{ "entity_id": "B-002201", "folder": "Privacy-Advisory-Committee", "name": "Privacy Advisory Committee", "type": "Statutory Body", "jurisdiction": "Commonwealth", "portfolio": "Attorney-General's", "website": "http://www.oaic.gov.au", "data_status": "rich", "completeness": { "has_strategy_brief": true, "has_strategy_structured": true, "has_vision": true, "has_kpi_targets": true, "has_kpi_results": false, "has_strategy_overview": true, "has_legislation_text": true, "has_legislation_structured": false, "has_global_initiatives_text": false, "has_ideas": true, "has_artifacts": true, "n_ideas": 12, "n_legislation": 0, "n_artifacts": 6, "n_kpi_targets": 7, "n_kpi_results": 0, "n_outcomes": 1, "verified_own_data": true }, "strategy_profile": { "status": "published", "confidence": "high", "summary": "To promote and uphold privacy and information access rights [CP p.6]", "official_site_url": "http://www.oaic.gov.au", "source_documents": [ { "type": "corporate_plan", "title": "Corporate plan 2025–26 (PDF, 5144 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "period": "2025-26", "confidence": "high" }, { "type": "corporate_plan", "title": "OAIC Corporate plan 2024–25 (PDF, 2154 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf", "period": "2024-25", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 8373 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf", "period": "2023-24", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 12841 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf", "period": "2022-23", "confidence": "high" }, { "type": "corporate_plan", "title": "Download the print version (PDF, 6761 KB)", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf", "period": "2021-22", "confidence": "high" } ], "purpose": { "text": "To promote and uphold privacy and information access rights [CP p.6]", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 6, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=6" }, "vision": { "text": "To increase public trust and confidence in the protection of personal information and access to government-held information [CP p.9]", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 9, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9" }, "strategic_priorities": [ { "title": "Rights preservation in new and emerging technologies", "description": "Rights preservation in new and emerging technologies", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Strengthening the information governance of the Australian Public Service", "description": "Strengthening the information governance of the Australian Public Service", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Rebalancing power and information asymmetries", "description": "Rebalancing power and information asymmetries", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" }, { "title": "Ensuring timely access to government information", "description": "Ensuring timely access to government information", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 16, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16" } ], "values": [ { "name": "integrity", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "accountability", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null }, { "name": "transparency", "description": "", "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": null } ], "outcomes": [ { "name": "Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions", "description": "The OAIC aims to be a responsive regulator. We use our full regulatory toolkit across education, compliance and enforcement to achieve effective regulatory outcomes. We use education and persuasion to encourage and promote compliance. If necessary, we use coercive and compulsory powers to enforce privacy obligations and information access rights [CP p.10]", "activities": [ "Influence and uphold privacy and information access rights frameworks", "Advance online privacy protections for Australians", "Encourage and support proactive release of government information", "Take a contemporary, harms-based approach to regulation" ], "source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "source_page": 7, "source_deep_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7" } ], "performance_measures": [ { "code": "Measure 1", "measure": "Change of percentage of OAIC case load that is greater than 12 months", "target": "26–27 Target: 27–28 Target: 28–29 Target: Baseline to be set", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 26, "result_source_url": "", "result_source_page": null }, { "code": "Measure 2", "measure": "Percentage of cases finalised within time standards", "target": "80%", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 27, "result_source_url": "", "result_source_page": null }, { "code": "Measure 3", "measure": "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "target": "Baseline to be set Prior years result maintained or exceeded", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 28, "result_source_url": "", "result_source_page": null }, { "code": "Measure 4", "measure": "Effectiveness of the OAIC’s contribution to the advancement of online privacy protections and policy advice", "target": "Prior years result exceeded", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 29, "result_source_url": "", "result_source_page": null }, { "code": "Measure 5", "measure": "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "target": "90%", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 30, "result_source_url": "", "result_source_page": null }, { "code": "Measure 6", "measure": "Initial assessments are completed and recorded on all proactive regulatory activities", "target": "100%", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 31, "result_source_url": "", "result_source_page": null }, { "code": "Measure 7", "measure": "OAIC staff consider they have the skills, capabilities and knowledge to perform well", "target": "80%", "latest_result": "", "status": "", "target_source_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "target_source_page": 32, "result_source_url": "", "result_source_page": null } ], "document_alignment_terms": { "must_support": [ "To promote and uphold privacy and information access rights [CP p.6]", "To increase public trust and confidence in the protection of personal information and access to government-held information [CP p.9]", "Rights preservation in new and emerging technologies", "Strengthening the information governance of the Australian Public Service", "Rebalancing power and information asymmetries", "Ensuring timely access to government information" ], "watch_terms": [ "Change of percentage of OAIC case load that is greater than 12 months", "Percentage of cases finalised within time standards", "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "Effectiveness of the OAIC’s contribution to the advancement of online privacy protections and policy advice", "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "Initial assessments are completed and recorded on all proactive regulatory activities", "OAIC staff consider they have the skills, capabilities and knowledge to perform well" ], "avoid_claiming_without_evidence": [] }, "review_note": "" }, "strategy_brief_md": "# Privacy Advisory Committee — Strategy Brief\n\n**Reporting period**: 2024-25\n**Corporate plan in force**: 2025-26\n**Corporate Plan**: [2025-26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)\n\n## Vision\n\n> To increase public trust and confidence in the protection of personal information and access to government-held information [CP p.9](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9) [[CP p.9](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)]\n\n## Our purpose / purposes\n\n> To promote and uphold privacy and information access rights [CP p.6](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=6) [[CP p.6](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=6)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=6)]\n\n## How we deliver\n\n> The OAIC uses its full regulatory toolkit across education, compliance and enforcement to achieve effective regulatory outcomes. We use education and persuasion to encourage and promote compliance. If necessary, we use coercive and compulsory powers to enforce privacy obligations and information access rights [CP p.9](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9) [[CP p.9](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=9)]\n\n## Government priorities for this department\n\n- Rights preservation in new and emerging technologies [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Strengthening the information governance of the Australian Public Service [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Rebalancing power and information asymmetries [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n- Ensuring timely access to government information [[CP p.16](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=16)]\n\n## Outcomes\n\n### Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions\nThe OAIC aims to be a responsive regulator. We use our full regulatory toolkit across education, compliance and enforcement to achieve effective regulatory outcomes. We use education and persuasion to encourage and promote compliance. If necessary, we use coercive and compulsory powers to enforce privacy obligations and information access rights [CP p.10](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=10) [[CP p.7](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=7)]\n\n**Key activities:**\n- Influence and uphold privacy and information access rights frameworks\n- Advance online privacy protections for Australians\n- Encourage and support proactive release of government information\n- Take a contemporary, harms-based approach to regulation\n\n## Values and principles\n\n- integrity\n- accountability\n- transparency\n\n## What they will measure themselves on this year (targets from 2025-26 corporate plan)\n\n| Code | Measure | Target | Source |\n|---|---|---|---|\n| Measure 1 | Change of percentage of OAIC case load that is greater than 12 months | 26–27 Target: 27–28 Target: 28–29 Target: Baseline to be set | [CP p.26](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=26)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=26) |\n| Measure 2 | Percentage of cases finalised within time standards | 80% | [CP p.27](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=27)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=27) |\n| Measure 3 | Percentage of regulated entities that report satisfaction with OAIC guidance and resources | Baseline to be set Prior years result maintained or exceeded | [CP p.28](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=28)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=28) |\n| Measure 4 | Effectiveness of the OAIC’s contribution to the advancement of online privacy protections and policy advice | Prior years result exceeded | [CP p.29](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=29)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=29) |\n| Measure 5 | Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations | 90% | [CP p.30](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=30)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=30) |\n| Measure 6 | Initial assessments are completed and recorded on all proactive regulatory activities | 100% | [CP p.31](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=31)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=31) |\n| Measure 7 | OAIC staff consider they have the skills, capabilities and knowledge to perform well | 80% | [CP p.32](https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=32)(https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf#page=32) |", "strategy_overview_evidence_md": null, "internal_strategy_evidence_md": "# Privacy Advisory Committee - Strategy, Performance, and Operating Profile\n\n**Generated at**: 2026-05-09T22:11:35.496335+00:00\n**Entity ID**: B-002201\n**Entity type**: Statutory Body\n**Jurisdiction**: Commonwealth\n**Portfolio**: Attorney-General's\n**Website**: http://www.oaic.gov.au\n\n> Draft generated from scraped source material. Treat this as an evidence pack for editorial review, not a final judgement.\n\n## Source Coverage\n\n| Source type | Count |\n|---|---:|\n| corporate-plans | 5 |\n| other-pdfs | 1 |\n| pages | 16 |\n\n## Executive Readout\n\n### Purpose\n\n- 9\nRisk management ....................................................................................................................10\nPart 2: Our vision, purpose and key activities ...............................................................................13\nKey activity 1 .............................................................................................................................15\nKey activity 2 .............................................................................................................................16\nKey activity 3 .............................................................................................................................17\nKey activity 4 .............................................................................................................................17\nPerformance measurement framework ............................\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- 7\nOur environment ............................................................................................8\nOur capability ...............................................................................................13\nOur cooperation and collaboration .............................................................14\nRisk oversight and management .................................................................17\nPart 2 Our vision, purpose and key activities ..................................\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [Page 9]\nPart 1: Our vision, purpose and key activities\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth Australian\nInformation Commissioner Act 2010 (AIC Act), Freedom of Information Act 1982 (FOI Act), Privacy Act 1988 and\nother laws.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.7: Intended result 2\nPBS 2024–25 outcome PBS 2024–25 program Corporate plan 2024–25 Corporate plan 2024–25\nstatement purpose key activities\nOutcome 1: Provision Program 1.1: Complaint To promote and uphold privacy Influence and uphold privacy\nof public access to handling, compliance and and information access rights and information access rights\nCommonwealth Government monitoring, and education frameworks\ninformation, protection and promotion\nof individuals’ personal\ninformation, and performance\nof Information Commissioner,\nAdvance online privacy\nfreedom of information and\nprotections for Australians\nprivacy functions\nEncourage and support\nproactive release of\ngovernment information\nTake a contemporary,\nharms-based approach\nto regulation.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n\n### Role and Functions\n\n- [Page 7]\nSnapshot\nEnvironment, capabilities, risk\nand stakeholder engagement\nPurpose Corporate Plan\nTo promote and uphold privacy and\nKey activities\ninformation access rights\n• Influence and uphold privacy and\ninformation access rights frameworks\n• Advance online privacy protections\nfor Australians\n• Encourage and support access to\ngovernment information\nEnabling legislation\n• Take a contemporary, harms-based\n• Australian Information Commissioner Act 2010 approach to regulation\n• Freedom of Information Act 1982\nPerformance measures\n• Privacy Act 1988\n• Change of percentage of OAIC case load that is\n• Almost 40 other pieces of legislation conferring\ngreater than 12 months\nfunctions on the Information Commissioner\n• Percentage of cases finalised within specified\ntime standards\n• Percentage of regulated entities that report\nsatisfaction with OAIC guidance and resources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [pages 8,9,10,11]\nulator best practice accepted by agencies following FOI\ncomplaint investigations\n• Initial assessments are completed and\nrecorded on all proactive regulatory activities\nto ensure appropriate and proportionate\nregulatory responses\n• OAIC staff consider they have the skills,\nPortfolio Budget Statements capabilities and knowledge to perform well,\nOutcome 1 enabling the OAIC to deliver expert service\nProvision of public access to Commonwealth\nGovernment information, protection of individuals’\npersonal information, and performance of\nInformation Commissioner, freedom of information\nand privacy functions\nProgram 1.1 Annual Performance Statements\nComplaints handling, compliance and monitoring Assessment of performance in\nand education and promotion achieving our purpose\n7\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 32]\nOAIC Corporate plan 2025–26\nPerformance\nOAIC staff consider they have the skills, capabilities and knowledge to perform well, enabling\nMeasure 7\nthe OAIC to deliver expert service\nIntended result:\nThe OAIC’s approach to our regulatory role is consistent with better practice principles\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\n80% 80% 80% 80%\nRationale:\nThis measures the OAIC’s effectiveness at building staff capability and knowledge to ensure the OAIC can deliver\nexpert service when undertaking its regulatory functions.\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 7]\nNational Archives of Australia - Office of the Australian Information Commissioner 2016\nRecords Authority 2012/00305243 as amended by 2015/00609396\nAWARENESS AND EDUCATION\nClass no Description of records Disposal action\n61062 Records documenting : Retain as\nnational archives\n• final versions of addresses (speeches) made by the Minister or senior\nAgency officers at major functions to promote information policy, FOI or\nprivacy-related laws, reforms, rights or responsibilities;\n• intergovernmental agreements for the provision of awareness and\neducation services, including agreements with agencies of other\ngovernments and Memoranda of Understanding.