FOIREQ20 00213 027
Commissioner brief: 2019-20 Australian Government agency and
ministerial FOI statistics1 D2020/017448
Key messages
The number of FOI requests made to Australian Government agencies and ministers in
2019–202 increased by approximately 6% over the previous year to 41,333 (when there
was a 13% increase in the number of requests compared with the previous year).
The Department of Home Affairs, Services Australia (formerly the Department of
Human Services) and the Department of Veterans’ Affairs together continued to
receive the majority of FOI requests received by Australian Government agencies (70%
of the total). Of these, 95% are from individuals seeking access to personal information.
Of all FOI requests made to agencies and ministers, 81% were for personal information
(33,584) and 19% for non-personal (7,749). This trend has been consistent over the
past 4 years.
13,727 FOI requests were granted in full in 2019-20 (47% of all requests decided). This
represents a decline in the percentage of FOI requests granted in ful compared with
2018-19, when 52% of all FOI requests decided were granted in full.
11,221 FOI requests were granted in part in 2019-20 (38% of all requests decided). This
represents an increase in requests granted in part compared with 2018-19, when 35%
of all requests decided were granted in part.
4,410 FOI requests were refused in 2019-20 (15% of all requests decided). This
represents an increase in requests refused compared with 2018-19, when 13% of all
requests were refused.
79% of all FOI requests decided in 2019-20 were decided within the statutory
timeframe. This is a decline in timeliness compared with 2018-19 (83%) and 2017-18
(85%) and may be due to the impact of the COVID-19 pandemic on agencies and
ministers’ ability to process FOI requests.
There was a 25% decline in the amount of charges notified in 2019–20 ($267,069) than
in 2018–19. There was a 28% decline in the amount of charges collected in 2019-20
($88,090) than in 2018-19.
The total cost attributable to processing FOI requests in 2019–20 was $63.91 million,
approximately 7% more than the previous financial year’s total ($59.85 million).
There was a 106% increase in the number of documents agencies and ministers made
available for direct download from their disclosure logs in 2019-20 (1,438) compared
with 2018-19 (719).
1 Percentages in this brief have been rounded to the nearest full number.
2 In 2019–20, 294 agencies reported FOI statistics to the OAIC (however due to MOG changes not all these agencies were in
existence at the end of the financial year).
FOIREQ20 00213 028
Commissioner brief: Trends in use of FOI Act exemptions1
D2020/017449
Key messages
The percentage of cases in which no exemptions were claimed has varied over the past
9 years2:
o In 2011-12, no exemptions claimed in 58% of all FOI requests decided (12,844
requests)
o In 2012-13, no exemptions claimed in 44% of all FOI requests decided (9,766
requests)
o In 2013-14, no exemptions claimed in 49% of all FOI requests decided (11,255
requests)
o In 2014–15, no exemptions claimed in 19% of al requests decided (5,747
requests)
o In 2015-16, no exemptions claimed in 18% of all FOI requests decided (5,954
requests)
o In 2016-17, no exemptions claimed in 19% of all FOI requests decided (6,554
requests)
o In 2017-18, no exemptions claimed in 23% of all FOI requests decided (7,312
requests)
o In 2018-19, no exemptions claimed in 22% of all FOI requests decided (6,718
requests)
o In 2019–20, no exemptions claimed in 64% of al requests decided (18,823
requests).
The type of exemptions applied are general y consistent from year-to-year.
The most commonly claimed exemption is the personal privacy conditional exemption
(s 47F).
o In 2019–20, it was applied in approximately 38% of all requests in which an
exemption was applied.
The use of the certain operations of agencies conditional exemption (s 47E) has
increased over the past nine years:
o 2011-12 - approximately 8% of al requests in which an exemption was applied
o 2019-20 - approximately 20% of all requests in which an exemption was applied.
The exemptions applied by agencies may change on review.
1
All percentages have been rounded to whole numbers in this brief.
2
As reported by agencies
FOIREQ20 00213 029
Commissioner brief: FOI Extension of time applications
Key messages
An agency or minister must make a decision on an FOI request within 30 days, unless
the timeframe has been extended.
Where an agency or minister is unable to process an FOI request within the processing
period, they may request an extension of time:
o from the FOI applicant (by agreement under s 15AA)
o from the Information Commissioner under:
s 15AB (complex or voluminous)
s 15AC (where the agency or minister has been unable to process the
request within the statutory timeframe)
s 51DA (where the agency or minister has been unable to process the
request for amendment or annotation)
s 54D (where the agency or minister has been unable to process an
internal review application within the statutory timeframe).
Part 3 of the FOI Guidelines encourage agencies to seek agreement with the FOI
applicant prior to lodging an extension of time request with the OAIC.
The OAIC requires agencies and ministers to provide supporting documentation during
the consideration of an extension of time application. The application must include
reasons why the request could not be processed within the statutory processing period
and provide a plan on how the further time (if granted) will be utilised by the agency or
minister.
It is important for agencies and ministers to consider early in the process whether an
extension of time is required, as an application for an extension of time is not an
automatic grant and each application is considered on its individual merits.
In 2019–20, 79% of all FOI requests determined were processed within the applicable
statutory time period:
o 80% of all personal information requests and
o 73% of non-personal requests.
This represents a slight decrease in timeliness of decision-making from 2018–19
(when 83% were decided within time).
In 2019–20, there was an increase in the number of FOI requests decided more than 90
days after the expiry of the statutory time period (including any applicable extension of
time provisions) when compared with 2018–19 (10% in 2019–20, up from 2% in 2018–
19).
