Your email has been received by the Office of Australian Information
Commissioner.

FOI requests to the OAIC

Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.

The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.

Accordingly:

1)     if you are seeking to access documents of a particular Commonwealth
agency, you will need to make your request directly to the relevant
agency. For example, if you are requesting a copy of your visa records,
please make an FOI request and send it to the Department of Home Affairs.

2)     if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.

3)     if you are seeking to access documents of a private organization,
which the FOI Act does not apply to, please contact the organization
directly to find out how to access the documents you are seeking. For
example, if you are seeking to access to hospital records or your medical
centre records, please contact these organisations directly. 

Enquiries and other matters

If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...

-               Enquiry

-               Privacy  Complaint

-               Notifiable Data Breach

-               Consumer Data Right Complaint

-               FOI Complaint

-               Freedom of Information Review

-               Agency FOI Extension of Time Requests

-               Speech requests.

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...

Our reference: FOIREQ24/00132

Dear CR

Freedom of Information request

I refer to your request for access to documents made under the Freedom of
Information Act 1982 (Cth) (FOI Act).

You FOI request was received by the Office of the Australian Information
Commissioner (OAIC) on 1 March 2024. This means that a decision on your
FOI request is currently due on 2 April 2024.

Scope of your request

Your FOI request was made in the following terms:

1. Data breach reports for the period 1 January 2020 to 1 March 2024 where
the respondents' sector is government (local, state, and federal
government).

o The document I require is similar to document 52 released in
FOIREQ24/00047.

+ If it is not too much trouble, please include dates in the report.

o Respondent names are to be included in the scope of this request.

In order to process your request as efficiently as possible, I will
exclude duplicates and early parts of email streams that are captured in
later email streams from the scope of this request, unless you advise me
otherwise.

I will not identify you as the FOI applicant during any consultation
process. However, documents that are within the scope of your request that
the OAIC may need to consult third parties about may contain your personal
information.

Timeframes for dealing with your request

Section 15 of the FOI Act requires the OAIC to process your request no
later than 30 days after the day we receive it. However, section 15(6) of
the FOI Act allows us a further 30 days in situations where we need to
consult with third parties about certain information, such as business
documents or documents affecting their personal privacy.

The current decision due date for your request is 2 April 2024. We will
advise you if this timeframe is otherwise extended.

Disclosure Log

Documents released under the FOI Act may be published online on our
disclosure log, unless they contain personal or business information that
would be unreasonable to publish.

If you would like to discuss your FOI request, please contact me on my
contact details set out below.

Yours sincerely

[1][IMG]   Ben Wilson

Lawyer

Office of the Australian Information Commissioner

Sydney

E [2][OAIC request email] 
 
The OAIC acknowledges Traditional Custodians of Country across
Australia and their continuing connection to land, waters and
communities. We pay our respect to First Nations people,
cultures and Elders past and present.  

[3]Subscribe to Information Matters

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/
2. mailto:[OAIC request email]
3. https://www.oaic.gov.au/engage-with-us/n...

Our reference: FOIREQ24/00132

Dear CR

Please find attached correspondence in relation to your below FOI request.

Regards

[1][IMG]   Ben Wilson

Lawyer

Office of the Australian Information Commissioner

Sydney

E [2][OAIC request email] 
 
The OAIC acknowledges Traditional Custodians of Country across
Australia and their continuing connection to land, waters and
communities. We pay our respect to First Nations people,
cultures and Elders past and present.  

[3]Subscribe to Information Matters

show quoted sections

Your email has been received by the Office of Australian Information
Commissioner.

FOI requests to the OAIC

Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.

The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.

Accordingly:

1)      if you are seeking to access documents of a particular
Commonwealth agency, you will need to make your request directly to the
relevant agency. For example, if you are requesting a copy of your visa
records, please make an FOI request and send it to the Department of Home
Affairs.

2)      if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.

3)      if you are seeking to access documents of a private organization,
which the FOI Act does not apply to, please contact the organization
directly to find out how to access the documents you are seeking. For
example, if you are seeking to access to hospital records or your medical
centre records, please contact these organisations directly. 

Enquiries and other matters

If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...

-               Enquiry

-               Privacy  Complaint

-               Notifiable Data Breach

-               Consumer Data Right Complaint

-               FOI Complaint

-               Freedom of Information Review

-               Agency FOI Extension of Time Requests

-               Speech requests.

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...

Dear CR

Thank you for your email below.

If you would like to seek internal review of the original decision, even
though the timeframe for requesting an interview has passed, you can make
submissions to the OAIC reasons why an internal review was not sought
during the 30 day timeframe and why additional time should be granted. The
OAIC will then consider whether to grant you that extension of time for
the internal review matter to proceed. You can find out further about
internal review in Part 9 of the FOI Guidelines.

If you would like to make a new FOI request, this would capture data up to
the date of your new FOI request.

It really is a matter of preference which option you would like to proceed
with.

Please do kindly let us know how you would like to proceed.