\n Source: `other-pdfs/agency-ra-2012-00305243.pdf (https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf)`\n- [Page 20]\n18\nStrategic Priority 1: Advance online privacy protections for Australians\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n1.1 Australia’s privacy (1) The OAIC advises Qualitative: The • • • •\nframeworks are fit for government on OAIC identifies\npurpose in the digital privacy in the where online\nage online environment issues and global\nand global interoperability\ninteroperability are referenced and\nwhere appropriate makes submissions\nwhere appropriate\n(2) Online Privacy Code is registered •\nCode is developed\n1.2 The OAIC is a (1) The OAIC has a Active participation • • • •\nleader in the global leadership role in key in the Global Privacy\nprivacy community international policy Assembly and the\nto support the forums Asia Pacific Privacy\ndevelopment and Authorities forum\nenforcement of\nstrong international\nonline privacy\nprotections\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 25]\n23\nPart\n2:\nOur\nstrategic\npriorities\nIndicators Measure Target 2020–21 2021–22 2022–23 2023–24\n2.7 Resolve FOI Time taken 80% of FOI • • • •\ncomplaints to resolve FOI complaints are\ncomplaints finalised within 12\nmonths*\n2.8 Improve agencies’ Agencies accept 90% of • • • •\nprocesses for and implement recommendations\nmanaging FOI recommendations made are accepted\nrequests made following\ncomplaint\ninvestigations\n2.9 The OAIC promotes The OAIC leads 2 major campaigns • • • •\nawareness of privacy campaigns such as undertaken each\nand access to International Access year\ninformation to Information\nDay and Privacy\nAwareness Week\n2.10 The OAIC promotes Education and Information on • • • •\nawareness of awareness materials the OAIC website\nConsumer Data Right are developed and is updated when\n(CDR) privacy rights promoted required by CDR\ndevelopments\n2.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n\n### Strategic Priorities\n\n- Key activities\nWe have identified three key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 1.\n Source: `pages/corporate-plans-index__07.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified four key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 2.\n Source: `pages/corporate-plans-index__07.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified two key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 3.\n Source: `pages/corporate-plans-index__07.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- Key activities\nWe have identified two key focus areas in 2020–21 to 2023–24 specific to Strategic Priority 4.\n Source: `pages/corporate-plans-index__07.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021)`\n- 9\nCapabilities ...............................................................................................................................11\nRisk management ...................................................................................................................12\nCooperation and collaboration ............................................................................................14\nRegulator Performance Guide ..............................................................................................15\nPart 2: Our strategic priorities ............................................................................................................16\nStrategic Priority 1 ...................................................................................................................17\nStrategic Priority 2 ...................................................................\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 20]\n18\nStrategic Priority 1: Advance online privacy protections for Australians\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n1.1 Australia’s privacy (1) The OAIC advises Qualitative: The • • • •\nframeworks are fit for government on OAIC identifies\npurpose in the digital privacy in the where online\nage online environment issues and global\nand global interoperability\ninteroperability are referenced and\nwhere appropriate makes submissions\nwhere appropriate\n(2) Online Privacy Code is registered •\nCode is developed\n1.2 The OAIC is a (1) The OAIC has a Active participation • • • •\nleader in the global leadership role in key in the Global Privacy\nprivacy community international policy Assembly and the\nto support the forums Asia Pacific Privacy\ndevelopment and Authorities forum\nenforcement of\nstrong international\nonline privacy\nprotections\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 24]\n22\nStrategic Priority 2: Influence and uphold privacy and information\naccess rights frameworks\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n2.1 The OAIC identifies, The OAIC Qualitative: The OAIC • • • •\nscrutinises and influences policy makes submissions\nadvances policy and and lawmakers to and completes bill\nlegislative reform support privacy and scrutiny tasks\nproposals information access\nrights\n2.2 Respond to privacy Time taken to 90% of written • • • •\nand information finalise written enquiries are\naccess enquiries enquiries finalised within 10\nfrom the public working days\n2.3 Resolve privacy Time taken to 80% of privacy • • • •\ncomplaints finalise privacy complaints are\ncomplaints finalised within 12\nmonths*\n2.4 Ensure timely (1) Time taken to 80% of NDBs are • • • •\nhandling of data resolve Notifiable finalised within 60\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 28]\n26\nKey activity 2: Influence information management framework\n2021–22 2022–23 2023–24 2024–25\nProvide advice to government about FOI and information management ✓ ✓ ✓ ✓\nParticipate in international information access forums ✓ ✓ ✓ ✓\nStrategic Priority 3: Encourage and support proactive release\nof government information\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n3.1 Agencies publish The OAIC actively The OAIC hosts 2 • • • •\nmore government- promotes proactive Information Contact\nheld information publication Officers Network\nproactively events and publishes\nresources\n3.2 The OAIC identifies The OAIC Qualitative: The OAIC • • • •\nand scrutinises influences policy makes submissions\npolicy and legislative and lawmakers and completes bill\nreform proposals in in relation to scrutiny tasks\nrelation to Australia’s the information\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [pages 28,29,30,32]\nent ✓ ✓ ✓ ✓\nParticipate in international information access forums ✓ ✓ ✓ ✓\nStrategic Priority 3: Encourage and support proactive release\nof government information\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n3.1 Agencies publish The OAIC actively The OAIC hosts 2 • • • •\nmore government- promotes proactive Information Contact\nheld information publication Officers Network\nproactively events and publishes\nresources\n3.2 The OAIC identifies The OAIC Qualitative: The OAIC • • • •\nand scrutinises influences policy makes submissions\npolicy and legislative and lawmakers and completes bill\nreform proposals in in relation to scrutiny tasks\nrelation to Australia’s the information\ninformation management\nmanagement frameworks\nframework\nOAIC Corporate Plan 2021–22\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 30]\n28\nKey activity 2: Build internal capability\n2021–22 2022–23 2023–24 2024–25\nFinalise and implement revised capability approach ✓ ✓\nImplement data management strategy ✓ ✓\nEmbed revised governance approach ✓ ✓\nBuild and maintain internal communication ✓ ✓ ✓ ✓\nStrategic Priority 4: Contemporary approach to regulation\nKey Performance Indicators\nIndicators Measure Target 2020–21 2021–22 2022–23 2023–24\n4.1 The OAIC takes Regulatory Action (i) RAC meets 8 times • • • •\ntimely and effective Committee (RAC) annually\nregulatory action in meets regularly\n(ii) RAC decisions\nrelation to strategic and provides clear\ntake into account\nprivacy and access to direction\nOAIC stated priorities\ninformation risks\n4.2 Improved employee Positive rates against Improvement • • • •\nengagement APS Employee on previous year\nCensus (Strive, Stay, (positive variance)\nSay index)\n4.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n\n## KPIs, Targets, and Where They Are At\n\n- Table 3.1: Intended result 1.1\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n1.1 Effectiveness of the Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the exceeded exceeded exceeded survey conducted\nregulation of the CDR as by an independent\nmeasured by stakeholder professional\nfeedback provider\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nIntended result 1.2 is the OAIC’s activities support the effective regulation of the Digital ID system.\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.2: Intended result 1.2\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n1.2 Effectiveness of the Baseline result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the established exceeded exceeded survey conducted\nregulation of the by an independent\nDigital ID system as professional\nmeasured by provider\nstakeholder feedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 39\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.4: Intended result 2\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n2.1 Effectiveness of the Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nOAIC’s contribution to the exceeded exceeded exceeded survey conducted\nadvancement of online by an independent\nprivacy protections professional\nand policy advice as provider\nmeasured by stakeholder\nfeedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 41\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Table 3.5: Intended result 3\nPerformance measure 2024–25 target 2025–26 target 2026–27 target Methodology/ Type\ndata source\n3.1 Percentage of OAIC 90% 90% 90% OAIC information Effectiveness\nrecommendations management\naccepted by agencies system\nfollowing FOI complaint\ninvestigations\n3.2 Effectiveness of Prior year’s result Prior year’s result Prior year’s result Annual stakeholder Effectiveness\nthe OAIC’s advice exceeded exceeded exceeded survey conducted\nand guidance on FOI by an independent\nobligations and the professional\nInformation Publication provider\nScheme in supporting\ngovernment agencies\nto provide public access\nto government-held\ninformation, as measured\nby stakeholder feedback\nMetric: Average\nperformance rating from\nstakeholders based on a\ncomposite survey-based\nperformance index\nOAIC Corporate plan 2024–25 42\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Each measure\ndifference or results we want to achieve in relation\nis based on data and records that will be relied on in\nto our key activities\nthe OAIC’s performance statements to report on the\n• performance measures we use to evaluate our measures.\nprogress towards the intended results\nOur performance management framework is reflected\n• targets that describe the results we are aiming for in\nin our 2025–26 portfolio budget statement (PBS).\neach performance measure\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nMeasure 1 Change of percentage of OAIC case load that is greater than 12 months\nIntended result:\nThe OAIC’s regulatory outputs are timely\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\nBaseline to be set Prior years result Prior years result Prior years result\nmaintained or exceeded maintained or exceeded maintained or exceeded\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- Table 3.1: Intended result 1.1\nPerformance measure\n2024–25 target\n2025–26 target\n2026–27 target\nMethodology/ data source\nType\n1.1\nEffectiveness of the OAIC’s contribution to the regulation of the CDR as measured by stakeholder feedback\nMetric: Average performance rating from stakeholders based on a composite survey-based performance index\nPrior year’s result exceeded\nPrior year’s result exceeded\nPrior year’s result exceeded\nAnnual stakeholder survey conducted by an independent professional provider\nEffectiveness\nIntended result 1.2 is the OAIC’s activities support the effective regulation of the Digital ID system.\n Source: `pages/corporate-plans-index__00.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25)`\n- Table 3.2: Intended result 1.2\nPerformance measure\n2024–25 target\n2025–26 target\n2026–27 target\nMethodology/ data source\nType\n1.2\nEffectiveness of the OAIC’s contribution to the regulation of the Digital ID system as measured by stakeholder feedback\nMetric: Average performance rating from stakeholders based on a composite survey-based performance index\nBaseline result established\nPrior year’s result exceeded\nPrior year’s result exceeded\nAnnual stakeholder survey conducted by an independent professional provider\nEffectiveness\nIntended result 1.3 is the OAIC’s regulatory outputs are timely.\n Source: `pages/corporate-plans-index__00.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25)`\n- Table 3.4: Intended result 2\nPerformance measure\n2024–25 target\n2025–26 target\n2026–27 target\nMethodology/ data source\nType\n2.1\nEffectiveness of the OAIC’s contribution to the advancement of online privacy protections and policy advice as measured by stakeholder feedback\nMetric: Average performance rating from stakeholders based on a composite survey-based performance index\nPrior year’s result exceeded\nPrior year’s result exceeded\nPrior year’s result exceeded\nAnnual stakeholder survey conducted by an independent professional provider\nEffectiveness\nKey activity 3: Encourage and support proactive release of government information\nIntended result 3 is the OAIC’s activities support Australian Government agencies to provide quick access to information requested and at the lowest reasonable cost, and proactively publish information of interest to the community.\n Source: `pages/corporate-plans-index__00.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25)`\n- Table 3.5: Intended result 3\nPerformance measure\n2024–25 target\n2025–26 target\n2026–27 target\nMethodology/ data source\nType\n3.1\nPercentage of OAIC recommendations accepted by agencies following FOI complaint investigations\n90%\n90%\n90%\nOAIC information management system\nEffectiveness\n3.2\nEffectiveness of the OAIC’s advice and guidance on FOI obligations and the Information Publication Scheme in supporting government agencies to provide public access to government-held information, as measured by stakeholder feedback\nMetric: Average performance rating from stakeholders based on a composite survey-based performance index\nPrior year’s result exceeded\nPrior year’s result exceeded\nPrior year’s result exceeded\nAnnual stakeholder survey conducted by an independent professional provider\nEffectiveness\nKey activity 4: Take a contemporary, harms-based approach to regulation\n Source: `pages/corporate-plans-index__00.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25)`\n- [Page 23]\n21\nPart\n3:\nPerformance\nmeasurement\nframework\nIntended Result 1.1 – The OAIC’s activities support the effective regulation\nof the Consumer Data Right\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.1 Baseline to be Baseline result Prior year's Prior year's Annual Effectiveness\nEffectiveness established exceeded result exceeded result exceeded stakeholder\nof the OAIC’s survey\ncontribution conducted by\nto the an independent\nregulation of professional\nthe Consumer provider\nData Right as\nmeasured by\nstakeholder\nfeedback\nMetric: Average\nperformance\nrating from\nstakeholders\nbased on a\ncomposite\nsurvey-based\nperformance\nindex\nIntended Result 1.2 – The OAIC’s regulatory outputs are timely\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.2.\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- [Page 24]\n22\nIntended Result 1.2 – The OAIC’s regulatory outputs are timely (cont)\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.2.3 Time 80% of NDBs 80% of NDBs 80% of NDBs 80% of NDBs OAIC Output\ntaken to finalise are finalised are finalised are finalised are finalised information\nPBS measure\nNotifiable within 60 day within 60 days within 60 days within 60 days management\nData Breaches system\n(NDBs)\n1.2.4 Time 80% of My 80% of My 80% of My 80% of My OAIC Output\ntaken to Health Record Health Record Health Record Health Record information\nPBS measure\nfinalise My notifications notifications notifications notifications management\nHealth Record are finalised are finalised are finalised are finalised system\nnotifications within 60 days within 60 days within 60 days within 60 days\n1.2.