FOIREQ20 00213 030
Commissioner brief: FOI Complaint issues
Key messages
Complaint issues:
o The most complained about issue is delay by agencies processing FOI requests.
o Other complaints relate to (in order of most complained about):
failure to provide assistance during the practical refusal consultation
process
the imposition of charges
failure to acknowledge FOI request
searches
extension of processing time to consult with third party but no
consultation required
poor administration/customer service
poor communication/failure to update
failure of decision maker to provide name
poor record keeping (leading to an inability to find requested documents)
the Information Publication Scheme
deletion of public servants’ personal information from documents before
release.
I am of the view that making a complaint is not an appropriate mechanism where IC
review is available, unless there is a special reason to undertake an investigation and
the matter can be dealt with more appropriately and effectively as a complaint. IC
review will ordinarily be the more appropriate avenue for a person to seek review of
the merits of an FOI decision, particularly an access refusal or access grant decision.
The OAIC will soon publish a summary of the de-identified outcomes of finalised FOI
investigations on the OAIC website.
Statistics
Period
Number
Number
Finalisation
S 86 notices – with
received
finalised
timeframe
and without
recommendations
Page 1 of 14
FOIREQ20 00213 031
Commissioner brief: Department of Home Affairs Commissioner
Initiated Investigation (CII)
Key messages
Subsection 69(2) of the Freedom of Information Act provides that I can - on my own
initiative - investigate an action taken by an agency in the performance of functions, or
the exercise of powers under the FOI Act.
The FOI Regulatory Action Policy1outlines the factors to taken into account when
commencing a CII, including:
o the objects of the FOI Act
o the risks and impact of non-compliance by agencies with the FOI Act.
The FOI Regulatory Action Policy2 outlines the type of information which I took into
consideration when deciding whether to commence this CII:
o current FOI complaints raising the same allegations
o related IC reviews
o information provided to the OAIC
o quarterly and annual statistical return under the FOI Act as provided by the
Department
o whether the action (non-compliance) appeared to be systemic in nature, and
o Department’s response to recommendations made in the 2017 OAIC
investigation into the same issues.
On 25 October 2019, I commenced a CII into Department of Home Affairs processing of
FOI requests relating to non-personal information.
On 25 October 2019, I also commenced investigation into 13 FOI complaints about the
Department regarding non-compliance with statutory processing period.3
On 20 December 2019, I finalised my investigation into 13 FOI complaints about the
Department regarding non-compliance with statutory processing period. I concluded
that in all 13 FOI complaints the Department had not complied with the statutory
processing period. I deferred making any recommendations until the outcome of the
CII.
The CII remains ongoing.
1 Freedom of Information Regulatory Action Policy [28] – [29].
2 Freedom of Information Regulatory Action Policy [28] – [29].
3 On 20 December 2019, the Commissioner issued s 86 Notices in relation to the 13 FOI complaints which formed case studies in
the broader CII. The Commissioner found that in all 13 case studies the Department did not comply with statutory processing
periods. The Commissioner deferred making any recommendations in response to her findings until the related CII is finalised.
FOIREQ20 00213 032
Commissioner brief: FOI Disclosure Logs D2020/017452
Key messages
In October 2019, the OAIC began work on a desktop review of agency compliance with
disclosure log obligations. A key focus of the review is whether agencies make
documents directly available for download to members of the public.
Our report is near finalisation and wil be published soon.
Critical facts
Section 11C of the FOI Act requires agencies to publish information released in
response to FOI requests within 10 days of release to the FOI applicant, unless the
documents contain personal or business information that it would be unreasonable to
publish. Subsection 11C(3) provides three options for publication:
1. directly on the agency’s website
2. linking to another website from which the information can be downloaded
3. publishing details of how the information can be obtained on the agency’s website.
The FOI Guidelines state that publication of documents directly on an agency’s website,
rather than describing the documents and how they can be obtained on request, is
consistent with the FOI Act object of facilitating access to government information.
Further, the Explanatory Memorandum to the Freedom of Information Amendment
(Reform) Bill 2009 states that information is to be published to the public generally on a
website, and it is only if the information cannot readily be published in that way that
the website should give details of how the information can be obtained.
In December 2018 and January 2019 an individual made FOI requests through the
‘Right to Know’ website to 12 Departments that do not make documents directly
available through their disclosure logs, but which instead require an email to be sent
requesting access. The individual sought access to all documents not directly available
for download. Many Departments treated this as a formal request for access when a
decision had already been made on access, imposed with charges and applied a 30-day
processing period (in one case the agency asked for a 30-day extension to process the
‘request’). Several Departments issued practical refusal notices.
This issue was brought to our attention via social media and the ‘Right to Know’
website.
The OAIC’s desktop audit assessed all Australian Government departments (those
subject to the FOI Act), as well as the 20 agencies that receive the largest number of
FOI requests for non-personal information that result in release of documents.
The desktop review assessed:
the form in which access is provided (directly on the website, linked to another
website or on request)
FOIREQ20 00213 033
Commissioner brief: Changes to Disclosure Log Guidelines
D2020/017619
Key messages
The OAIC is in the process of updating Part 14 of the FOI Guidelines (Disclosure Log).
In October 2019, the OAIC began work on a desktop review of agency compliance with disclosure log
obligations. Our report is near finalisation and will be published soon. (For more information see
Commissioner brief: FOI Disclosure Logs D2020/017452).
We are using the information obtained during the disclosure log review to inform our update of
Part 14 of the FOI Guidelines (Disclosure Log) to provide more guidance to agencies to enable them to
better meet their disclosure log obligations, as well as to improve readability and update cross
references to supporting material.
Critical Issues
The desktop review of agency compliance with disclosure log obligations found that almost 40% of
reviewed agencies require members of the public to contact them for access to documents on their
disclosure log. This places an unnecessary barrier to accessing government information.
