulation\n\n## Values and principles\n\n- Independent\n- Agile\n- Engaged\n- Targeted\n- Expert\n\n## What they will measure themselves on this year (targets from 2025-26 corporate plan)\n\n| Code | Measure | Target | Source |\n|---|---|---|---|\n| PRI01 | Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback | Baseline to be set | [CP p.26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=26)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=26) |\n| PRI02 | Percentage of regulated entities that report satisfaction with OAIC guidance and resources | Baseline to be set | [CP p.28](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=28)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=28) |\n| FOI01 | Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations | 90% | [CP p.30](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=30)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=30) |\n| FOI02 | Initial assessments are completed and recorded on all proactive regulatory activities to ensure appropriate and proportionate regulatory responses | 100% | [CP p.31](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=31)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=31) |\n\n## How they performed last year (results from 2023-24 annual report)\n\n| Code | Measure | Result | Status | Source |\n|---|---|---|---|---|\n| PRI01 | Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback | 71 | Achieved | [AR p.23](https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=23)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=23) |\n| PRI02 | Time taken to finalise privacy complaints | 78% | Not achieved | [AR p.23](https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=23)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=23) |\n| FOI01 | Percentage of FOI complaints finalised within 12 months | 65% | Not achieved | [AR p.26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=26)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=26) |\n| FOI02 | Time taken to finalise written privacy and information access enquiries from the public within 10 working days | 97% | Achieved | [AR p.26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=26)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf#page=26) |", "strategy_overview_evidence_md": null, "internal_strategy_evidence_md": "# Office of the Australian Information Commissioner - Strategy, Performance, and Operating Profile\n\n**Generated at**: 2026-05-09T22:04:47.290328+00:00\n**Entity ID**: O-000792\n**Entity type**: Non-corporate Commonwealth Entity\n**Jurisdiction**: Commonwealth\n**Portfolio**: Attorney-General's\n**Website**: http://www.oaic.gov.au\n\n> Draft generated from scraped source material. Treat this as an evidence pack for editorial review, not a final judgement.\n\n## Source Coverage\n\n| Source type | Count |\n|---|---:|\n| annual-reports | 5 |\n| corporate-plans | 5 |\n| global-intelligence | 3 |\n| other-pdfs | 3 |\n| pages | 24 |\n\n## Executive Readout\n\n### Purpose\n\n- 9\nRisk management ....................................................................................................................10\nPart 2: Our vision, purpose and key activities ...............................................................................13\nKey activity 1 .............................................................................................................................15\nKey activity 2 .............................................................................................................................16\nKey activity 3 .............................................................................................................................17\nKey activity 4 .............................................................................................................................17\nPerformance measurement framework ............................\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- 7\nOur environment ............................................................................................8\nOur capability ...............................................................................................13\nOur cooperation and collaboration .............................................................14\nRisk oversight and management .................................................................17\nPart 2 Our vision, purpose and key activities ..................................\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [Page 9]\nPart 1: Our vision, purpose and key activities\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth Australian\nInformation Commissioner Act 2010 (AIC Act), Freedom of Information Act 1982 (FOI Act), Privacy Act 1988 and\nother laws.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.7: Intended result 2\nPBS 2024–25 outcome PBS 2024–25 program Corporate plan 2024–25 Corporate plan 2024–25\nstatement purpose key activities\nOutcome 1: Provision Program 1.1: Complaint To promote and uphold privacy Influence and uphold privacy\nof public access to handling, compliance and and information access rights and information access rights\nCommonwealth Government monitoring, and education frameworks\ninformation, protection and promotion\nof individuals’ personal\ninformation, and performance\nof Information Commissioner,\nAdvance online privacy\nfreedom of information and\nprotections for Australians\nprivacy functions\nEncourage and support\nproactive release of\ngovernment information\nTake a contemporary,\nharms-based approach\nto regulation.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n\n### Role and Functions\n\n- [Page 7]\nSnapshot\nEnvironment, capabilities, risk\nand stakeholder engagement\nPurpose Corporate Plan\nTo promote and uphold privacy and\nKey activities\ninformation access rights\n• Influence and uphold privacy and\ninformation access rights frameworks\n• Advance online privacy protections\nfor Australians\n• Encourage and support access to\ngovernment information\nEnabling legislation\n• Take a contemporary, harms-based\n• Australian Information Commissioner Act 2010 approach to regulation\n• Freedom of Information Act 1982\nPerformance measures\n• Privacy Act 1988\n• Change of percentage of OAIC case load that is\n• Almost 40 other pieces of legislation conferring\ngreater than 12 months\nfunctions on the Information Commissioner\n• Percentage of cases finalised within specified\ntime standards\n• Percentage of regulated entities that report\nsatisfaction with OAIC guidance and resources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [pages 8,9,10,11]\nulator best practice accepted by agencies following FOI\ncomplaint investigations\n• Initial assessments are completed and\nrecorded on all proactive regulatory activities\nto ensure appropriate and proportionate\nregulatory responses\n• OAIC staff consider they have the skills,\nPortfolio Budget Statements capabilities and knowledge to perform well,\nOutcome 1 enabling the OAIC to deliver expert service\nProvision of public access to Commonwealth\nGovernment information, protection of individuals’\npersonal information, and performance of\nInformation Commissioner, freedom of information\nand privacy functions\nProgram 1.1 Annual Performance Statements\nComplaints handling, compliance and monitoring Assessment of performance in\nand education and promotion achieving our purpose\n7\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 32]\nOAIC Corporate plan 2025–26\nPerformance\nOAIC staff consider they have the skills, capabilities and knowledge to perform well, enabling\nMeasure 7\nthe OAIC to deliver expert service\nIntended result:\nThe OAIC’s approach to our regulatory role is consistent with better practice principles\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\n80% 80% 80% 80%\nRationale:\nThis measures the OAIC’s effectiveness at building staff capability and knowledge to ensure the OAIC can deliver\nexpert service when undertaking its regulatory functions.\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- We do this by:\ninformation and privacy functions.\n• ensuring proper handling of personal Program Complaint handling, compliance\ninformation under the Privacy Act 1988 (Privacy 1.1 and monitoring, and education\nAct) and other legislation and promotion.\n• protecting the public’s right of access to\nOur annual performance statement details our\ndocuments under the Freedom of Information\nactivities and key deliverables, and measures\nAct 1982 (FOI Act)\nour performance against our Portfolio Budget\n• performing strategic functions relating to Statement targets and the strategic priorities set out\ninformation management within the Australian in the OAIC Corporate Plan 2019–20:\nGovernment under the Australian Information\n• Advance online privacy protections for\nCommissioner Act 2010 (AIC Act).\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [Page 133]\n129\nPart\n5:\nAppendices\nTable A.2: OAIC resource statement 2019–20\nActual\nBudget expenses Variation\n2019–20 2019–20 2019–20\n$’000 $’000 $’000\n(a) (b) (a) – (b)\nOutcome 1\nProvision of public access to Commonwealth Government information, protection of individuals’ personal information, and\nperformance of Information Commissioner, freedom of information and privacy functions\nProgram 1.1\nComplaint handling, compliance and monitoring, and education and promotion\nAdministered expenses – – –\nDepartmental expenses\nDepartmental appropriation* 23,527 21,097 2,430\nSpecial appropriations – – –\nSpecial accounts – – –\nExpenses not requiring appropriation in the Budget year 332 558 (226)\nTotal for program 1.1 23,859 21,655 2,204\nOutcome 1 totals by appropriation type\nAdministered expenses – – –\nDepartmental expenses\nDepartmental appropriation* 23,527 21,097 2,430\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- We do this by:\nof individuals’ personal\n• ensuring proper handling of personal information, and performance\ninformation under the Privacy Act 1988 and other of information commissioner,\nlegislation freedom of information and\nprivacy functions.\n• protecting the public’s right of access to\ndocuments under the Freedom of Information Program 1.1 Complaint handling, compliance\nAct 1982 (FOI Act) and monitoring, and education\nand promotion.