\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended Result 2 – The OAIC’s activities support innovation and capacity\nfor Australian businesses to benefit from using data, while minimising\nprivacy risks for the community\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n2.1 Baseline to be Baseline result Prior years’ Prior year's Annual Effectiveness\nEffectiveness established exceeded results result exceeded stakeholder\nof the OAIC’s exceeded exceeded survey\ncontribution conducted by\nto the an independent\nadvancement professional\nof online provider\nprivacy\nprotections and\npolicy advice\nas measured\nby stakeholder\nfeedback\nMetric: Average\nperformance\nrating from\nstakeholders\nbased on a\ncomposite\nsurvey-based\nperformance\nindex\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended Result 3 – The OAIC’s activities support Australian Government\nagencies to provide quick access to information requested and at the\nlowest reasonable cost, and proactively publish information of interest to\nthe community\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n3.1 Percentage of OAIC 90% 90% 90% 90% OAIC Effectiveness\nrecommendations information\naccepted by management\nagencies following system\nFOI complaint\ninvestigations\n3.2 Effectiveness of Baseline to be Baseline Baseline result Baseline Annual Effectiveness\nOAIC’s advice and established result exceeded result stakeholder\nguidance on FOI exceeded exceeded survey\nobligations and conducted by\nthe Information an independent\nPublication Scheme professional\nin supporting provider\ngovernment agencies\nto provide public\naccess to government-\nheld information,\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended Result 4 – The OAIC’s approach to its regulatory role is consistent\nwith better practice principles\nPerformance 22–23 target 23–24 target 24–25 target 25–26 targe Methodology/ Type\nmeasure data source\n4.1 Stakeholder Baseline to be Baseline Prior year's Prior year's Annual Effectiveness\nassessment of established result result exceeded result exceeded stakeholder\nthe extent to exceeded survey\nwhich the OAIC’s conducted by\nregulatory activities an independent\ndemonstrate a professional\ncommitment provider\nto continuous\nimprovement and\nbuilding trust\nMetric: Average\nperformance rating\nfrom stakeholders\nbased on a\ncomposite survey-\nbased performance\nindex\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n\n## Key Metrics\n\n| Values found | Evidence | Source |\n|---|---|---|\n| $44.3 million, 44.3 million | Our capabilities received further support in the 2023–\n24 Federal Budget when the OAIC was allocated an\nThe appointment of a standalone Privacy additional $44.3 million over 4 years to support privacy\nCommissioner will bolster the OAIC’s ability to carry activities, including work responding to the increased\nout our important statutory functions, and reflects complexity, scale and impact of notifiable data\nthe increasing complexity and volume of | `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)` |\n| $44.3 million, 44.3 million | Our capabilities received further support in the 2023–24 Federal Budget when the OAIC was allocated an additional $44.3 million over 4 years to support privacy activities, including work responding to the increased complexity, scale and impact of notifiable data breaches, as reflected in recent large-scale breaches. | `pages/corporate-plans-index__04.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202324)` |\n| $9.2 million, 9.2 million | In\nare addressed by Australia’s privacy and information addition, the Budget allocated $9.2 million over 2 years\naccess regulator. to continue regulating privacy aspects of the Consumer\nData Right (CDR), My Health Record and Digital Identity. | `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)` |\n| $9.2 million, 9.2 million | In addition, the Budget allocated $9.2 million over 2 years to continue regulating privacy aspects of the Consumer Data Right (CDR), My Health Record and Digital Identity. | `pages/corporate-plans-index__04.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202324)` |\n| $950,000 | Our targets for 2024–25 focus on reduced\noutsourcing of work across several Job Families\nIn alignment with the Australian Public Service including Administration, Legal and Parliamentary,\nCommission’s Highly Capable, Future-Ready: APS and Portfolio Program and Project Management,\nLearning and Development Strategy, we invest with an expected reduction of $950,000 in 2024–25 in\nin development opportunities for our people by outsourcing expenditure. | `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)` |\n| $50 million, $2.5million, 50 million, 2.5million | Under section 13G of the Privacy Act the maximum penalty for serious interference with the privacy of an individual are:\nfor a body corporate, the greatest of either:\n$50 million; or\nthe value of any benefit the relevant court has determined that the body corporate, or any body corporate related to it, has obtained directly or indirectly that is reasonably attributable to the contravention, multiplied by three;\nor if the court cannot determine th | `pages/news-latest.html (http://www.oaic.gov.au/news)` |\n\n## Key Achievements\n\n- [Page 29]\n27\nPart\n3:\nPerformance\nmeasurement\nframework\nPerformance 22–23 target 23–24 target 24–25 target 25–26 targe Methodology/ Type\nmeasure data source\n4.4 Number of Targets not Targets not Targets not Targets not Data snapshot Effectiveness\nstakeholder appropriate appropriate appropriate due appropriate demonstrating\nengagement due to due to to fluctuations due to key formal\nactivities fluctuations fluctuations in nature and fluctuations engagements\nin nature and in nature and complexity in nature and supplemented\nMetric: Number of\ncomplexity complexity of policy complexity by case studies\nactivities delivered\nof policy of policy environment in of policy to demonstrate\nvia different\nenvironment environment any given year environment in breadth,\nengagement\nin any given in any given any given year variety and\nmechanisms\nyear year effectiveness\nof engagement\nactivities and\nmodes of\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- [Page 37]\nPerformance 23–24 target 24–25 target 25–26 target 26–27 target Methodology/ Type\nmeasure data source\n4.3 Stakeholder 2022–23 Prior year’s Prior year's Prior year's Annual Effectiveness\nassessment of the baseline result result result result stakeholder\nextent to which the exceeded exceeded exceeded exceeded survey\nOAIC’s regulatory conducted\nactivities are based by an\non risk and data independent\nprofessional\nMetric: Average\nprovider\nperformance rating\nfrom stakeholders\nis based on a\ncomposite survey-\nbased performance\nindex\n4.4 Number Targets not Targets not Targets not Targets not Data snapshot Effectiveness\nof stakeholder appropriate appropriate appropriate appropriate demonstrating\nengagement due to due to due to due to key formal\nactivities fluctuations fluctuations fluctuations fluctuations engagements\nin nature and in nature and in nature and in nature and supplemented\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [pages 37,38,39,40]\nure and in nature and in nature and supplemented\nMetric: Number of\ncomplexity complexity complexity complexity by case\nactivities delivered\nof policy of policy of policy of policy studies to\nvia different\nenvironment in environment environment environment demonstrate\nengagement\nany given year in any given in any given in any given breadth,\nmechanisms\nyear year year variety and\neffectiveness\nof engagement\nactivities and\nmodes of\ndelivery\n4.5 Average Lower than Lower than Lower than Lower than OAIC Efficiency\ncall duration baseline result prior year’s prior year’s prior year’s information\nof telephone result result result management\nenquiries to system\nthe OAIC public\nenquiry line\n37\nOAIC Corporate plan 2023–24\nPart\n3\nPerformance\nmeasurement\nframework\nPart\n3\nPerformance\nmeasurement\nframework\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [Page 7]\nSnapshot\nEnvironment, capabilities, risk\nand stakeholder engagement\nPurpose Corporate Plan\nTo promote and uphold privacy and\nKey activities\ninformation access rights\n• Influence and uphold privacy and\ninformation access rights frameworks\n• Advance online privacy protections\nfor Australians\n• Encourage and support access to\ngovernment information\nEnabling legislation\n• Take a contemporary, harms-based\n• Australian Information Commissioner Act 2010 approach to regulation\n• Freedom of Information Act 1982\nPerformance measures\n• Privacy Act 1988\n• Change of percentage of OAIC case load that is\n• Almost 40 other pieces of legislation conferring\ngreater than 12 months\nfunctions on the Information Commissioner\n• Percentage of cases finalised within specified\ntime standards\n• Percentage of regulated entities that report\nsatisfaction with OAIC guidance and resources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [pages 8,9,10,11]\nulator best practice accepted by agencies following FOI\ncomplaint investigations\n• Initial assessments are completed and\nrecorded on all proactive regulatory activities\nto ensure appropriate and proportionate\nregulatory responses\n• OAIC staff consider they have the skills,\nPortfolio Budget Statements capabilities and knowledge to perform well,\nOutcome 1 enabling the OAIC to deliver expert service\nProvision of public access to Commonwealth\nGovernment information, protection of individuals’\npersonal information, and performance of\nInformation Commissioner, freedom of information\nand privacy functions\nProgram 1.1 Annual Performance Statements\nComplaints handling, compliance and monitoring Assessment of performance in\nand education and promotion achieving our purpose\n7\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- Each measure\ndifference or results we want to achieve in relation\nis based on data and records that will be relied on in\nto our key activities\nthe OAIC’s performance statements to report on the\n• performance measures we use to evaluate our measures.\nprogress towards the intended results\nOur performance management framework is reflected\n• targets that describe the results we are aiming for in\nin our 2025–26 portfolio budget statement (PBS).\neach performance measure\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nMeasure 1 Change of percentage of OAIC case load that is greater than 12 months\nIntended result:\nThe OAIC’s regulatory outputs are timely\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\nBaseline to be set Prior years result Prior years result Prior years result\nmaintained or exceeded maintained or exceeded maintained or exceeded\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [Page 31]\nOAIC Corporate plan 2025–26\nPerformance\nKey activity 4\nTake a contemporary, harms-based approach to regulation\nInitial assessments are completed and recorded on all proactive regulatory activities to\nMeasure 6\nensure appropriate and proportionate regulatory responses\nIntended result:\nThe OAIC’s approach to our regulatory role is consistent with better practice principles\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\n100% 100% 100% 100%\nRationale:\nThis measure demonstrates the OAIC’s efficiency in ensuring the right regulatory tool and proportionate\nresponse is selected in a timely way, and that the OAIC applies regulator best practice principles.\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- [pages 29,30,31,32]\nto fluctuations due to key formal\nactivities fluctuations fluctuations in nature and fluctuations engagements\nin nature and in nature and complexity in nature and supplemented\nMetric: Number of\ncomplexity complexity of policy complexity by case studies\nactivities delivered\nof policy of policy environment in of policy to demonstrate\nvia different\nenvironment environment any given year environment in breadth,\nengagement\nin any given in any given any given year variety and\nmechanisms\nyear year effectiveness\nof engagement\nactivities and\nmodes of\ndelivery\n4.5 Average Baseline to be Lower than Lower than prior Lower than OAIC Efficiency\ncall duration established baseline year's result prior year's information\nof telephone result result management\nenquiries to system\nthe OAIC public\nenquiry line\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Our operating environment\nOur ambition\nPurpose\nThe reason the OAIC exists\nVision\nWhat future success looks like\nGuiding principles\nOur ideals\nHow will we achieve our ambition\nStrategic priorities\nThe OAIC's most important priorities over the period of the plan\nChallenges and opportunities\nThe key external and internal challenges relating to each strategic priority and opportunities to respond to these\nOur targeted responses\nKey focus areas\nOur targeted responses to our challenges and opportunities to achieve our desired outcomes\nWhat we want to achieve over the period of the plan\nKey activities\nOur key activities for 2019–20\nMeasuring our success\nIndicators of success\nIndicators which will demonstrate progress towards achievement of our outcomes\nMeasures\nHow we will measure our indicators\nTargets\nTargets to set a clear expectation of success\nWhat will enable our success\nCapability\n Source: `pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)`\n- [pages 34,35,36,37]\nrategy\nCurrent:\n• Publication of commissioner decisions and complaints outcomes and\nregulatory priorities\n• Inter-agency cooperation and coordination of activities and communication\n• Performance measurement framework and stakeholder survey\nThe OAIC does\n• Public awareness campaigns and stakeholder communications\nnot contribute to\n• Active engagement with domestic and international counterparts\nincreased trust and\nconfidence in privacy • Active engagement with agency leaders on access to information matters\nand information Future:\naccess.\n• Explore opportunities to publicly present the work of the OAIC and\nFocus on outcomes\ncampaigns to highlight the importance of FOI and privacy\n• Consider reference groups and advisory committees for engagement on key\nissues\nOAIC Corporate plan 2024–25 34\n Source: `corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)`\n- Measure\nProjected outcome\nBeneficiary\nRPF Measure\nRPF\nKPI\n2.2.1\n80% of IC reviews are completed within 12 months\nReviews conducted efficiently and effectively\nAffected individuals;\nAffected Government agencies or ministers\nYes\n1, 3, 4\nActivity 2.3 — Investigate FOI complaints and conduct Commissioner initiated investigations\nThe OAIC provides a free service for individuals to make a complaint about how an Australian Government agency has handled their FOI matter.\n Source: `pages/corporate-plans-index__06.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201819)`\n- Destroy 1 year\nafter action\ncompleted\n62029 Records documenting: Destroy 7 years\nafter action\n• routine operational administrative tasks supporting the core business;\ncompleted\nand\n• compliance management activities other than those covered in classes\n61065, 61066, 61981 and 61982.\n Source: `other-pdfs/agency-ra-2012-00305243.pdf (https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf)`\n\n## Key Issues, Risks, and Recommendations\n\n- [Page 25]\n23\nPart\n2:\nOur\nstrategic\npriorities\nIndicators Measure Target 2020–21 2021–22 2022–23 2023–24\n2.7 Resolve FOI Time taken 80% of FOI • • • •\ncomplaints to resolve FOI complaints are\ncomplaints finalised within 12\nmonths*\n2.8 Improve agencies’ Agencies accept 90% of • • • •\nprocesses for and implement recommendations\nmanaging FOI recommendations made are accepted\nrequests made following\ncomplaint\ninvestigations\n2.9 The OAIC promotes The OAIC leads 2 major campaigns • • • •\nawareness of privacy campaigns such as undertaken each\nand access to International Access year\ninformation to Information\nDay and Privacy\nAwareness Week\n2.10 The OAIC promotes Education and Information on • • • •\nawareness of awareness materials the OAIC website\nConsumer Data Right are developed and is updated when\n(CDR) privacy rights promoted required by CDR\ndevelopments\n2.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 7]\nSnapshot\nEnvironment, capabilities, risk\nand stakeholder engagement\nPurpose Corporate Plan\nTo promote and uphold privacy and\nKey activities\ninformation access rights\n• Influence and uphold privacy and\ninformation access rights frameworks\n• Advance online privacy protections\nfor Australians\n• Encourage and support access to\ngovernment information\nEnabling legislation\n• Take a contemporary, harms-based\n• Australian Information Commissioner Act 2010 approach to regulation\n• Freedom of Information Act 1982\nPerformance measures\n• Privacy Act 1988\n• Change of percentage of OAIC case load that is\n• Almost 40 other pieces of legislation conferring\ngreater than 12 months\nfunctions on the Information Commissioner\n• Percentage of cases finalised within specified\ntime standards\n• Percentage of regulated entities that report\nsatisfaction with OAIC guidance and resources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- Key activities\nKey activity 1: Influence development of privacy policy and legislation\n2021–22 2022–23 2023–24 2024–25\nProvide expert advice to government to support a strong, globally ✓ ✓ ✓ ✓\ninteroperable privacy law framework\nCollaborate with government and industry to develop and register ✓\nOnline Privacy Code\nKey activity 2: Raise awareness and take regulatory action on online privacy issues\n2021–22 2022–23 2023–24 2024–25\nPromote awareness of online privacy risks and mitigation strategies ✓ ✓ ✓ ✓\nExercise regulatory powers in relation to online data breaches ✓ ✓ ✓ ✓\nCoordinate or undertake joint investigations and intelligence sharing with ✓ ✓ ✓ ✓\ninternational and domestic privacy regulators\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- Outcomes\nIndicators of success\nGreater awareness of the risks of engaging online\n1.4 Community is aware of the risks of engaging online\n1.5 Individuals take action to protect their online privacy\nMeasuring our success\nIndicator*\nMeasure\nTargets\nRPF Ref\nPBS KPI\n2019–20\n2020–21\n2021–22\n2022–23\n1.1 The OAIC has influenced the development of globally aligned privacy protections\nThe OAIC is actively engaged in global privacy forums\nQualitatively demonstrated\nAs for 2019–20\nAs for 2019–20\nAs for 2019–20\n6\n–\nGreater alignment between Australian protections and global best practice\nQualitatively demonstrated\nAs for 2019–20\nAs for 2019–20\nAs for 2019–20\n6\n–\n1.2 The OAIC has worked with stakeholders to develop online privacy protections\nActive engagement with stakeholders\nQualitatively demonstrated\nAs for 2019–20\nAs for 2019–20\nAs for 2019–20\n2,6\n–\n1.