The Office of the Privacy Commissioner issued its 2024 Annual Report recently – we read it so you don’t have to, and here are our key takeaways relating to its complaints and enforcement functions:
Over 1000 complaints were received – a 15% increase on the previous year – and of these 75% were processed under the ‘fast resolve’ approach and 25% were investigated.
Of that 25%, 6.5% resulted in the complainant receiving a financial settlement. The report states that where the OPC facilitates a financial settlement the average amount is over $14,000 (compared to the average Human Rights Review Tribunal damages awards for emotional harm of $20,000). One of the complaints that resulted in a financial settlement was a representative complaint involving 148 individuals.
Complaints took longer to resolve, with just under a third of complaints still open six months after being received.
66% of complaints were about access to personal information – with complaints about disclosure at 12% and information security at 10%
414 notifiable privacy breaches were received – slightly less than in the previous year
In addition to dealing with privacy breach notifications, the ongoing Latitude Finance investigation and the Foodstuffs NI FRT inquiry, the OPC’s enforcement function:
- issued two draft compliance notices to non-compliant agencies;
- issued four formal letters re failing to notify a notifiable privacy breach as soon as practicable;
- publicly named one agency found to be in breach; and
- undertook 20 proactive investigations and enquiries.