Kind regards

Margaret

 
[1][IMG]   Margaret Sui (she/her)

Principal Lawyer

Office of the Australian Information Commissioner

Sydney | GPO Box 5288 Sydney NSW 2001

P +61 2 9942 4145   E [2][email address] 
 
The OAIC acknowledges Traditional Custodians of Country
across Australia and their continuing connection to land,
waters and communities. We pay our respect to First Nations
people, cultures and Elders past and present.  

[3]Subscribe to Information Matters

show quoted sections

Our reference: FOIREQ24/00352
 
Dear CR,
 
Freedom of Information request
 
I refer to your request for access to documents made under the Freedom of
Information Act 1982 (Cth) (FOI Act).
 
Your FOI request was received by the Office of the Australian Information
Commissioner (OAIC) on Friday 5 July 2024. This means that a decision on
your FOI request is currently due on Monday 5 August 2024.
 
Consultation on the scope of your request
 
Your FOI request was made in the following terms:
 
I request access to the following documents under the Freedom of
Information Act 1982:
1. Data breach reports from 1 January 2020 to 5 July 2024 where the
respondent's sector is government (local, state, and federal government).
- The required document is similar to the one released in FOIREQ24/00132.
- Respondent names are to be included in the scope of this request.
 
Upon consultation with the OAIC Data Breach Team, to appropriately action
your request we would be grateful for your confirmation on whether you are
seeking data breach reports made:
 
•       under the Notifiable Data Breaches scheme of the Privacy Act 1988
(Cth)
•       under the My Health Records Act 2012 (Cth)
•       under the National Cancer Screening Register Act 2016 (Cth)
•       voluntarily, or
•       all of the above.
 
Please kindly provide your confirmation by close of business Friday 12
July 2024. If we do not hear from you by this date, we will process your
request on the basis that you are after data breach reports in line with
the ‘all of the above’ option. 
 
Timeframes for dealing with your request
 
Section 15 of the FOI Act requires the OAIC to process your request no
later than 30 days after the day we receive it. However, section 15(6) of
the FOI Act allows us a further 30 days in situations where we need to
consult with third parties about certain information, such as business
documents or documents affecting their personal privacy.
 
The current decision due date for your request is Monday 5 August 2024. We
will advise you if this timeframe is otherwise extended.
 
Disclosure Log
 
Documents released under the FOI Act may be published online on our
disclosure log, unless they contain personal or business information that
would be unreasonable to publish.
 
If you would like to discuss your FOI request, please contact me on my
contact details set out below.
 
Yours sincerely
Tahlia
 

Tahlia Pelaccia (she/her)
[1][IMG] Lawyer
Office of the Australian Information Commissioner
E [2][OAIC request email]

The OAIC acknowledges Traditional Custodians of Country across Australia
and their continuing connection to land, waters and communities. We pay
our respect to First Nations people, cultures and Elders past and present.
 

[3]Subscribe to Information Matters  

show quoted sections

Our reference: FOIREQ24/00352

Dear CR

Thank you kindly for your prompt response to our request for scope clarification.

I confirm we will process your request for data breach reports made under the Notifiable Data Breach Scheme of the Privacy Act 1999 (Cth).

Timeframes for dealing with your request

Section 15 of the FOI Act requires the OAIC to process your request no later than 30 days after the day we receive it. However, section 15(6) of the FOI Act allows us a further 30 days in situations where we need to consult with third parties about certain information, such as business documents or documents affecting their personal privacy.

The current decision due date for your request is 5 August 2024. We will advise you if this timeframe is otherwise extended.

Disclosure Log

Documents released under the FOI Act may be published online on our disclosure log, unless they contain personal or business information that would be unreasonable to publish.

If you would like to discuss your FOI request, please contact me on my contact details set out below.

Yours sincerely
Tahlia

Tahlia Pelaccia (she/her)
Lawyer
Office of the Australian Information Commissioner
E [OAIC request email]

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

Subscribe to Information Matters

show quoted sections

Good afternoon

Please find attached correspondence related to your FOI request,
FOIREQ24/00352.

Kind regards

Tahlia

[1][IMG]   Tahlia Pelaccia (she/her)

Lawyer

Office of the Australian Information Commissioner

E [2][OAIC request email]
 
The OAIC acknowledges Traditional Custodians of Country across
Australia and their continuing connection to land, waters and
communities. We pay our respect to First Nations people,
cultures and Elders past and present.  

[3]Subscribe to Information Matters

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/
2. mailto:[OAIC request email]
3. https://www.oaic.gov.au/engage-with-us/n...

Your email has been received by the Office of Australian Information
Commissioner.

FOI requests to the OAIC

Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.

The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.

Accordingly:

1)      if you are seeking to access documents of a particular
Commonwealth agency, you will need to make your request directly to the
relevant agency. For example, if you are requesting a copy of your visa
records, please make an FOI request and send it to the Department of Home
Affairs.

2)      if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.

3)      if you are seeking to access documents of a private organization,
which the FOI Act does not apply to, please contact the organization
directly to find out how to access the documents you are seeking. For
example, if you are seeking to access to hospital records or your medical
centre records, please contact these organisations directly. 

