New guidance on enforceable undertakings in privacy regulatory action by the OAIC

The Office of the Australian Information Commissioner (OAIC) recently updated its guide to privacy regulatory action (Guide) to provide greater clarity about the matters the Commissioner considers regarding enforceable undertakings and independent experts.

The Commissioner may accept an enforceable undertaking from an entity which has or appears to have interfered with the privacy of an individual, when it considers that an agreed change to future behaviour would be the most appropriate outcome in the circumstances.

In the 10 undertakings issues to date there has often been a requirement to engage an independent expert to verify the terms of the undertaking have been complied with.

The Guide sets out the factors taken into account by the Commissioner when it is negotiating and determining whether to accept an enforceable undertaking from a respondent, instead of taking a different regulatory approach (e.g. commencing proceedings for a breach). The Commissioner will consider the interests of the individuals affected by the respondent’s conduct and the underlying guiding principles of the OAIC’s Privacy Regulatory Action Policy (Policy), such as:

  • the nature and seriousness of the conduct or incident, including whether it suggests an isolated or systemic issue
  • the public interest in and educational, deterrent or precedential value of proposed action
  • the particular respondent’s co-operation with the OAIC and history of compliance with privacy legislation.

If the undertaking is related to the My Health Records Act, the Commissioner will also have regard to the My Health Records Enforcement Guidelines.

The Guide also details matters the Commissioner considers when deciding whether a proposed independent expert is suitable to make a reliable and impartial assessment of respondent’s compliance with the terms of the undertaking. These include enhanced requirements as to both their competence and independence. The changes relating to competence include not only qualifications, experience and technical expertise but include adequacy of resources and any references demonstrating its experience in related work.

From an independence perspective, the guide now probes more deeply into previous commercial relationships with the expert and its senior staff covering the last two years. This takes a broader approach to requiring disclosure of financial links which may negatively impact on perceptions of independence.

Since the OAIC accepted its first enforceable undertaking from Optus in March 2015, respondents targeted by the OAIC for potential breaches of privacy legislation have generally undertaken to overhaul privacy and data protection practices and policies, implement greater privacy training to staff and have their renewed policies and practices audited for compliance.

What does this mean for NSW government agencies?

While the activities of the OAIC have no direct application to NSW government agencies regulated by the Information and Privacy Commission, it is in line with moves by other regulators both locally and internationally to impose more rigorous standards on external reviewers to enhance both the perception of reliability and actual reliability of third party reviews.

In the media

Eight new Magistrates for the Local Court Attorney General Mark Speakman said Six magistrates replace retiring judicial officers, while two will fill new roles created by the $4.1 million package that addresses a rise in child sexual abuse cases following the recent Royal Commission (11 September 2019). More...

Latest crime data shows an increase in retail theft in NSW In the 24 months to June 2019, only one of the 17 major offences significantly increased across the State. One was trending down and the remaining 15 offences were stable (09 September 2019). More...

In practice and courts

LSC: Call for submissions Managed Investment Scheme review of uniform general rules The Legal Services Council has commenced its review of the Managed Investment Scheme Uniform General Rules 91A-91D and is seeking submissions from interested parties until 3 October 2019. You can find more information. Click here for the Terms of Reference (03 September 2019). More...

Protocol for the Bar Associations of Australia to raise any concern about Judicial conduct in Commonwealth courts The Chief Justice of the Federal Court of Australia, the Chief Justice of the Family Court of Australia and the Chief Judge of the Federal Circuit Court of Australia have agreed with the President of the Australian Bar Association (10 September 2019). More...

Reminder: Practice Directions High Court of Australia, No 1 of 2019 This Practice Direction takes effect in relation to matters set down for hearing after 1 October 2019. In consultation with the respondent and any interveners, the appellant must prepare a joint book of the authorities which reference will be made during the course of oral argument at the hearing of the appeal. More...

OAIC Guide to privacy regulatory action Guide to privacy regulatory action has been updated to provide greater clarity about matters considered by the Commissioner regarding enforceable undertakings and independent experts. The update follows a review of similar policies and enforceable undertakings in relation to other regulatory areas within the Commonwealth (28 August 2019). More...

JUDCOM updates Equality before the Law Bench Book 11 September 2019 – The Equality Before the Law Bench Book is produced as a guideline only and is not intended to lay down or develop any principles of law Sentencing Bench Book 5 September 2019 – The text of the Sentencing Bench Book reflects the law as it stands at any given time

Appointment of NCAT Division Head and Deputy President NCAT President Justice Lea Armstrong has announced the Attorney General has made the following appointments commencing on Monday, 9 September 2019 (10 September 2019). More...

Post-sentencing reform statistics now available on JIRS The Judicial Commission has launched an enhanced statistics viewer to accommodate the new community-based sentencing options which came into effect on 24 September 2018. The post-reform sentencing statistics for the Local Court, District and Supreme Courts are now available now. Click here for further information (09 September 2019). More...

NSW ICAC Statement of Business Ethics The NSW ICAC has recently updated its Statement of Business Ethics.(05 September 2019). More...

