



After a spate of recent data breaches, much of the public conversation has focused on the need for regulatory reform to protect Australians’ privacy and encourage better behavior from businesses that collect and store personal data. .

The Albanian government has proposed legislation to tighten penalties for companies subject to repeated or serious privacy violations. Both the Australian Information Commissioner’s Office (OAIC) ​​and the Australian Communications and Media Authority (ACMA) will receive greater powers to resolve privacy breaches and share information, and noticeable data breach schemes will also be strengthened.

For these regulatory reforms to be successful, regulators need resources to effectively exercise their new powers.

The budget provided small additional funding to the OAIC. While this is welcome, it does not address the recent shortage of regulatory resources. While it is a truism that adding regulatory authority requires adding resources, Australian technical regulators are consistently being asked to do more with less.

Australia’s technology regulators are currently grappling with the nature of the ubiquitous and global growth of technology, the opportunities and risks it poses and what that means for their roles, responsibilities and resources.

In the last month alone, multiple sectors have been affected by data breaches. Optus (Telecommunications), Medibank Private (Health and Insurance) and EnergyAustralia (Energy) have been subjected to significant cyber incidents threatening unauthorized access, fraud and disclosure of customer information.

In response to the Optus breach, both the OAIC and ACMA have launched investigations into the incident.

This response from regulators speaks to a larger trend. Australia’s technology regulators are increasingly expected to adopt a stronger regulatory regime featuring investigations and enforcement actions. This is especially evident when it comes to the operation of digital platforms and data breaches.

The budget has slightly increased OAIC funding over the next two years. $5.5 million to address Opus breaches, $1.45 million to help expand consumer data rights, and $2 million to oversee privacy protections within My Health. I was. $1 million over four years to support systems of record and free functioning of information.

This budget bucks recent trends. Previously, the OAIC was responsible for introducing important initiatives such as the Notifiable Data Breach Scheme and regulating the COVIDSafe app without additional resources to support these features.

The increased powers and responsibilities of Australia’s technical regulators often come without the resources to support them. Budget allocations to the Australian Technical Regulator, the Australian Competition and Consumer Commission, the eSafety Commissioner’s Office, the ACMA and the OAIC have changed little over the past three years, despite a growing range of expectations and responsibilities. not.

The OAIC remains the most underresourced of Australia’s technical regulators. That resource is relatively static for 2017-2018. In his outline of OAIC Strategic Priorities 2022, released under his FOI request earlier this year, the Australian Information Commissioner noted that funding will be cut by 43% over the next two years as short-term budget measures come to an end. confirmed.

OAIC is also underresourced compared to its global peers. Comparing the OAIC, the Information Commissioner’s Office in the UK and the Data Protection Commission in Ireland, Reset Australia expects the OAIC to pay $1.11 per person, the ICO to $1.96 per person and the DPO to pay $1.96 per person for the period 2021-2022. found that received $6.04 per person (based on their respective populations in 2021).

So far, Australian technical regulators, especially the OAIC, have been able to do more with less. But this is not sustainable. The budget recognized that greater power and responsibility requires more resources, but funding commitments must go beyond temporary solutions and short-term measures. .

In response to recent data breaches, the Albanian government should not focus solely on tightening regulations and powers. We must also focus on effective enforcement and oversight of existing regulations and new powers. If regulators do not have the resources to carry out their duties, the impact of the new powers will be limited.

Sarah O’Connor is a Research Fellow at the Tech Policy Design Center at the Australian National University.

do you know more? Please contact James Riley by email.

