End of OAIC makes privacy, information-management enforcement “messier”: Noonan

The disbanding of the Office of the Australian Information Commissioner (OAIC) in the government's recently delivered budget may compromise the ability to effectively enforce tougher Australian privacy laws introduced in March, one analyst has warned.

Created in November 2010, the OAIC had unified enforcement of privacy legislation, freedom of information (FoI) legislation and information-protection requirements under a single banner unifying operations managed by privacy commissioner Timothy Pilgrim, FoI commissioner James Popple, and Australian Information Commissioner John McMillan.

As part of the Abbott government's push to trim budget expenses, on 1 January 2015 the OAIC will be disbanded and its constituent members reallocated to other departments – privacy in a separate Sydney office, and FoI jointly between the Attorney-General's Department, Administrative Appeals Tribunal and Commonwealth Ombudsman. The OAIC's information policy advice function will be terminated.

While the commissioners lauded the “substantial achievements” of the OAIC in a statement issued after the budget, Ovum research director in Ovum's Australian government practice Kevin Noonan believes the government's decision to split the OAIC's functions “makes things messier”.

“On the face of it, it looks like a change for the worse,” he told CSO Australia. “Privacy is an issue, and particularly for government. And while a lot of people are quite happily trading their privacy and rights for real or perceived benefits such as loyalty cards and the like, the government needs to be doing the right thing.”

Splitting the government's information-governance capabilities ran contrary to its overall efforts to consolidate and simplify government, Noonan added.

“At a time when we're looking to consolidate functions in other areas of government, it appeas to be going in the opposite direction.”

The OAIC decision was part of a budget that was far less focused on information security than the previous government's 2013-14 budget, which saw it combine functions to create the Canberra-based Australian Cyber Security Centre.

That organisation was designed to unify cybersecurity defence initiatives across a range of government agencies including the Australian Signals Directorate, Attorney-General's Department's Computer Emergency Response Team (CERT) Australia, Australian Federal Police, and Australian Crime Commision.

“The previous budget did quite a lot in the area of security,” Noonan said, noting that the new government's 2014-5 budget was “neither here nor there” when it came to information security and IT in general. “It's a missed opportunity.”

The most significant other information-security initiatives in the 2014-15 budget were the creation of the Children's e-Safety Commissioner; the development of community and youth-focused online safety initiatives to educate users about online safety; the introduction of certified online safety programs in primary schools; and advice on cybersecurity initiatives targeted at informing Australian consumers and small businesses about the risks of financial loss and the loss of personal information online.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian privacy lawscertAttorney-General's DepartmentsecurityAFP (Australian federal police)governmentprivacyOAIC

More about Administrative Appeals TribunalAttorney-GeneralAustralian Federal PoliceCERT AustraliaCommonwealth OmbudsmanComputer Emergency Response TeamCSOEnex TestLabFederal PoliceOvum

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place