NSW IPC: Right to Know Week NSW Right to Know Day is an international annual event held on 28 September that aims to increase awareness of individuals’ right of access to government information and open, transparent governance. More...

Published – articles, papers, reports

ACLEI is no substitute for a federal ICAC Bill Browne, The Australia Institute: 11 September 2019 After the Senate passed the Greens bill to establish a federal anti-corruption commission and the Morrison Government faces new pressure to establish a strong, independent anti-corruption body, this paper argues that the existing Australian Commission for Law Enforcement Integrity is no substitute for a National Integrity Commission with teeth. More...

Australia's welfare 2019: in brief Australian Institute of Health and Welfare: 11 September 2019 This report tells the story of welfare in Australia with key findings on housing, education and skills, employment and work, income and finance, government payments, social support, justice and safety. More...

Understanding the attitudes and motivations of adults who engage in image-based abuse Colette Mortreux, Karen Kellard, Nicola Henry, Asher Flynn Office of the eSafety Commissioner (Australia): 11 September 2019 This research focuses on perpetrators of image-based abuse and front-line workers who engage with perpetrators on a professional basis. More...

NSW Recorded Crime Statistics quarterly update June 2019 BOSCAR: 09 September 2019 The offence trending upwards was steal from retail store (up 6.5%). This increase is largely due to more shop stealing incidents occurring at licenced premises & supermarkets. More...

Outsourcing responsibility: human rights policies in the defence sector Amnesty International: 09 September 2019 This report argues that the defence sector urgently needs to develop robust human rights due diligence polices and processes, separate from those undertaken as part of government licensing assessments, that truly address the very serious human rights risks the industry routinely runs. More...


Graham Mahony and Australian Charities and Not-for-profits Commission (Freedom of information) [2019] AICmr 64 FREEDOM OF INFORMATION – Whether inclusion of certain matter would cause reasons for decision to be an exempt document – Whether disclosure would have a substantial adverse effect on the proper and efficient conduct of the operations of an agency – Whether contrary to public interest to release conditionally exempt documents – Whether reasonable steps taken to locate documents – (CTH) Freedom of Information Act 1982 ss 11A(5), 24A, 26(2), 47E(d)

'RE' and Department of Home Affairs (Freedom of information) [2019] AICmr 63 FREEDOM OF INFORMATION – Whether disclosure would have a substantial adverse effect on the proper and efficient conduct of the operations of an agency – Whether contrary to public interest to release conditionally exempt documents – (CTH) Freedom of Information Act 1982 ss 11A(5), 47E(d)

'RC' and TICA Default Tenancy Control Pty Ltd (Privacy) [2019] AICmr 60 PRIVACY – Privacy Act 1988 (Cth) – National Privacy Principles – Australian Privacy Principles – Definition of ‘personal information’ – Collection of personal information – NPP 1 – Breach substantiated –Data quality – NPP 3 – APP 10 – Compensation awarded for non-economic loss – Declaration that respondent must take specified steps

John Power and Department of Human Services (Freedom of information) [2019] AICmr 62 FREEDOM OF INFORMATION – Whether documents contain deliberative matter prepared for a deliberative process – Whether disclosure is contrary to the public interest – (CTH) Freedom of Information Act 1982 ss 11A and 47C I substitute my decision that the material that the Department found to be exempt under s 47C of the FOI Act is not exempt. On 4 July 2017, the applicant applied to the Department for access to: Memos, reports, briefings, correspondence or other documentation addressing concerns or flagging the possibility of the sale of Medicare patient details on the darknet.

Fisher v Upper Lachlan Shire Council [2019] NSWCATAD 185 ADMINISTRATIVE LAW - freedom of information - government information public access - requirement for an advance deposit against processing charges. Government Information (Public Access) Act 2009

Forest Coach Lines Pty Ltd v Commissioner for Vocational Training [2019] NSWCATAD 181 ADMINISTRATIVE LAW – Apprenticeship Traineeship Act – Contract – competing agreements – whether decision to terminate was reasonable – whether Commissioner’s powers allowed determination

Muswellbrook Shire Council v Hunter Valley Energy Coal Pty Ltd [2019] NSWCA 216 ADMINISTRATIVE LAW – jurisdictional facts – whether conditions of project approval specified objective criteria, satisfaction of which was a precondition to the exercise of the decision-maker’s powers ADMINISTRATIVE LAW – unreasonableness – whether decision-maker’s satisfaction with a mining strategy was legally unreasonable – whether decision-maker’s view was at least arguable CIVIL PROCEDURE – Court of Appeal – whether leave to appeal required against costs order where there is an appeal as of right against the substantive orders made at first instance - s 58(3)(c) Land and Environment Court Act 1979 (NSW) COSTS – administrative law – whether decision-maker entitled to costs when appears to advance arguments in proceedings between two well-represented litigants – Hardiman (1981) 144 CLR 13; [1980] HCA 13 considered

