Appendix C: Memoranda of understanding
Australian Digital Health Agency
Under our Memorandum of Understanding (MOU) with the Australian Digital Health Agency we continued to provide support and assistance on privacy matters relating to both the Healthcare Identifiers Service and My Health Record system. These services included:
- responding to enquiries and complaints relating to the privacy aspects of the My Health Record system
- investigating acts and practices that may have been a misuse of healthcare identifiers or a contravention of the My Health Record system, if required
- receiving data breach notifications and providing advice
- conducting privacy assessments
- providing guidance material for individuals and participants in the My Health Record system
- liaising and coordinating on privacy-related matters and activities with key stakeholders
- preparing relevant communication materials
- providing policy and legislation advice relating to the privacy aspects of the Health Identifiers Service and My Health Record System
- monitoring and participating in digital health developments.
During this reporting period, the Office of the Australian Information Commissioner received $1,626,023.40 (GST exclusive).
For further information on our activities under this MOU, see the Annual Report of the Australian Information Commissioner’s Activities in Relation to Digital Health 2018–19 (available on our website no later than 28 November 2019).
Australian Human Rights Commission
The Australian Human Rights Commission (AHRC) continued to provide a number of corporate services to our office this year, including financial, administrative, information technology and human resource related tasks. We also sublet premises in Sydney from the AHRC.
For the corporate services we paid $916,956.72 (GST exclusive) and for the premises (including outgoings) we paid $1,083,040.92 (GST exclusive) to the AHRC.
Australian Capital Territory Government
In 2018 we entered into a new MOU with the Australian Capital Territory (ACT) Government to continue to provide privacy services to ACT public sector agencies. These services included:
- responding to privacy complaints and enquiries about ACT public sector agencies in relation to the Information Privacy Act 2014 (ACT) and its Territory Privacy Principles
- providing policy and legislation advice
- providing advice on data breach notifications, where applicable
- carrying out a privacy assessment
- providing access to our Privacy Professional Network meetings.
For these services, we received $177,500 (GST exclusive) from the ACT Government.
For further information on our activities under this MOU, see the Memorandum of Understanding with the Australian Capital Territory for the Provision of Privacy Services 2018–19 Annual Report (available on our website no later than 22 October 2019).
Department of Education and Training
In July 2018 we entered into a new MOU to continue to support the Department of Education and Training (now the Department of Education) with their student identifier initiative, providing expert and timely advice on privacy matters. Our services to the department included:
- developing the content for four editions of the TRANSPARENT privacy newsletter for publication on the Unique Student Identifier website
- responding to any enquiries and complaints relating to the privacy aspects of the Student Identifier initiative
- conducting a webinar on privacy matters for registered training organisations
- giving a presentation on privacy matters at a vocational education conference
- conducting a privacy assessment of the Unique Student Identifier Transcript Service.
For these services, we received $100,000 (GST exclusive).
Department of Home Affairs
In November 2017, the Attorney-General’s Department and the OAIC signed an MOU for the provision of privacy assessments in relation to the National Facial Biometric Matching Capability (NFBMC).
On 20 December 2017, the Department of Home Affairs assumed responsibility for the NFBMC as part of Machinery of Government changes and subsequently assumed responsibility for the roles and responsibilities under the MOU.
In February 2018, the Identity-matching Services Bill 2018 was introduced into Parliament but was not passed, so our privacy assessments have been deferred to later financial years. In May 2019 we signed a variation to the MOU to defer commencing privacy assessments and associated payments for two years.