Appendix D: Privacy statistics
Privacy complaints
Table D.1: Australian Privacy Principles (APP) issues in privacy complaints in 2018–19
|
AAP issue* |
Number of complaints |
% of total |
|---|---|---|
|
Use or disclosure of personal information (APP 6) |
973 |
29.46 |
|
Security of personal information (APP 11) |
780 |
23.61 |
|
Access to personal information (APP 12) |
480 |
14.53 |
|
Collection of solicited personal information (APP 3) |
426 |
12.90 |
|
Quality of personal information (APP 10) |
321 |
9.72 |
|
Direct marketing (APP 7) |
160 |
4.84 |
|
Notification of the collection of personal information (APP 5) |
93 |
2.82 |
|
Correction of personal information (APP 13) |
46 |
1.39 |
|
Open and transparent management of personal information (APP 1) |
23 |
0.70 |
|
Dealing with unsolicited personal information (APP 4) |
9 |
0.27 |
|
Anonymity and pseudonymity (APP 2) |
6 |
0.18 |
|
Cross-border disclosure of personal information (APP 8) |
6 |
0.18 |
|
Adoption, use or disclosure of government related identifiers (APP 9) |
2 |
0.06 |
* A complaint may cover more than one issue.
Table D.2: The main remedies agreed in conciliated privacy complaints in 2018–19
|
Jurisdiction |
|||||
|---|---|---|---|---|---|
|
Remedy* |
Privacy principles† |
Credit reporting |
Spent convictions and tax file number |
My Health Records |
Total |
|
Record amended |
267 |
82 |
1 |
13 |
363 |
|
Access provided |
196 |
9 |
– |
– |
205 |
|
Other or confidential |
169 |
8 |
– |
18 |
195 |
|
Apology |
181 |
3 |
5 |
3 |
192 |
|
Compensation |
111 |
6 |
1 |
– |
118 |
|
Changed procedures |
100 |
1 |
2 |
1 |
104 |
|
Staff training or counselling |
93 |
– |
4 |
– |
97 |
* A resolved complaint may involve more than one type of remedy.
† Includes APPs, National Privacy Principles and the Australian Capital Territory’s Territory Privacy Principles.
Table D.3: Compensation amounts in closed privacy complaints in 2018–19
|
Jurisdiction |
||||
|---|---|---|---|---|
|
Compensation amount |
Privacy principles* |
Credit reporting |
Tax file number |
Total |
|
Up to $1,000 |
31 |
3 |
– |
34 |
|
$1,001 to $5,000 |
56 |
3 |
1 |
60 |
|
$5,001 to $10,000 |
15 |
– |
– |
15 |
|
Over $10,001 |
9 |
– |
– |
9 |
* Only includes APP complaints.
Privacy assessments and digital health assessments
Table D.4: Privacy assessments in 2018–19
|
Privacy assessment subject |
Number of entities assessed |
Year opened |
Date closed |
|
|---|---|---|---|---|
|
1 |
Department of Home Affairs (previously the Department of Immigration and Border Protection (DIBP)) — third-party provider for advance passenger processing |
1 |
2016–17 |
November 2018 |
|
2 |
Loyalty program |
2 |
2016–17 |
June 2019 |
|
3 |
Department of Home Affairs (previously DIBP) — passenger name record |
1 |
2016–17 |
Ongoing |
|
4 |
Data retention scheme — telecommunications service provider 1 |
1 |
2017–18 |
November 2018 |
|
5 |
Data retention scheme — telecommunications service provider 2 |
1 |
2017–18 |
Ongoing |
|
6 |
Department of Home Affairs (previously DIBP) — connected information environment |
1 |
2017–18 |
Ongoing |
|
7 |
ACT Government —ACT Housing |
1 |
2017–18 |
Ongoing |
|
8 |
Privacy policy assessment of finance sector organisations |
20 |
2018–19 |
January 2019 |
|
9 |
Follow up of loyalty programs |
2 |
2018–19 |
June 2019 |
|
10 |
Data retention scheme — telecommunications service provider 3 |
1 |
2018–19 |
Ongoing |
|
11 |
Data retention scheme — telecommunications service provider 4 |
1 |
2018–19 |
Ongoing |
|
12 |
Unique Student Identifier Transcript Service |
1 |
2018–19 |
Ongoing |
|
13 |
ACT Government |
10 |
2018–19 |
Ongoing |
Table D.5: Digital health assessments in 2018–19
|
Privacy assessment subject |
Number of entities assessed |
Year opened |
Date closed |
|---|---|---|---|
|
Handling of individual healthcare identifiers by a private healthcare operator |
1 |
2017–18 |
Ongoing |
|
Australian Digital Health Agency — handling of personal information |
1 |
2017–18 |
Ongoing |
|
Access security governance for the My Health Record system — pharmacies |
14 |
2018–19 |
Ongoing |
|
Access security governance for the My Health Record system — pathology and diagnostic imaging services |
8 |
2018–19 |
Ongoing |
|
Access security governance for the My Health Record system — private hospitals |
2 |
2018–19 |
Ongoing |
Table D.6: Enhanced welfare payment integrity (data matching) assessments
|
Privacy assessment subject |
Number of entities assessed |
Year opened |
Date closed |
|---|---|---|---|
|
Department of Human Services non-employment income data matching (NEIDM) program |
1 |
2017–18 |
June 2019 |
|
Department of Human Services Pay-As-You-Go (PAYG) data-matching program |
1 |
2017–18 |
Ongoing |
|
Department of Human Services —information security for the NEIDM and PAYG programs |
1 |
2017–18 |
Ongoing |
|
Australian Taxation Office — information security as a data source for the Department of Human Services |
1 |
2018–19 |
Ongoing |
Visit
https://www.transparency.gov.au/annual-reports/office-australian-information-commissioner/reporting-year/2018-2019-50