The Privacy Commissioner, Karen Curtis, has released 13 new
case notes covering a range of different privacy issues and topics:
F v Insurance Company  PrivCmrA 8
relates to the collection and disclosure of personal information during an insurance claim. The Commissioner formed the view that the insurance company did not
comply with the requirements in National Privacy Principle 1.3 when it
provided the complainant with the claim form.
G v Law Firm  PrivCmrA 9
involves the improper use of personal information by a law firm. The law firm used information about a person obtained from acting for one insurer in defending the
complainant’s insurance claim against another client insurer. The Commissioner considered that the law
firm acted contrary to National Privacy Principle 2.
H v Health Service Provider  PrivCmrA 10
considers the improper disclosure of medical information. The medical centre had collected the complainant’s personal information to provide a
particular form of health care and used it for a different, unrelated
purpose which was in no way within the complainant’s reasonable
I v Insurance Company  PrivCmrA 11
examines the responsibility of insurance companies to keep personal information secure and safe from unauthorised modification. An insurer allowed the complainant’s former spouse access to information including the complainant’s new home address followeing their divorce.
J v Government Agency  PrivCmrA 12
looks at the right of government agencies to collect personal information about individuals from third parties. In this particular case, the Commissioner decided that the information
gathered was not an unreasonable intrusion into the complainant’s
privacy as the agency’s concern was based on a reasonable (although
incorrect) assumption that the individual was connected to a debtor, the complainant’s personal information was
collected from a publicly available source of information (a land
ownership registry) and the enquiries ceased immediately when it became
clear that the complainant was not financially connected to the payer.
K v Health Service Provider  PrivCmrA 13
relates to the right of individuals to access personal information held in their medical record. The medical centre denied access, arguing that to provide the
complainant with the first of the requested documents would pose a risk
to the complainant’s health, and to provide access to the second
document would impact upon the privacy of another individual. The Commissioner rejected the first argument but accepted the second argument.
L v Contractor to Australian Government Agency  PrivCmrA 14
considers the improper disclosure of personal information to a person’s employer.
M v Health Service Provider  PrivCmrA 15
looks at patient privacy regarding photographic images taken by their health service provider. The medical practitioner conceded that it was not necessary to record a
digital photograph of the complainant to provide a health service.
N v Accountancy Firm  PrivCmrA 16
looks at the meaning of consumer credit. The Commissioner was of the opinion that the money owed was for the
provision of an accounting service to the trust rather than for
domestic or household purposes. This meant that it could not be
classed as credit under section 6 of the Privacy Act, and so the
default could not be listed on a consumer credit information file by the accountants.
O v Insurance Company  PrivCmrA 17
examines an allegation about the improper disclosure of personal information during an insurance claim investigation. THe Commissioner rejected the complaint. The Commissioner considered that the information about the sexual
harassment claim had been gathered as part of a lawful investigation
into the factors affecting the complainant’s return to work.
P v Tenancy Database  PrivCmrA 18
involves the accuracy and currency of personal information. A tenancy database listing five years after the original event was removed.
Q v Australian Government Agency  PrivCmrA 19
regards the security and accuracy of personal information held by a government agency.One agency gave another agency a person’s residential address.
R v Retailer  PrivCmrA 20
considers the right of an individual to access and have their data removed from a retailer’s database. The complainant was charged by police with an offence against a
retailer but was not convicted. Subsequently, the complainant’s name
was placed on a database of individuals suspected of committing
offences against the retailer. The name was removed as the incident took place more than 6 years ago.