Annual OAIC Report Shows Growing Enforcement in Data Breach Cases
The Office of the Australian Information Commissioner (OAIC) resolved several major data protection breach cases in the past year, it said Wednesday. It also received 12% more notifiable data breaches (1,126) than in the previous year, its 2024-25 annual report noted.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Among the high-profile data research cases finalized were one involving a payment of 50 million Australian dollars ($32 million) from Meta (see 2506270004) and an enforceable commitment from Oxfam Australia after it experienced a data breach in January 2021 (see 2502200048), the watchdog said. Other court actions led to Australian Clinical Labs paying AU$5.8 million ($3.8 million) in civil penalties for a data breach, the first such penalties ordered under the Privacy Act.
The OAIC also published a dashboard Tuesday aimed at helping the media, the public and the entities required to report data breaches understand the volume of such incidents it receives (see 2511040011).
The office said it completed 2,470 Information Commissioner reviews in 2024-25, up 41% from 2023-24. It issued 248 review decisions and finalized more than 3,000 privacy complaints.
The report showed the "impact and credibility of the OAIC as the national regulator for privacy and freedom of information," said Information Commissioner Elizabeth Tydd. The digital environment requires a "proactive contemporary approach to regulation," and one that's "tethered to regulatory transparency and proportionality."