\n Source: `pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)`\n- Trend\nChallenges\nOpportunities\nShift in Australian Government and community expectations of a regulator’s role\nEnsuring the OAIC’s regulatory approach reflects government and community expectations of regulators\nFocus on key regulatory risks and align activities and use of regulatory power to deliver highest impact\nReview community and government expectations of Australian regulators and ensure the OAIC’s regulatory approach, internal capability, and stakeholder engagement reflect these expectations\nEvolution in international landscape in relation to privacy and information access, and increased globalisation of the economy\nEnsuring that domestic policy and guidance is interoperable with international law to facilitate Australia’s participation in the global economy\nActive participation in changing global regulatory landscape\n Source: `pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)`\n- 9\nCapabilities ...............................................................................................................................11\nRisk management ...................................................................................................................12\nCooperation and collaboration ............................................................................................14\nRegulator Performance Guide ..............................................................................................15\nPart 2: Our strategic priorities ............................................................................................................16\nStrategic Priority 1 ...................................................................................................................17\nStrategic Priority 2 ...................................................................\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- Contemporary approach to regulation\ngovernment information\n1.1 Australia’s privacy frameworks are fit for purpose in 2.5 Conduct Commissioner-initiated investigations 4.1 The OAIC takes timely and effective regulatory\nthe digital age 3.1 Agencies publish more government-held action in relation to strategic privacy and access\n2.6 Provide Information Commissioner review of FOI\ninformation proactively to information risks\n1.2 The OAIC is a leader in the global privacy community decisions made by agencies and ministers\nto support the development and enforcement of 3.2 The OAIC identifies and scrutinises policy and 4.2 Improved employee engagement\n2.7 Resolve FOI complaints\nstrong international online privacy protections legislative reform proposals in relation to Australia’s\n4.3 Increased staff retention\n2.8 Improve agencies’ processes for managing FOI\ninformation management framework\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- Risk-based and data-driven – regulators Continuous improvement 1.1, 1.2, 2.2, 2.3, 2.4, 2.6,\nmaintain essential safeguards, using data and building trust 2.7, 2.8, 2.11, 3.1, 4.2, 4.3\nand digital technology to manage risks\nproportionately to minimise regulatory burden Risk-based and data- 2.1, 2.5 3.2, 4.1, 4.4,\ndriven\nand to support those they regulate to comply\nand grow.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 20]\n18\nStrategic Priority 1: Advance online privacy protections for Australians\nKey Performance Indicators\nIndicators Measure Target 2021–22 2022–23 2023–24 2024–25\n1.1 Australia’s privacy (1) The OAIC advises Qualitative: The • • • •\nframeworks are fit for government on OAIC identifies\npurpose in the digital privacy in the where online\nage online environment issues and global\nand global interoperability\ninteroperability are referenced and\nwhere appropriate makes submissions\nwhere appropriate\n(2) Online Privacy Code is registered •\nCode is developed\n1.2 The OAIC is a (1) The OAIC has a Active participation • • • •\nleader in the global leadership role in key in the Global Privacy\nprivacy community international policy Assembly and the\nto support the forums Asia Pacific Privacy\ndevelopment and Authorities forum\nenforcement of\nstrong international\nonline privacy\nprotections\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 30]\n28\nKey activity 2: Build internal capability\n2021–22 2022–23 2023–24 2024–25\nFinalise and implement revised capability approach ✓ ✓\nImplement data management strategy ✓ ✓\nEmbed revised governance approach ✓ ✓\nBuild and maintain internal communication ✓ ✓ ✓ ✓\nStrategic Priority 4: Contemporary approach to regulation\nKey Performance Indicators\nIndicators Measure Target 2020–21 2021–22 2022–23 2023–24\n4.1 The OAIC takes Regulatory Action (i) RAC meets 8 times • • • •\ntimely and effective Committee (RAC) annually\nregulatory action in meets regularly\n(ii) RAC decisions\nrelation to strategic and provides clear\ntake into account\nprivacy and access to direction\nOAIC stated priorities\ninformation risks\n4.2 Improved employee Positive rates against Improvement • • • •\nengagement APS Employee on previous year\nCensus (Strive, Stay, (positive variance)\nSay index)\n4.\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- 9\nRisk management ....................................................................................................................10\nPart 2: Our vision, purpose and key activities ...............................................................................13\nKey activity 1 .............................................................................................................................15\nKey activity 2 .............................................................................................................................16\nKey activity 3 .............................................................................................................................17\nKey activity 4 .............................................................................................................................17\nPerformance measurement framework ............................\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- [Page 14]\n111222\nThe OAIC is agile, The OAIC is able to The OAIC is able to The OAIC is a safe The OAIC is able\nresponsive and risk build and maintain attract, grow and and healthy working to strategically\ninformed strong influence retain its people environment prioritise its work\nand positive to deliver statutory\nrelationships functions\nOperations Committee Range of regulatory Support for Work Health and Strategic and\nand Regulatory Action functions and powers professional training Safety Policy corporate planning\nCommittee informed exercised and development processes\nOAIC Health and Safety\nby data analysis\nActive participation Comprehensive Committee Publication of\nMedia, domestic in domestic and induction program regulatory priorities\nEmployee Assistance\nand international international forums\nAlignment to the APS Program Regular reporting to\nenvironment, and\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended Result 2 – The OAIC’s activities support innovation and capacity\nfor Australian businesses to benefit from using data, while minimising\nprivacy risks for the community\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n2.1 Baseline to be Baseline result Prior years’ Prior year's Annual Effectiveness\nEffectiveness established exceeded results result exceeded stakeholder\nof the OAIC’s exceeded exceeded survey\ncontribution conducted by\nto the an independent\nadvancement professional\nof online provider\nprivacy\nprotections and\npolicy advice\nas measured\nby stakeholder\nfeedback\nMetric: Average\nperformance\nrating from\nstakeholders\nbased on a\ncomposite\nsurvey-based\nperformance\nindex\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended Result 3 – The OAIC’s activities support Australian Government\nagencies to provide quick access to information requested and at the\nlowest reasonable cost, and proactively publish information of interest to\nthe community\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n3.1 Percentage of OAIC 90% 90% 90% 90% OAIC Effectiveness\nrecommendations information\naccepted by management\nagencies following system\nFOI complaint\ninvestigations\n3.2 Effectiveness of Baseline to be Baseline Baseline result Baseline Annual Effectiveness\nOAIC’s advice and established result exceeded result stakeholder\nguidance on FOI exceeded exceeded survey\nobligations and conducted by\nthe Information an independent\nPublication Scheme professional\nin supporting provider\ngovernment agencies\nto provide public\naccess to government-\nheld information,\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n\n## Corporate Values and Operating Culture\n\n- [Page 28]\n26\nPerformance 22–23 target 23–24 target 24–25 target 25–26 targe Methodology/ Type\nmeasure data source\n4.2 Stakeholder Baseline to be Baseline Prior year's Prior year's Annual Effectiveness\nassessment of established result result exceeded result exceeded stakeholder\nthe extent to exceeded survey\nwhich the OAIC’s conducted by\nregulatory activities an independent\ndemonstrate professional\ncollaboration and provider\nengagement\nMetric: Average\nperformance rating\nfrom stakeholders\nbased on a\ncomposite survey-\nbased performance\nindex\n4.3 Stakeholder Baseline to be Baseline prior year's prior year's Annual Effectiveness\nassessment of the established result result exceeded result exceeded stakeholder\nextent to which the exceeded survey\nOAIC’s regulatory conducted by\nactivities are risk an independent\nbased and data professional\ndriven provider\nMetric: Average\nperformance rating\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n- Intended result 4: The OAIC’s approach to its regulatory role is consistent with better practice principles\nPerformance 23–24 target 24–25 target 25–26 target 26-27 target Methodology/ Type\nmeasure data source\n4.1 Stakeholder 2022–23 Prior year’s Prior year’s Prior year’s Annual Effectiveness\nassessment of baseline result result result result stakeholder\nthe extent to exceeded exceeded exceeded exceeded survey\nwhich the OAIC’s conducted\nregulatory activities by an\ndemonstrate a independent\ncommitment professional\nto continuous provider\nimprovement and\nbuilding trust\nMetric: Average\nperformance rating\nfrom stakeholders\nis based on a\ncomposite survey-\nbased performance\nindex\n4.2 Stakeholder 2022–23 Prior year’s Prior year’s Prior year’s Annual Effectiveness\nassessment of baseline result result result result stakeholder\nthe extent to exceeded exceeded exceeded exceeded survey\n Source: `corporate-plans/2023-24.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf)`\n- [Page 21]\nOAIC Corporate plan 2025–26\nOperating context\nSummary of the OAIC’s tolerance for specific risk categories\nArea Risk tolerance summary\nLow tolerance Higher tolerance\nMisuse or improper exercise of our Pursuing contemporary regulatory\nRegulatory approach\nstatutory powers approaches\nInadvertent disclosure of any personal Improving the way we engage with\nTrust and confidence\nor sensitive information stakeholders\nPursuing innovation and continuous\nGovernance and Serious non-compliance with our\nimprovement that brings value to the\ninfrastructure legislative obligations\nOAIC and our stakeholders\nFraud or corruption, discrimination, Implementing processes to enhance the\nIntegrity\nharassment or improper staff conduct culture of the agency\nExpenditure where the benefits are\nActivities that inappropriately deplete\nclearly defined and aligned with the\nFinancial\nresources\n Source: `corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)`\n- Trend\nChallenges\nOpportunities\nDeclining public trust in those responsible for handling information, and expectations of greater transparency and accountability\nIncreased complexity of the online environment and diversity of people who engage in that environmen\nEnhance online privacy protections, particularly for vulnerable people\nEnhance awareness of online privacy risks\nProvide guidance on protecting online privacy\nEnsure an appropriate regulatory balance between organisational accountability and effective privacy self-management\nGlobalised and rapidly evolving data environment\nData breaches are becoming more frequent, more sensitive and affect more people, owing to the nature of personal information held by online entities and the number of people who engage with the platforms\nPrevent data breaches by raising awareness\nof their causes with regulated entities\n Source: `pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)`\n- Trend\nChallenges\nOpportunities\nDeclining public trust in those responsible for handling information, and expectations of greater transparency and accountability\nMaintaining strong privacy protections in an evolving landscape while supporting innovation that strengthens the Australian economy\nCommunity expectations of increased transparency of government data and\ndecision-making\nTo increase public trust in government by enhancing the transparency of personal information handling and government-held information decision-making processes\nFocus on the role of the regulator\nEnsuring that the OAIC meets government and community expectations of an Australian regulator\nReview regulatory action policies and procedures to ensure alignment with government and community expectations\nIncreased recognition of the value of data\n Source: `pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)`\n- Measure\nProjected outcome\nBeneficiary\nRPF Measure\nRPF\nKPI\n1.5.1\nComplete assessments in accordance with the schedule developed in consultation with the business or agency being assessed\nAssist businesses and Australian Government agencies to meet their privacy obligations\nBusinesses and Australian Government agencies;\nAffected individuals\nYes\n1, 2\n1.5.2\nMonitoring and compliance approaches are coordinated with the business and operational needs of the business or agency being assessed\nAssist businesses and Australian Government agencies to meet their privacy obligations\nBusinesses and Australian Government agencies\nYes\n1, 2, 4\n1.5.3\nA high proportion of recommendations are accepted by the business or agency being assessed\nAssist businesses and Australian Government agencies to meet their privacy obligations;\nEncourage the respect and protection of personal information\n Source: `pages/corporate-plans-index__06.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201819)`\n- 9\nCapabilities ...............................................................................................................................11\nRisk management ...................................................................................................................12\nCooperation and collaboration ............................................................................................14\nRegulator Performance Guide ..............................................................................................15\nPart 2: Our strategic priorities ............................................................................................................16\nStrategic Priority 1 ...................................................................................................................17\nStrategic Priority 2 ...................................................................\n Source: `corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)`\n- [Page 14]\n111222\nThe OAIC is agile, The OAIC is able to The OAIC is able to The OAIC is a safe The OAIC is able\nresponsive and risk build and maintain attract, grow and and healthy working to strategically\ninformed strong influence retain its people environment prioritise its work\nand positive to deliver statutory\nrelationships functions\nOperations Committee Range of regulatory Support for Work Health and Strategic and\nand Regulatory Action functions and powers professional training Safety Policy corporate planning\nCommittee informed exercised and development processes\nOAIC Health and Safety\nby data analysis\nActive participation Comprehensive Committee Publication of\nMedia, domestic in domestic and induction program regulatory priorities\nEmployee Assistance\nand international international forums\nAlignment to the APS Program Regular reporting to\nenvironment, and\n Source: `corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)`\n\n## Global Ideas and Case Study Inputs\n\n_No global-intelligence source text found yet. Run `CLAUDE/global-ideas-scraper.py ` to populate case-study sources._\n\n## Source Artifacts Used\n\n- `corporate-plans/2021-22.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf\n- `corporate-plans/2022-23.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf\n- `corporate-plans/2023-24.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf\n- `corporate-plans/2024-25.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf\n- `corporate-plans/2025-26.pdf` - corporate-plans - https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf\n- `pages/about.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/plans-policies-and-procedures/privacy-policy\n- `pages/contact.html` - pages - http://www.oaic.gov.au/contact-us\n- `pages/corporate-plans-index.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans\n- `pages/corporate-plans-index__00.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2024-25\n- `pages/corporate-plans-index__01.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-2025-26\n- `pages/corporate-plans-index__02.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202223\n- `pages/corporate-plans-index__03.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202122\n- `pages/corporate-plans-index__04.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202324\n- `pages/corporate-plans-index__05.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920\n- `pages/corporate-plans-index__06.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201819\n- `pages/corporate-plans-index__07.html` - pages - https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-202021\n- `pages/homepage.html` - pages - http://www.oaic.gov.au\n- `pages/news-latest.html` - pages - http://www.oaic.gov.au/news\n- `pages/priorities-index.html` - pages - https://www.oaic.gov.au/about-the-OAIC/what-we-do\n- `pages/priorities-index__08.html` - pages - https://www.oaic.gov.au/about-the-OAIC/commissioner-priorities\n- `pages/structure.html` - pages - https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies\n- `other-pdfs/agency-ra-2012-00305243.pdf` - other-pdfs - https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf\n\n## Gaps To Fix\n\n- No annual report text source found.