Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Friday, October 23, 2020

It Is Rather A Worry That The OAIC Is Not Fully Funded To Health Protect Privacy And Watch The #myHealthRecord!

 This popped up last week.

Privacy office is still ‘severely underfunded’

Denham Sadler
Senior Reporter

13 October 2020

Australia’s regulator for privacy and freedom of information missed all but one of its performance goals in the last year, leading to concerns the agency is “severely underfunded” and will be unable to effectively perform its role without a substantial resourcing boost.

The resourcing of the Office of the Australian Information Commissioner (OAIC) has been questioned for several years, with a significantly rising workload and an increasingly prominent role, but with no corresponding increase in funding.

There are particular concerns about a lack of any new funding for the OAIC’s Freedom of Information functions will mean it is unable to address its growing backlog of cases and properly perform its role in overseeing the scheme.

A spokesperson for the OAIC confirmed it will be unable to address lengthy delays if it does not get a funding boost. Privacy questions: The Office of the Australian Information Commissioner is struggling for resources

Budget documents have revealed that the agency failed to achieve seven of its eight performance goals for the 2019-20 financial year, heightening fears that it is not adequately resourced to conduct its important role.

The office was provided $25 million over three years in last year’s federal budget to respond to privacy complaints and support strengthened enforcement actions in relation to social media platforms breaching privacy regulations.

The only new funding for the OAIC in last week’s budget was just $261,000 to assist with the government’s digital identity scheme, The office did not receive any extra money for its rising workload in the other areas it is tasked with, including FOI.

The total government appropriation for the office is down from last year though, falling from $21.27 million to $20.95 million. The OAIC still has $5.675 million leftover from last year’s appropriation, bringing its overall resourcing to about $4 million more than in 2019-20 to $29.696 million.

Its staffing levels will jump from 95 to 124 in this financial year.

These funding allocations are not sufficient for the OAIC to properly function, Digital Rights Watch’s Lucie Krahulcova said.

“The government is severely underfunding a critical institution. The ACCC’s report on digital platforms released earlier this year outlined that fundamental changes need to be made on the way privacy and data protection are treated in Australia,” Ms Krahulcova said.

“The budget allocation for the OAIC does not suggest that the government will be taking those recommendations seriously. The amount of remote work and study this year has increased our connection to a lot of technologies and really highlighted Australians’ fear about how their privacy is treated – the budget allocation remains deaf to those concerns.”

The OAIC has a number of roles, with its workload being added to each year. It handles privacy complaints, the mandatory data breach notification scheme, FOI complaints and provides public information service. It also conducts Commissioner-initiated investigations of privacy and FOI breaches.

This year it has also been given an important role in overseeing the government’s COVIDSafe contact tracing app and will also have an increasingly prominent role in the Consumer Data Right scheme and with the new Data Availability and Transparency Act.

The office had eight key goals and measurables in the last financial year. It only achieved one of these, successfully finalised 80 per cent of privacy complaints within 24 months.

Of the others, the OAIC partially achieved its goal of finalising 80 per cent of data breach notifications within 60 days and failed to achieve the other six goals.

These included to finalise 80 per cent of Privacy Commissioner-initiated investigations within eight months, for 80 per cent of My Health record data breach notifications to be finalised within 60 days, for 80 per cent of Information Commissioner reviews to be completed within 12 months and for 90 per cent of written enquiries to be finalised within 10 days.

Lots more here:

https://www.innovationaus.com/privacy-office-is-still-severely-underfunded/

Worryingly there also seems to be pressure at the State level.

NSW govt requests to privacy watchdog climb 171 percent

By Justin Hendry on Oct 12, 2020 6:51AM

Coincides with state's digital push.

NSW’s privacy watchdog has experienced a 171 percent rise in the number of requests for privacy advice from agencies and ministers since the government's digital push began.

The Information and Privacy Commission (IPC) revealed the figure in its submission to the parliamentary inquiry into the government’s handling of cyber security last week.

“The IPC’s work volumes have increased significantly in response to the NSW government’s digital government strategy released in early 2017,” the submission states.

“Between 2015-16 and 2019-20 requests to the IPC for advice have increased by 171 percent.”

The IPC said the advice relates to the “preservation and exercise of rights in digital government”, which the “NSW government has led the way” on.

“As the range of services available via digital platforms expands, so too do the threats and risks to the security of these services and the data holdings of the government,” it said.

That workload is only expected to climb further over the coming years, as the state increases the use of artificial intelligence and automated decision-making as part of its digital agenda.

New requirements for the IPC to review all IT projects funded from the government’s $1.6 billion digital restart fund will also add to the volume of work.

That obligation was introduced with the Digital Restart Fund Act in August, with the customer service minister now expected to obtain privacy advice before granting funding to agencies.

More here:

https://www.itnews.com.au/news/nsw-govt-requests-to-privacy-watchdog-climb-171-percent-554501

This really is not good enough given the public relies on these entities to warn and keep us safe against the range of threats that are out there.

It is especially troubling that the security and privacy supervision of the #myHealtRecord does not appear to be meeting benchmarks. Not good at all!

David.

1 comment:

Paul Dickerson said...

Could not agree more David. Almost as if it is being setup to fail.