In the updated Guidelines, we will emphasise the Explanatory Memorandum to the Freedom of
Information Amendment (Reform) Bill 2009, which states that it is only if ‘information cannot readily
be published on a website’ that ‘the website should give details of how the information may be
obtained’.
The revised Guidelines will note the Information Commissioner’s view that documents should be
made directly available for download from an agency’s website (see ss 11C(3)(a) and 11C(3)(b) of the
FOI Act) unless it is not possible to upload documents, for example, due to file size, the requirement
for specialist software to view the information, or for any other reason of this nature. This approach is
consistent with the objects of the FOI Act.
Previously the Guidelines suggested that it may be appropriate that information attached to a
disclosure log listing is removed after 12 months unless the information has enduring public value.
The revised Guidelines will suggest that it may be appropriate to retain information and documents
on the disclosure log for a longer period of at least three years.
We will also update the section on Facilitating Access to emphasise that agencies and ministers are
encouraged to release information on the disclosure log as a machine readable or searchable PDF, or
in HTML format to ensure readability and accessibility of information.
Possible questions
Wil you seek input from the community or agencies on content for the revised Part 14?
My office will publish a draft version of Part 14 of the FOI Guidelines for public consultation. We wil
consider the consultation responses and further revise the draft, as appropriate, before it is issued.
When wil a new version of Part 14 be ready for publication?
I anticipate Part 14 will be ready for publication before the end of the year.
Key dates
October 2019 to December 2019 – desktop review conducted.
Document history
FOIREQ20 00213 034
Commissioner brief: FOI OAIC engagement and Guidelines update
D2020/017453
Key messages
The OAIC continues to engage with Australian government agencies and civil society in
relation to the Open Government Partnership (OGP).
The Australian Information Commissioner continues to engage with Information
Commissioners and Ombudsmen from other Australian jurisdictions and
internationally, in particular through the Association of Information Access
Commissioners (AIAC) (bi-annual y) and the International Conference of Information
Commissioners (ICIC) (annually).
The OAIC holds twice yearly information sessions for FOI practitioners through our
Information Contact Officers Network (ICON). Due to the COVID-19 pandemic our April
2020 information session was cancel ed. A webinar for ICON members to be delivered
on 29 September 2020 to coincide with International Access to Information Day (28
September 2020) was postponed due to a global Microsoft 365 outage. It has been /
will be rescheduled for Tuesday 27 October 2020.
Critical facts
International Access to Information Day: The OAIC promoted International Access to
Information Day (Monday 28 September 2020) through a dedicated website containing
resources such as a Commissioner message, tips for FOI applicants and FOI decision
makers, International Access to Information Day events and promotional materials for
members of the public and Australian Government staff. I joined with my State and
Territory counterparts to issue a media statement promoting the right of the public to
access government information and emphasising the importance of access to
information during the COVID-19 pandemic. I also participated in a webinar as part of
the development of Australia's third Open Government National Action Plan
(NAP3). The webinar enabled review and revision to the draft Commitment ‘Open by
Design (right to know)’ for inclusion in NAP3.
s47E(d)
1
FOIREQ20 00213 035
Commissioner brief: Information Publication Scheme
Key messages
Between May and August 2018, the OAIC undertook its second Information Publication
Scheme (IPS) survey of al Australian Government agencies subject to the FOI Act.
ORIMA Research conducted the survey on behalf of the OAIC. The final report was
published in June 2019. 190 agencies (82% of all agencies) responded (compared with
78% in 2012).
The focus of the 2018 survey was similar to the 2012 survey to facilitate comparison of
results between the two surveys and to allow tracking of changes in agency compliance
levels over time.
The results confirmed a continued commitment across government to compliance with
IPS requirements and principles, although a decline was observed in the four key areas
of compliance measured in both the 2012 and 2018 surveys.
Larger agencies and agencies that receive higher numbers of FOI requests general y
reported higher levels of compliance with IPS statutory requirements and better
practice principles, compared with micro to small agencies.
Compliance with the IPS is an ongoing statutory responsibility for agencies subject to
the FOI Act. The survey results have helped the OAIC to identify areas where
improvements can be made to further promote the proactive publication of Australian
Government information.
The OAIC is currently reviewing its guidance around the IPS (part 13 of the FOI
Guidelines).
Critical facts
The IPS 2018 survey assessed compliance with the five key IPS criteria set out in the
FOI Guidelines. The survey results show that 88% of agencies complied with the first
key element, having published an Agency IPS Plan, compared to 94% in 2012. As this is
a mandatory statutory requirement, the OAIC considers that improvement is needed.
The OAIC considers that the second key element, governance and administration, is of
particular importance to ensure compliance with IPS requirements by agencies. The
survey results show that while 76% of agencies indicated that they have appointed a
senior executive officer to lead the agency’s work on IPS compliance, this result is
lower than the 93% recorded in 2012.
Survey results for the third key element, IPS document holdings, show that over 70%
of agencies publish each of the required types of information on their website (IPS
agency plan, agency annual reports, organisational structure, functions and decision
making powers, contact details for FOI information or documents, statutory
appointments, operational information, information routinely provided to Parliament,
information in documents an agency routinely gives access to in response to FOI
requests, consultation arrangements for public comment on policy proposals).
Page 1 of 3
FOIREQ20 00213 037
Page 1 of 6
Commissioner brief: OAIC FOI requests
Key messages
There has been a significant increase in the number of access requests
made under the Freedom of Information Act 1982 (Cth) (FOI requests) to
the OAIC since 2016/17.
In particular, in 2018/19, the OAIC received 244 FOI requests, compared to
93 FOI requests in 2017/18 (171%).
However, the number of FOI access requests declined slightly from the
peak in 2018/19 in both 2019/20 and the first quarter of 2020/21
o In the first quarter of 2020/21, the OAIC has received 64 requests.
