The Privacy Commissioner has released the first case notes for 2008.
In A v Private School [2008] PrivCmrA 1 the OFPC found that a private school was entitled to refuse access to certain documents held by it relating to an investigation of a student as giving access to the investigation documents would amount to an interference
with the privacy of other individuals as the individuals in question
had provided that information on the understanding that their details
would not be revealed to the complaint for fear of reprisal.
In B v Hotel [2008] PrivCmrA 2 – The OFPC found that the disclosure of details of one hotel guest by a hotel to another hotel guest was an improper disclosure of personal information by an organisation. In the unusual circumstances of this case, the complaint was resolved by conciliation and an apology.
In C v Health Service Provider [2008] PrivCmrA 3 a health service provider disclosed details of a letter from a member’s relative to the member.The matter was resolved by an apology to the relative by the provider.
In D v Health Service Provider [2008] PrivCmrA 4 a patient of a private clinic complained about its security of personal information when advised that notes about her had been lost or destroyed. As there was no evidence the notes had her name or identifying details the matter was not taken further.
In E v Insurance Company [2008] PrivCmrA 5 an insured complained that the insured’s insurance company disclosed the complainant’s contact details to
the third party who was involved in the car accident. The third party
subsequently contacted the complainant via telephone wanting to discuss
the amount of money the third party was being required to pay as a
result of the accident. The insurer acknowledged it was an improper disclosure of personal information and apologised and paid a cheque to the complainant in settlement of the privacy complaint.
In F v Australian Government Agency [2008] PrivCmrA 6 the complainant, a former employee of a government agency,
complained that their personal record held by the agency had been
accessed by a current employee of the agency. The employee, for reasons
unrelated to their employment, used the records to locate where the
complainant was living. The complainant stated this caused them to fear for their safety,
and resulted in the complainant having to change their name and place
of residence. The Commissioner took the view that the agency had not taken
reasonable steps in the particular circumstances to protect the
complainant’s personal information and that the complainant’s
personal information had been used for an unauthorised purpose. The complainant accepted a confidential settlement for costs associated with the complainant’s change of name and place of residence.
In G v Financial Institutions X and Y [2008] PrivCmrA 7 the complaint related to the disclosure of a person’s information under significant cash transaction reports to AUSTRAC. Although 1 of the financial institutions made an error in respect of the person’s occupation (which it corrected) the OFPC decided that both organisations were required by law to make such disclosures
and could rely on the exception in National Privacy Principle 2.1(g).