\n• performing strategic functions relating to\ninformation management within the Australian\nGovernment under the Australian Information Our annual performance statement details our\nCommissioner Act 2010 (AIC Act). activities and key deliverables and measures our\nperformance against our Portfolio Budget Statement\ntargets and the strategic priorities set out in the\nOAIC Corporate Plan 2020–21:\n• advance online privacy protections for\nAustralians\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n\n### Strategic Priorities\n\n- We do this by:\ninformation and privacy functions.\n• ensuring proper handling of personal Program Complaint handling, compliance\ninformation under the Privacy Act 1988 (Privacy 1.1 and monitoring, and education\nAct) and other legislation and promotion.\n• protecting the public’s right of access to\nOur annual performance statement details our\ndocuments under the Freedom of Information\nactivities and key deliverables, and measures\nAct 1982 (FOI Act)\nour performance against our Portfolio Budget\n• performing strategic functions relating to Statement targets and the strategic priorities set out\ninformation management within the Australian in the OAIC Corporate Plan 2019–20:\nGovernment under the Australian Information\n• Advance online privacy protections for\nCommissioner Act 2010 (AIC Act).\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- We do this by:\nof individuals’ personal\n• ensuring proper handling of personal information, and performance\ninformation under the Privacy Act 1988 and other of information commissioner,\nlegislation freedom of information and\nprivacy functions.\n• protecting the public’s right of access to\ndocuments under the Freedom of Information Program 1.1 Complaint handling, compliance\nAct 1982 (FOI Act) and monitoring, and education\nand promotion.\n• performing strategic functions relating to\ninformation management within the Australian\nGovernment under the Australian Information Our annual performance statement details our\nCommissioner Act 2010 (AIC Act). activities and key deliverables and measures our\nperformance against our Portfolio Budget Statement\ntargets and the strategic priorities set out in the\nOAIC Corporate Plan 2020–21:\n• advance online privacy protections for\nAustralians\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- Key activities\nWe have identified three key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 1.\n Source: `pages/corporate-plans-index__14.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified four key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 2.\n Source: `pages/corporate-plans-index__14.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified two key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 3.\n Source: `pages/corporate-plans-index__14.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified two key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 4.\n Source: `pages/corporate-plans-index__14.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- 9\nCapabilities ...............................................................................................................................11\nRisk management ...................................................................................................................12\nCooperation and collaboration ............................................................................................14\nRegulator Performance Guide ..............................................................................................15\nPart 2: Our strategic priorities ............................................................................................................16\nStrategic Priority 1 ...................................................................................................................17\nStrategic Priority 2 ...................................................................\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 20]\n18\nStrategic Priority 1: Advance online privacy protections for Australians\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n1.1 Australia’s privacy (1) The OAIC advises Qualitative: The • • • •\nframeworks are fit for government on OAIC identifies\npurpose in the digital privacy in the where online\nage online environment issues and global\nand global interoperability\ninteroperability are referenced and\nwhere appropriate makes submissions\nwhere appropriate\n(2) Online Privacy Code is registered •\nCode is developed\n1.2 The OAIC is a (1) The OAIC has a Active participation • • • •\nleader in the global leadership role in key in the Global Privacy\nprivacy community international policy Assembly and the\nto support the forums Asia Pacific Privacy\ndevelopment and Authorities forum\nenforcement of\nstrong international\nonline privacy\nprotections\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 24]\n22\nStrategic Priority 2: Influence and uphold privacy and information\naccess rights frameworks\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n2.1 The OAIC identifies, The OAIC Qualitative: The OAIC • • • •\nscrutinises and influences policy makes submissions\nadvances policy and and lawmakers to and completes bill\nlegislative reform support privacy and scrutiny tasks\nproposals information access\nrights\n2.2 Respond to privacy Time taken to 90% of written • • • •\nand information finalise written enquiries are\naccess enquiries enquiries finalised within 10\nfrom the public working days\n2.3 Resolve privacy Time taken to 80% of privacy • • • •\ncomplaints finalise privacy complaints are\ncomplaints finalised within 12\nmonths*\n2.4 Ensure timely (1) Time taken to 80% of NDBs are • • • •\nhandling of data resolve Notifiable finalised within 60\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 28]\n26\nKey activity 2: Influence information management framework\n2021–22 2022–23 2023–24 2024–25\nProvide advice to government about FOI and information management ✓ ✓ ✓ ✓\nParticipate in international information access forums ✓ ✓ ✓ ✓\nStrategic Priority 3: Encourage and support proactive release\nof government information\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n3.1 Agencies publish The OAIC actively The OAIC hosts 2 • • • •\nmore government- promotes proactive Information Contact\nheld information publication Officers Network\nproactively events and publishes\nresources\n3.2 The OAIC identifies The OAIC Qualitative: The OAIC • • • •\nand scrutinises influences policy makes submissions\npolicy and legislative and lawmakers and completes bill\nreform proposals in in relation to scrutiny tasks\nrelation to Australia’s the information\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n\n## KPIs, Targets, and Where They Are At\n\n- Performance measure Target Methodology Type Result Status\n4.3 Stakeholder assessment 2022–23 baseline Annual stakeholder Effectiveness 56 Achieved\nof the extent to which result (51) exceeded survey conducted\nthe OAIC’s regulatory by an independent\nactivities are risk based professional provider\nand data driven\n4.4 Number of stakeholder Targets not Data snapshot Effectiveness Performance Not\nengagement activities appropriate due to demonstrating key against this applicable\nfluctuations in nature formal engagements measure is\nand complexity of supplemented by case described\npolicy environment in studies to demonstrate in Part 2 of\nany given year breadth, variety this report\nand effectiveness of (under 4.4)\nengagement activities\nand modes of delivery\n4.5 Average call duration of Lower than baseline OAIC information Efficiency 6:33 Not\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- [Page 57]\nTable 4.4: Media enquiries Measure\n4.5 Average call duration of telephone\nMonth 2022–23 2023–24 enquiries to the OAIC public enquiry\nline\nJul-23 9 13\nAug-23 9 17 Target\nLower than baseline result\nSep-23 42 16\nNot achieved\nOct-23 36 15\nThe OAIC provides information and assistance to\nNov-23 22 18\nentities and members of the public about privacy and\nDec-23 8 20 FOI matters through its telephone enquiries line.\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- Performance measure Target Methodology Type Result Status\n1.3.3 Time taken to finalise 80% of NDBs are OAIC information Output 86% Achieved\nnotifiable data breaches finalised within management system\n(NDBs) 60 days\n1.3.4 Time taken to finalise 80% of My OAIC information Output 94% Achieved\nMy Health Record Health Record management system\nnotifications notifications are\nfinalised within\n60 days\n1.3.5 Time taken to 80% of IC reviews OAIC information Output 67% Not\nfinalise Information are finalised management system achieved\nCommissioner reviews within 12 months\nof FOI decisions made\nby agencies and\nMinisters\n1.3.6 Time taken to finalise 80% of FOI OAIC information Output 92% Achieved\nFOI complaints complaints are management system\nfinalised within\n12 months\n1.3.7 Time taken to finalise 90% of written OAIC information Output 48% Not\n Source: `other-pdfs/OAIC_Annual-Report_Vol-1_2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0036/257769/OAIC_Annual-Report_Vol-1_2024-25.pdf)`\n- Target\nThe highest average scores achieved by the OAIC in terms\n2022–23 baseline result exceeded\nof this performance measure relate to the OAIC raising\nNot achieved\nawareness of opportunities to enhance online privacy\nlegislation; working collaboratively with international\nThe OAIC appreciates the increased role of the online regulators to support globally-interoperable privacy\nenvironment for the economy, education and our regulation; and raising awareness of opportunities to\nsocial connections, and the privacy risks this entails. enhance online privacy legislation.\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- Performance measure Target Methodology Type Result Status\n3.2 Effectiveness of OAIC’s 2023–24 result Annual stakeholder Effectiveness 65* Achieved\nadvice and guidance (56) exceeded survey conducted\non FOI obligations by an independent\nand the Information professional provider\nPublication Scheme\n(IPS) in supporting\ngovernment agencies\nto provide public\naccess to government-\nheld information,\nas measured by\nstakeholder feedback.\n Source: `other-pdfs/OAIC_Annual-Report_Vol-1_2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0036/257769/OAIC_Annual-Report_Vol-1_2024-25.pdf)`\n- Table 3.1: Intended result 1.1\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n1.1 Effectiveness of the Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the exceeded exceeded exceeded survey conducted\nregulation of the CDR as by an independent\nmeasured by stakeholder professional\nfeedback provider\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nIntended result 1.2 is the OAIC’s activities support the effective regulation of the Digital ID system.