This is an 11% decrease compared with the same quarter in
2019/20 (72).
o In 2019/20, the OAIC received 232 FOI requests. This is a decrease
from 2018/19 where 244 FOI requests were received (5%).
The reasons for the significant increase in FOI access requests is not fully
apparent, although an increase can be partly attributed to the
commencement of the Notifiable Data Breach (NDB) scheme on 22
February 2018, and the public and media interest in the scheme. 9
requests were received in 2019/20.
There are currently 7 FTE staff that process FOI requests. These staff
members are located in the Legal Services section. Processing FOI requests
is undertaken together with other duties.
Critical facts
The number of FOI requests received by the OAIC since 2016/17 has
increased significantly.1 A table providing an overview of the number of
FOI requests made to the OAIC over the last four years is at Attachment A.
The OAIC processed all FOI requests received in 2019/20 within the
statutory timeframe, with the OAIC using s 15AA extension of time
agreements within that period. A table providing an overview of the
1 In 2016-17 there were 76 requests made, in 2017-18 there were 93 requests made and in 2018-19 there
were 252 requests. In 2019/20, the OAIC received 232 FOI requests and in 2018/19 the OAIC received 244 FOI
requests.
Page 1 of 6
FOIREQ20 00213 038
Commissioner brief: PJCIS Press Freedom Report Recommendations
D2020/017617
Key messages
On 4 July 2019, the Parliamentary Joint Committee on Intel igence and Security (PJCIS)
commenced an inquiry into ‘the impact of the exercise of law enforcement and
intelligence powers on freedom of the press’.
Angelene Falk, Elizabeth Hampton and Rocelle Ago appeared as witnesses at a public
hearing on 13 August 2019. You responded to questions on notice, in the form of
written submissions on 27 August 2019 and 16 September 2019.
On 26 August 2020, the PJCIS published its ‘Inquiry into the impact of the exercise of
law enforcement and intelligence powers on the freedom of the press’.
Recommendation 16 recommends ‘that the Australian Government review and
prioritise the promotion and training of a uniform Freedom of Information culture
across departments, to ensure that application of the processing requirements and
exemptions allowed under the Freedom of Information Act 1982 are consistently
applied.’
Critical Issues
Several submissions to the inquiry raised issues regarding the current functioning of the
FOI regime (WikiLeaks and the Australian Assange Campaign; Dr Keiran Hardy and
Professor George Williams; Australia’s Right to Know; The Stay Human Project;
Associate Professor Johan Lidberg and Dr Denis Muller; and Chris Ambrey).
Australia’s Right to Know was quoted in the final report as submitting that:
Journalists continue to encounter barriers to accessing information including
systemic delays in processing, failures of agencies to assist with applications and
poor decision making
Review processes are inadequate and alternative means of review at an early stage
must be available (for example, Administrative Appeals Tribunal)
Exemptions should not be expanded or ‘reformulated’ (eg, the provision of frank
and fearless advice)
The cost of applications is often a disincentive to seek information
Processing time assessments and limits are tools to defeat FOI applications.
The Australian Broadcasting Corporation submitted that ‘government agencies are
routinely criticised for side-stepping the FOI requirements by classifying documents as
exempt and taking a “go-slow” approach to processing applications. Rather than a
culture of transparency, we have a culture of secrecy in our government agencies’.
FOIREQ20 00213 039
Commissioner brief: National Cabinet D2020/017618
Key messages
Pursuant to s 34 of the FOI Act, Cabinet documents are exempt documents, and are not
required to be disclosed in response to an FOI request. Section 4 of the FOI Act notes
that ‘Cabinet includes a committee of the Cabinet’. ‘Cabinet’ is not otherwise defined in
the Act.
On 13 March 2020, a ‘National Cabinet’ was established as an Australian
intergovernmental decision-making forum composed of the Prime Minister and state
and territory Premiers and Chief Ministers.
The OAIC has received 6 applications for IC review that raise issues related to the
National Cabinet and whether the exemption in s 34 applies to documents of the
National Cabinet.
Critical Issues
Cabinet is an administrative arrangement for government decision-making.
The term ‘Cabinet’ is not defined in the FOI Act. Section 4 (Interpretation) provides that
‘Cabinet includes a committee of the Cabinet’.
The Cabinet exemption in s 34 of the FOI Act is designed to protect the confidentiality
of the Cabinet process and to ensure that the principle of collective ministerial
responsibility (fundamental to the Cabinet system) is not undermined. This exemption
is not subject to the public interest test. The public interest is implicit in the purpose of
the exemption itself.
According to the FOI Guidelines, ‘Cabinet’ for s 34 purposes means the Cabinet and
Cabinet committees (see the definition of Cabinet in s 4(1)). It does not include
informal meetings of ministers outside the Cabinet. In any case of doubt as to whether
a body is a Cabinet committee, agencies should consult the Department of the Prime
Minister and Cabinet.
Both the FOI Act and the FOI Guidelines were written before the ‘National Cabinet’ was
established.
Possible questions
How many applications has the OAIC received for review of decisions refusing access
to National Cabinet documents on the basis that they are exempt from disclosure
under the cabinet documents exemption in s 34 of the FOI Act?
The OAIC has received 6 applications for IC review of decisions relating to documents of
National Cabinet.
FOIREQ20 00213 040
Commissioner brief: FOI Bill report D2020/017896
Key messages
On 22 August 2018, Senator Rex Patrick introduced the Freedom of Information
Legislation Amendment (Improving Access and Transparency) Bill 2018 to the Senate.
