Complaints to the privacy watchdog alleging the misuse of personal information by government agencies have soared 50% amid a flurry of privacy-related controversies including the robo-debt debacle and the AFP’s illegal access of a journalist’s phone records, data obtained exclusively by Crikey reveals.
The Office of the Australian Information Commissioner (OAIC) received 123 complaints against state bodies over the use or disclosure of personal information in the first 11 months of this financial year, compared to 82 for all of 2014-15, data released under freedom of information shows.
By far the largest number of complaints, 38, were directed at the Department of Human Services, the agency under fire in recent months for imposing thousands of false Centrelink debt notices based on faulty data-matching — although the department also accounted for the most complaints in 2015-16 (43) and 2014-15 (38).
The Australian Taxation Office had the second-most complaints, with 12, followed by the Department of Immigration and Border Protection with 11.
The Australian Bureau of Statistics, Department of Defence, National Disability Insurance Agency, Administrative Appeals Tribunal, AFP and Comcare each had four to seven complaints against them. Twenty-three other bodies, including the Department of the Prime Minister and Cabinet and the Fair Work Commission, were hit with three or fewer claims each.
The figures refer to alleged privacy breaches that may or may not be ultimately upheld by the OAIC, which is dealing with a backlog of more than 2000 privacy cases awaiting a determination for a year or longer.
So far this year, the commissioner’s office has made just one determination under principle six of the Privacy Act 1988, which refers to use or disclosure of personal data.
The sharp rise in complaints comes at a time of heightened scrutiny of privacy issues in Australia, and as the government argues for greater access to sensitive personal information.
Earlier this month, following a series of Islamic terror attacks in the UK, Prime Minister Malcolm Turnbull flagged plans to force tech companies to decode encrypted electronic communications, telling Parliament the “privacy of a terrorist can never be more important than public safety”.
In April, the AFP admitted to accessing an unnamed journalist’s metadata without a warrant, breaching safeguards included in contentious data-retention laws passed by the Abbot government in 2015.
Last year’s census, meanwhile, drew heavy criticism from privacy advocates after the ABS announced it would hold onto names and addresses it collected instead of destroying the information as it had in the past.
David Vaile, chair of the Australian Privacy Foundation, told Crikey that the rising number of complaints was “not surprising” given the blase attitude of successive governments. He noted that the previous Office of the Privacy Commissioner was subsumed into the current broadly defined agency and that Australia was one of the few developed countries without an established tort of privacy.
“I think that awareness has brought to people’s attention that they can no longer reasonably trust anyone who says, ‘trust us, we can keep your information secure and we will keep it secure,” Vaile said.
The new figures probably underestimated the extent of the privacy breaches out there, Vaile added.
“I think it is quite concerning, I think it’s probably the tip of the iceberg because of the underfunding and the attacks on the regulator’s office and the attempts to bury them in another entity and the establishment,” he said.