The Privacy Commissioner has released three new case notes:
- In W v Telecommunications Company  PrivCmrA 25, it was found that the customer’s residential address had been improperly disclosed by the telecommunications provider even though a fee had been paid to suppress it.
The Commissioner also found that the complainant had attempted to
resolve the matter with the telecommunications company a number of
times, but the company did not take timely action to correct the error
once they were informed of it.
The complainant subsequently agreed to a settlement proposed by the telecommunications company.
- In X v Transport Company  PrivCmrA 26, the Office investigated whether there was an improper disclosure of personal information relating to a medical assessment. It was found that the transport company advised the employees that
someone had failed the medical assessment. However, the company did
not disclose who had failed the assessment, or for what reasons. In this case, the Commissioner was not satisfied that the information
disclosed by the transport company was sufficient to make it likely
that the workers could identify the complainant as the individual who
had not passed the medical assessment. However, the Commissioner also advised the transport company to adopt
additional security measures to minimise the possibility that any such
incidents may occur in the future.
- In Y v Ticketing Company  PrivCmrA 27, the issue of the security of personal information including credit card information was considered.The ticketing company stated that the information was for purposes
of identification and to minimise the incidence of fraud. It held that
this is a common practice across a number of industries.
The ticketing company also informed the Commissioner that it used a
merchant EFTPOS facility provided by a banking institution and it was
this facility that printed full credit card details on the receipt.
The Commissioner reached the view that the ticketing company had not
interfered with the privacy of the individual as it appeared that the
company was fulfilling its obligations under National Privacy Principle
4.1 by providing customer credit receipts directly to the credit card
holder only, and that steps were taken to secure the merchant copy of
the receipt held by the ticketing company.