Enquiries and other matters

If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...

-               Enquiry

-               Privacy  Complaint

-               Notifiable Data Breach

-               Consumer Data Right Complaint

-               FOI Complaint

-               Freedom of Information Review

-               Agency FOI Extension of Time Requests

-               Speech requests.

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...

Dear CR

Thank you for your email.

The terms of your request were as follows:

‘I am seeking data breach reports made under the Notifiable Data Breaches
scheme. The same document as released in FOIREQ24/00132.’

A decision was made based on the request submitted to the OAIC and in the
circumstances at that time. As such, we are not in a position to comment
on what decision might have been made if the terms of the request had been
altered to distinguish between ‘suspected’ and ‘actual’ data breaches.

If you have any further enquiries in relation to Notifiable Data Breaches,
you can use the online enquiry form so that the data breach team can
directly correspond with you on these matters.  Please kindly use the
online enquiry form: OAIC Online Enquiry Form.

Please note that the [1][email address] inbox is only used for the
processing of FOI requests.

Kind regards

Tahlia

[2][IMG]   Tahlia Pelaccia (she/her)

Lawyer

Office of the Australian Information Commissioner

E [3][OAIC request email]
 
The OAIC acknowledges Traditional Custodians of Country across
Australia and their continuing connection to land, waters and
communities. We pay our respect to First Nations people,
cultures and Elders past and present.  

[4]Subscribe to Information Matters

show quoted sections

Our reference: FOIREQ24/00423

Dear CR

I refer to your email of 26 August 2024, in which you requested an internal review of the OAIC’s FOI decision 5 August 2024 (FOIREQ24/00352).

Your request FOIREQ24/00352, was made in the following terms:

1. Data breach reports from 1 January 2020 to 5 July 2024 where the respondent's sector is government (local, state, and federal government).
- The required document is similar to the one released in FOIREQ24/00132.
- Respondent names are to be included in the scope of this request.

I respectfully submit that disclosing agency names is strongly aligned with the public interest, as evidenced by the OAIC's Australian Community Attitudes to Privacy Survey 2023:

- Only two in five Australians feel most organisations they deal with are transparent about how they handle their information. Disclosing the agency names would serve the public interest by providing transparency and accountability around how government agencies are managing data breaches.
- 82% of Australians actively care about protecting their personal information. Knowing which agencies have experienced breaches empowers them to make informed decisions about their interactions with those agencies.
- Three-quarters of Australians feel data breaches are one of the biggest privacy risks they face today. Identifying the agencies involved allows for more nuanced public debate and scrutiny of this critical issue.
- After quality and price, data privacy is the third most important factor when choosing a product or service. Disclosing the agency names would further empower Australians to make well-informed decisions when accessing government services.

For these reasons, I believe the public interest factors strongly favour the disclosure of the respondent names in the requested data breach reports. I hope you will give this new FOI request your careful consideration. Please let me know if you require any further information from me.

Section 54C of the Freedom of Information Act 1982 (Cth) requires the OAIC to make a fresh decision on your FOI request within 30 days after the day we received your application.

Because we received your application on 26 August 2024 we must make a fresh decision by 25 September 2024.

Your application has been allocated to a review officer with no previous involvement with the earlier decision.

If you have any questions, please contact me.

Regards

Emily Elliott
Senior Lawyer
Office of the Australian Information Commissioner
Sydney | GPO Box 5288 Sydney NSW 2001
E [OAIC request email]

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

Subscribe to Information Matters
 

show quoted sections

OAIC ref: FOIREQ24/00423

Dear CR

Please find attached a decision, schedule and document in relation to the
above matter.

Kind regards

Molly

[1][IMG]   Molly Cooke

A/g Senior Lawyer

Office of the Australian Information Commissioner

E [2][OAIC request email]

 
The OAIC acknowledges Traditional Custodians of Country across
Australia and their continuing connection to land, waters and
communities. We pay our respect to First Nations people,
cultures and Elders past and present.  

[3]Subscribe to Information Matters

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/
2. mailto:%20[OAIC request email]
3. https://www.oaic.gov.au/engage-with-us/n...

Your email has been received by the Office of Australian Information
Commissioner.

FOI requests to the OAIC

Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.

The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.

Accordingly:

1)      if you are seeking to access documents of a particular
Commonwealth agency, you will need to make your request directly to the
relevant agency. For example, if you are requesting a copy of your visa
records, please make an FOI request and send it to the Department of Home
Affairs.

2)      if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.

3)      if you are seeking to access documents of a private organization,
which the FOI Act does not apply to, please contact the organization
directly to find out how to access the documents you are seeking. For
example, if you are seeking to access to hospital records or your medical
centre records, please contact these organisations directly. 

Enquiries and other matters

If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...

-               Enquiry

-               Privacy  Complaint

-               Notifiable Data Breach

-               Consumer Data Right Complaint

-               FOI Complaint

-               Freedom of Information Review

-               Agency FOI Extension of Time Requests

-               Speech requests.

Notice:

The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.

References

Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...