\n- No global comparison/case-study sources found.", "legislation_md": "# Privacy Advisory Committee - Acts and Legislation Discovery\n\n**Generated at**: 2026-05-09T21:04:44.693101+00:00\n**Entity ID**: B-002201\n**Jurisdiction**: Commonwealth\n**Portfolio**: Attorney-General's\n\n> This is an evidence-based discovery list from scraped department material. A mention does not always mean the department administers the legislation; high-confidence and official register links should be reviewed.\n\n## Summary\n\n- Source files scanned: 22\n- Unique legislation references found: 85\n\n| Type | Count |\n|---|---:|\n| Act | 73 |\n| Code | 2 |\n| Regulation | 2 |\n| Rules | 8 |\n\n## Legislation References\n\n### Freedom of Information Act 1982\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 37\n**Register search**: https://www.legislation.gov.au/search?query=Freedom+of+Information+Act+1982\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__03.html`\n- `pages/corporate-plans-index__04.html`\n- `pages/corporate-plans-index__05.html`\n- `pages/corporate-plans-index__06.html`\n- `pages/corporate-plans-index__07.html`\n- `pages/priorities-index.html`\n- `corporate-plans/2021-22.pages.jsonl`\n\n**Evidence contexts**:\n- periods, as required under paragraph 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n.\nAs an independent statutory agency, our office regulates privacy and freedom of information (FOI) under the Commonwealth\nPrivacy Act 1988\nand the\nFreedom of Information Act 1982\n(FOI Act) and has information policy functions under the Australian Information Commissioner Act 2010. This corporate plan sets out our key activities and how we measure our performance.\nSo far, 2024 has been a year of significant changes at the OAIC. Among t\n Source: `pages/corporate-plans-index__00.html`\n- and territory privacy regulators to share information and insights through Privacy Authorities Australia.\nAccess to information\nThe OAIC assists Australian Government agencies and ministers to improve processes and increase knowledge and understanding of the\nFreedom of Information Act 1982\n(FOI Act).\nThe OAIC engages with FOI practitioners through regular stakeholder meetings, including commissioner-level engagement with agency heads, training sessions for members of our Information Contact Officer Network, newsletters and other direct communic\n Source: `pages/corporate-plans-index__00.html`\n- rivacy and freedom of information, responsible for:\npromoting and enforcing compliance with the\nPrivacy Act 1988\n(Privacy Act), including protecting individuals’ personal information\nprotecting and upholding the public’s right of access to documents under the\nFreedom of Information Act 1982\n(FOI Act), and\ncarrying out strategic information management functions within the Australian Government.\nOur functions are prescribed in Part 2 of the Australian Information Commissioner Act 2010 (AIC Act) and include conducting investigations to monitor comp\n Source: `pages/corporate-plans-index__01.html`\n- e year under review, demonstrating what we have achieved.\nSnapshot\nEnvironment, capabilities, risk and stakeholder engagement\nPurpose\nTo promote and uphold privacy and information access rights\nEnabling legislation\nAustralian Information Commissioner Act 2010\nFreedom of Information Act 1982\nPrivacy Act 1988\nAlmost 40 other pieces of legislation conferring functions on the Information Commissioner\nRegulator performance\nMinisterial statement of expectations\nStatement of intent\nPrinciples of regulator best practice\nPortfolio Budget Statements\nOutco\n Source: `pages/corporate-plans-index__01.html`\n- nder section 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n.\nAs an independent statutory agency, our office seeks to meet the needs of the community in regulating privacy and freedom of information under the\nPrivacy Act 1988\n, the\nFreedom of Information Act 1982\nand the\nAustralian Information Commissioner Act 2010\n. This corporate plan sets out our key activities, including how we will measure success in our fast-changing operating environment. Increasingly, our success relies on our collaboration with domestic and i\n Source: `pages/corporate-plans-index__02.html`\n\n### Australian Information Commissioner Act 2010\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 19\n**Register search**: https://www.legislation.gov.au/search?query=Australian+Information+Commissioner+Act+2010\n\n**Sources**:\n- `pages/about.html`\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__03.html`\n- `pages/corporate-plans-index__04.html`\n- `pages/corporate-plans-index__05.html`\n- `pages/corporate-plans-index__06.html`\n- `pages/corporate-plans-index__07.html`\n- `pages/priorities-index.html`\n\n**Evidence contexts**:\n- ractices change. Updates will be publicised on the OAIC website and to staff through its ‘all staff’ email communications.\nOverview\nThe OAIC collects, uses and discloses and holds personal information to exercise its powers and perform its functions under the\nAustralian Information Commissioner Act 2010\n,  Privacy Act,\nFreedom of Information Act 1982\n(FOI Act),\nMy Health Records Act 2012\n(My Health Records Act),\nCompetition and Consumer Act 2010\n(CC Act),\nDigital ID Act 2024\n(Digital ID Act)  and\nother legislation that confer powers, functions or duties on t\n Source: `pages/about.html`\n- ccountability Act 2013\n.\nAs an independent statutory agency, our office regulates privacy and freedom of information (FOI) under the Commonwealth\nPrivacy Act 1988\nand the\nFreedom of Information Act 1982\n(FOI Act) and has information policy functions under the Australian Information Commissioner Act 2010. This corporate plan sets out our key activities and how we measure our performance.\nSo far, 2024 has been a year of significant changes at the OAIC. Among them was the return to the OAIC having 3 commissioners in February, when I commenced as FOI Commissione\n Source: `pages/corporate-plans-index__00.html`\n- protecting and upholding the public’s right of access to documents under the\nFreedom of Information Act 1982\n(FOI Act), and\ncarrying out strategic information management functions within the Australian Government.\nOur functions are prescribed in Part 2 of the Australian Information Commissioner Act 2010 (AIC Act) and include conducting investigations to monitor compliance, taking enforcement action where required, reviewing decisions, handling complaints, and providing guidance and advice on government information management, freedom of information and priva\n Source: `pages/corporate-plans-index__01.html`\n- on-financial and financial performance for the year under review, demonstrating what we have achieved.\nSnapshot\nEnvironment, capabilities, risk and stakeholder engagement\nPurpose\nTo promote and uphold privacy and information access rights\nEnabling legislation\nAustralian Information Commissioner Act 2010\nFreedom of Information Act 1982\nPrivacy Act 1988\nAlmost 40 other pieces of legislation conferring functions on the Information Commissioner\nRegulator performance\nMinisterial statement of expectations\nStatement of intent\nPrinciples of regulator best practice\nP\n Source: `pages/corporate-plans-index__01.html`\n- mise opportunities for our people.\nKey activities\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers which are prescribed by Commonwealth legislation, primarily the\nAustralian Information Commissioner Act\n2010 (AIC Act), the\nFreedom of Information Act 1982\n(FOI Act) and the\nPrivacy Act 1988\n. We also have specific functions in relation to the Consumer Data Right (CDR), My Health Record and Digital ID and almost 40 other pieces of legislation as set out in Appendix\n Source: `pages/corporate-plans-index__01.html`\n\n### Public Governance, Performance and Accountability Act 2013\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 19\n**Register search**: https://www.legislation.gov.au/search?query=Public+Governance%2C+Performance+and+Accountability+Act+2013\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__03.html`\n- `pages/corporate-plans-index__04.html`\n- `pages/corporate-plans-index__05.html`\n- `pages/corporate-plans-index__06.html`\n- `pages/corporate-plans-index__07.html`\n- `corporate-plans/2021-22.pages.jsonl`\n- `corporate-plans/2022-23.pages.jsonl`\n\n**Evidence contexts**:\n- ralian Information Commissioner\nAs the accountable authority, I am pleased to present the 2024–25 Office of the Australian Information Commissioner (OAIC) corporate plan for the 2024–25 to 2027–28 reporting periods, as required under paragraph 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n.\nAs an independent statutory agency, our office regulates privacy and freedom of information (FOI) under the Commonwealth\nPrivacy Act 1988\nand the\nFreedom of Information Act 1982\n(FOI Act) and has information policy functions under the Australian Information\n Source: `pages/corporate-plans-index__00.html`\n- purpose of promoting a connected, collaborative workplace environment.\nRisk oversight and management\nOur Risk Management Policy and Framework details our robust and holistic approach to risk oversight and management. It is aligned with the requirements of the\nPublic Governance, Performance and Accountability Act 2013\n(PGPA Act) and the Commonwealth Risk Management Policy.\nTo implement the policy and framework and enable a consistent approach to risk management oversight, control and accountability, the OAIC has a range of tools and resources; training, monitoring and repo\n Source: `pages/corporate-plans-index__00.html`\n- accountable authority, I am pleased to present the 2025–26 Corporate Plan for the Office of the Australian Information Commissioner (OAIC).\nThis Corporate Plan covers reporting periods 2025–26 to 2028–29, prepared in accordance with paragraph 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n(PGPA Act). The Corporate Plan sets out our key activities and how we will measure our performance.\nBy promoting and upholding privacy and information access, the OAIC plays a critical role in building public trust and confidence in the institutions and syste\n Source: `pages/corporate-plans-index__01.html`\n- Islander cultures and to Elders past and present.\nCommissioner’s message\nI am pleased to present the Office of the Australian Information Commissioner’s (OAIC)\nCorporate plan 2022–23\nfor the 2022–23 reporting period, as required under section 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n.\nAs an independent statutory agency, our office seeks to meet the needs of the community in regulating privacy and freedom of information under the\nPrivacy Act 1988\n, the\nFreedom of Information Act 1982\nand the\nAustralian Information Commissioner Act 2010\n.\n Source: `pages/corporate-plans-index__02.html`\n- olerated with appropriate consideration, executive endorsement, monitoring and review. The OAIC’s appetite and tolerances for risk are defined in our Risk Appetite Statement.\nOur enterprise risks\nRisk management is an important part of our compliance with the\nPublic Governance, Performance and Accountability Act 2013\n(PGPA Act). In June 2022, the OAIC held a Senior Executive Service–level risk workshop to review the OAIC's enterprise risks. The following table outlines some of our key enterprise risks and internal controls. The OAIC will continue to regularly review these\n Source: `pages/corporate-plans-index__02.html`\n\n### Data Availability and Transparency Act 2022\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 6\n**Register search**: https://www.legislation.gov.au/search?query=Data+Availability+and+Transparency+Act+2022\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2022-23.pages.jsonl`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- ry experience to the Attorney-General’s Department to design a privacy framework that is fit for purpose in the digital age.\nWe engage with the Office of the National Data Commissioner on supporting the sharing and use of government-held information under the\nData Availability and Transparency Act 2022\nand protecting personal information within the scheme.\nAs a founding member and co-chair of the Cyber Security Regulator Network (CSRN), we collaborate with APRA, ASIC, the ACMA and the ACCC to meet the challenges posed by the current environment. The CSRN wo\n Source: `pages/corporate-plans-index__00.html`\n- Data Right (Authorised Deposit-Taking Institutions) Designation 2019 (Cth)\nConsumer Data Right (Energy Sector) Designation 2020 (Cth)\nCounter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Cth)\nCrimes Act 1914 (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifier\n Source: `pages/corporate-plans-index__01.html`\n- stralia, the Department of Foreign Affairs and Trade, the Department of Home Affairs and the Department of Health and Aged Care. We engage regularly with our network of privacy officers and champions across the Australian Government.\nAs data sharing under the\nData Availability and Transparency Act 2022\nis implemented, we will continue to engage with the National Data Commissioner on supporting use of government-held information and protecting personal information within the scheme.\nThe OAIC collaborates with the Australian Cyber Security Centre regarding da\n Source: `pages/corporate-plans-index__02.html`\n- experience to the Attorney-General’s Department to design a privacy framework that is fit for purpose in the digital age.\nWe will continue to engage with the National Data Commissioner on supporting the sharing and use of government-held information under the\nData Availability and Transparency Act 2022\n, and protecting personal information within the scheme.\nAs a founding member of the Cyber Security Regulator Network (CSRN), we will collaborate with the Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission\n Source: `pages/corporate-plans-index__04.html`\n- ngage regularly with our\nOAIC also engages with integrity agencies such as the network of privacy officers and champions across the\nInspector-General of Intelligence and Security and the Australian Government.\nCommonwealth Ombudsman.\nAs data sharing under the Data Availability and\nTransparency Act 2022 is implemented, we will\nIn the resolution of privacy and FOI matters and continue to engage with the National Data\nin performing its regulatory functions, the OAIC is\nCommissioner on supporting use of government-held\nprocedurally fair, transparent and respons\n Source: `corporate-plans/2022-23.pages.jsonl`\n\n### Privacy (Credit Reporting) Code 2014\n\n**Type**: Code\n**Confidence**: high\n**Mentions**: 6\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+%28Credit+Reporting%29+Code+2014\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__04.html`\n- `pages/corporate-plans-index__06.html`\n- `corporate-plans/2022-23.pages.jsonl`\n- `corporate-plans/2023-24.pages.jsonl`\n\n**Evidence contexts**:\n- duals’ privacy is protected.\nCredit reporting\nAnother key focus area for the OAIC is facilitating an efficient credit reporting system that protects individuals’ privacy.\nWe will continue implementing proposals from the 2021 independent review of the Privacy (Credit Reporting) Code 2014 (CR Code), including considering and publicly consulting on an application from the industry code developer to vary the CR Code. The amendments will include minor adjustments to ensure the smooth functioning of the CR Code, as well as significant changes that\n Source: `pages/corporate-plans-index__00.html`\n- support good privacy practice. We will also continue our enforcement work in credit reporting, both through conciliating complaints and by appropriately using our regulatory powers, to ensure compliance with obligations under the Privacy Act and the Privacy (Credit Reporting) Code 2014 version 2.3 (CR Code).\nIn the year ahead we will finalise and begin implementation of the findings from our independent review of the CR Code. We will also be actively monitoring the implementation of the recent amendments to the Privacy Act and the CR Code t\n Source: `pages/corporate-plans-index__02.html`\n- system that protects individuals’ privacy. The OAIC will continue our work in credit reporting, both through conciliating complaints and by appropriately using our regulatory powers to ensure compliance with obligations under the Privacy Act and the Privacy (Credit Reporting) Code 2014 version 2.3 (CR Code).\nIn the coming year, we will continue implementing the proposals from the 2021 independent review of the CR Code. We will be implementing proposals to improve overall education and awareness; proposals focused on compliance and monitorin\n Source: `pages/corporate-plans-index__04.html`\n- o respect and protect the personal information they handle.\nDelivery strategy\nIn 2018–19 we will:\nWork with the Department of Health and other stakeholders in relation to the handling of health and other information\nConsider further variations to the Privacy (Credit Reporting) Code 2014 (CR Code), following an independent review of the CR Code in 2017\nOver the next four years we will:\nContinue to consider and respond to applications for Public Interest Determinations and Australian Privacy Principles codes\nContinue to ensure that existing le\n Source: `pages/corporate-plans-index__06.html`\n- aints and by\nthat consumers can share their data within the CDR\nappropriately using our regulatory powers, to ensure\nsystem with confidence.\ncompliance with obligations under the Privacy Act and\nThe CDR was first implemented in the banking sector the Privacy (Credit Reporting) Code 2014 version 2.3\nand is being expanded to new sectors, including (CR Code).\nthe energy and telecommunications sectors, with\nIn the year ahead we will finalise and begin\nexpansion to open finance currently being assessed.\nimplementation of the findings from our ind\n Source: `corporate-plans/2022-23.pages.jsonl`\n\n### National Health (Privacy) Rules 2021\n\n**Type**: Rules\n**Confidence**: high\n**Mentions**: 5\n**Register search**: https://www.legislation.gov.au/search?query=National+Health+%28Privacy%29+Rules+2021\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__02.html`\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- to comply with data breach notification requirements. We respond to risks identified through enquiries and complaints, assessments and data breach notifications relating to the My Health Record system.