On 31 August 2020, the Office of the Australian Information Commissioner (OAIC) published its Corporate Plan for 2020-21, outlining its key activities and strategic priorities for the coming four years. More specifically, the Corporate Plan for 2020-21 identifies four strategic priorities designed to help the OAIC achieve its vision to improve public trust and confidence in the protection of personal data and access to government-held information.
- Advance online privacy protections for Australians
- Influence and uphold privacy and information access rights frameworks
- Encourage and support the proactive release of government-held information
- A contemporary approach to regulation
In the report, the Australian Information Commissioner and Privacy Commissioner, Angelene Falk, noted that the COVID-19 pandemic has altered not only the way we work and live but also how we communicate with each other. Furthermore, Falk pointed out that the pandemic has drawn attention to the right to privacy and the ongoing need for transparency across both personal information handling and government decision-making.
“This year’s Corporate Plan sets out how the OAIC will achieve our core purpose — to promote and uphold privacy and information access rights — in the context of a vastly different environment to that of a year ago,” Commissioner Angelene Falk stated.
“As governments and businesses seek solutions to halt the spread of the coronavirus, there is a heightened need to use personal information to achieve public health and economic outcomes. This is critical. But the use of personal information must be demonstrably necessary, reasonable, and proportionate. We must also emerge from the pandemic with rights protected.”
COVID-19 Sparks Privacy Issues
This year, the Office of the Australian Information Commissioner assembled a National COVID-19 Privacy Team made up of state and territory privacy regulators and the Australian Privacy Commissioner to bring regulators together to handle proposals with national implications. In the coming four years, the Office of the OAIC also aims to continue to provide guidance to organizations handling personal information in order to control and prevent the spread of COVID-19.
In addition to this, the Corporate Plan describes the importance of privacy in the online environment, particularly on privacy practices that occur online and as a result of new and rising technology. The OAIC is currently in the process of preparing for the introduction of a binding code of practice for social media, mainly Facebook, and other online platforms. This code is said to allow Australians to manage privacy choices through better practices surrounding consent and transparent policies, and improve protection for those with particular needs and children online.
“The innovative use of personal information can lead to positive economic and social outcomes, but it can also result in harm, and we will pursue regulatory activities to mitigate these risks,” said Privacy Commissioner Falk. “The OAIC has an effective framework to assess and respond to notifications and provide guidance to businesses, agencies, and the community.”
Future of Corporate Privacy
In the years to come, the Office of the Australian Information Commissioner will continue to use the Information Contact Officers Network to strengthen and promote the benefits of proactive publication of government-held information.
“Promoting the proactive disclosure and publication of information will help to build trust in government and has the potential to reduce the impact of processing FOI requests on agency resources,” stated Falk. “To maintain that trust over time, access to the information used by governments to shape their pandemic response will continue to be fundamental, in providing transparency and accountability.”
As a security analyst working in Beijing in 2008, I struggled to connect to basic websites like Facebook and Wikipedia (coincidentally, many more websites are banned in China today than were then). Naturally, I started looking for a solution. VPN services were, at the time, security tools used by large I.T. companies or cybersecurity professionals.