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.2: Intended result 1.2\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n1.2 Effectiveness of the Baseline result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the established exceeded exceeded survey conducted\nregulation of the by an independent\nDigital ID system as professional\nmeasured by provider\nstakeholder feedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 39\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.4: Intended result 2\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n2.1 Effectiveness of the Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the exceeded exceeded exceeded survey conducted\nadvancement of online by an independent\nprivacy protections professional\nand policy advice as provider\nmeasured by stakeholder\nfeedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 41\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.5: Intended result 3\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n3.1 Percentage of OAIC 90% 90% 90% OAIC information Effectiveness\nrecommendations management\naccepted by agencies system\nfollowing FOI complaint\ninvestigations\n3.2 Effectiveness of Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nthe OAIC’s advice exceeded exceeded exceeded survey conducted\nand guidance on FOI by an independent\nobligations and the professional\nInformation Publication provider\nScheme in supporting\ngovernment agencies\nto provide public access\nto government-held\ninformation, as measured\nby stakeholder feedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 42\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Each measure\ndifference or results we want to achieve in relation\nis based on data and records that will be relied on in\nto our key activities\nthe OAIC’s performance statements to report on the\n• performance measures we use to evaluate our measures.\nprogress towards the intended results\nOur performance management framework is reflected\n• targets that describe the results we are aiming for in\nin our 2025–26 portfolio budget statement (PBS).\neach performance measure\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nMeasure 1 Change of percentage of OAIC case load that is greater than 12 months\nIntended result:\nThe OAIC’s regulatory outputs are timely\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\nBaseline to be set Prior years result Prior years result Prior years result\nmaintained or exceeded maintained or exceeded maintained or exceeded\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 29]\n25\nTable 2.1: Indicators by status\nIndicator Measure Status\n3.1 Improvement in FOI review trends and Number of FOI requests to government Not achieved\nFOI complaints trends agencies and FOI complaints\n3.2 Improvement in time taken to respond FOI requests determined and Not achieved\nto FOI requests processed within the applicable\nstatutory time period\n3.3 More government-held information is Information available on agency Partially achieved\npublished proactively websites\n3.4 Increase in community awareness (1) Visits to OAIC website Achieved\nand understanding of information access\nrights (2) Social media engagement\n**OOAAIICC AAnnnnuuaall RReeppoorrtt 22001199__2200__PPaarrtt 11&&22__SSUUPPPPLLIIEEDD..iinndddd 2255 22//1100//2200 11::0000 ppmm\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- We measure our success • We completed a Commissioner-initiated\nagainst the performance indicators outlined in investigation (CII) into FOI processes at\nthe OAIC Corporate Plan 2020–21, which features the Department of Home Affairs, making\nFigure 2.1: OAIC indicators by status\n19 indicators – Achieved (76%)\n1 indicator – Partially achieved (4%)\n1 indicator – Not applicable (4%)\n4 indicators – Not achieved (16%)\nOAIC Annual Report 2020–21\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- [Page 40]\n36\nIndicator 2.4: Ensure timely handling Measure\nof data breach notifications (2) Time taken to resolve My Health Record\nnotifications\nMeasure\nTarget: 80% of My Health Record\n(1) Time taken to resolve Notifiable Data\nnotifications are finalised within 60 days\nBreaches (NDBs)\nNot achieved\nTarget: 80% of NDBs are finalised within\n60 days We finalised 50% of My Health Record data\nbreach notifications within 60 days.\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- [Page 42]\n38\nIndicator 2.5: Strategic assessment • makes recommendations to the Commissioner\non the appropriate regulatory response, in\nand advice provided to the\naccordance with the OAIC’s Privacy Regulatory\nCommissioner in relation to all\nPriorities and Privacy Regulatory Action Policy.\nsignificant privacy risks\nIndicator 2.6: Conduct Commissioner-\nMeasure\ninitiated investigations\nThe Commissioner receives strategic\nadvice regarding the appropriate Measure\nregulatory response to significant\nTime taken to finalise privacy and FOI CIIs\nprivacy risks\nTarget: 80% of CIIs are finalised within\nTarget: Establish strategic advisory\n8 months\ncommittee\nNot achieved\nAchieved\nA CII is conducted in response to the identification\nIn October 2020, the OAIC established the Regulatory\nAction Committee (RAC).\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n\n## Key Metrics\n\n| Values found | Evidence | Source |\n|---|---|---|\n| $1.506M | Includes $1.506M subject to administrative quarantine by Finance under section 51 of the PGPA Act\n3.2 Net Cash Appropriation Arrangements\n2025 2024\n$’000 $’000\nTotal comprehensive income/(loss) – as per the Statement of\n4,228 4,505\nComprehensive Income\nPlus: Depreciation/amortisation of assets funded through appropriations\n912 686\n(departmental capital budget funding and/or equity injections)1\nPlus: Depreciation of right-of-use assets2 934 935\nPl | `other-pdfs/OAIC_Annual-Report_Vol-1_2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0036/257769/OAIC_Annual-Report_Vol-1_2024-25.pdf)` |\n| $3.128 million, $0.12 million, 3.128 million, 0.12 million | Departmental financial statements.\nactivities involve the use of assets, liabilities, income\nand expenses controlled or incurred by the OAIC in The OAIC made an operating loss of $3.128 million\nits own right. for the year ended 30 June 2021 (2019–20: loss of\n$0.12 million). | `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)` |\n| $0, 147\nStaff | [Page 108]\n104\n02–9102\ntropeR\nlaunnA\nCIAO\n2020 2019\n$’000 $’000\n1.1B: Suppliers\nGoods and services supplied or rendered\nInsurance 22 23\nOffice consumables 64 47\nOfficial travel 203 288\nPrinting and publications 51 22\nProfessional services and fees 3,425 2,858\nProperty Outgoing 415 292\nReference materials, subscriptions and licenses 252 147\nStaff training 190 107\nTelecommunications 56 31\nOther 269 175\nTotal goods and services supplied or rendered | `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)` |\n| $1.210 million, 252\nStaff, 1.210 million | [Page 100]\n96\n2021 2020\n$’000 $’000\n1.1B: Suppliers\nGoods and services supplied or rendered\nInsurance – 22\nOffice consumables 51 64\nOfficial travel 69 203\nPrinting and publications 4 51\nProperty outgoing 561 415\nProfessional services and fees 5,156 3,425\nReference materials, subscriptions and licenses 236 252\nStaff training 213 190\nTelecommunications 49 56\nOther 230 269\nTotal goods and services supplied or rendered 6,570 4,948\nGoods supplied 55 3 | `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)` |\n| $0.52 million, 236\nStaff, 0.52 million | [Page 94]\n91\n30 June 2022 30 June 2021\n$’000 $’000\n1.1B: Suppliers\nGoods and services supplied or rendered\nConsultants 126 –\nContractors 106 –\nInsurance 6 –\nOffice consumables 20 51\nTravel 34 69\nPrinting and publications – 4\nProperty outgoing 581 561\nProfessional services and fees 4,816 5,156\nReference materials, subscriptions and licences 80 236\nStaff training 163 213\nTelecommunication 577 49\nProject cost 1,166 –\nOther 42 230\nTotal goods and ser | `annual-reports/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/23097/OAIC_annual-report-2021-22_final.pdf)` |\n\n## Key Achievements\n\n- Among our many achievements,\nannounced in the May Budget will assist our capacity\nduring the past decade we resolved more than 24,000\nto manage this growing workload.\nprivacy complaints and almost 800 FOI complaints,\nCOVID-19 was a key theme of new OAIC guidance completed almost 6,000 IC reviews and answered\nand advice to drive best practice among agencies more than 212,000 enquiries.\nand organisations, including harmonising contact\nThese achievements are the work of our committed\ntracing orders and privacy protections in relation\nand expert staff, who have maintained their efforts\nto vaccinations.\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- To support this model,\nmaintaining effective controls, policies and processes,\nwe implemented a new overarching governance\nand monitoring progress are key elements of this\nframework that focuses on process efficiency,\nframework.\ncollaborative leadership and supporting robust and\nThe OAIC’s corporate governance arrangements strategic decision making.\ncomply with statutory requirements and are regularly\nFigure 3: Governance committees (July 2023 – March 2024)\nAustralian Information Commissioner Act 2010\nAustralian Information Commissioner and Privacy Commissioner (Accountable Authority)\nWHS Act PGPA Act\nCDR Executive Operations Audit and Risk\nGovernance Committee Committee Committee\nRegulatory Health, Safety Security Information OAIC\nOAIC Diversity\nAction and Wellbeing Governance Governance Consultative\nCommittee\nCommittee Committee Committee Committee Forum\n54 OAIC Annual report 2023–24\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- Highlights\nIn my opinion, this annual performance statement\nAmong the highlights of our performance in 2020–21:\nis based on properly maintained records, accurately\nreflects the performance of the entity, and complies\n• We completed 1,018 Information Commissioner\nwith subsection 39(2) of the PGPA Act.\n(IC) reviews (compared to 829 in the previous\nyear), finalising more than half within 120 days.