Privacy case notes

The Federal Privacy Commissioner has published case notes 1 – 7, 2005.

The cases relate to excessive charges for access to records, a disputed credit file listing, inappropriate disclosure of personal information and a failure to appropriately secure documents when in transit.

The full decisions are worth reading to understand the Commissioner’s approach to complaints in different fact circumstances and how they are resolved.

In A v Insurer [2005] PrivCmrA 1 (http://www.privacy.gov.au/act/casenotes/ccn1_05.html),
the complainant asked an Insurer for copies of all his personal information that it held. After assessing the documents the Insurer quoted an access charge of approximately $600 to cover its costs for
retrieving and copying approximately 500 pages of documents. The complainant paid the charge and the Insurer provided the quoted documents, but withheld certain documents. The complainant alleged that
the Insurer failed to provide reasons for denying access to the withheld documents.

The Commissioner decided that:

* that the access charge was not excessive; and

* that the Insurer had breached National Privacy Principle 6.7 by not providing reasons for denying access to certain documents.

In B v Credit Provider [2005] PrivCmrA 2 (http://www.privacy.gov.au/act/casenotes/ccn2_05.html),
the complainant received a demand in January 2003 for payment of
outstanding telephone service charges covering a 12 month period up to
September 1996. The complainant claimed an invoice had been paid in
April 1996 and disputed owing further amounts.

In March 2003 the respondent listed a payment default in the amount of the debt on the complainant’s consumer credit information file, held by a credit reporting agency.

Following an investigation by the Commissioner, the credit reporting agency advised the respondent about the prohibition against listing statute barred debts, and the payment default listing was removed from the complainant’s consumer credit information file.

In C v Commonwealth Agency [2005] PrivCmrA 3 (http://www.privacy.gov.au/act/casenotes/ccn3_05.html),
the complainant and his wife were employees of the respondent. The complainant’s wife was the applicant in proceedings against the respondent in the Administrative Appeals Tribunal for compensation in relation to a health and safety issue. During proceedings the complainant’s wife submitted to the Tribunal that she was not able to afford certain medical expenses. In reply, the respondent obtained
information about the complainant’s income from its payroll department which it submitted to the Tribunal as evidence of the applicant’s financial standing.

The complainant argued that the respondent was not permitted to disclose his personal information to the respondent’s legal counsel in relation to a matter which did not concern the complainant.

The Commissioner decided under section 41(1)(a) of the Act not to investigate the matter further on the grounds that the disclosure of personal information was authorised by law and therefore did not breach National Privacy Principle 2.1.

In D v Health Service Provider; E v Health Service Provider; F v Health Service Provider; G v Health Service Provider [2005] PrivCmrA 4 (http://www.privacy.gov.au/act/casenotes/ccn4_05.html),
the Commissioner has published four case notes on four finalised complaints addressing a common issue, namely excessive charges for providing access. In 3 of the 4 cases the access fees were reduced.

In H v Commonwealth Agency [2005] PrivCmrA 5 (http://www.privacy.gov.au/act/casenotes/ccn5_05.html),
the complainant, a customer of a Commonwealth government agency, made a privacy complaint to that Commonwealth government agency about an officer of the agency improperly browsing her personal information. An investigation was conducted by the agency and as a result of the investigation the officer’s employment with the agency was terminated.

The Commissioner was of the opinion that based on the information supplied by the complainant the agency had dealt appropriately with the issue by terminating the officer’s employment and offering the complainant a written apology.

In I v Commonwealth Agency [2005] PrivCmrA 6 (http://www.privacy.gov.au/act/casenotes/ccn6_05.html),
the complainant alleged that a federal court had disclosed the complainant’s name and address to a third party. Following an investigation, the Commissioner decided that there was no jurisdiction to further investigate the allegation because the alleged disclosure involved information that was recorded in a court order and the alleged disclosure occurred in the course of the judicial functions and activities of the agency therefore it was not an act done, or practice engaged in, in respect of an administrative matter.

In J v Superannuation Provider [2005] PrivCmrA 7 (http://www.privacy.gov.au/act/casenotes/ccn7_05.html),
the complainant alleged that records relating to his superannuation disability claim were found on a public thoroughfare. The records included reports about covert surveillance undertaken by the superannuation provider as part of the claim assessment.

The Commissioner found there was a breach of National Privacy Principle 4.1 and then moved to conciliate a resolution of the matter. The parties agreed to resolution that included a formal written apology and a payment of compensation of $3500 for loss or damage including legal expenses and hurt and embarrassment. The superannuation provider also advised the Commissioner that it had changed its distribution policy to require that in future all couriered documents be signed for personally.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.