Privacy case notes 1-6 of 2011

The Privacy Commissioner has issued new case notes.

In A v Credit Provider [2011] PrivCmrA 1 the complainant alleged their credit provider had improperly listed a default on their consumer credit file because they did not receive a final notice from the credit provider before the default was listed. The complainant’s debt had been assigned to XYZ Credit Co by their original credit provider and the complainant had been notified. The Commissioner found that the original credit provider had met the requirements to list the debt and, consequently, XYZ Credit Co had also met these requirements. The Commissioner concluded that the complainant had been notified that their debt may be listed with a credit reporting agency and the default was listed correctly.

In B v Law Firm [2011] PrivCmrA 2 the complaint related to receipt of health records used in court proceedings by the defendant insurer’s law firm. The Commissioner declined to investigate the complaint under section 41(1)(a) of the Privacy Act, on the basis that the actions of the law firm did not constitute an interference with the complainant’s privacy, as defined in the Act. NPP 10.1(e) allows for the collection of medical information to establish a defence to a legal claim. It does not require the individual to consent to the collection of their sensitive information. The Commissioner considered that where an individual makes an insurance claim, the insurer may need to collect sensitive information about the claimant to prepare its case. In this case, the law firm was acting for the insurer and was therefore entitled to collect the sensitive information to prepare a defence on behalf of its client.

In C v Charity [2011] PrivCmrA 3 The complainant, an employee of a charity, sought assistance in a personal matter from one of the charity’s publicly available services. The complainant alleged the charity improperly used their personal information when it informed the complainant’s immediate supervisors of their application for assistance. The charity admitted that it should not have used the complainant’s personal information in the way that it had and paid the complainant an agreed amount of compensation for health treatment and other costs incurred after the use of their personal information, and for injury to feelings.

In D v Charitable Organisation [2011] PrivCmrA 4 the complainant complained they could not access their personal information held by the charitable organisation. The organisation stated it needed to deny access as providing access would pose a threat to the life and health of the complainant. It was agreed that the complainant nominate a health practitioner to act as an intermediary for the access request. The practitioner assessed any possible threats to the life and health of the complainant from the personal information contained within their records, before access was granted to them.

In E v Insurance Company [2011] PrivCmrA 5 after the complainant’s car was involved in an accident the insurance company disclosed the complainant’s name, policy details and policy number to another family member. The Commissioner formed the view that the disclosure of the complainant’s personal information to the family member, who was uninvolved in either the accident or the insurance claim, was not permitted under NPP 2.1. The insurance company acknowledged its error, and apologised to the complainant for the way it had handled their personal information.

In F v Contract Service Provider to a Commonwealth Government Agency [2011] PrivCmrA 6 the Commissioner found that the collection of the complainant’s information by the CSP was necessary for a lawful purpose directly related to the CSPs functions or activities.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.