\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- Undertaking an audit of the processing of Commissioner (IC) reviews\nFOI requests for non-personal information to\nTarget: 80% of IC reviews are completed\nassess whether recommendations 2 and 3 had\nwithin 12 months\nbeen implemented and operationalised and\nsufficiently addressed the issues identified in Not achieved\nthe investigation.\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- [Page 24]\n21\nOur annual performance statement\nIntroduction Highlights\nI, Angelene Falk, as the accountable authority of the • We completed 1,392 Information Commissioner\nOffice of the Australian Information Commissioner reviews (IC reviews) (compared to 1,018 in the\n(OAIC), present the 2021–22 annual performance previous year), finalising more than half within\nstatement of the OAIC, as required under paragraph 120 days.\n Source: `annual-reports/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/23097/OAIC_annual-report-2021-22_final.pdf)`\n- [Page 38]\nPart\n2:\nPerformance\nfinalised under s 54R following a revised decision, Section 38\n241 involved a review of a deemed access refusal\nAFV and Services Australia (Freedom of information)\ndecision.\n[2023] AICmr 125 (14 December 2023)\nDuring 2023–24, we implemented a range of strategies\nAFV and Services Australia (No.2) (Freedom of\nto progress our IC review workload.\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- Figure 2.1\n: OAIC indicators by status\nFigure 2.1 long text description\nHighlights\nWe completed 1,392 Information Commissioner reviews (IC reviews) (compared to 1,018 in the previous year), finalising more than half within 120 days.\n Source: `pages/annual-reports-index__03.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202122)`\n- Among our many achievements, during the past decade we resolved more than 24,000 privacy complaints and almost 800 FOI complaints, completed almost 6,000 IC reviews and answered more than 212,000 enquiries.\n Source: `pages/annual-reports-index__04.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202021)`\n- Figure 2.1: OAIC indicators by status\nHighlights\nAmong the highlights of our performance in 2020–21:\nWe completed 1,018 Information Commissioner (IC) reviews (compared to 829 in the previous year), finalising more than half within 120 days.\n Source: `pages/annual-reports-index__04.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202021)`\n- [Page 29]\n27\nPart\n3:\nPerformance\nmeasurement\nframework\nPerformance 22–23 target 23–24 target 24–25 target 25–26 targe Methodology/ Type\nmeasure data source\n4.4 Number of Targets not Targets not Targets not Targets not Data snapshot Effectiveness\nstakeholder appropriate appropriate appropriate due appropriate demonstrating\nengagement due to due to to fluctuations due to key formal\nactivities fluctuations fluctuations in nature and fluctuations engagements\nin nature and in nature and complexity in nature and supplemented\nMetric: Number of\ncomplexity complexity of policy complexity by case studies\nactivities delivered\nof policy of policy environment in of policy to demonstrate\nvia different\nenvironment environment any given year environment in breadth,\nengagement\nin any given in any given any given year variety and\nmechanisms\nyear year effectiveness\nof engagement\nactivities and\nmodes of\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- [Page 37]\nPerformance 23–24 target 24–25 target 25–26 target 26–27 target Methodology/ Type\nmeasure data source\n4.3 Stakeholder 2022–23 Prior year’s Prior year's Prior year's Annual Effectiveness\nassessment of the baseline result result result result stakeholder\nextent to which the exceeded exceeded exceeded exceeded survey\nOAIC’s regulatory conducted\nactivities are based by an\non risk and data independent\nprofessional\nMetric: Average\nprovider\nperformance rating\nfrom stakeholders\nis based on a\ncomposite survey-\nbased performance\nindex\n4.4 Number Targets not Targets not Targets not Targets not Data snapshot Effectiveness\nof stakeholder appropriate appropriate appropriate appropriate demonstrating\nengagement due to due to due to due to key formal\nactivities fluctuations fluctuations fluctuations fluctuations engagements\nin nature and in nature and in nature and in nature and supplemented\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [pages 37,38,39,40]\nure and in nature and in nature and supplemented\nMetric: Number of\ncomplexity complexity complexity complexity by case\nactivities delivered\nof policy of policy of policy of policy studies to\nvia different\nenvironment in environment environment environment demonstrate\nengagement\nany given year in any given in any given in any given breadth,\nmechanisms\nyear year year variety and\neffectiveness\nof engagement\nactivities and\nmodes of\ndelivery\n4.5 Average Lower than Lower than Lower than Lower than OAIC Efficiency\ncall duration baseline result prior year’s prior year’s prior year’s information\nof telephone result result result management\nenquiries to system\nthe OAIC public\nenquiry line\n37\nOAIC Corporate plan 2023–24\nPart\n3\nPerformance\nmeasurement\nframework\nPart\n3\nPerformance\nmeasurement\nframework\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n\n## Key Issues, Risks, and Recommendations\n\n- Undertaking an audit of the processing of Commissioner (IC) reviews\nFOI requests for non-personal information to\nTarget: 80% of IC reviews are completed\nassess whether recommendations 2 and 3 had\nwithin 12 months\nbeen implemented and operationalised and\nsufficiently addressed the issues identified in Not achieved\nthe investigation.\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- [Page 42]\n38\nIndicator 2.5: Strategic assessment • makes recommendations to the Commissioner\non the appropriate regulatory response, in\nand advice provided to the\naccordance with the OAIC’s Privacy Regulatory\nCommissioner in relation to all\nPriorities and Privacy Regulatory Action Policy.\nsignificant privacy risks\nIndicator 2.6: Conduct Commissioner-\nMeasure\ninitiated investigations\nThe Commissioner receives strategic\nadvice regarding the appropriate Measure\nregulatory response to significant\nTime taken to finalise privacy and FOI CIIs\nprivacy risks\nTarget: 80% of CIIs are finalised within\nTarget: Establish strategic advisory\n8 months\ncommittee\nNot achieved\nAchieved\nA CII is conducted in response to the identification\nIn October 2020, the OAIC established the Regulatory\nAction Committee (RAC).\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n- 1.4 Community is aware of the risks of Privacy awareness is tracked through Achieved\nengaging online longitudinal survey\n1.5 Individuals take action to protect their Online privacy behaviour is tracked Partially achieved\nonline privacy through longitudinal survey\nPart\n2:\nPerformance\nNotes\nIndicator 1.1 was ‘Partially achieved’ because the legislation to support the code of practice for digital platforms was delayed\nand this meant alignment with global best practice was not achieved.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- From time to time, we are Cooperation Arrangement and the MOU between\nalso contacted by regulators from jurisdictions with the OAIC and the ICO.\nestablished laws and frameworks seeking our views\nThe OAIC also joined with other regulators to sign\non specific issues.\nan open letter to video teleconferencing companies\nThe Commissioner was a signatory to a statement setting out clear expectations of these companies\non the challenges being faced to address the amidst the new and exacerbated privacy risks that\nspread of Coronavirus (COVID-19) by the Executive can arise given the sharp uptake in use of these\nCommittee of the GPA issued on 17 March 2020,\nservices during the pandemic.\nand a second statement on achieving privacy by\ndesign in contact tracing measures issued on For more information see International privacy\n21 May 2020. networks on page 28.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [pages 75,76,77]\nframeworks seeking our views\nThe OAIC also joined with other regulators to sign\non specific issues.\nan open letter to video teleconferencing companies\nThe Commissioner was a signatory to a statement setting out clear expectations of these companies\non the challenges being faced to address the amidst the new and exacerbated privacy risks that\nspread of Coronavirus (COVID-19) by the Executive can arise given the sharp uptake in use of these\nCommittee of the GPA issued on 17 March 2020,\nservices during the pandemic.\nand a second statement on achieving privacy by\ndesign in contact tracing measures issued on For more information see International privacy\n21 May 2020. networks on page 28.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [Page 25]\n23\nPart\n2:\nOur\nstrategic\npriorities\nIndicators Measure Target 2020–21 2021–22 2022–23 2023–24\n2.7 Resolve FOI Time taken 80% of FOI • • • •\ncomplaints to resolve FOI complaints are\ncomplaints finalised within 12\nmonths*\n2.8 Improve agencies’ Agencies accept 90% of • • • •\nprocesses for and implement recommendations\nmanaging FOI recommendations made are accepted\nrequests made following\ncomplaint\ninvestigations\n2.9 The OAIC promotes The OAIC leads 2 major campaigns • • • •\nawareness of privacy campaigns such as undertaken each\nand access to International Access year\ninformation to Information\nDay and Privacy\nAwareness Week\n2.10 The OAIC promotes Education and Information on • • • •\nawareness of awareness materials the OAIC website\nConsumer Data Right are developed and is updated when\n(CDR) privacy rights promoted required by CDR\ndevelopments\n2.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 7]\nSnapshot\nEnvironment, capabilities, risk\nand stakeholder engagement\nPurpose Corporate Plan\nTo promote and uphold privacy and\nKey activities\ninformation access rights\n• Influence and uphold privacy and\ninformation access rights frameworks\n• Advance online privacy protections\nfor Australians\n• Encourage and support access to\ngovernment information\nEnabling legislation\n• Take a contemporary, harms-based\n• Australian Information Commissioner Act 2010 approach to regulation\n• Freedom of Information Act 1982\nPerformance measures\n• Privacy Act 1988\n• Change of percentage of OAIC case load that is\n• Almost 40 other pieces of legislation conferring\ngreater than 12 months\nfunctions on the Information Commissioner\n• Percentage of cases finalised within specified\ntime standards\n• Percentage of regulated entities that report\nsatisfaction with OAIC guidance and resources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- Table 2.1: Indicators by status\nIndicator Measure Status\n1.1 The OAIC has influenced the (1) The OAIC is actively engaged in Partially achieved\ndevelopment of globally aligned privacy global privacy forums\nprotections\n(2) Greater alignment between\nAustralian protections and global best\npractice\n1.2 The OAIC has worked with Active engagement with stakeholders Achieved\nstakeholders to develop online privacy\nprotections\n1.3 Protections are enforced through Commissioner’s determinations, Not applicable\nregulatory conduct directions and enforceable\nundertakings are complied with; civil\npenalties are awarded; assessment\nrecommendations are accepted.