The Australian Government is set to restore the role of a standalone Privacy Commissioner, with the Attorney General’s office acknowledging the increasing volume and complexity of privacy breach incidents affecting major Australian businesses over the last year.
“Australians rightly expect their privacy regulator to have the resources and powers to meet the ongoing challenges of the digital age and protect their personal information,” Attorney General Mark Dreyfus said in a statement today.
“The large-scale data breaches of 2022 were distressing for millions of Australians, with sensitive personal information being exposed to the risk of identity fraud and scams.”
The last year has seen major data loss incidents for Optus, Medibank, Woolworths MyDeal, and Latitude Financial, with millions of customers impacted in each breach. In the Latitude breach alone, upwards of 14 million customer records were reportedly lost to hackers.
The establishment of the standalone Privacy Commissioner role effectively restores the Office of the Australian Information Commissioner (OAIC) to the three-Commissioner model originally envisaged upon its creation in 2010 under the Australian Information Commissioner Act.
Angelene Falk, who is the current Australian Information Commissioner, dually holds the role of Privacy Commissioner.
The scrapping of the independent Privacy Commissioner occurred back in 2014, with the Abbott Government at the time attempting to abolish the OAIC entirely. The subsequent Turnbull administration restored funding to the office, maintaining the existing structure.
Dreyfus said that the restoration of the dedicated Privacy Commission is a “significant contrast to that of the former Liberal Government, which left Australia disgracefully unprepared for this challenge by failing to strengthen privacy laws”.
“The Albanese Government takes privacy regulation seriously and has already acted to significantly increase penalties for companies which fail to take adequate care of customer data and give the Australian Information Commissioner improved and new powers.”
Falk will remain as Information Commissioner and head of the OAIC, and will continue as Privacy Commission until the new appointment is made.
The Attorney General also announced that Toni Pirani, who currently serves as general manager of Regulatory Operations at the Australian Financial Security Authority (AFSA), will step in as acting Freedom of Information Commissioner following the resignation of Leo Hardiman.
Hardiman announced in March he would resign from the role less than a year into his five-year appointment. He cited concerns over delays in reviews conducted by the OAIC.
The Government said it has commenced a merit-based selection process to fill the FOI Commissioner vacancy.