The Bill proposed a number of amendments to the FOI Act, including requiring the
positions of Information Commissioner, FOI Commissioner and Privacy Commissioner
to be filled, allowing applicants to bypass the OAIC and go to the AAT if their review
would take more than 120 days to finalise, preventing agencies from changing
exemptions during IC review and requiring agencies to publish their external legal
expenses for each IC review/AAT FOI matter.
The Bill was referred to a Senate Committee. The OAIC made a written submission to
the Committee (Attachment 2) and I appeared at a hearing before the Committee to
provide further evidence.
On 30 November 2018, the Committee published its report recommending that the
Senate not pass the Bil .
On 31 August 2020, there was a 70-minute, second reading debate of the Bill, during
which both Liberal and Labor Senators did not support the Bill being passed by the
Senate. As at 20 September 2020, the Bill’s status remains as ‘Before Senate’.
TRIM link for reference: Executive Brief on FOI Bill - D2018/015033
See also Com brief - FOI - IC review: D2019/000843
Critical facts
On 22 August 2018, Senator Rex Patrick introduced the Freedom of Information
Legislation Amendment (Improving Access and Transparency) Bil 2018 to the Senate.
The Bill seeks to improve the effectiveness of FOI laws ‘to address the considerable
dysfunction that has development in our FOI system which is now characterised by
chronic bureaucratic delay and obstruction, unacceptably lengthy review processes and
what appears to be an increased preparedness by agencies to incur very large legal
expenses to oppose the release of information.’1
The Bill proposes changes to the FOI Act, AIC Act and the Archives Act including:
- requiring the positions of Information Commissioner, FOI Commissioner and Privacy
Commissioner to be filled.
- preventing the IC from making FOI decisions if s/he does not hold legal
qualifications.
- preventing agencies publishing documents on their disclosure log until at least
10 days after the documents are released to the FOI applicant.
- allowing applicants to bypass the OAIC and go to the AAT, or if the IC review will
take more than 120 days, allowing the applicant to go to the AAT without paying the
AAT application fee.
1
Explanatory Memorandum:
https://www.aph.gov.au/Parliamentary Business/Bills LEGislation/Bills Search Results/Result?bId=s1142.
Page 1 of 73
FOIREQ20 00213 041
Commissioner brief: One Commissioner model
Key messages
Angelene Falk is the Australian Information Commissioner and Privacy Commissioner.
The Australian Information Commissioner also exercises the freedom of information
(FOI) functions provided in the Australian Information Commissioner Act 2010.
The Office of the Australian Information Commissioner (OAIC) has operated under a
‘one Commissioner model’ since July 2015, under Timothy Pilgrim PSM until March
2018 and since then under Angelene Falk. The ‘one Commissioner model’ is used in
some international jurisdictions (e.g. the UK).
The one Commissioner model functions effectively with senior support. As workloads
increase, functions alter and expectations of regulators shift, more senior capacity
would increase the OAIC’s regulatory and enforcement capability. The review of the
Privacy Act provides an opportunity to ensure the OAIC is most effectively able to
deliver its purpose across its functions.
Critical facts
In Australian and international jurisdictions, Information Commissioners are typically
appointed by relevant ministers or heads of state following consultation or on
recommendation.
The OAIC model
The Australian Information Commissioner Act 2010 (AIC Act) establishes the OAIC and
provides for the appointment of the Australian Information Commissioner, the Privacy
Commissioner and the Freedom of Information Commissioner (FOI Commissioner).
The Information Commissioner is the agency head and responsible for the information
policy function. As the agency head, the Information Commissioner also has formal
responsibility for the FOI and privacy functions, and for exercising the powers conferred
by the Freedom of Information Act 1982 and the Privacy Act 1988.
Since July 2015, the OAIC has operated with a ‘one Commissioner model’. That is, the
same person occupies the roles of Information Commissioner and Privacy
Commissioner and as well carries out the FOI functions.
The OAIC does not have a formally appointed FOI Commissioner, however Part 2 of the
AIC Act provides that the Information Commissioner may exercise the functions of the
FOI Commissioner and the Privacy functions. The AIC Act also provides that the Privacy
Commissioner and FOI Commissioner are able to exercise each other’s functions (ss
11(2) and 12(2)).
International models
One Commissioner is appointed to hold both privacy and FOI roles in the UK
(Information Commissioner’s Office) and all ten Canadian provinces.
In other jurisdictions, privacy and FOI are separately overseen by more than one
Commissioner / Ombudsman:
Page 1 of 4
FOIREQ20 00213 042
Commissioner brief: Entities excluded from the Privacy Act and FOI Act
Key messages
Press Freedoms / FOI
Most Australian Government agencies are subject to the FOI Act but there are some
exclusions, principally for intel igence agencies.
Although Criminal Code makes unauthorised disclosure of information by a public
servant a criminal offence, s 38 of the FOI Act allows agencies to refuse access to
documents if disclosure is prohibited by law.
The PJCIS conducted an inquiry into the impact of the exercise of law enforcement and
intelligence powers on the freedom of the press. In August 2020 the Committee
published a report entitled Inquiry into the impact of the exercise of law enforcement
and intelligence powers on the freedom of the press.1
Privacy Act / data matching
The Privacy Act excludes certain entities, including intel igence agencies such as ASIO or
ASD (s7)
There are restrictions around which entities can access the different functions of
identity-matching services. These exclusions are particularised in the IMS Bill and the
subordinate agreements.
There are also exceptions in certain Australian Privacy Principles (e.g. APP 3.4; 6.2) that
allow for the collection, use and disclosure of personal information by enforcement
bodies
Recent legislative amendments did not change the entities that are currently excluded
by the Privacy Act.2 In reviewing the Privacy Act, the OAIC will consider the coverage of
the Privacy Act, current exemptions and whether to make recommendations on the
removal of any exemptions.