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [Page 29]\n25\nTable 2.1: Indicators by status\nIndicator Measure Status\n3.1 Improvement in FOI review trends and Number of FOI requests to government Not achieved\nFOI complaints trends agencies and FOI complaints\n3.2 Improvement in time taken to respond FOI requests determined and Not achieved\nto FOI requests processed within the applicable\nstatutory time period\n3.3 More government-held information is Information available on agency Partially achieved\npublished proactively websites\n3.4 Increase in community awareness (1) Visits to OAIC website Achieved\nand understanding of information access\nrights (2) Social media engagement\n**OOAAIICC AAnnnnuuaall RReeppoorrtt 22001199__2200__PPaarrtt 11&&22__SSUUPPPPLLIIEEDD..iinndddd 2255 22//1100//2200 11::0000 ppmm\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [Page 30]\n26\n02–9102\ntropeR\nlaunnA\nCIAO\nTable 2.1: Indicators by status\nIndicator Measure Status\n4.1 The OAIC has sufficient statutory Powers are enhanced Not applicable\npowers to detect and deter non-\ncompliance\n4.2 The OAIC is seen to take appropriate Media and stakeholder sentiment Achieved\nregulatory action in relation to breaches\nof the relevant law\n4.3 International regulators actively seek Engagement with international Achieved\nthe views of the OAIC in relation to policy regulators\ndevelopment or enforcement activities\n4.4 The OAIC has strong and productive Regular engagement with other Achieved\nrelationships with domestic regulators regulators\n4.5 Improved employee engagement Measured through APS Employee Achieved\nCensus\n4.6 Reduced staff turnover rate Staff turnover rate Partially achieved\n4.7 Strong competition for vacancies Sufficient high-quality applicants for Achieved\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [pages 30,31,32]\nand productive Regular engagement with other Achieved\nrelationships with domestic regulators regulators\n4.5 Improved employee engagement Measured through APS Employee Achieved\nCensus\n4.6 Reduced staff turnover rate Staff turnover rate Partially achieved\n4.7 Strong competition for vacancies Sufficient high-quality applicants for Achieved\nadvertised roles\n4.8 Internal capability supports the full Approved training courses completed Achieved\nrange of OAIC functions\n4.9 Data analysis identifies enterprise risks Reports completed Achieved\nNote\nIndicator 4.1 was ‘Not applicable’ because legislation amending the Privacy Act was not enacted during the reporting period.\n**OOAAIICC AAnnnnuuaall RReeppoorrtt 22001199__2200__PPaarrtt 11&&22__SSUUPPPPLLIIEEDD..iinndddd 2266 22//1100//2200 11::0000 ppmm\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- Of the complaints that proceeded to finalisation\nunder s 86, the Information Commissioner made Target: 80% of CIIs (FOI) are finalised\na total of 51 recommendations under s 88 of the within 8 months\nFOI Act (which requires agencies to implement\nNot achieved.\nrecommendations made by the Information\nCommissioner).1\nNo CIIs (FOI) were finalised in 2019–20.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [pages 50,51,52]\nations under s 88 of the within 8 months\nFOI Act (which requires agencies to implement\nNot achieved.\nrecommendations made by the Information\nCommissioner).1\nNo CIIs (FOI) were finalised in 2019–20.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- Professionals event, Perth, September 2019\nTable 2.10.1: Guidance related to COVID-19 • National Cyber Security Education Conference,\npandemic Sydney, September 2019\nPage views • keynote opening address for the International\nPublication to 30 June Association of Privacy Professionals Australia and\nPage date 2020 New Zealand Summit, Sydney, October 2019\nCoronavirus (COVID-19):\n• Global Privacy Assembly/OECD ‘Online\nUnderstanding your\nWorkshop on Addressing the Data Governance\nprivacy obligations to\nyour staff 18 March 2020 15,874* and Privacy Challenges in the Fight against\nCOVID-19’, April 2020\nAssessing privacy risks\nin changed working\n• Institute of Public Administration Australia’s\nenvironments: Privacy\nWork with Purpose podcast, June 2020.\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n\n## Corporate Values and Operating Culture\n\n- [Page 62]\nOAIC Annual report 2023–24 55\nPart\n3:\nManagement\nand\naccountability\nGovernance Framework The governance changes complement other\norganisational changes the OAIC is implementing in\nOur Governance Framework upholds the\n2024–25 following the strategic review undertaken in\nprinciples and values of the public sector to\n2023–24, for which we received additional funding in\nprovide transparency, accountability, integrity\nthe May 2023 budget.\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- [Page 70]\nOAIC Annual report 2023–24 63\nPart\n3:\nManagement\nand\naccountability\nLearning and development Work health and safety\nOur People and Culture team operates in partnership To help ensure we meet our obligations under the\nwith the Australian Public Service Commission, Workplace Health and Safety Act 2011 to provide\nprofessional bodies and education providers to offer a safe workplace for all staff, we carry out regular\nlearning and development opportunities and targeted workplace inspections to identify, manage and\nskills training to our people. minimise health and safety risks.\n Source: `annual-reports/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf)`\n- [Page 75]\nPart 3: Management and accountability\nCensus Roadmap 2022 Study and professional\nmembership assistance\nOur results from the 2022 Census reflected that the\nOAIC had a strong integrity culture and responses\nThe OAIC contributes to the attainment and\nindicated our people maintain a strong individual\nmaintenance of relevant professional memberships\ndrive to support our agency’s objectives and work,\nand certifications for our staff.\n Source: `annual-reports/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0029/94295/OAIC_Annual-Report-2022-23.pdf)`\n- [Page 28]\n26\nPerformance 22–23 target 23–24 target 24–25 target 25–26 targe Methodology/ Type\nmeasure data source\n4.2 Stakeholder Baseline to be Baseline Prior year's Prior year's Annual Effectiveness\nassessment of established result result exceeded result exceeded stakeholder\nthe extent to exceeded survey\nwhich the OAIC’s conducted by\nregulatory activities an independent\ndemonstrate professional\ncollaboration and provider\nengagement\nMetric: Average\nperformance rating\nfrom stakeholders\nbased on a\ncomposite survey-\nbased performance\nindex\n4.3 Stakeholder Baseline to be Baseline prior year's prior year's Annual Effectiveness\nassessment of the established result result exceeded result exceeded stakeholder\nextent to which the exceeded survey\nOAIC’s regulatory conducted by\nactivities are risk an independent\nbased and data professional\ndriven provider\nMetric: Average\nperformance rating\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended result 4: The OAIC’s approach to its regulatory role is consistent with better practice principles\nPerformance 23–24 target 24–25 target 25–26 target 26-27 target Methodology/ Type\nmeasure data source\n4.1 Stakeholder 2022–23 Prior year’s Prior year’s Prior year’s Annual Effectiveness\nassessment of baseline result result result result stakeholder\nthe extent to exceeded exceeded exceeded exceeded survey\nwhich the OAIC’s conducted\nregulatory activities by an\ndemonstrate a independent\ncommitment professional\nto continuous provider\nimprovement and\nbuilding trust\nMetric: Average\nperformance rating\nfrom stakeholders\nis based on a\ncomposite survey-\nbased performance\nindex\n4.2 Stakeholder 2022–23 Prior year’s Prior year’s Prior year’s Annual Effectiveness\nassessment of baseline result result result result stakeholder\nthe extent to exceeded exceeded exceeded exceeded survey\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [Page 21]\nOAIC Corporate plan 2025–26\nOperating context\nSummary of the OAIC’s tolerance for specific risk categories\nArea Risk tolerance summary\nLow tolerance Higher tolerance\nMisuse or improper exercise of our Pursuing contemporary regulatory\nRegulatory approach\nstatutory powers approaches\nInadvertent disclosure of any personal Improving the way we engage with\nTrust and confidence\nor sensitive information stakeholders\nPursuing innovation and continuous\nGovernance and Serious non-compliance with our\nimprovement that brings value to the\ninfrastructure legislative obligations\nOAIC and our stakeholders\nFraud or corruption, discrimination, Implementing processes to enhance the\nIntegrity\nharassment or improper staff conduct culture of the agency\nExpenditure where the benefits are\nActivities that inappropriately deplete\nclearly defined and aligned with the\nFinancial\nresources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 108]\n104\n02–9102\ntropeR\nlaunnA\nCIAO\n2020 2019\n$’000 $’000\n1.1B: Suppliers\nGoods and services supplied or rendered\nInsurance 22 23\nOffice consumables 64 47\nOfficial travel 203 288\nPrinting and publications 51 22\nProfessional services and fees 3,425 2,858\nProperty Outgoing 415 292\nReference materials, subscriptions and licenses 252 147\nStaff training 190 107\nTelecommunications 56 31\nOther 269 175\nTotal goods and services supplied or rendered 4,948 3,990\nGoods supplied 367 216\nServices rendered 4,581 3,774\nTotal goods and services supplied or rendered 4,948 3,990\nOther suppliers\nWorkers compensation expenses 35 25\nOperating lease rentals in connection with Related parties\nSubleases – 603\nShort-term leases 667 –\nLow value leases 113 –\nTotal other suppliers 815 628\nTotal suppliers 5,763 4,618\nThe OAIC has short-term lease commitments of $0�056m as at 30 June 2020�\nAccounting policy\n Source: `annual-reports/2019-20.