The Australian Privacy Commissioner has published eight new case notes:
Own Motion Investigation v Insurance Company [2010] PrivCmrA 1: The Commissioner made enquiries with an insurer about a clause in one of its forms that required individuals to agree that the company ‘may disclose to anybody any information about you.’ The insurer agreed the authority was too broad and agreed to change it.
A v Private Health Service Provider [2010] PrivCmrA 2: A government employee complained that spent conviction information had been improperly taken into account in a review by an external health service provider. The Commissioner took the view that the information was protected under the Commonwealth spent convictions scheme because it was spent.
The Commissioner also took the view that ‘taking into account’ includes but is not limited to:
•asking questions about spent convictions at interviews
•seeking information on such convictions when performing criminal history checks or
•using information about spent convictions.
B v Charity Organisation [2010] PrivCmrA 3: The complainant received a letter addressed to them at their address from a charity organisation asking them to provide further personal information and to support the charity. They complained that the charity organisation should not have collected and used their personal information given they had no previous dealings with the charity.
In response to the Commissioner’s investigation, the charity organisation advised that it had not collected or used the complainant’s personal information. The charity organisation had outsourced its marketing activities to a third party contractor. While the charity organisation had provided the template for the letter that was posted to the complainant, the third party contractor had used its own database of customers to generate the name and address on the letter. The third party contractor did not provide this database to the charity organisation.
Based on the above information, the Commissioner was satisfied that the charity organisation had not collected the complainant’s personal information or unlawfully used it to direct market them. The Commissioner also advised the complainant that they could complain against the third party contractor.
C v Telecommunications Company [2010] PrivCmrA 4: A telecommunications company listed a payment default on the complainant’s consumer credit file. The complainant claimed that they did not owe a debt to the telecommunications company, and that the default was listed in error.
The records kept by the telecommunications company confirmed that the complainant had not paid an outstanding balance on their account. The account had also been outstanding for at least 60 days before the telecommunications company listed the payment default.
The telecommunications company issued a written notice to the same address, advising that if the complainant failed to pay their account, a default might be listed with a credit reporting agency.
However, in the course of the Commissioner’s investigation, the telecommunications company became aware that it had listed the incorrect amount on the complainant’s consumer credit information file. In response, the telecommunications company offered to remove the default listing from the complainant’s credit information file, and to cancel the debt.
The Commissioner formed the view that while the telecommunications company had listed the incorrect amount, it had complied with the provisions in the Privacy Act regarding listing a payment default.
D v Commonwealth Agency [2010] PrivCmrA 5: The complainant was a person of interest in a compliance activity undertaken by an Australian Government agency. Part of the compliance activity required the complainant to answer questions posed by agency officers and to complete forms. The complainant alleged that the agency had not appropriately secured their personal information given the questioning took place in the presence of journalists. The agency also subsequently sent background information about the complainant to the journalists.
The Commissioner found there was a high risk that the journalists would overhear the complainant’s personal information in course of the agency’s questioning and that there was some risk of the journalists viewing the complainant’s documentation.
The agency formally apologised and paid compensation to the complainant. It also made significant changes to how personal information is protected in similar compliance activities and undertook additional privacy training of its compliance officers.
E v Private School [2010] PrivCmrA 6: The complainant sent the school a copy of their intended legal claim. The school told a third party that the complainant’s dispute was proceeding to court and they may be required to attend as a witness. The complainant alleged that their personal information was improperly disclosed by the school.
The Commissioner considered that the disclosure was for an authorised directly related secondary purpose and the disclosure was within the complainant’s reasonable expectations given any evidence provided to support the claim could be legitimately tested by the school, including contacting any witness named.
F v Health Service Provider [2010] PrivCmrA 7: The complainant had a dispute with their health service provider. The dispute was heard before the New South Wales Consumer, Trader and Tenancy Tribunal (CTTT). Before the hearing commenced, the health service provider gave a copy of its supporting documents to the complainant and the CTTT.
The Commissioner considered that the procedural direction issued by the CTTT to provide copies of documents was authority under law for the health service provider to disclose the complainant’s personal information.
G v Finance Company [2010] PrivCmrA 8: The complainant requested access to their personal information held by a finance company. The finance company sought to deny the complainant access on the basis that the request was frivolous and vexatious.
The complainant had made numerous requests, over a period of four years, for access to account statements held by the finance company that related to the complainant. The complainant had also raised their access request with a number of government bodies and Members of Parliament. Evidence showed that the finance company had provided the complainant with access to their information on at least two occasions.
The Commissioner found that the complainant’s request for access was a repeat request for information that had been previously provided. The complainant and the finance company had been involved in court proceedings several years previously. The Commissioner found that the repeated requests for access were substantially, if not solely, a means of obtaining documents to revisit the earlier litigation and pursue an unrelated grievance.
The Commissioner formed the view that the finance company could rely on NPP 6.1(d) to deny the complainant access to their information as the request was vexatious.