Cornish v Secretary, Department of Planning, Industry and Environment [2019] NSWSC 1134 ADMINISTRATIVE LAW – review of decision of Civil and Administrative Tribunal (NCAT) – disciplinary action against local councillor for breaches of Code of Conduct – validity of statutory powers of Council – validity of referral to NCAT – jurisdictional error in disciplining for breach of invalid provision of Code – jurisdiction to inquire into underlying conduct LOCAL GOVERNMENT – powers of local council to discipline councillor – power to censure conferred by statute – validity of further powers contained in Code made under Regulation – whether additional powers consistent with scheme of legislation – Council required councillor to acknowledge breach, apologise, undertake not to repeat conduct and undertake training – councillor referred to Chief Executive for failing to comply – matter referred to NCAT for consideration – powers of NCAT STATUTORY INTERPRETATION – conferral of limited power to take disciplinary action – further powers conferred by code made under regulation – whether code consistent with scheme of legislation Civil and Administrative Tribunal Act 2013 (NSW), Sch 5, cl 29; Independent Commission Against Corruption Act 1988 (NSW)

Malek Fahd Islamic School Limited v Non-Government Schools Not-For-Profit Advisory Committee, NSW Department of Education [2019] NSWCATAD 183ADMINISTRATIVE LAW – Education – payment to non-government school – whether operating “for profit” – consequences of having operated “for profit” – recommendations to Minister

DSG v Department of Education [2019] NSWCATAD 182 ADMINISTRATIVE REVIEW – privacy and personal information – review of conduct of agency admitted to be a contravention of the information protection principles concerning personal information



Combatting Child Sexual Exploitation Legislation Amendment Bill 2019 Senate 12/09/2019 - The Bill protects children from sexual exploitation by improving the Commonwealth framework of offences relating to child abuse material, overseas child sexual abuse, forced marriage, failing to report child sexual abuse and failing to protect children from such abuse. The Bill amends the Criminal Code Act 1995(Criminal Code), the Customs Act 1901(Customs Act), the Crimes Act 1914(Crimes Act), the Surveillance Devices Act 2004 and the Telecommunications (Interception and Access) Act 1979

Crimes Legislation Amendment (Police Powers at Airports) Bill 2019 Senate 12/09/2019 – The Bill amends the Crimes Act 1914 to: broaden existing identity check provisions and create offences and powers in relation to identity check, move-on and ancillary directions by constables and protective services officers at Australia’s major airports; and Australian Federal Police Act 1979 to provide that the offence of contravening an identity check or move-on direction is a protective service offence for the purposes of the Act.

Criminal Code Amendment (Agricultural Protection) Bill 2019 House of Representatives Message from Senate reported 12/09/2019 Consideration of Senate message Details: House agreed to Senate amendments 12/09/2019 Amends the Criminal Code Act 1995 to introduce two new offences in relation to the incitement of trespass or property offences on agricultural land

Royal Commissions Amendment (Private Sessions) Bill 2019 HR Message from Senate reported 10/09/2019. Consideration of Senate message. Details: House agreed to Senate amendments 10/09/2019 Senate 09//09/2019 – Amends the: Royal Commission Act 1902 to: enable a Royal Commission to hold private sessions where a regulation is made authorising it to do so; enable the Chair of a multi-member Royal Commission, or a sole Commissioner, to authorise Assistant Commissioners to hold private sessions; and impose limits on the use and disclosure of private session information and certain information given to the Child Sexual Abuse Royal Commission; and Freedom of Information Act 1982 to make consequential amendments

National Integrity Commission Bill 2018 (No. 2) HR 10/09/2019 - The bill establishes the Australian National Integrity Commission as an independent public sector anti-corruption commission for the Commonwealth; provides for the appointment, functions and powers of the National Integrity Commissioner and commissioners; and makes consequential amendments to the Law Enforcement Integrity Commissioner Act 2006, Ombudsman Act 1976 and Public Interest Disclosure Act 2013


Australian Human Rights Commission Regulations 2019 13/09/2019 - These regulations declare additional grounds of discrimination for the purposes of the Australian Human Rights Commission's equal opportunity in employment function, provided for by Division 4 of Part II of the Australian Human Rights Commission Act 1986.

Disability Discrimination Regulations 2019 13/09/2019 - These regulations declare 'combat duties' and 'combat-related duties' for the purposes of subsection 53(2) of the Disability Discrimination Act 1992. The Regulations also prescribe certain Commonwealth and State laws for the purposes of subsection 47(2) of the Disability Discrimination Act 1992.

Telecommunications (Protecting Australians from Terrorist or Violent Criminal Material) Direction (No. 1) 2019 09/09/2019 - This instrument directs relevant service providers to block the websites included in the list of websites hosting terrorist or violent criminal material, in connection with the eSafety Commissioner's function of promoting online safety for Australians by protecting them from access or exposure to material that promotes, incites or instructs in, terrorist acts or violent crimes.


Regulations and other miscellaneous instruments Government Sector Employment (General) Rules (Amendment No 10 – Miscellaneous) 2019 (2019-443) – published LW 2 September 2019