\nThe OAIC is finalising our review of the National Health (Privacy) Rules 2021 to ensure they remain fit for purpose to regulate how Australian Government agencies use, store, disclose and link Medicare Benefits Schedule and Pharmaceutical Benefits Schedule claims information. In the year ahead, the OAIC will lodge new rules to commence\n Source: `pages/corporate-plans-index__00.html`\n- Records Rules 2016 (Cth)\nMy Health Records (Information Commissioner Enforcement Powers) Guidelines 2016 (Cth)\nNational Cancer Screening Register Act 2016 (Cth)\nNational Consumer Credit Protection Act 2009 (Cth)\nNational Health Act 1953 (Cth)\nNational Health (Privacy) Rules 2021 (Cth) Online Safety Act 2021\nPersonal Property Securities Act 2009 (Cth)\nPrivacy (Tax File Number) Rules 2015 (Cth)\nProduct Emissions Standards Act 2017 (Cth)\nRoad Vehicle Standards Act 2018 (Cth)\nSocial Security (Administration) Act 1999 (Cth)\nStudent Identi\n Source: `pages/corporate-plans-index__01.html`\n- work as the CDR expands to cover additional sectors. This includes ensuring the privacy framework continues to support the CDR as it is expanded to allow consumer directed action and payment initiation.\nDigital health\nThe OAIC will revise the National Health (Privacy) Rules 2021 to ensure that they remain fit for purpose to regulate how Australian Government agencies use, store, disclose and link Medicare Benefits Schedule and Pharmaceutical Benefits Schedule claims information.\nHealth-related personal information is particularly sen\n Source: `pages/corporate-plans-index__02.html`\n- cy requirements, and are supported by clear oversight and reporting mechanisms. We emphasise the importance of building public trust in these reforms through strong privacy protections to ensure their success.\nThe OAIC is also progressing the\nNational Health (Privacy) Rules 2021\nreview to ensure the rules remain fit for purpose to regulate how Australian Government agencies use, store, disclose and link Medicare Benefits Schedule and Pharmaceutical Benefits Schedule claims information. In the year ahead, the OAIC will commence public\n Source: `pages/corporate-plans-index__04.html`\n- .\nNational Cancer Screening Register Act 2016 (Cth)\nNational Consumer Credit Protection Act 2009 (Cth)\nAdministrative Review Tribunal Act 2024\nNational Health Act 1953 (Cth)\nAnti-Money Laundering and Counter-Terrorism\nFinancing Act 2006 (Cth) National Health (Privacy) Rules 2021 (Cth)\nAnti-Money Laundering and Counter-Terrorism Online Safety Act 2021\nFinancing Rules (Cth)\nPersonal Property Securities Act 2009 (Cth)\nChild Care Act 1972 (Cth)\nPrivacy (Tax File Number) Rules 2015 (Cth)\nCompetition and Consumer Act 2010 (Cth)\nProduct Emi\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### FOI Act) and the Privacy Act 1988\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 3\n**Register search**: https://www.legislation.gov.au/search?query=FOI+Act%29+and+the+Privacy+Act+1988\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers which are prescribed by Commonwealth legislation, primarily the\nAustralian Information Commissioner Act\n2010 (AIC Act), the\nFreedom of Information Act 1982\n(FOI Act) and the\nPrivacy Act 1988\n. We also have specific functions in relation to the Consumer Data Right (CDR), My Health Record and Digital ID and almost 40 other pieces of legislation as set out in Appendix A. We will continue to discharge these statutory obligations throughout the report\n Source: `pages/corporate-plans-index__01.html`\n- nt.\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe Office of the Australian Information Commissioner (OAIC) is responsible for a wide range of regulatory functions and powers under the\nFreedom of Information Act 1982\n(FOI Act) and the\nPrivacy Act 1988\n(Privacy Act)\n.\nWe also regulate the privacy aspects of the Consumer Data Right (CDR).\nThe OAIC regulates the community’s access to government-held information under the\nFreedom of Information Act 1982\n(FOI Act). Our freedom of information (FOI) function incl\n Source: `pages/corporate-plans-index__04.html`\n- th legislation, primarily the obligations is significant, in order to ensure information\nAustralian Information Commissioner Act 2010 rights are respected.\n(AIC Act), the Freedom of Information Act 1982\nAs the privacy regulator, a key plank of our regulatory\n(FOI Act) and the Privacy Act 1988. We also have\nstrategy will be to take targeted, risk-based\nspecific functions in relation to the Consumer\nenforcement action when assessed as necessary.\nData Right (CDR), My Health Record and Digital ID\nWe will progress civil penalty proceedings under the\nan\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Part IIIA of the Privacy Act and the National Consumer Credit Protections Act 2009\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 3\n**Register search**: https://www.legislation.gov.au/search?query=Part+IIIA+of+the+Privacy+Act+and+the+National+Consumer+Credit+Protections+Act+2009\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2023-24.pages.jsonl`\n\n**Evidence contexts**:\n- smooth functioning of the CR Code, as well as significant changes that will enhance individual rights and the operation of credit reporting.\nAs part of our work to raise credit reporting issues with government, we will participate in the statutory reviews of Part IIIA of the Privacy Act and the\nNational Consumer Credit Protections Act 2009\n, which are both due to be completed before 1 October 2024.\nThe OAIC will also remake the Credit Related Research Rule 2014, following public consultation, which is due to sunset in October 2024.\nDigital health\nThe OAIC aims to increase public trust and confi\n Source: `pages/corporate-plans-index__00.html`\n- ghts and the operation of credit reporting. One such significant change will include the introduction of a ‘soft enquiries’ framework.\nAs part of our work to raise Part IIIA issues with government, we will be actively participating in the statutory reviews of Part IIIA of the Privacy Act and the\nNational Consumer Credit Protections Act 2009\n, which are both due to be completed before 1 October 2024.\nOur capability\nThe OAIC will use resources strategically to achieve the greatest benefit for the community, and will continuously improve processes to ensure we perform our regulatory functions effec\n Source: `pages/corporate-plans-index__04.html`\n- ghts and the operation of credit\nreporting. One such significant change will include the\nintroduction of a ‘soft enquiries’ framework.\nAs part of our work to raise Part IIIA issues with\ngovernment, we will be actively participating in the\nstatutory reviews of Part IIIA of the Privacy Act and the\nNational Consumer Credit Protections Act 2009, which\nare both due to be completed before 1 October 2024.\n12\nOAIC Corporate plan 2023–24\nPart\n1\nOperating\ncontext\nPart\n1\nOperating\ncontext\n\n[page 13]\nOur capability\nThe OAIC will use resources strategically to achieve In 2023-24 the OAIC will continue to eng\n Source: `corporate-plans/2023-24.pages.jsonl`\n\n### Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022\n\n**Type**: Act\n**Confidence**: high\n**Mentions**: 3\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+Legislation+Amendment+%28Enforcement+and+Other+Measures%29+Act+2022\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- reation, management, protection, use and access. A proactive approach to information management will play a critical role in achieving the Australian Government’s Data and Digital Government Strategy.\nLegislative environment\nThe\nPrivacy Legislation Amendment (Enforcement and Other Measures) Act 2022\ncame into effect in December 2022. It introduced significantly increased penalties for serious and repeated privacy breaches, greater powers for the OAIC to resolve breaches, and changes to jurisdictional provisions to increase the application of Australian p\n Source: `pages/corporate-plans-index__00.html`\n- se networks provide a forum for sharing information on emerging risks, and on prevention and response to cyber incidents impacting privacy. We have used and will continue to use the amendments to privacy legislation, through the\nPrivacy Legislation Amendment (Enforcement and Other Measures) Act 2022\n, to exercise our greater enforcement and information sharing powers.\nOur membership of the Global Privacy Assembly, Asia Pacific Privacy Authorities forum and Global Privacy Enforcement Network gives us a platform for influencing the development of globally\n Source: `pages/corporate-plans-index__04.html`\n- reasingly large quantity of personal information,\nwhich must be secured effectively. When cyber security\nLegislative environment measures fail, the risk of harm to individuals whose\ninformation is compromised can be serious.\nThe Privacy Legislation Amendment (Enforcement and\nOther Measures) Act 2022 came into effect in December The OAIC will continue to engage with the Australian\n2022. It introduced significantly increased penalties Government on programs of work to uplift cyber\nfor serious and repeated privacy breaches, greater security in Australia, in\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Australia’s Privacy Act 1988\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Australia%E2%80%99s+Privacy+Act+1988\n\n**Sources**:\n- `pages/corporate-plans-index__04.html`\n- `corporate-plans/2023-24.pages.jsonl`\n\n**Evidence contexts**:\n- ss and government agencies. This message is consistent with the views expressed in our latest Australian Community Attitudes to Privacy Survey 2023. It also reflects the breadth of privacy issues of concern to the community as we move toward further reform of Australia’s\nPrivacy Act 1988\n.\nSignificant data breaches have brought a renewed focus on cyber security across government, business and individuals, adding momentum to the development and implementation of the\n2023–2030 Australian Cyber Security Strategy\n, and the OAIC will continue to c\n Source: `pages/corporate-plans-index__04.html`\n- . This message is consistent with\nchallenges of the future. the views expressed in our latest Australian Community\nAttitudes to Privacy Survey 2023. It also reflects the\nbreadth of privacy issues of concern to the community\nas we move toward further reform of Australia’s Privacy\nAct 1988.\n5\nOAIC Corporate plan 2023–24\n\n[page 6]\nSignificant data breaches have brought a renewed In relation to Information Commissioner (IC) reviews,\nfocus on cyber security across government, work continues to increase efficiencies and deal with\nbusiness and indiv\n Source: `corporate-plans/2023-24.pages.jsonl`\n\n### Commonwealth Privacy Act 1988\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Commonwealth+Privacy+Act+1988\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- for the 2024–25 to 2027–28 reporting periods, as required under paragraph 35(1)(b) of the\nPublic Governance, Performance and Accountability Act 2013\n.\nAs an independent statutory agency, our office regulates privacy and freedom of information (FOI) under the Commonwealth\nPrivacy Act 1988\nand the\nFreedom of Information Act 1982\n(FOI Act) and has information policy functions under the Australian Information Commissioner Act 2010. This corporate plan sets out our key activities and how we measure our performance.\nSo far, 2024 has been a year of\n Source: `pages/corporate-plans-index__00.html`\n- Governance,\nPerformance and Accountability Act 2013.\nAs an independent statutory agency, our office respond to future challenges. The review made 9\nregulates privacy and freedom of information (FOI) recommendations to the OAIC, including around our\nunder the Commonwealth Privacy Act 1988 and regulatory posture, governance, structure, culture and\nthe Freedom of Information Act 1982 (FOI Act) and has values, and process change. The OAIC has accepted all\ninformation policy functions under the Australian recommendations directed to the office and\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Cth) Information Privacy Act 2014\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Information+Privacy+Act+2014\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\nMy Health Records Rules 2016 (Cth)\nMy Health Records (Information Commissioner Enforcement Powers) Guidelines 2016 (Cth)\nNational Cancer Screening Register Act 2016 (Cth)\nNational\n Source: `pages/corporate-plans-index__01.html`\n- 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\n33\n\n[page 34]\nOAIC Corporate plan 2025–26\nAppendix B\nAppendix B\nList of requirements\nThe OAIC’s Corporate Plan has been prepared in\naccordance with the requirements of section 35\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### FOI Act), Privacy Act 1988\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=FOI+Act%29%2C+Privacy+Act+1988\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- Key activity 1: Influence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth\nAustralian Information Commissioner Act 2010\n(AIC Act),\nFreedom of Information Act 1982\n(FOI Act),\nPrivacy Act 1988\nand other laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and, from 2024–25, Digital ID, as the system is expanded across the Australian economy.\nAccess to information\nThe OAIC regulates the community’s access t\n Source: `pages/corporate-plans-index__00.html`\n- s\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth Australian\nInformation Commissioner Act 2010 (AIC Act), Freedom of Information Act 1982 (FOI Act), Privacy Act 1988 and\nother laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and,\nfrom 2024–25, Digital ID, as the system is expanded across the Australian economy.\nAccess to information The delivery of timely IC reviews is a prio\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Privacy (Tax File Number) Rules 2015\n\n**Type**: Rules\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+%28Tax+File+Number%29+Rules+2015\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- 16 (Cth)\nNational Cancer Screening Register Act 2016 (Cth)\nNational Consumer Credit Protection Act 2009 (Cth)\nNational Health Act 1953 (Cth)\nNational Health (Privacy) Rules 2021 (Cth) Online Safety Act 2021\nPersonal Property Securities Act 2009 (Cth)\nPrivacy (Tax File Number) Rules 2015 (Cth)\nProduct Emissions Standards Act 2017 (Cth)\nRoad Vehicle Standards Act 2018 (Cth)\nSocial Security (Administration) Act 1999 (Cth)\nStudent Identifiers Act 2014 (Cth)\nTaxation Administration Act 1953 (Cth) (handling of tax file numbers)\nTelecommunications\n Source: `pages/corporate-plans-index__01.html`\n- g and Counter-Terrorism\nFinancing Act 2006 (Cth) National Health (Privacy) Rules 2021 (Cth)\nAnti-Money Laundering and Counter-Terrorism Online Safety Act 2021\nFinancing Rules (Cth)\nPersonal Property Securities Act 2009 (Cth)\nChild Care Act 1972 (Cth)\nPrivacy (Tax File Number) Rules 2015 (Cth)\nCompetition and Consumer Act 2010 (Cth)\nProduct Emissions Standards Act 2017 (Cth)\nCompetition and Consumer (Consumer Data Right)\nRoad Vehicle Standards Act 2018 (Cth)\nRules 2020 (Cth)\nSocial Security (Administration) Act 1999 (Cth)\nConsumer Data Right\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Privacy and Other Legislation Amendment Act 2024\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+and+Other+Legislation+Amendment+Act+2024\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n\n**Evidence contexts**:\n- Through our connected approach we will continue to apply our unique regulatory insights to maximise our regulatory impact. This impact will be further augmented, in the coming years, by new enforcement powers granted to the Information Commissioner under the\nPrivacy and Other Legislation Amendment Act 2024\n(Cth).\nIn our complex world, past practices and assumptions are being challenged—with dazzling speed and intensity—by changes in technology, communication and ways of working. We are committed to narrowing the gap between technological innovation and effectiv\n Source: `pages/corporate-plans-index__01.html`\n- ability of Australians to manage their privacy choices online, and will improve protections for children and other vulnerable groups.\nA key area of focus in the coming year will be our work to develop a Children’s Online Privacy Code, following passage of the\nPrivacy and Other Legislation Amendment Act 2024\n(the POLA Act). We will be consulting widely and incorporating insights from children and young people into our Code drafting process. This will ensure different voices are represented and will put children at the centre of privacy protections in Australia.\nT\n Source: `pages/corporate-plans-index__01.html`\n\n### Credit Health (Privacy) Rules 2021\n\n**Type**: Rules\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Credit+Health+%28Privacy%29+Rules+2021\n\n**Sources**:\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- assessments and data breach notifications relating to\nindividuals’ privacy. the My Health Record system.\nWe will continue implementing proposals from The OAIC is finalising our review of the National\nthe 2021 independent review of the Privacy (Credit Health (Privacy) Rules 2021 to ensure they remain fit\nReporting) Code 2014 (CR Code), including considering for purpose to regulate how Australian Government\nand publicly consulting on an application from the agencies use, store, disclose and link Medicare Benefits\nindustry code develop\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Health (Privacy) Rules 2018\n\n**Type**: Rules\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Health+%28Privacy%29+Rules+2018\n\n**Sources**:\n- `corporate-plans/2021-22.pages.jsonl`\n\n**Evidence contexts**:\n- mmendations from their Review of the My\nHealth Records Legislation: Final Report. In the year\nPromoting proactive release and a right of access to\nahead we will also complete our review of the National\ndocuments held by government remains a core focus\nHealth (Privacy) Rules 2018.