Background
Agencies excluded from the FOI Act
The Freedom of Information Act 1982 (FOI Act) applies to Departments of State, ‘prescribed
authorities’ and Norfolk Island authorities.
Generally all Australian Government agencies (i.e., Departments of State, prescribed
authorities and Norfolk Island authorities) will be subject to the FOI Act unless the FOI Act
expressly provides otherwise.
1 Parliamentary Joint Committee on Intelligence and Security, Inquiry into the impact of the exercise of law enforcement and intelligence
powers on the freedom of the press (August 2020)
<https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/FreedomofthePress/Report>.
2 Privacy Amendment (Public Health Contact Information) Act 2020.
1
FOIREQ20 00213 043
Commissioner brief: Libra/Novi Financial D2020/000778
Key messages
The OAIC is working with interested Commonwealth regulators and international data protection
authorities to provide a co-ordinated response to this project.
The OAIC is considering information provided by Novi Financial and the Libra Association so that it
can properly assess the privacy implications of this new cryptocurrency and wallet.
The OAIC understands that Libra and Novi Financial will launch in Australia when they have received
appropriate regulatory approvals. A date has not been confirmed to the OAIC.
Critical Issues
The global scope of this project amplifies privacy risks.
This is particularly due to the potential participation of large personal information holders such as
Novi Financial (subsidiary of Facebook) and Uber (a member of the Libra Association).
The multi-national nature of the project may also raise jurisdictional issues, meaning that it is
important to ensure that entities that hold the personal information of Australians are captured by
the Privacy Act.
Possible questions
s47E(d)
What are the next steps? I am currently considering information from Libra and Novi Financial about
the privacy implications of the Libra cryptocurrency and Novi Financial’s digital wallet. I will also
continue to engage with international privacy regulators to ensure a co-ordinated international
response to this project.
s47E(d)
Key dates
18 June 2019 – Libra Association announces the Libra cryptocurrency and Facebook announces the
creation its subsidiary Novi Financial
9 July 2019 – Interested Commonwealth regulators meet with Facebook
6 August 2019 – OAIC join with global privacy regulators to issue joint privacy expectations for the
Libra Association, Novi Financial and future Libra digital wallet providers
4 October and 23 October 2019 – OAIC and interested Commonwealth regulators met with
representatives from Novi Financial and the Libra Association.
FOIREQ20 00213 044
Commissioner brief: OAIC regulation of privacy matters
relating to offshore contracts
Key points
Under the Privacy Act 1988 (Privacy Act), entities have a number of privacy obligations in
regard to offshore contracts:
o
For example under section 95B agencies have obligations in relation to
Commonwealth contracts to take contractual measures to ensure that a
contracted service provider (CSP) for the contract does not do an act or engage
in a practice that would be a breach of the APPs if done by the agency.
o
APP entities (agencies and obligations) have obligations under APP8 to ensure
that if an APP entity discloses personal information to an overseas recipient, the
entity must take reasonable steps to ensure that the overseas recipient does
not breach the APPs in relation to the information.
o
An APP entity that discloses personal information to an overseas recipient is
accountable for any acts or practices of the overseas recipient in relation to the
information that would breach the APPs (s 16C).
Previous assessment - DIBP’s offshore contracts
Under the Privacy Act, the Department of Immigration and Border Protection (DIBP)
(now Home Affairs) has a number of privacy obligations in regard to its CSPs.
In 2016, the OAIC assessed DIBP’s contract management in relation to privacy matters
for the CSPs operating at its regional processing centres (RPCs). Specifical y, whether
DIBP met its obligations under APP 1.2 (Open and transparent management of personal
information) and APP 11 (Security of personal information), and s 95B of the Privacy Act.
At that time, the OAIC found that DIBP did not have in place adequate formal policies for
engaging DIBP’s privacy staff and that contractual terms did not adequately safeguard
personal information that may be held by the CSPs.
The OAIC recommended that DIBP include additional provisions relating to privacy and
information security in its contracts for services in its RPCs, its contracts for services in
its RPCs should include specific categories for reporting privacy and information security
Page 1 of 5
FOIREQ20 00213 045
Commissioner brief: Surveillance in Australia
Key messages
‘Protection from surveillance is a fundamental form of protection of privacy,
particularly in the digital era’ – ‘Australian Law Reform Commission, Serious Invasions
of Privacy in the Digital Era (Report 123)’.
There are many different forms of surveillance including physical surveillance,
communications surveillance, data surveillance, body surveillance, and numerous
different Commonwealth, State and Territory, or local government laws that can apply
depending on the particular act or practice.
Where surveillance activities involve the collection of personal information, this can
raise privacy issues involving notice, gaining meaningful consent, potential secondary
uses of personal information, security of datasets and the potential for datasets to be
combined with others to create a detailed picture of individuals.
The COVID-19 pandemic has raised a number of new surveillance chal enges as the
Government tries to manage the spread of the virus through new forms of public
health monitoring and tracking. Entities are monitoring the health of their employees
and customers, surveillance technologies are being used to monitor social distancing
and entities are collecting customer contact information to assist contact tracing
efforts.
The Privacy Act does not stop critical information sharing. In order to manage the
pandemic while respecting privacy, agencies and private sector employers should aim
to limit the collection, use and disclosure of personal information to what is necessary
to prevent and manage COVID-19, and take reasonable steps to keep personal
information secure.
