The Office of the Australian Information Commissioner (OAIC) has declared the Department of Home Affairs does not have adequate governance and systems of accountability in place to comply with statutory time frames for processing freedom of information (FOI) requests for non-personal information.
Its findings were made following an investigation into the Peter Dutton-overseen department’s statutory processing periods specified under the Freedom of Information Act 1982.
“Over the past four financial years, more than 50% of the FOI requests to Home Affairs for non-personal information were processed outside of the statutory processing period,” the OAIC said.
Offering a handful of recommendations, the commissioner has suggested Home Affairs appoint an “information champion”.
“Senior support, in the form of a senior information champion who is a member of the department’s executive with sufficient seniority, such as the chief operating officer, who may be supported by an information governance board, will play a key role in promoting FOI Act compliance within the department,” the OAIC says in its report [PDF].
The OAIC has also recommended the creation of a manual, staff training, and compliance audits of performance moving forward.
In compiling its report, the commissioner provided a timeline for the steps the department has taken up until the OAIC probe, such as implementing modern FOI handling technology capabilities.
In 2017, Home Affairs launched an online form to assist applicants and a year later commenced use of HotDocs software for decision letters and other correspondence.
“The department has become primarily digital, eliminating the creation of paper records and has been in the process of digitising incoming mail and existing paper records,” the report adds.
In March 2020, the department published statistics on the General Skilled Migration program which reduced the frequency of FOI requests for this information, and a month later, it provided remote access to use Adobe Pro software to members of the FOI Section, coinciding with stay at home orders in response to COVID-19 measures.
In the same month, Home Affairs introduced FOI management dashboards to provide information on the status of FOI caseloads and individual requests and in May it provided temporary additional resourcing to process FOI requests for personal information.
The OAIC said such steps have improved compliance with statutory processing requirements.
Earlier this week, the OAIC ordered Home Affairs to cost up the amount owed for each individual and pay compensation for “mistakenly” releasing the personal information of 9,251 asylum seekers.
It was determined the former Department of Immigration and Border Protection at the time had “interfered” with the privacy of these individuals by accidentally publishing their full names, nationalities, locations, arrival dates, and boat arrival information on its website in 2014.
Following the publishing of their personal information, the asylum seekers launched legal action against the department. The asylum seekers in New South Wales, Western Australia, and the Northern Territory claimed the breach exposed them to persecution from authorities in their home countries.
A total of 1,297 applications were lodged as part of the legal case requesting that compensation be paid because those affected suffered loss or damage due to the data breach.
The commissioner said the compensation to be paid to participating class members would range from AU$500 to more than $20,000 and would be determined on a case-by-case basis by the department.