Australians’ information privacy is protected by Claytons policing | News

Australians’ information privacy is protected by Claytons policing

Originally published on The Australian


Treasurer Paul Keating’s floating of the dollar in the 1980s symbolised Australia’s willingness to embrace globalisation.

It was also the decade when iconic winery Orlando Wines distributed its non-alcoholic beverage Claytons.


Today the term “Claytons” is commonly used to describe something masquerading as legitimate when it isn’t, which begs the question, is the Office of the Australian Information Commissioner (OAIC) a Claytons regulatory body?


As confronting as the question may seem, the stark reality remains, we continue to establish regulatory bodies that are toothless tigers, and are ineffective at executing what they are mandated to do.


The OAIC’s key objective is to prosecute serial offending corporates who repeatedly show no regard to the codes of practice and regulations required as custodians of our personal information.


Later this month, the OAIC will release its next quarterly report. Contained within it will be the declaration that there will be a potential further 200 data breaches or more by corporate Australia and government agencies.


Australia continues to see data breaches matching or outpacing the majority of the developed world. Why this is case is either because the OAIC is reluctant to prosecute the offenders or it has insufficient resources to fully investigate each reported data breach. Either way, it’s not a good look for the regulator charged with ensuring corporate Australia is protecting our privacy.


The privacy for individual Australians is no less important than that of our state secrets, however, it seems those responsible for safeguarding our private information have a different view.


A critical part of the OAIC’s mandate is to monitor data breaches along with:

     • conducting investigations

     • reviewing decisions of FOI

     • handling complaints

     • monitoring agency administration

     • providing advice to the public, government agencies and businesses.


Since February this year, when the Mandatory Data Breach Laws came into effect, only three organisations have been fully reviewed based on the information on the OAIC’s website — super fund trustees United Super and the government departments Veterans’ Affairs and Home Affairs.


The bar of expectation is always set high when the promise of change is made but so far what’s been delivered has flattered to deceive.

The OAIC should be criticised not for anything it has done wrong, but more for what it has failed to do — hold corporate Australia and government agencies accountable for how they secure and safeguard our personal information.


One of the most infamous data breaches to date has been when Westpac customers’ personal information passwords were stolen and passed on illegally.


It would have been a reasonable expectation to think the OAIC would have investigated and potentially fined Westpac given the seriousness of the breach, and yet it didn’t.


Did the watchdog even seek out a please explain from the bank?


Orlando Wines’ Claytons campaign was genius with the promotion of its non-alcoholic drink, the OAIC would be better served offering greater transparency with what it does, rather than masquerading as a sector watchdog that is more concerned with producing reports than acting on what’s in those reports.