Critical facts
The Privacy Act 1988 (Cth) (Privacy Act) recognises that the right to privacy is not
absolute and must be balanced with the interests of entities in carrying out their
FOIREQ20 00213 046
Commissioner brief: FOI process review D2020/000765
Key messages
Following significant year on year increases in the number of IC review applications
received by the OAIC since 2014/15, an external consultant, Synergy, was engaged in
April 2019 to further explore opportunities for efficiencies in the IC review process.
Opportunities and improvements identified by Synergy generally fall within 2
categories:
o utilisation of technological tools to reduce administrative processes
o streamlining case management and clearance processes.
Some of the opportunities and improvements identified were already in the process of
implementation, while others have now been implemented.
In the absence of supplementary FOI funding, the ability of the OAIC to keep pace with
increases to the review caseload wil continue to be challenged.
Critical facts
There has been a year-on-year increase in the number of IC review applications
received by the OAIC since 2014–15.1 In 2019-20 there was an 15% increase the
number of applications received when compared to the same period in 2018-19.
Synergy conducted preliminary research and preparatory activities, including meetings
with the OAIC Deputy Commissioner, Principal Director and FOI Team on 3 and 5 April
2019.
On 8 April, Synergy facilitated a business planning workshop which sought to:
o develop the FOI Team’s priorities for the next three months;
o examine the current IC Review business process to identify pressure points and
opportunities for improvement; and
o conduct a high-level assessment of the environmental factors that influence the
efficiency and effectiveness of the FOI Team and the IC Review process.
The three key objectives identified by the FOI team were:
o (1) Improve IC Review timeliness,
o (2) 50% of matters allocated as at 1 July 2019 that are 12 months or older, to be
finalised within three months, and
o (3) Work with the Information Commissioner to drive best practice FOI
regulatory action across government and to support objectives (1) and (2).
1 In 2018-19, there was a 16% increase in the number of applications received when compared to the same period in 2017–18. In
2015–16 there was a 37% increase on 2014–15, in 2016–17 a 24% increase and 2017–18 a 27% increase. Between 2014–15
and 2017–18 there was a 115% increase in IC reviews.
Page 1 of 4
FOIREQ20 00213 047
Commissioner brief: FOI Act Reforms D2020/000764
Key messages
The review of charges under the FOI Act published in 2012, and the Hawke Report into
the FOI Act in 2013, identified a number of areas in which changes could be made to
the FOI Act which will increase its ability to delivery transparency and accountability for
the Australian public.
The FOI Act provides a sound basis for providing access to government held
information to the Australian public through formal FOI requests, the disclosure log and
the Information Publication Scheme. s47E(d)
s47E(d)
Critical facts
Charges review: On 7 October 2011, the Minister for Privacy and Freedom of
Information, the Hon Brendon O’Connor, issued terms of reference for a review of
charges under the FOI Act. The Australian Information Commissioner issued a discussion
paper on 31 October 2011, and received 23 submissions from agencies and applicants.
The review report was published in February 2012. The review made ten
recommendations for a new charges framework. These recommendations include
encouraging administrative access; introducing discretionary FOI application fees to
encourage people to use an administrative access scheme before resorting to the FOI
Act; no FOI processing charge for first five hours and a flat $50 fee for work between five
and 10 hours; 40 hour ceiling on processing time (including for personal requests which
are not subject to charges); specific access charges for activities such as supervising
inspection; a reduction in charges for delayed processing; introduction of an IC review
fee if the applicant does not first seek internal review, and indexation of all FOI fees and
charges to the CPI.
Page 1 of 32
FOIREQ20 00213 048
Commissioner brief: FOI - official ministerial documents and incoming
government briefs D2020/000760
Key messages
A ministerial diary would be considered an ‘official document of a minister’ if the diary
is held by the minister in their capacity as a minister, and the entries relate to the
affairs of an agency.
New technologies, such as messages in WhatsApp and Wickr, broaden the range of
documents fal ing within the definition of ‘document’ in s 4(1) of the FOI Act, which
includes ‘any other record of information’. Agencies are expected to conduct searches
of mobile devices when they may contain documents of an agency or official
documents of a minister. TRIM link for reference: Commissioner brief - Guidance
regarding new technologies and archives: D2019/001017
The National Archives of Australia (NAA) has issued the ‘National Archives: General
Records Authority 38’ (the Records Authority), which sets out the types of records that
must be retained by a minister or transferred to NAA under the Archives Act 1983
(Attachment 1). The Records Authority applies to al ministerial records, including
diaries.
Where there is a change of minister in the course of an FOI request or an IC review, the
new minister is the respondent to the FOI request or IC review. This may cause the FOI
Act to no longer apply to a document if the new minister does not hold a copy or does
not have access to the requested document.
The FOI Act applies to Incoming Government Briefs (IGB), as they are considered a
‘document of an agency’. Despite the special role of IGBs, not all IGBs are the same and
each IGB must be examined on its own merits.
The OAIC will amend Part 5 of the FOI Guidelines (Exemptions) to incorporate the
decision under s 55K of the FOI Act in Rex Patrick and Department of Defence (Freedom
of information) [2019] AICmr 19 (15 May 2019) (OAIC reference number: MR18/00467),
which provides guidance on the application of the cabinet documents exemption in
s 34 of the FOI Act in relation to senior official diaries.
Critical facts
Diaries
Ministerial diaries are considered to be ‘official documents of a minister’ unless the
entries come under any of the following three categories:
o personal documents of a minister (or departmental staff where the diary
requested is from a Departmental official)
o documents of a party-political nature, or
o documents held by the minister in their capacity as a local member of parliament
not dealing with the minister’s portfolio responsibility.
Page 1 of 19
FOIREQ20 00213 049
Commissioner brief: Vexatious applicant declarations
Key messages
The Information Commissioner has the power to declare a person to be a vexatious
applicant if they are satisfied that the grounds set out in s 89L of the FOI Act exist.