\nfor the OAIC as we work to support efficient access\n\n[page 8]\nOAIC Corporate Plan 2021–22\nOur ambition\nEngaged – Active contributors and collaborators in\nHow we will achieve our ambition the contemporary application of information\nTo increase public trust an\n Source: `corporate-plans/2021-22.pages.jsonl`\n\n### National Health (Privacy) Rules 2018\n\n**Type**: Rules\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=National+Health+%28Privacy%29+Rules+2018\n\n**Sources**:\n- `pages/corporate-plans-index__03.html`\n\n**Evidence contexts**:\n- alian Digital Health Agency regarding its implementation of the Australian National Audit Office’s recommendations from their Review of the My Health Records Legislation: Final Report. In the year ahead we will also complete our review of the National Health (Privacy) Rules 2018.\nPart 1: Operating context\nThe Office of the Australian Information Commissioner promotes and upholds privacy and information access rights. We perform our regulatory functions in a complex global data environment. Our effective risk management and highly cap\n Source: `pages/corporate-plans-index__03.html`\n\n### Privacy Act) and the Freedom of Information Act 1982\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+Act%29+and+the+Freedom+of+Information+Act+1982\n\n**Sources**:\n- `pages/corporate-plans-index__07.html`\n\n**Evidence contexts**:\n- s purpose. The core principles of transparency and accountability underpin the privacy and information access frameworks that we regulate. We support these principles through the exercise of all our functions, including our regulation of the\nPrivacy Act 1988\n(Privacy Act) and the\nFreedom of Information Act 1982\n(FOI Act).\nOver the past five years, the OAIC has experienced significant growth across our regulatory functions, particularly in our primary functional areas of privacy complaints and reviews of agencies’ freedom of information (FOI) decisions (IC reviews).\n Source: `pages/corporate-plans-index__07.html`\n\n### Privacy Act, Freedom of Information Act 1982\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+Act%2C+Freedom+of+Information+Act+1982\n\n**Sources**:\n- `pages/about.html`\n\n**Evidence contexts**:\n- he OAIC website and to staff through its ‘all staff’ email communications.\nOverview\nThe OAIC collects, uses and discloses and holds personal information to exercise its powers and perform its functions under the\nAustralian Information Commissioner Act 2010\n,  Privacy Act,\nFreedom of Information Act 1982\n(FOI Act),\nMy Health Records Act 2012\n(My Health Records Act),\nCompetition and Consumer Act 2010\n(CC Act),\nDigital ID Act 2024\n(Digital ID Act)  and\nother legislation that confer powers, functions or duties on the OAIC\n.\nSome of these powers, functions and du\n Source: `pages/about.html`\n\n### Privacy Awareness Week, Legislation Amendment Act 2024\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Privacy+Awareness+Week%2C+Legislation+Amendment+Act+2024\n\n**Sources**:\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- rea of focus in the coming year will be\ncommunication and education activities in the our work to develop a Children’s Online Privacy\nAustralian community. In addition to leading the Code, following passage of the Privacy and Other\nAustralia-wide campaign for Privacy Awareness Week, Legislation Amendment Act 2024 (the POLA Act). We\nwe also participate in activities to support International will be consulting widely and incorporating insights\nDay for Universal Access to Information (IDUAI) from children and young people into our Code\neach year, and publish a range of u\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Public Governance, Performance and Accountability OAIC Diversity Committee Act 2013\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Public+Governance%2C+Performance+and+Accountability+OAIC+Diversity+Committee+Act+2013\n\n**Sources**:\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- policies and guidelines for working Our Risk Management Policy and Framework details\narrangements, and other matters affecting our robust and holistic approach to risk oversight and\nworking arrangements. management. It is aligned with the requirements of\nthe Public Governance, Performance and Accountability\nOAIC Diversity Committee Act 2013 (PGPA Act) and the Commonwealth Risk\nThis committee prepares the OAIC Workplace Diversity Management Policy.\nStrategy, implements actions under our Multicultural\nAccess and Equity Plan, and champions diversity and To implement the policy and framework and ena\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Under the Privacy and Other Legislation Amendment Act 2024\n\n**Type**: Act\n**Confidence**: medium\n**Mentions**: 1\n**Register search**: https://www.legislation.gov.au/search?query=Under+the+Privacy+and+Other+Legislation+Amendment+Act+2024\n\n**Sources**:\n- `pages/news-latest.html`\n\n**Evidence contexts**:\n- tent of the contravention\nthe nature and extent of any loss or damage suffered because of the contravention\nthe circumstances in which the contravention took place\nwhether the person has previously been found by a court to have engaged in any similar conduct.\nUnder the\nPrivacy and Other Legislation Amendment Act 2024\n(POLA Act), civil penalties may also be awarded for inferences with the privacy of an individual under section 13H of the Privacy Act. The maximum civil penalty the OAIC can seek in Court under this section is 2,000 penalty units ($660,000).\nIn addition, the\n Source: `pages/news-latest.html`\n\n### ACT) My Health Records Act 2012\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=ACT%29+My+Health+Records+Act+2012\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- 022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\nMy Health Records Rules 2016 (Cth)\nMy Health Records (Information Commissioner Enforcement Powers) Guidelines 2016 (Cth)\nNational Cancer Screening Register Act 2016 (Cth)\nNational Consumer Credit Protection Act 2\n Source: `pages/corporate-plans-index__01.html`\n- 022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\n33\n\n[page 34]\nOAIC Corporate plan 2025–26\nAppendix B\nAppendix B\nList of requirements\nThe OAIC’s Corporate Plan has been prepared in\naccordance with the requirements of section 35 of\nthe PGPA Act, sections 16E and\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### AIC Act), Freedom of Information Act 1982\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=AIC+Act%29%2C+Freedom+of+Information+Act+1982\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- mporary, harms-based approach to regulation\nKey activity 1: Influence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth\nAustralian Information Commissioner Act 2010\n(AIC Act),\nFreedom of Information Act 1982\n(FOI Act),\nPrivacy Act 1988\nand other laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and, from 2024–25, Digital ID, as the system is expanded across the Australian economy.\nAccess to information\nThe OAIC regula\n Source: `pages/corporate-plans-index__00.html`\n- rt 1: Our vision, purpose and key activities\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth Australian\nInformation Commissioner Act 2010 (AIC Act), Freedom of Information Act 1982 (FOI Act), Privacy Act 1988 and\nother laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and,\nfrom 2024–25, Digital ID, as the system is expanded across the Australian economy.\nAccess to information The delivery of\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### AIC Act), the Freedom of Information Act 1982\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=AIC+Act%29%2C+the+Freedom+of+Information+Act+1982\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- ies\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers which are prescribed by Commonwealth legislation, primarily the\nAustralian Information Commissioner Act\n2010 (AIC Act), the\nFreedom of Information Act 1982\n(FOI Act) and the\nPrivacy Act 1988\n. We also have specific functions in relation to the Consumer Data Right (CDR), My Health Record and Digital ID and almost 40 other pieces of legislation as set out in Appendix A. We will continue to discharge these statutor\n Source: `pages/corporate-plans-index__01.html`\n- ions and powers which are prescribed action where agencies’ non-compliance with their FOI\nby Commonwealth legislation, primarily the obligations is significant, in order to ensure information\nAustralian Information Commissioner Act 2010 rights are respected.\n(AIC Act), the Freedom of Information Act 1982\nAs the privacy regulator, a key plank of our regulatory\n(FOI Act) and the Privacy Act 1988. We also have\nstrategy will be to take targeted, risk-based\nspecific functions in relation to the Consumer\nenforcement action when assessed as necessary.\nData Right (CD\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Commonwealth Australian Information Commissioner Act 2010\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Commonwealth+Australian+Information+Commissioner+Act+2010\n\n**Sources**:\n- `pages/corporate-plans-index__00.html`\n- `corporate-plans/2024-25.pages.jsonl`\n\n**Evidence contexts**:\n- proactive release of government information\n4\nTake a contemporary, harms-based approach to regulation\nKey activity 1: Influence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth\nAustralian Information Commissioner Act 2010\n(AIC Act),\nFreedom of Information Act 1982\n(FOI Act),\nPrivacy Act 1988\nand other laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and, from 2024–25, Digital ID, as the system is expanded across the Australian eco\n Source: `pages/corporate-plans-index__00.html`\n- on to regulation\nOAIC Corporate plan 2024–25 8\n\n[page 9]\nPart 1: Our vision, purpose and key activities\nKey activity 1\nInfluence and uphold privacy and information access rights frameworks\nThe OAIC has a wide range of regulatory functions and powers under the Commonwealth Australian\nInformation Commissioner Act 2010 (AIC Act), Freedom of Information Act 1982 (FOI Act), Privacy Act 1988 and\nother laws. We regulate the privacy aspects of the Consumer Data Right (CDR), My Health Record system and,\nfrom 2024–25, Digital ID, as the system is expanded across the Australian eco\n Source: `corporate-plans/2024-25.pages.jsonl`\n\n### Cth) Competition and Consumer Act 2010\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Competition+and+Consumer+Act+2010\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- the OAIC in relation to privacy and information access matters.\nAdministrative Review Tribunal Act 2024\nAnti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)\nAnti-Money Laundering and Counter-Terrorism Financing Rules (Cth)\nChild Care Act 1972 (Cth)\nCompetition and Consumer Act 2010 (Cth)\nCompetition and Consumer (Consumer Data Right) Rules 2020 (Cth)\nConsumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019 (Cth)\nConsumer Data Right (Energy Sector) Designation 2020 (Cth)\nCounter-Terrorism Legislation Amendment (Forei\n Source: `pages/corporate-plans-index__01.html`\n- cing Act 2006 (Cth) National Health (Privacy) Rules 2021 (Cth)\nAnti-Money Laundering and Counter-Terrorism Online Safety Act 2021\nFinancing Rules (Cth)\nPersonal Property Securities Act 2009 (Cth)\nChild Care Act 1972 (Cth)\nPrivacy (Tax File Number) Rules 2015 (Cth)\nCompetition and Consumer Act 2010 (Cth)\nProduct Emissions Standards Act 2017 (Cth)\nCompetition and Consumer (Consumer Data Right)\nRoad Vehicle Standards Act 2018 (Cth)\nRules 2020 (Cth)\nSocial Security (Administration) Act 1999 (Cth)\nConsumer Data Right (Authorised Deposit-Taking\nStudent Ident\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Cth) Crimes Act 1914\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Crimes+Act+1914\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- Consumer (Consumer Data Right) Rules 2020 (Cth)\nConsumer Data Right (Authorised Deposit-Taking Institutions) Designation 2019 (Cth)\nConsumer Data Right (Energy Sector) Designation 2020 (Cth)\nCounter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Cth)\nCrimes Act 1914 (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (\n Source: `pages/corporate-plans-index__01.html`\n- (Cth) (handling of tax\nConsumer Data Right (Energy Sector) Designation 2020\nfile numbers)\n(Cth)\nTelecommunications Act 1997 (Cth)\nCounter-Terrorism Legislation Amendment (Foreign\nTelecommunications (Interception and Access) Act\nFighters) Act 2014 (Cth)\n1979 (Cth)\nCrimes Act 1914 (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990\n(Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation\nAct 1999\nFinancial Sector Reform Act 2022 (\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Cth) Digital ID Act 2024\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Digital+ID+Act+2024\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- Sector) Designation 2020 (Cth)\nCounter-Terrorism Legislation Amendment (Foreign Fighters) Act 2014 (Cth)\nCrimes Act 1914 (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification\n Source: `pages/corporate-plans-index__01.html`\n- n Amendment (Foreign\nTelecommunications (Interception and Access) Act\nFighters) Act 2014 (Cth)\n1979 (Cth)\nCrimes Act 1914 (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990\n(Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation\nAct 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Cth) Foreign Influence Transparency Scheme Act 2018\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Foreign+Influence+Transparency+Scheme+Act+2018\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records\n Source: `pages/corporate-plans-index__01.html`\n- (Cth), pt VIIC (spent convictions)\nData Availability and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990\n(Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation\nAct 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Cth) Healthcare Identifiers Act 2010\n\n**Type**: Act\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Healthcare+Identifiers+Act+2010\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\nMy Health Recor\n Source: `pages/corporate-plans-index__01.html`\n- and Transparency Act 2022 (Cth)\nData-matching Program (Assistance and Tax) Act 1990\n(Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation\nAct 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992 (Cth)\nInformation Privacy Act 2014 (ACT)\nMy Health Records Act 2012 (Cth)\nMy Health Records Regulations 2012 (Cth)\n33\n\n[page 34]\nO\n Source: `corporate-plans/2025-26.pages.jsonl`\n\n### Cth) Healthcare Identifiers Regulations 2010\n\n**Type**: Regulation\n**Confidence**: low\n**Mentions**: 2\n**Register search**: https://www.legislation.gov.au/search?query=Cth%29+Healthcare+Identifiers+Regulations+2010\n\n**Sources**:\n- `pages/corporate-plans-index__01.html`\n- `corporate-plans/2025-26.pages.jsonl`\n\n**Evidence contexts**:\n- matching Program (Assistance and Tax) Act 1990 (Cth)\nDigital ID Act 2024\nEnvironment Protection and Biodiversity Conservation Act 1999\nFinancial Sector Reform Act 2022 (Cth)\nForeign Influence Transparency Scheme Act 2018 (Cth)\nHealthcare Identifiers Act 2010 (Cth)\nHealthcare Identifiers Regulations 2010 (Cth)\nIdentity Verification Services Act 2023 (Cth)\nImported Food Control Act 1992\n\n_…truncated, open the .md file for the full content._", "global_initiatives_md": null, "strategy": { "reporting_period": "2024-25", "corporate_plan_period": "2025-26", "vision": "To increase public trust and confidence in the protection of personal information and access to government-held information [CP p.9]", "vision_source_page": 9, "purposes": "To promote and uphold privacy and information access rights [CP p.6]", "purposes_source_page": 6, "how_we_deliver": "The OAIC uses its full regulatory toolkit across education, compliance and enforcement to achieve effective regulatory outcomes. We use education and persuasion to encourage and promote compliance. If necessary, we use coercive and compulsory powers to enforce privacy obligations and information access rights [CP p.9]", "how_we_deliver_source_page": 9, "government_priorities": [ { "text": "Rights preservation in new and emerging technologies", "source_page": 16 }, { "text": "Strengthening the information governance of the Australian Public Service", "source_page": 16 }, { "text": "Rebalancing power and information asymmetries", "source_page": 16 }, { "text": "Ensuring timely access to government information", "source_page": 16 } ], "outcomes": [ { "name": "Outcome 1: Provision of public access to Commonwealth Government information, protection of individuals’ personal information, and performance of Information Commissioner, freedom of information and privacy functions", "description": "The OAIC aims to be a responsive regulator. We use our full regulatory toolkit across education, compliance and enforcement to achieve effective regulatory outcomes. We use education and persuasion to encourage and promote compliance. If necessary, we use coercive and compulsory powers to enforce privacy obligations and information access rights [CP p.10]", "key_activities": [ "Influence and uphold privacy and information access rights frameworks", "Advance online privacy protections for Australians", "Encourage and support proactive release of government information", "Take a contemporary, harms-based approach to regulation" ], "source_page": 7 } ], "values": [ "integrity", "accountability", "transparency" ], "values_framework_name": null, "kpi_targets_2025_26": [ { "code": "Measure 1", "measure": "Change of percentage of OAIC case load that is greater than 12 months", "target": "26–27 Target: 27–28 Target: 28–29 Target: Baseline to be set", "source_page": 26 }, { "code": "Measure 2", "measure": "Percentage of cases finalised within time standards", "target": "80%", "source_page": 27 }, { "code": "Measure 3", "measure": "Percentage of regulated entities that report satisfaction with OAIC guidance and resources", "target": "Baseline to be set Prior years result maintained or exceeded", "source_page": 28 }, { "code": "Measure 