Comcare was included in one Australian National Audit Office (ANAO) performance audit undertaken in 2016–17.
Corporate Planning in the Australian Public Sector was tabled in Parliament on 1 June 2017. The objective of the audit was to assess the progress in implementing the corporate planning requirements under the PGPA Act and related PGPA Rule 2014. Comcare was one of four agencies covered by the audit.
The audit assessed corporate plans for the 2016–17 reporting period and adopted the following high-level audit criteria:
- the selected entities’ corporate plans were established as their primary planning document and outline how entities intended to achieve their purposes over the period of the plans
- the selected entities’ corporate plans met the minimum content and publication requirements of the PGPA Rule 2014
- entities’ supporting systems and processes for developing their corporate plans and monitoring achievements against their plans are mature.
The audit found that Comcare has established its Corporate Plan as its primary planning document and is using it to manage its business. Improvement opportunities were identified and have been considered in developing the 2017–18 Corporate Plan.
Office of the Australian Information Commissioner (OAIC)
External scrutiny—FOI and Privacy
The Information Commissioner received four reviews of FOI decisions made by Comcare. One decision was affirmed and two other applications for review were subsequently withdrawn following a preliminary review. One review remains open.
Twelve privacy complaints were made to the OAIC. Nine were closed by the OAIC with no breach under the Privacy Act recorded. The Privacy Commissioner made two determinations under the Privacy Act.
‘JO’ and Comcare (Privacy)  AICmr64 (21 September 2016)
Comcare interfered with the complainant’s privacy by disclosing information about workplace injuries at his current employer to his former employer and an insurance company, in breach of Australian Privacy Principle (APP) 6, and failing to take reasonable steps under APP 11 to protect his personal information from unauthorised disclosure.
To compensate the complainant for the interference with his privacy, the Privacy Commissioner determined Comcare pay the complainant $3000 by way of compensation for the loss or damages suffered by reason of the interference with his privacy.
‘LB’ and Comcare (Privacy) AICmr28 (24 March 2017)
Comcare interfered with the complainant’s privacy in breach of Part III of the Privacy Act by disclosing the complainant’s personal information, including sensitive health information, on a publicly available website contrary to Information Privacy Principle (IPP) 11; and failing to take such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse contrary to IPP 4.
The Privacy Commissioner determined Comcare pay the complainant the amount of $20,000 for non-economic loss caused by the interference with the complainant’s privacy; and pay the complainant the amount of $3000 to reimburse her for expenses reasonably incurred in connection with the making of the complaint and the investigation of the complaint.
Note: This breach occurred prior to 12 March 2014 (prior to the IPPs being replaced with the APPs).
Copies of the decisions are available at www.oaic.gov.au.
Comcare received 14 formal investigation enquiries from the Commonwealth Ombudsman in 2016–17. This result is a 30 per cent decline from the 2015–16 reporting period.
In all cases, the Commonwealth Ombudsman decided that no further review of the matter was warranted and the complaint was closed.
Review of decisions
The following decision had a significant effect on Comcare’s operations under the SRC Act.
Comcare v Martin  HCA 46
This matter concerned the interpretation of the phrase ‘as a result of’ in the reasonable administrative action exclusion in section 5A of the SRC Act. The High Court unanimously allowed Comcare’s appeal. The Court rejected the Full Federal Court’s application of the ‘as a result of’ test and found that the test is satisfied if the employee would not have suffered their disease if the administrative action had not been taken. The Court also confirmed that an employee’s reasons for reacting to an administrative action in a certain way are not relevant to this test.