The Privacy Commissioner has published three new case notes.

• S v Health Service Provider [2008] PrivCmrA 19: a patient complained that sending their medical records and x-rays by general post was a failure to keep personal information secure.
• T v Private Community Centre [2008] PrivCmrA 20: the complainant complained that the community centre used for the transfer of children between separated parents had not disclosed its videon surveillance policy. The Commissioner was of the view that the community centre had taken reasonable steps for the purposes of NPP 1.3 to ensure that the complainant was aware of the circumstances in which their personal information was collected, including by placing prominent signs on its premises, and by informing the complainant both verbally and in writing, that video surveillance would take place for security reasons. No Privacy Act breach had occurred. 
• U v Betting Agency [2008] PrivCmrA 21: The Privacy Commissioner became aware that a Betting Agency had access to consumer credit information files held by a credit reporting agency.  The betting agency had accessed individuals’ credit information files on numerous occasions. The Commissioner was of the opinion that access by the Betting Agency to credit information files held by a credit reporting agency may be considered an offence under section 18S of the Privacy Act. Following a full investigation of this matter, the Commissioner was of the opinion that the Betting Agency did not intentionally contravene section 18S.  The Commissioner took into consideration information provided by the Betting Agency that it ceased accessing credit information files after receiving advice from the Commissioner that this may be unlawful.