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf)`\n- [Page 100]\n96\n2021 2020\n$’000 $’000\n1.1B: Suppliers\nGoods and services supplied or rendered\nInsurance – 22\nOffice consumables 51 64\nOfficial travel 69 203\nPrinting and publications 4 51\nProperty outgoing 561 415\nProfessional services and fees 5,156 3,425\nReference materials, subscriptions and licenses 236 252\nStaff training 213 190\nTelecommunications 49 56\nOther 230 269\nTotal goods and services supplied or rendered 6,570 4,948\nGoods supplied 55 367\nServices rendered 6,515 4,581\nTotal goods and services supplied or rendered 6,570 4,948\nOther suppliers\nWorkers compensation expenses 59 35\nShort-term leases 15 667\nLow value leases 155 113\nTotal other suppliers 229 815\nTotal suppliers 6,799 5,763\nThe OAIC has short-term lease commitments of $1.210 million as at 30 June 2021 for 2 leases: Level 2, 175 Pitt St, Sydney NSW 2000\n Source: `annual-reports/2020-21.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf)`\n\n## Global Ideas and Case Study Inputs\n\nGlobal source texts are available for later idea synthesis:\n- `global-intelligence/source-text/association-worldbank.org-governance.txt`\n- `global-intelligence/source-text/consulting-deloitte.com-government-public.txt`\n- `global-intelligence/source-text/university-ash.harvard.edu-Harvard-Kennedy-School-Ash-Center.txt`\n\n## Source Artifacts Used\n\n- `corporate-plans/2021-22.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf\n- `corporate-plans/2022-23.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf\n- `corporate-plans/2023-24.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf\n- `corporate-plans/2024-25.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf\n- `corporate-plans/2025-26.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf\n- `annual-reports/2019-20.pdf` - annual-reports - https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf\n- `annual-reports/2020-21.pdf` - annual-reports - https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf\n- `annual-reports/2021-22.pdf` - annual-reports - https://www.oaic.gov.au/__data/assets/pdf_file/0021/23097/OAIC_annual-report-2021-22_final.pdf\n- `annual-reports/2022-23.pdf` - annual-reports - https://www.oaic.gov.au/__data/assets/pdf_file/0029/94295/OAIC_Annual-Report-2022-23.pdf\n- `annual-reports/2023-24.pdf` - annual-reports - https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf\n- `pages/about.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/plans-policies-and-procedures/privacy-policy\n- `pages/annual-reports-index.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports\n- `pages/annual-reports-index__00.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202324\n- `pages/annual-reports-index__01.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-2024-25\n- `pages/annual-reports-index__02.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-2022-23\n- `pages/annual-reports-index__03.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202122\n- `pages/annual-reports-index__04.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-202021\n- `pages/annual-reports-index__05.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-201819\n- `pages/annual-reports-index__06.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/oaic-annual-reports/annual-report-201920\n- `pages/contact.html` - pages - http://www.oaic.gov.au/contact-us\n- `pages/corporate-plans-index.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans\n- `pages/corporate-plans-index__07.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25\n- `pages/corporate-plans-index__08.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2025-26\n- `pages/corporate-plans-index__09.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202223\n- `pages/corporate-plans-index__10.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202122\n- `pages/corporate-plans-index__11.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202324\n- `pages/corporate-plans-index__12.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920\n- `pages/corporate-plans-index__13.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201819\n- `pages/corporate-plans-index__14.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021\n- `pages/homepage.html` - pages - http://www.oaic.gov.au\n- `pages/news-latest.html` - pages - http://www.oaic.gov.au/news\n- `pages/priorities-index.html` - pages - https://www.oaic.gov.au/about-the-OAIC/what-we-do\n- `pages/priorities-index__15.html` - pages - https://www.oaic.gov.au/about-the-OAIC/commissioner-priorities\n- `pages/structure.html` - pages - https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies\n- `global-intelligence/source-text/association-worldbank.org-governance.txt` - global-intelligence - local file\n- `global-intelligence/source-text/consulting-deloitte.com-government-public.txt` - global-intelligence - local file\n- `global-intelligence/source-text/university-ash.harvard.edu-Harvard-Kennedy-School-Ash-Center.txt` - global-intelligence - local file\n- `other-pdfs/agency-ra-2012-00305243.pdf` - other-pdfs - https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf\n- `other-pdfs/OAIC_Annual-Report_Vol-1_2024-25.pdf` - other-pdfs - https://www.oaic.gov.au/__data/assets/pdf_file/0036/257769/OAIC_Annual-Report_Vol-1_2024-25.pdf\n- `other-pdfs/OAIC_Annual-Report_Vol-2_2024-25.pdf` - other-pdfs - https://www.oaic.gov.au/__data/assets/pdf_file/0028/257770/OAIC_Annual-Report_Vol-2_2024-25.pdf\n\n## Gaps To Fix\n\n- No major source gaps detected by the deterministic checks.", "legislation_md": "# Office of the Australian Information Commissioner — Legislation Administered\n\n**Generated**: 2026-05-13T03:52:25+00:00\n**Source**: LLM extraction (nova-micro) from latest annual report and corporate plan\n**Tokens**: 26,256 in / 943 out · cost: $0.00105\n\n> Acts and instruments this entity administers or has primary responsibility for.\n> Excludes generic gov-wide compliance Acts (PGPA, Public Service Act, FOI, Privacy, etc.).\n\n**Source documents fed to the model**:\n- Annual report: `annual-reports\\2023-24.txt`\n- Corporate plan: `corporate-plans\\2025-26.txt`\n\n## 9 laws administered\n\n| Title | Year | Type | What this entity does under it |\n|---|---|---|---|\n| [Australian Information Commissioner Act 2010](https://www.legislation.gov.au/search?query=Australian%20Information%20Commissioner%20Act%202010) | 2010 | Act | The OAIC administers this Act to promote and uphold privacy and information access rights. |\n| [Freedom of Information Act 1982](https://www.legislation.gov.au/search?query=Freedom%20of%20Information%20Act%201982) | 1982 | Act | The OAIC administers this Act to protect and uphold the public’s right of access to documents. |\n| [Privacy Act 1988](https://www.legislation.gov.au/search?query=Privacy%20Act%201988) | 1988 | Act | The OAIC administers this Act to protect individuals’ personal information. |\n| [Consumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019](https://www.legislation.gov.au/search?query=Consumer%20Data%20Right%20%28Authorised%20Deposit-Taking%20Institutions%29%20Designation%202019) | 2019 | Instrument | The OAIC administers this instrument to regulate the Consumer Data Right. |\n| [Consumer Data Right (Energy Sector) Designation 2020](https://www.legislation.gov.au/search?query=Consumer%20Data%20Right%20%28Energy%20Sector%29%20Designation%202020) | 2020 | Instrument | The OAIC administers this instrument to regulate the Consumer Data Right in the energy sector. |\n| [My Health Records Act 2012](https://www.legislation.gov.au/search?query=My%20Health%20Records%20Act%202012) | 2012 | Act | The OAIC administers this Act to regulate My Health Record system. |\n| [My Health Records Rules 2016](https://www.legislation.gov.au/search?query=My%20Health%20Records%20Rules%202016) | 2016 | Instrument | The OAIC administers these rules to regulate My Health Record system. |\n| [Digital ID Act 2024](https://www.legislation.gov.au/search?query=Digital%20ID%20Act%202024) | 2024 | Act | The OAIC administers this Act to regulate the Digital ID system. |\n| [Identity Verification Services Act 2023](https://www.legislation.gov.au/search?query=Identity%20Verification%20Services%20Act%202023) | 2023 | Act | The OAIC administers this Act to regulate identity verification services. |", "global_initiatives_md": "# Office of the Australian Information Commissioner — Global Initiatives Catalogue\n\n## Focus areas\n- Privacy regulation\n- Freedom of information\n- Consumer Data Right regulation\n- Advertising technology oversight\n\n## Privacy regulation\n\n### GDPR (General Data Protection Regulation)\n**Jurisdiction**: EU\n**Run by**: European Commission\n**Year**: 2018\n**Status**: Active\n**What it does (2–3 sentences)**: The GDPR sets strict guidelines for the collection and processing of personal data across the EU, aiming to give individuals control over their personal information and to harmonize data protection laws across Europe.\n**Why it matters to Australia**: The GDPR provides a comprehensive framework for data protection that Australia could adopt to enhance its privacy laws and improve international data flows.\n**Find more**: [Learn more about GDPR](https://www.google.com/search?q=GDPR+data+protection+regulation)\n\n### California Consumer Privacy Act (CCPA)\n**Jurisdiction**: California, USA\n**Run by**: California Attorney General\n**Year**: 2020\n**Status**: Active\n**What it does (2–3 sentences)**: The CCPA gives California residents more control over their personal information and imposes requirements on businesses that collect personal data, including rights to access, delete, and opt-out of the sale of personal information.\n**Why it matters to Australia**: The CCPA provides a model for robust privacy regulation that balances consumer rights with business interests, which could inform Australia’s privacy framework.\n**Find more**: [California Consumer Privacy Act](https://www.google.com/search?q=California+Consumer+Privacy+Act)\n\n### New Zealand Privacy Act 2020\n**Jurisdiction**: New Zealand\n**Run by**: Office of the Privacy Commissioner\n**Year**: 2020\n**Status**: Active\n**What it does (2–3 sentences)**: The Privacy Act 2020 strengthens privacy protections in New Zealand by giving individuals greater control over their personal information and imposing stricter obligations on organizations that handle personal data.