Compliance Essentials

Privacy Commissioner complaint case notes 1 – 6 for 2009

Category: Privacy | by David Jacobson

The Australian Privacy Commissioner, Karen Curtis, has published six new case notes:

  • A v Medical Practitioner [2009] PrivCmrA 1:
    The complainant wrote twice to their medical practitioner requesting a copy of all of the personal information that the practitioner held about them in their medical record. After a delay, the medical practitioner offered the complainant the opportunity to view, but not copy, their medical record. The practitioner also offered to assist the complainant in understanding the content of the detailed record. The Commissioner formed the view that in this case, the medical practitioner had met the requirements of NPP 6.1 by offering the complainant the opportunity to view their medical record.
  • B v Cleaning Company [2009] PrivCmrA 2:
    An organisation contacted the complainant’s former employer, a cleaning company, seeking information as to the complainant’s whereabouts. A statement later provided to the complainant by the organisation indicated that the cleaning company had disclosed the complainant’s personal information to the organisation, including their address and financial details. The complainant complained that the personal information collected for the purposes of their employment was inappropriately disclosed by the cleaning company. The Commissioner examined the information available and was of the view that the complainant’s personal information had been wrongly disclosed by the cleaning company.
  • C v Commonwealth Agency [2009] PrivCmrA 3:
    The complainant was receiving a benefit from a Commonwealth government agency. The complainant applied for a change to the benefit but was refused. Dissatisfied with the agency’s decision, the complainant lodged a complaint with the appropriate tribunal in an effort to have the agency’s decision changed.  The complainant claimed that the agency gave the tribunal documents which were not relevant to the matter being heard. They claimed that the disclosure of the personal information in those documents was unnecessary. The agency claimed that it was obliged to provide those documents to the tribunal. The Commissioner was satisfied that the agency had properly considered whether all of the information it held about the complainant was relevant to the matter being reviewed by the tribunal, and had only provided the tribunal with that information in response to its notice.
  • D v Finance Company [2009] PrivCmrA 4:
    The complainant was unaware that the account had fallen into arrears until they found a default listed on their consumer credit file. The Commissioner found that when the complainant’s account fell into arrears the finance company had attempted to contact them by writing to them at their last known address. However, during the investigation it became apparent that the address used by the finance company was incomplete. The finance company had omitted enough information from the address so that it was unlikely that the complainant could have received the letters advising them the account was in arrears and that the default would be listed on their credit report. The complainant indicated that they would be satisfied with the payment default listing being removed from their consumer credit file. The finance company agreed and promptly contacted the credit reporting agency to ask that the listing be deleted. The credit reporting agency removed the payment default listing.
  • E v Advertiser [2009] PrivCmrA 5:
    An advertiser contacted a credit reporting agency to have the complainant’s failure pay the invoice recorded on their consumer credit file. The complainant claimed that the default listing was invalid as they had not engaged the services of the advertiser. The Commissioner considered all of the information available and formed the view that the complainant had agreed to the service provided by the advertiser, and had elected to be invoiced for payment at a later date.
  • Own Motion Investigation v Medical Centre [2009] PrivCmrA 6:
    The Privacy Commissioner was informed that a number of medical documents, including patients’ prescriptions and pathology results, were found scattered in a public park adjacent to a private medical centre.  The name of the centre was visible on some of the documents. The documents included patients’ names, addresses and phone numbers. The information given to the Commissioner suggested that the documents had come from a large bin at the rear of the private medical centre. The medical centre found that a lock on a medical waste bin, kept outside at the rear of the centre, had been tampered with and the contents of the bin thrown around an adjacent public park. Having regard to the sensitivity of the information held by the medical centre, the Commissioner and the centre devised a number of steps that the centre could take to ensure that information was kept securely. The medical centre also advised the Commissioner that it would write to all of its patients and advise them of the matter and the steps the medical centre was taking to address it. The Commissioner considered all of the action taken by the medical centre and was satisfied that it had taken reasonable steps to protect the sensitive information it holds from misuse and loss, and from unauthorised access, modification or disclosure. 
Print Friendly, PDF & Email
LinkedIn
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.

Support Plans