Privacy case notes 25-27, 2007

The Privacy Commissioner has released three new case notes:

  • In W v Telecommunications Company [2007] PrivCmrA 25, it was found that the customer’s residential address had been improperly disclosed by the telecommunications provider even though a fee had been paid to suppress it.

    The Commissioner also found that the complainant had attempted to
    resolve the matter with the telecommunications company a number of
    times, but the company did not take timely action to correct the error
    once they were informed of it.

    The complainant subsequently agreed to a settlement proposed by the telecommunications company.

  • In X v Transport Company [2007] PrivCmrA 26, the Office investigated whether there was an improper disclosure of personal information relating to a medical assessment. It was found that the transport company advised the employees that
    someone had failed the medical assessment.  However, the company did
    not disclose who had failed the assessment, or for what reasons. In this case, the Commissioner was not satisfied that the information
    disclosed by the transport company was sufficient to make it likely
    that the workers could identify the complainant as the individual who
    had not passed the medical assessment. However, the Commissioner also advised the transport company to adopt
    additional security measures to minimise the possibility that any such
    incidents may occur in the future.
  • In Y v Ticketing Company [2007] PrivCmrA 27, the issue of the security of personal information including credit card information was considered.The ticketing company stated that the information was for purposes
    of identification and to minimise the incidence of fraud. It held that
    this is a common practice across a number of industries.

    The ticketing company also informed the Commissioner that it used a
    merchant EFTPOS facility provided by a banking institution and it was
    this facility that printed full credit card details on the receipt.

    The Commissioner reached the view that the ticketing company had not
    interfered with the privacy of the individual as it appeared that the
    company was fulfilling its obligations under National Privacy Principle
    4.1 by providing customer credit receipts directly to the credit card
    holder only, and that steps were taken to secure the merchant copy of
    the receipt held by the ticketing company.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.