\n**Why it matters to Australia**: The New Zealand Privacy Act provides a contemporary model for privacy regulation that could inform Australia’s ongoing privacy reforms.\n**Find more**: [New Zealand Privacy Act 2020](https://www.google.com/search?q=New+Zealand+Privacy+Act+2020)\n\n## Freedom of information\n\n### Freedom of Information Act (FOIA)\n**Jurisdiction**: United States\n**Run by**: Office of Government Information Services\n**Year**: 1974\n**Status**: Active\n**What it does (2–3 sentences)**: The FOIA allows public access to government documents and information, promoting transparency and accountability in government operations.\n**Why it matters to Australia**: The FOIA provides a long-standing model for freedom of information legislation that could enhance Australia’s FOI framework.\n**Find more**: [Freedom of Information Act](https://www.google.com/search?q=Freedom+of+Information+Act+USA)\n\n### UK Freedom of Information Act 2000\n**Jurisdiction**: United Kingdom\n**Run by**: Information Commissioner’s Office\n**Year**: 2000\n**Status**: Active\n**What it does (2–3 sentences)**: The UK Freedom of Information Act 2000 mandates public authorities to provide information to the public upon request, promoting transparency and accountability.\n**Why it matters to Australia**: The UK Act offers a mature framework for freedom of information that could inform Australia’s efforts to improve transparency.\n**Find more**: [UK Freedom of Information Act 2000](https://www.google.com/search?q=UK+Freedom+of+Information+Act+2000)\n\n## Consumer Data Right regulation\n\n### Consumer Data Right (CDR) in Australia\n**Jurisdiction**: Australia\n**Run by**: Australian Government\n**Year**: 2020\n**Status**: Active\n**What it does (2–3 sentences)**: The CDR is a regulatory framework designed to facilitate the secure sharing of consumer data across financial services, enhancing competition and innovation.\n**Why it matters to Australia**: As a domestic initiative, it provides a direct model for understanding and implementing similar frameworks.\n**Find more**: [Australian Consumer Data Right](https://www.google.com/search?q=Australian+Consumer+Data+Right)\n\n### Open Banking in the UK\n**Jurisdiction**: United Kingdom\n**Run by**: Financial Conduct Authority\n**Year**: 2018\n**Status**: Active\n**What it does (2–3 sentences)**: Open Banking allows banks and financial institutions to share customer data securely with third-party providers, promoting competition and innovation in the financial sector.\n**Why it matters to Australia**: The UK’s Open Banking initiative provides a model for regulating data sharing in financial services that Australia could consider.\n**Find more**: [UK Open Banking](https://www.google.com/search?q=UK+Open+Banking)\n\n## Advertising technology oversight\n\n### Data Protection and Digital Information Bill (DPDIB) in the UK\n**Jurisdiction**: United Kingdom\n**Run by**: UK Government\n**Year**: 2022\n**Status**: Active\n**What it does (2–3 sentences)**: The DPDIB aims to update data protection laws and introduce new measures to regulate advertising technology, including greater transparency and accountability for data use.\n**Why it matters to Australia**: The UK bill provides a contemporary approach to regulating advertising technology that could inform Australia’s oversight of ad tech.\n**Find more**: [UK Data Protection and Digital Information Bill](https://www.google.com/search?q=UK+Data+Protection+and+Digital+Information+Bill)\n\n### AdTech Regulatory Framework in Singapore\n**Jurisdiction**: Singapore\n**Run by**: Personal Data Protection Commission\n**Year**: 2020\n**Status**: Active\n**What it does (2–3 sentences)**: Singapore’s regulatory framework for advertising technology focuses on ensuring transparency and accountability in data use, protecting consumer privacy while fostering innovation.\n**Why it matters to Australia**: Singapore’s approach to ad tech regulation offers a model for balancing privacy protection with technological advancement.\n**Find more**: [Singapore AdTech Regulations](https://www.google.com/search?q=Singapore+AdTech+Regulations)\n\n*Note: These are LLM-knowledge claims, not scraped sources — verify before citing publicly.*", "strategy": { "reporting_period": "2023-24", "corporate_plan_period": "2025-26", "vision": null, "vision_source_page": null, "purposes": "To promote and uphold privacy and information access rights.", "purposes_source_page": 9, "how_we_deliver": "The OAIC promotes an organisational culture that supports best regulator practice. We are committed to supporting and building the capability of our staff, guided by four pillars which apply across all aspects of our work: We are proactive and adopt a risk-based, enforcement-focused posture. Our approach is proportionate to seek opportunities to engage and consult genuinely with stakeholders; provide up-to-date, clear and accessible guidance and information to assist regulated entities with compliance; be receptive to feedback and diverse stakeholder views; seek to increase transparency in decision-making processes, and seek continuous improvement against these principles.", "how_we_deliver_source_page": 10, "government_priorities": [ { "text": "Rights preservation in new and emerging technologies", "source_page": 16 }, { "text": "Rebalancing power and information asymmetries", "source_page": 16 }, { "text": "Ensuring timely access to government information", "source_page": 16 }, { "text": "Excessive collection and retention of personal information", "source_page": 16 }, { "text": "Systemic failures to enable timely access to government information", "source_page": 16 }, { "text": "Advertising technology (Ad tech) such as pixel tracking", "source_page": 16 } ], "outcomes": [ { "name": "Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions", "description": "The OAIC’s activities support the effective regulation of the Consumer Data Right (CDR) and the advancement of online privacy protections.", "key_activities": [ "Influence and uphold privacy and information access rights frameworks", "Advance online privacy protections for Australians", "Encourage and support proactive release of government information", "Take a contemporary, harms-based approach to regulation" ], "source_page": 7 } ], "values": [ "Independent", "Agile", "Engaged", "Targeted", "Expert" ], "values_framework_name": null, "kpi_targets_2025_26": [ { "code": "PRI01", "measure": "Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback", "target": "Baseline to be set", "source_page": 26 }, { "code": "PRI02", "measure": "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "target": "Baseline to be set", "source_page": 28 }, { "code": "FOI01", "measure": "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "target": "90%", "source_page": 30 }, { "code": "FOI02", "measure": "Initial assessments are completed and recorded on all proactive regulatory activities to ensure appropriate and proportionate regulatory responses", "target": "100%", "source_page": 31 } ], "kpi_results_2024_25": [ { "code": "PRI01", "measure": "Effectiveness of the OAIC’s contribution to the regulation of the Consumer Data Right (CDR) as measured by stakeholder feedback", "result": "71", "status": "Achieved", "source_page": 23 }, { "code": "PRI02", "measure": "Time taken to finalise privacy complaints", "result": "78%", "status": "Not achieved", "source_page": 23 }, { "code": "FOI01", "measure": "Percentage of FOI complaints finalised within 12 months", "result": "65%", "status": "Not achieved", "source_page": 26 }, { "code": "FOI02", "measure": "Time taken to finalise written privacy and information access enquiries from the public within 10 working days", "result": "97%", "status": "Achieved", "source_page": 26 } ], "_source_urls": { "annual_report_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "corporate_plan_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf" } }, "ideas": [ { "id": "foi-complaint-finalization", "idea_type": "kpi-recovery", "category": "Case Processing", "title": "Reduce FOI complaint finalization time", "scale": "Medium", "impact": "High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Public", "description": "Implement a targeted review and feedback loop for FOI complaints to reduce the time taken to finalise complaints.", "evidence_quote": "‘Time taken to finalise privacy complaints was 78% last year’ [AR p.23]", "source": "annual-reports/2023-24.pdf [AR p.23]", "implementation_steps": [ "Develop a feedback loop", "Train staff on new processes", "Monitor complaint finalization times" ], "risks_to_manage": [ "Resistance to change", "Increased workload" ] }, { "id": "adopt-global-privacy-checklist", "idea_type": "global-import", "category": "Regulation & Policy", "title": "Adopt EU’s Privacy Checklist", "scale": "Large", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Regulated entities", "description": "Adopt and adapt the EU’s Privacy Checklist to guide regulated entities in complying with Australian privacy laws.", "evidence_quote": "‘EU’s Privacy Checklist’ [global-intel/association-worldbank.org-governance.txt]", "source": "global-intel/association-worldbank.org-governance.txt", "implementation_steps": [ "Review EU’s Privacy Checklist", "Adapt checklist for Australian context", "Disseminate to regulated entities" ], "risks_to_manage": [ "Cultural differences", "Compliance costs" ] }, { "id": "foi-recommendation-acceptance", "idea_type": "strategy-execution", "category": "Case Processing", "title": "Increase acceptance of OAIC recommendations", "scale": "Large", "impact": "High", "effort": "High", "proof": "Plausible", "beneficiaries": "Public", "description": "Launch a targeted outreach and education program to increase the acceptance rate of OAIC recommendations following FOI complaint investigations.", "evidence_quote": "‘Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations target is 90%’ [CP p.30]", "source": "corporate-plans/2025-26.pdf [CP p.30]", "implementation_steps": [ "Develop outreach program", "Train staff on communication strategies", "Track recommendation acceptance rates" ], "risks_to_manage": [ "Agency resistance", "Resource allocation" ] }, { "id": "public-dashboard-foi-stats", "idea_type": "operational-fix", "category": "Data & Performance", "title": "Build public dashboard for FOI