A declaration has the practical effect of preventing a person from exercising an
important legal right conferred by the FOI Act. For that reason, a declaration will not be
lightly made, and an agency that applies for a declaration must establish a clear and
convincing need for a declaration.
A declaration by the Information Commissioner can be reviewed by the Administrative
Appeals Tribunal.
To date, no Information Commissioner has made a decision to declare a person a
vexatious applicant on their own initiative and there would need to be compel ing
circumstances for the Information Commissioner to consider exercising this discretion.
Part 12 of the FOI Guidelines provide details of the process undertaken by the
Information Commissioner when considering her discretion whether or not to declare a
person to be a vexatious applicant.
Part 12 of the FOI Guidelines were updated in November 2019 to reflect recent
Information Commissioner decisions, provide further guidance on the steps agencies
and ministers should take before and after making an application for a vexatious
applicant declaration and further guidance on the circumstances in which the
Information Commissioner declare a person to be a vexatious applicant.
Year s 89L application
Number received
Number finalised
received
2017-18
0
2 (from previous year)
2018-19
9
8 (3 made; 3 refused; 2
withdrawn)
2019-20
3
1 (1 made)
See table at Attachment 1 for details of the declarations made in 2018-19 and 2019-20. All
Information Commissioner vexatious applicant declarations are published on AustLII.
Possible questions
When would the Information Commissioner declare a person to be a vexatious applicant?
Part 12 of the FOI Guidelines explain that the Information Commissioner may declare a
person to be a vexatious applicant only if the Commissioner is satisfied that:
FOIREQ20 00213 050
Commissioner brief: FOI Regulatory functions D2020/002736
Key messages
My office is an independent statutory agency established under the Australian
Information Commissioner Act 2010 (AIC Act). The AIC Act confers the Information
Commissioner with power to perform FOI regulatory functions, including:
o review of FOI decisions of agencies and ministers
o investigating FOI complaints
o issuing FOI guidelines
o monitoring agencies’ compliance with the FOI Act
o making decisions on extension of time requests and vexatious applicant
declarations and
o compiling FOI data and access trends.
The full-time equivalent allocated to the freedom of information regulatory functions is
18 ASL (19% of the 124 ASL cap). The increased funding in the 2019-20 budget does not
apply to freedom of information functions.
IC reviews: the numbers of IC reviews on hand has increased each year for the past
four years.
o The overall increase in IC review applications from 2014-15 to 2019-20 was
186%.
o At the end of June 2020, the OAIC had 1,088 IC review applications on hand (this
had increased to 1,124 by 30 September 2020). While the office continues to
look for and implement opportunities to increase productivity in relation to its
freedom of information functions, it remains the case that although significant
efficiencies have been found and applied the function has not kept pace with
incoming reviews.
o The IC review jurisdiction is complex and many documents subject to IC review
are sensitive (including cabinet documents, national security, defence and
international relations, legally privileged document, documents affected law
enforcement, and confidential documents) and often affect third parties. A high
proportion of matters involve consideration of various (more than one)
exemptions and hundreds of folios of material that agencies and ministers
contend is exempt under the FOI Act.
o In the absence of supplementary FOI funding, the ability of the OAIC to keep
pace with increases to the review caseload will continue to be challenged. (For
further information, see Commissioner Briefs D2020/017446 and FOI IC reviews
(D2020/017447) and FOI process review D2020/000765).
FOIREQ20 00213 051
Commissioner brief: FOI Bill report
Key messages
On 22 August 2018, Senator Rex Patrick introduced the Freedom of Information
Legislation Amendment (Improving Access and Transparency) Bill 2018 to the Senate.
The Bill proposes a number of amendments to the FOI Act, including requiring the
positions of Information Commissioner, FOI Commissioner and Privacy Commissioner
to be filled, allowing applicants to bypass the OAIC and go to the AAT if their review will
take more than 120 days to finalise, preventing agencies from changing exemptions
during IC review and requiring agencies to publish their external legal expenses for
each IC review/AAT FOI matter.
The Bill was referred to a Senate Committee. The OAIC made a written submission to
the Committee and I appeared at a hearing before the Committee to provide further
evidence.
On 30 November 2018, the Committee published its report recommending that the
Senate not pass the Bil .
TRIM link for reference: Executive Brief on FOI Bill - D2018/015033
See also Com brief - FOI - IC review: D2019/000843
Critical facts
On 22 August 2018, Senator Rex Patrick introduced the Freedom of Information
Legislation Amendment (Improving Access and Transparency) Bill 2018 to the Senate.
The Bill seeks to improve the effectiveness of FOI laws ‘to address the considerable
dysfunction that has development in our FOI system which is now characterised by
chronic bureaucratic delay and obstruction, unacceptably lengthy review processes and
what appears to be an increased preparedness by agencies to incur very large legal
expenses to oppose the release of information.’1
The Bill proposes changes to the FOI Act, AIC Act and the Archives Act including:
- requiring the positions of Information Commissioner, FOI Commissioner and Privacy
Commissioner to be filled. Preventing the IC from making FOI decisions if s/he does
not hold legal qualifications.
- preventing agencies publishing documents on their disclosure log until at least
10 days after the documents are released to the FOI applicant.
- allowing applicants to bypass the OAIC and go to the AAT, or if the IC review will
take more than 120 days, allowing the applicant to go to the AAT without paying the
AAT application fee.
- preventing agencies from changing exemptions during IC review.
- requiring agencies to publish their external legal expenses for each IC review/AAT
FOI matter.
1
Explanatory Memorandum:
https://www.aph.gov.au/Parliamentary Business/Bills LEGislation/Bills Search Results/Result?bId=s1142.
Page 1 of 71