Australia’s Information Commissioner Highlights Progress on Privacy & Access Rights

Key Takeaways

• Proactive Regulatory Approach: The OAIC emphasized a harm-focused strategy to address high-risk privacy and information access issues.
• Major Enforcement Outcomes: The year included a $50 million payment program under an undertaking with Meta and $5.8 million in civil penalties against Australian Clinical Labs, the first issued under the Privacy Act.
• Increased Case Resolution: The OAIC finalized 2,470 Information Commissioner reviews, a 41% increase year-over-year.
• Rising Stakeholder Confidence: Five of six stakeholder survey measures improved, indicating growing trust in the OAIC’s regulatory transparency and engagement.
• Expanded Guidance and Transparency: The OAIC released new self-assessment tools and a standalone FOI performance volume to support compliance and system-wide visibility.

Deep Dive

Australia’s privacy and information rights regulator says it made meaningful strides in enforcement, transparency, and public trust over the past year, according to the Office of the Australian Information Commissioner’s (OAIC) newly released Annual Report for 2024–25.

Releasing the report this week, Australian Information Commissioner Elizabeth Tydd said the agency’s role continues to expand as privacy expectations rise and freedom of information (FOI) access remains central to government accountability.

“This report demonstrates the impact and credibility of the OAIC as the national regulator for privacy and freedom of information,” Tydd said. “We apply a proactive and harm-focused approach to prioritise our efforts. We take regulatory action to encourage and support compliance and to address high-risk matters with the greatest potential for harm.”

That approach shaped several significant outcomes during the year. The OAIC finalized an enforceable undertaking with Meta Platforms, Inc. that included a $50 million payment program, and it also accepted an enforceable undertaking from Oxfam Australia following the organization’s 2021 data breach. Another case led to Australian Clinical Labs paying $5.8 million in civil penalties in relation to a breach at its Medlab Pathology business, the first time civil penalties have been ordered under the Privacy Act.

Beyond enforcement, the regulator pointed to measurable operational gains. The OAIC finalized 2,470 Information Commissioner reviews in 2024–25, a 41% jump from the previous year, even as incoming review applications rose 21%. Privacy complaint resolutions and data-breach notifications under the Notifiable Data Breaches scheme also remained steady, with 86% of breach notifications finalized within the agency’s 60-day target window.

The OAIC also continued to expand its guidance, tools, and transparency measures. A new FOI statistics dashboard and updated self-assessment tools for both privacy and FOI are designed to help organizations better understand their obligations and benchmark performance. To increase transparency, the agency also released a standalone FOI volume of the annual report, offering more detailed performance and system-wide data.

Tydd said the results are reinforced by rising trust among the OAIC’s stakeholders. Five out of six measures in the regulator’s annual stakeholder survey improved this year, including perceptions of how effectively the OAIC advances online privacy protections and supports proactive disclosure of government information.

“We are instrumental in securing democratic rights and promoting a healthy economy,” Tydd said, adding that the OAIC’s positioning is intended to support more impactful regulatory outcomes in the coming year.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.