statistics", "scale": "Small", "impact": "Medium", "effort": "Medium", "proof": "Evidence-backed", "beneficiaries": "Public", "description": "Create a public dashboard showing weekly active-compliance-monitoring counts by FOI Act decision class.", "evidence_quote": "‘Time taken to finalise FOI complaints was 65% last year’ [AR p.26]", "source": "annual-reports/2023-24.pdf [AR p.26]", "implementation_steps": [ "Gather data", "Design dashboard", "Publish on OAIC website" ], "risks_to_manage": [ "Data accuracy", "Technical issues" ] }, { "id": "complaint-triage-system", "idea_type": "operational-fix", "category": "Case Processing", "title": "Implement complaint triage system", "scale": "Small", "impact": "High", "effort": "Medium", "proof": "Evidence-backed", "beneficiaries": "Staff", "description": "Develop a triage system to categorize and prioritize privacy and FOI complaints for faster resolution.", "evidence_quote": "‘Time taken to finalise privacy complaints was 78% last year’ [AR p.23]", "source": "annual-reports/2023-24.pdf [AR p.23]", "implementation_steps": [ "Design triage system", "Train staff", "Pilot and refine" ], "risks_to_manage": [ "Staff training", "System integration" ] }, { "id": "foi-response-report", "idea_type": "operational-fix", "category": "Data & Performance", "title": "Generate monthly FOI response report", "scale": "Small", "impact": "Medium", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Management", "description": "Generate a monthly report detailing the status of FOI complaint investigations and resolutions.", "evidence_quote": "‘Time taken to finalise FOI complaints was 65% last year’ [AR p.26]", "source": "annual-reports/2023-24.pdf [AR p.26]", "implementation_steps": [ "Define report metrics", "Automate data collection", "Disseminate report" ], "risks_to_manage": [ "Data collection errors", "Reporting delays" ] }, { "id": "privacy-policy-review", "idea_type": "strategy-execution", "category": "Regulation & Policy", "title": "Conduct annual review of privacy policies", "scale": "Large", "impact": "High", "effort": "High", "proof": "Plausible", "beneficiaries": "Regulated entities", "description": "Conduct an annual comprehensive review and update of privacy policies to ensure they align with current laws and best practices.", "evidence_quote": "‘Regulatory activities include reviewing decisions made under the FOI Act’ [CP p.10]", "source": "corporate-plans/2025-26.pdf [CP p.10]", "implementation_steps": [ "Review current policies", "Update policies", "Communicate changes" ], "risks_to_manage": [ "Policy compliance", "Resource allocation" ] }, { "id": "data-breach-dashboard", "idea_type": "operational-fix", "category": "Risk & Assurance", "title": "Create data breach dashboard", "scale": "Small", "impact": "High", "effort": "Medium", "proof": "Evidence-backed", "beneficiaries": "Public", "description": "Develop a real-time dashboard to display data breach incidents and OAIC’s response actions.", "evidence_quote": "‘Amendments were also made to the Australian Information Commissioner Act 2010 in line with the OAIC’s advice’ [pages/annual-reports-index__03.html]", "source": "pages/annual-reports-index__03.html", "implementation_steps": [ "Design dashboard", "Integrate data sources", "Publish on OAIC website" ], "risks_to_manage": [ "Data security", "Public trust" ] } ], "legislation_administered": [ { "title": "Australian Information Commissioner Act 2010", "year": "2010", "type": "Act", "role": "The OAIC administers this Act to promote and uphold privacy and information access rights.", "register_url": "https://www.legislation.gov.au/search?query=Australian%20Information%20Commissioner%20Act%202010" }, { "title": "Freedom of Information Act 1982", "year": "1982", "type": "Act", "role": "The OAIC administers this Act to protect and uphold the public’s right of access to documents.", "register_url": "https://www.legislation.gov.au/search?query=Freedom%20of%20Information%20Act%201982" }, { "title": "Privacy Act 1988", "year": "1988", "type": "Act", "role": "The OAIC administers this Act to protect individuals’ personal information.", "register_url": "https://www.legislation.gov.au/search?query=Privacy%20Act%201988" }, { "title": "Consumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019", "year": "2019", "type": "Instrument", "role": "The OAIC administers this instrument to regulate the Consumer Data Right.", "register_url": "https://www.legislation.gov.au/search?query=Consumer%20Data%20Right%20%28Authorised%20Deposit-Taking%20Institutions%29%20Designation%202019" }, { "title": "Consumer Data Right (Energy Sector) Designation 2020", "year": "2020", "type": "Instrument", "role": "The OAIC administers this instrument to regulate the Consumer Data Right in the energy sector.", "register_url": "https://www.legislation.gov.au/search?query=Consumer%20Data%20Right%20%28Energy%20Sector%29%20Designation%202020" }, { "title": "My Health Records Act 2012", "year": "2012", "type": "Act", "role": "The OAIC administers this Act to regulate My Health Record system.", "register_url": "https://www.legislation.gov.au/search?query=My%20Health%20Records%20Act%202012" }, { "title": "My Health Records Rules 2016", "year": "2016", "type": "Instrument", "role": "The OAIC administers these rules to regulate My Health Record system.", "register_url": "https://www.legislation.gov.au/search?query=My%20Health%20Records%20Rules%202016" }, { "title": "Digital ID Act 2024", "year": "2024", "type": "Act", "role": "The OAIC administers this Act to regulate the Digital ID system.", "register_url": "https://www.legislation.gov.au/search?query=Digital%20ID%20Act%202024" }, { "title": "Identity Verification Services Act 2023", "year": "2023", "type": "Act", "role": "The OAIC administers this Act to regulate identity verification services.", "register_url": "https://www.legislation.gov.au/search?query=Identity%20Verification%20Services%20Act%202023" } ], "artifacts": [ { "category": "annual-reports", "year": "2023-24", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "file": "annual-reports/2023-24.pdf", "bytes": 6060164, "link_text": "OAIC_Annual-Report-2023-24 (PDF, 5918 KB)" }, { "category": "annual-reports", "year": "2022-23", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0029/94295/OAIC_Annual-Report-2022-23.pdf", "file": "annual-reports/2022-23.pdf", "bytes": 5581065, "link_text": "Annual report 2022-23 (PDF, 5450 KB)" }, { "category": "annual-reports", "year": "2021-22", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0021/23097/OAIC_annual-report-2021-22_final.pdf", "file": "annual-reports/2021-22.pdf", "bytes": 4475382, "link_text": "Download the print version" }, { "category": "annual-reports", "year": "2020-21", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/10829/oaic-annual-report-2020-21.pdf", "file": "annual-reports/2020-21.pdf", "bytes": 7487371, "link_text": "Download the print version" }, { "category": "annual-reports", "year": "2019-20", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0021/9291/oaic-annual-report-2019-20.pdf", "file": "annual-reports/2019-20.pdf", "bytes": 6841446, "link_text": "Download the print version (PDF, 6681 KB)" }, { "category": "corporate-plans", "year": "2025-26", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "file": "corporate-plans/2025-26.pdf", "bytes": 5267348, "link_text": "Corporate plan 2025–26 (PDF, 5144 KB)" }, { "category": "corporate-plans", "year": "2024-25", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf", "file": "corporate-plans/2024-25.pdf", "bytes": 2205347, "link_text": "OAIC Corporate plan 2024–25 (PDF, 2154 KB)" }, { "category": "corporate-plans", "year": "2023-24", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf", "file": "corporate-plans/2023-24.pdf", "bytes": 8574440, "link_text": "Download the print version (PDF, 8373 KB)" }, { "category": "corporate-plans", "year": "2022-23", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf", "file": "corporate-plans/2022-23.pdf", "bytes": 13149584, "link_text": "Download the print version (PDF, 12841 KB)" }, { "category": "corporate-plans", "year": "2021-22", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf", "file": "corporate-plans/2021-22.pdf", "bytes": 6923091, "link_text": "Download the print version (PDF, 6761 KB)" }, { "category": "other-pdfs", "year": "2019", "url": "https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf", "file": "other-pdfs/agency-ra-2012-00305243.pdf", "bytes": 186265, "link_text": "OAIC’s Records Disposal Authority" }, { "category": "other-pdfs", "year": "2024-25", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0036/257769/OAIC_Annual-Report_Vol-1_2024-25.pdf", "file": "other-pdfs/OAIC_Annual-Report_Vol-1_2024-25.pdf", "bytes": 3878595, "link_text": "Annual report 2024-25 Volume 1 (PDF, 3788 KB)" }, { "category": "other-pdfs", "year": "2024-25", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0028/257770/OAIC_Annual-Report_Vol-2_2024-25.pdf", "file": "other-pdfs/OAIC_Annual-Report_Vol-2_2024-25.pdf", "bytes": 6150626, "link_text": "Annual report 2024-25 Volume 2 (PDF, 6006 KB)" } ], "_meta": { "snapshot_built_at": "2026-05-13T11:02:58+00:00", "strategy_brief_meta": { "model": "nova-micro", "folder": "Office-of-the-Australian-Information-Commissioner", "annual_report": { "file": "annual-reports\\2023-24.txt", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/243592/OAIC_Annual-Report-2023-24_Digital.pdf", "year": "2023-24" }, "corporate_plan": { "file": "corporate-plans\\2025-26.txt", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "year": "2025-26" }, "usage": { "input_tokens": 33270, "output_tokens": 1078, "total_tokens": 34348, "model": "nova-micro" }, "cost_usd": 0.0013153700000000002, "elapsed_seconds": 6.73, "generated_at": "2026-05-13T03:52:13+00:00" }, "ideas_manifest": { "folder": "Office-of-the-Australian-Information-Commissioner", "entity_id": "O-000792", "model": "nova-micro", "generated_at": "2026-05-13T03:52:36+00:00", "elapsed_seconds": 5.4, "usage": { "input_tokens": 5458, "output_tokens": 1680, "total_tokens": 7138, "model": "nova-micro" }, "cost_usd": 0.00042623000000000004, "n_ideas": 8, "inputs": { "overview_chars": 5561, "brief_chars": 955, "legis_chars": 91795 } }, "global_intel_meta": { "folder": "Office-of-the-Australian-Information-Commissioner", "entity_id": "O-000792", "model": "nova-micro", "usage": { "input_tokens": 2462, "output_tokens": 1381, "total_tokens": 3843, "model": "nova-micro" }, "cost_usd": 0.00027951, "elapsed_seconds": 4.68, "generated_at": "2026-05-13T03:52:48+00:00" } } }