4", "measure": "Effectiveness of the OAIC’s contribution to the advancement of online privacy protections and policy advice", "target": "Prior years result exceeded", "source_page": 29 }, { "code": "Measure 5", "measure": "Percentage of OAIC recommendations accepted by agencies following FOI complaint investigations", "target": "90%", "source_page": 30 }, { "code": "Measure 6", "measure": "Initial assessments are completed and recorded on all proactive regulatory activities", "target": "100%", "source_page": 31 }, { "code": "Measure 7", "measure": "OAIC staff consider they have the skills, capabilities and knowledge to perform well", "target": "80%", "source_page": 32 } ], "kpi_results_2024_25": [], "_source_urls": { "annual_report_url": "", "corporate_plan_url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf" } }, "ideas": [ { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Data & Performance", "scale": "small", "title": "KPI evidence register with named owners", "idea": "Create a simple register mapping each KPI to source data, owner, frequency, target, and last result.", "quote": "[Page 23]\n21\nPart\n3:\nPerformance\nmeasurement\nframework\nIntended Result 1.1 – The OAIC’s activities support the effective regulation\nof the Consumer Data Right\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.1 Baseline to be Baseline result Prior year's Prior year's Annual Effectiveness\nEffectiveness established exceeded result exceeded result exceeded stakeholder\nof the OAIC’s survey\ncontribution conducted by\nto the an independent\nregulation of professional\nthe Consumer provider\nData Right as\nmeasured by\nstakeholder\nfeedback\nMetric: Average\nperformance\nrating from\nstakeholders\nbased on a\ncomposite\nsurvey-based\nperformance\nindex\nIntended Result 1.2 – The OAIC’s regulatory outputs are timely\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.2.", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Executives / Parliament / public", "source": "corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Data & Performance", "scale": "large", "title": "Outcome dashboard linking budget, delivery, and public impact", "idea": "Build a public-facing outcome dashboard showing spend, outputs, outcomes, and delivery confidence.", "quote": "[Page 23]\n21\nPart\n3:\nPerformance\nmeasurement\nframework\nIntended Result 1.1 – The OAIC’s activities support the effective regulation\nof the Consumer Data Right\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.1 Baseline to be Baseline result Prior year's Prior year's Annual Effectiveness\nEffectiveness established exceeded result exceeded result exceeded stakeholder\nof the OAIC’s survey\ncontribution conducted by\nto the an independent\nregulation of professional\nthe Consumer provider\nData Right as\nmeasured by\nstakeholder\nfeedback\nMetric: Average\nperformance\nrating from\nstakeholders\nbased on a\ncomposite\nsurvey-based\nperformance\nindex\nIntended Result 1.2 – The OAIC’s regulatory outputs are timely\nPerformance 22–23 target 23–24 target 24–25 target 25–26 target Methodology/ Type\nmeasure data source\n1.2.", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Executives / Parliament / public", "source": "corporate-plans/2022-23.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Regulation & Policy", "scale": "small", "title": "Regulatory burden scan for forms, guidance, and reporting", "idea": "Identify the top 10 highest-friction reporting obligations and simplify guidance, forms, or evidence requirements.", "quote": "Trend\nChallenges\nOpportunities\nShift in Australian Government and community expectations of a regulator’s role\nEnsuring the OAIC’s regulatory approach reflects government and community expectations of regulators\nFocus on key regulatory risks and align activities and use of regulatory power to deliver highest impact\nReview community and government expectations of Australian regulators and ensure the OAIC’s regulatory approach, internal capability, and stakeholder engagement reflect these expectations\nEvolution in international landscape in relation to privacy and information access, and increased globalisation of the economy\nEnsuring that domestic policy and guidance is interoperable with international law to facilitate Australia’s participation in the global economy\nActive participation in changing global regulatory landscape", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Regulated entities / policy teams", "source": "pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Regulatory capture", "Over-automation of judgement" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Regulation & Policy", "scale": "large", "title": "Adaptive regulation program with live feedback loops", "idea": "Create an adaptive regulation model using sandboxes, industry data, risk scoring, and regular rule updates.", "quote": "Trend\nChallenges\nOpportunities\nShift in Australian Government and community expectations of a regulator’s role\nEnsuring the OAIC’s regulatory approach reflects government and community expectations of regulators\nFocus on key regulatory risks and align activities and use of regulatory power to deliver highest impact\nReview community and government expectations of Australian regulators and ensure the OAIC’s regulatory approach, internal capability, and stakeholder engagement reflect these expectations\nEvolution in international landscape in relation to privacy and information access, and increased globalisation of the economy\nEnsuring that domestic policy and guidance is interoperable with international law to facilitate Australia’s participation in the global economy\nActive participation in changing global regulatory landscape", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Regulated entities / policy teams", "source": "pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Regulatory capture", "Over-automation of judgement" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Citizen Participation", "scale": "small", "title": "Consultation feedback summaries with response tracking", "idea": "Summarise consultation submissions by theme and publish what changed in response.", "quote": "Trend\nChallenges\nOpportunities\nShift in Australian Government and community expectations of a regulator’s role\nEnsuring the OAIC’s regulatory approach reflects government and community expectations of regulators\nFocus on key regulatory risks and align activities and use of regulatory power to deliver highest impact\nReview community and government expectations of Australian regulators and ensure the OAIC’s regulatory approach, internal capability, and stakeholder engagement reflect these expectations\nEvolution in international landscape in relation to privacy and information access, and increased globalisation of the economy\nEnsuring that domestic policy and guidance is interoperable with international law to facilitate Australia’s participation in the global economy\nActive participation in changing global regulatory landscape", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Citizens / stakeholders / policy teams", "source": "pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Digital exclusion", "Low public trust if feedback is not acted on" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Citizen Participation", "scale": "large", "title": "Always-on policy participation platform", "idea": "Create a standing participation platform where citizens and stakeholders can propose, vote, and track ideas.", "quote": "Trend\nChallenges\nOpportunities\nShift in Australian Government and community expectations of a regulator’s role\nEnsuring the OAIC’s regulatory approach reflects government and community expectations of regulators\nFocus on key regulatory risks and align activities and use of regulatory power to deliver highest impact\nReview community and government expectations of Australian regulators and ensure the OAIC’s regulatory approach, internal capability, and stakeholder engagement reflect these expectations\nEvolution in international landscape in relation to privacy and information access, and increased globalisation of the economy\nEnsuring that domestic policy and guidance is interoperable with international law to facilitate Australia’s participation in the global economy\nActive participation in changing global regulatory landscape", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Citizens / stakeholders / policy teams", "source": "pages/corporate-plans-index__05.html (https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/corporate-plans/corporate-plan-201920)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Digital exclusion", "Low public trust if feedback is not acted on" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Citizen Services", "scale": "small", "title": "Plain-language service pages and proactive status updates", "idea": "Rewrite high-volume pages and letters into plain language, add status notifications, and measure contact reduction.", "quote": "Our targets for 2024–25 focus on reduced\noutsourcing of work across several Job Families\nIn alignment with the Australian Public Service including Administration, Legal and Parliamentary,\nCommission’s Highly Capable, Future-Ready: APS and Portfolio Program and Project Management,\nLearning and Development Strategy, we invest with an expected reduction of $950,000 in 2024–25 in\nin development opportunities for our people by outsourcing expenditure.\npartnering across the Australian Public Service (APS) to\naccess a range of relevant courses and resources.", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Citizens / service users", "source": "corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Digital exclusion", "Low public trust if feedback is not acted on" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Citizen Services", "scale": "large", "title": "Single front door for life-event based services", "idea": "Bundle services around life events so citizens can complete related steps across agencies in one journey.", "quote": "Our targets for 2024–25 focus on reduced\noutsourcing of work across several Job Families\nIn alignment with the Australian Public Service including Administration, Legal and Parliamentary,\nCommission’s Highly Capable, Future-Ready: APS and Portfolio Program and Project Management,\nLearning and Development Strategy, we invest with an expected reduction of $950,000 in 2024–25 in\nin development opportunities for our people by outsourcing expenditure.\npartnering across the Australian Public Service (APS) to\naccess a range of relevant courses and resources.", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Citizens / service users", "source": "corporate-plans/2024-25.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Digital exclusion", "Low public trust if feedback is not acted on" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Risk & Assurance", "scale": "small", "title": "Recommendation tracker for audits, reviews, and inquiries", "idea": "Publish a single internal tracker for audit/review recommendations, owners, due dates, and implementation evidence.", "quote": "Risk-based and data-driven – regulators Continuous improvement 1.1, 1.2, 2.2, 2.3, 2.4, 2.6,\nmaintain essential safeguards, using data and building trust 2.7, 2.8, 2.11, 3.1, 4.2, 4.3\nand digital technology to manage risks\nproportionately to minimise regulatory burden Risk-based and data- 2.1, 2.5 3.2, 4.1, 4.4,\ndriven\nand to support those they regulate to comply\nand grow.", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "Executives / assurance teams", "source": "corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Regulatory capture", "Over-automation of judgement" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Risk & Assurance", "scale": "large", "title": "Integrated assurance and lessons-learned system", "idea": "Create an assurance system that connects audit findings, risk registers, delivery reviews, and investment decisions.", "quote": "Risk-based and data-driven – regulators Continuous improvement 1.1, 1.2, 2.2, 2.3, 2.4, 2.6,\nmaintain essential safeguards, using data and building trust 2.7, 2.8, 2.11, 3.1, 4.2, 4.3\nand digital technology to manage risks\nproportionately to minimise regulatory burden Risk-based and data- 2.1, 2.5 3.2, 4.1, 4.4,\ndriven\nand to support those they regulate to comply\nand grow.", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "Executives / assurance teams", "source": "corporate-plans/2021-22.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Regulatory capture", "Over-automation of judgement" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Staff Productivity", "scale": "small", "title": "Reusable briefing and summary assistant for internal documents", "idea": "Create controlled templates for summarising reports, submissions, minutes, and ministerial briefs.", "quote": "[Page 32]\nOAIC Corporate plan 2025–26\nPerformance\nOAIC staff consider they have the skills, capabilities and knowledge to perform well, enabling\nMeasure 7\nthe OAIC to deliver expert service\nIntended result:\nThe OAIC’s approach to our regulatory role is consistent with better practice principles\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\n80% 80% 80% 80%\nRationale:\nThis measures the OAIC’s effectiveness at building staff capability and knowledge to ensure the OAIC can deliver\nexpert service when undertaking its regulatory functions.", "impact": "High", "effort": "Low", "proof": "Evidence-backed", "beneficiaries": "APS staff / executives", "source": "corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)", "implementation": [ "Pick one high-volume process or document family.", "Name an owner and baseline current volume, time, cost, and satisfaction.", "Run a 4-8 week pilot with clear before/after metrics.", "Publish lessons and decide whether to scale." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Sensitive information leakage", "Inconsistent quality of generated drafts" ] }, { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "category": "Staff Productivity", "scale": "large", "title": "Department-wide knowledge and briefing platform", "idea": "Build a secure knowledge platform that lets staff search, summarise, and cite approved departmental material.", "quote": "[Page 32]\nOAIC Corporate plan 2025–26\nPerformance\nOAIC staff consider they have the skills, capabilities and knowledge to perform well, enabling\nMeasure 7\nthe OAIC to deliver expert service\nIntended result:\nThe OAIC’s approach to our regulatory role is consistent with better practice principles\n25–26 Target: 26–27 Target: 27–28 Target: 28–29 Target:\n80% 80% 80% 80%\nRationale:\nThis measures the OAIC’s effectiveness at building staff capability and knowledge to ensure the OAIC can deliver\nexpert service when undertaking its regulatory functions.", "impact": "Very High", "effort": "High", "proof": "Evidence-backed", "beneficiaries": "APS staff / executives", "source": "corporate-plans/2025-26.pdf (https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf)", "implementation": [ "Create a senior responsible owner and cross-functional delivery team.", "Map legislation, data, privacy, procurement, cyber, and workforce constraints.", "Co-design with users and frontline staff before technology selection.", "Stage delivery through pilots, benefits tracking, and public reporting." ], "risks": [ "Privacy and data quality", "Change fatigue", "Unclear accountability", "Sensitive information leakage", "Inconsistent quality of generated drafts" ] } ], "legislation_administered": [], "artifacts": [ { "category": "corporate-plans", "year": "2025-26", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "file": "corporate-plans/2025-26.pdf", "bytes": 5267348, "link_text": "Corporate plan 2025–26 (PDF, 5144 KB)" }, { "category": "corporate-plans", "year": "2024-25", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0022/241375/Corporate-plan-2024.pdf", "file": "corporate-plans/2024-25.pdf", "bytes": 2205347, "link_text": "OAIC Corporate plan 2024–25 (PDF, 2154 KB)" }, { "category": "corporate-plans", "year": "2023-24", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0020/82532/OAIC-Corporate-plan-2023-24.pdf", "file": "corporate-plans/2023-24.pdf", "bytes": 8574440, "link_text": "Download the print version (PDF, 8373 KB)" }, { "category": "corporate-plans", "year": "2022-23", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0035/38897/OAIC-Corporate-Plan-2022-23.pdf", "file": "corporate-plans/2022-23.pdf", "bytes": 13149584, "link_text": "Download the print version (PDF, 12841 KB)" }, { "category": "corporate-plans", "year": "2021-22", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0007/4102/oaic-corporate-plan-2021-22.pdf", "file": "corporate-plans/2021-22.pdf", "bytes": 6923091, "link_text": "Download the print version (PDF, 6761 KB)" }, { "category": "other-pdfs", "year": "2019", "url": "https://www.naa.gov.au/sites/default/files/2019-12/agency-ra-2012-00305243.pdf", "file": "other-pdfs/agency-ra-2012-00305243.pdf", "bytes": 186265, "link_text": "OAIC’s Records Disposal Authority" } ], "_meta": { "snapshot_built_at": "2026-05-13T11:03:00+00:00", "strategy_brief_meta": { "model": "nova-micro", "folder": "Privacy-Advisory-Committee", "annual_report": { "file": null, "url": "", "year": null }, "corporate_plan": { "file": "corporate-plans\\2025-26.txt", "url": "https://www.oaic.gov.au/__data/assets/pdf_file/0025/255751/OAIC-Corporate-plan-2025-2026.pdf", "year": "2025-26" }, "usage": { "input_tokens": 11180, "output_tokens": 942, "total_tokens": 12122, "model": "nova-micro" }, "cost_usd": 0.00052318, "elapsed_seconds": 21.44, "generated_at": "2026-05-13T04:09:40+00:00" }, "ideas_manifest": { "entity_id": "B-002201", "entity_name": "Privacy Advisory Committee", "folder_name": "Privacy-Advisory-Committee", "generated_at": "2026-05-09T23:05:24.085064+00:00", "idea_count": 12, "markdown": "ideas/Privacy-Advisory-Committee_ideas.md", "jsonl": "ideas/ideas.jsonl", "inputs": [ "Privacy-Advisory-Committee_strategy-overview.md", "strategy-evidence.json", "global-intelligence/source-manifest.json" ] }, "global_intel_meta": null } }