Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Determinations

The Office of the Australian Information Commissioner (OAIC) can, under s 52 of the Privacy Act 1988 (Privacy Act), make determinations on privacy complaints where conciliation has not resolved the matter or in relation to Commissioner initiated investigations (CII).

Below is a table with summary details of privacy determinations made under s 52 since 1 November 2010. The links in the first column take you to the decision itself, in PDF or HTML format on this website and in HTML format on the AustLII AICmr series webpage. The table below refers to provisions of the Privacy Act 1988 unless otherwise specified.

Other resources about decisions on privacy matters include Privacy CII reports.

Privacy determinations — summary table (from 1-11-2010)
DecisionLegislative provision/sCatchword summaryDetermination

‘IY’ and Business Services Brokers Pty Ltd t/a TeleChoice [2016] AICmr 44 (30 June 2016)

pdfPrintable version543.61 KB

APP 11 — APP 11.1, APP 11.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 11 – Security of personal information — Breach of APP 11.1 —Destruction or de-identification of personal information — Breach of APP 11.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 11.1 and 11.2

Remedies: Apology —Damages of $3,500 (non-economic loss)

‘IX’ and Business Services Brokers Pty Ltd t/a TeleChoice [2016] AICmr 42 (30 June 2016)

pdfPrintable version543.61 KB

APP 11 — APP 11.1, APP 11.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 11 – Security of personal information —
Breach of APP 11.1 —Destruction or de-identification of personal information — Breach of APP 11.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 11.1 and 11.2

Remedies: Apology — Damages of $3,500 (non-economic loss)

‘IV’ and ‘IW’ [2016] AICmr 41 (27 June 2016)

pdfPrintable version616.27 KB

APP 6 — APP 6.1
APP 10 — APP 10.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 – Disclosure by medical practitioner of patient’s medical information — Breach of APP 6.1 — APP 10 — Quality of personal information — Breach of APP 10.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 6.1 and 10.2

Remedies: Damages of $10,000 (non-economic loss)

‘IR’ and NRMA Insurance, Insurance Australia Limited [2016] AICmr 37 (27 June 2016)

pdfPrintable version618.7 KB

APP 6 — APP 6.1
APP 11 — APP 11.1

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 – Use or disclosure of personal information —
Breach of APP 6.1 — APP 11 — Security of personal information — Breach of APP 11.1 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 6.1 and 11.1

Remedies: Apology — Amendment of complainant’s certificates of insurance — Damages of $3,000 (non-economic loss) — Revision of NRMA customer information guides — Review of NRMA disclosure practices in relation to certificates of insurance

‘IQ’ and NRMA Insurance, Insurance Australia Limited [2016] AICmr 36 (27 June 2016)

pdfPrintable version512.71 KB

NPP 2 — NPP 2.1

NPP 4 — NPP 4.1

Privacy — Privacy Act — National Privacy Principles — Privacy Act 1988 (Cth) — s 52 — NPP 2 – Use or disclosure of personal information —

Breach of NPP 2.1 —NPP 4 — Security of personal information — No breach of NPP 4.1 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of NPP 2.1

Remedies: Apology —Damages of $2,000 (non-economic loss)

‘HW’ and Freelancer International Pty Limited [2015] AICmr 86 (18 December 2015)

pdfPrintable version747.33 KB

NPP 1 — NPP 1.1, NPP 1.2, NPP 1.3
NPP 2 — NPP 2.1
NPP 4 — 4.2

Privacy — Privacy Act — National Privacy Principles — Privacy Act 1988 (Cth) — s 52 — NPP 1.1 – Necessary collection — NPP 1.2 — Fair and lawful collection — NPP 1.3 — Notice of collection – Breach of NPP 1.3 — NPP 2.1 — Use and disclosure of customer’s personal information online — Breach of NPP 2.1 — NPP 4.2 — Retaining of data — Compensation awarded — Non-economic loss — Aggravated damages awarded

Finding: Breach of NPPs 1.3 and 2.1

Remedies: Apology — Staff training — General damages of $15,000 — Aggravated damages of $5,000

‘HS’ and AMP Life Ltd [2015] AICmr 81 (17 December 2015)

pdf 2015 AICmr 81Printable version541.41 KB

NPP 1 — NPP 1.5
NPP 4 — NPP 4.1

TFN Guidelines 2, 5 and 6

Privacy — Privacy Act — Collection of complainant’s personal information — National Privacy Principles (NPP) — NPP 1.5 — Collection of complainant’s tax file number (TFN) — TFN Guidelines 1992 — TFN Guideline 5

Security of personal information — NPP 4.1 — Disclosure of TFN — TFN Guideline 2

Storage, security and destruction of TFN information — TFN Guideline 6

Compensation awarded — Privacy Act 1988 s 52

Finding: Breach of NPPs 1.5 and 4.1, and TFN Guidelines 2, 5 and 6.

Remedies: Apology — Compensation of $10,000

Ben Grubb and Telstra Corporation Limited [2015] AICmr 35 (1 May 2015)

pdf 2015 AICmr 35 Printable version 755.88 KB
NPP 6 – NPP 6.1 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 — s 52 — NPP6.1 — Access Finding: Breach of NPP 6.1

Remedies: Access to personal information free of charge
‘EZ’ and ‘EY’ [2015] AICmr 23 (27 March 2015)

pdf 2015 AICmr 23 Printable version 588.78 KB
NPP 2 — NPP 2.1
NPP 3 — NPP 3.1
NPP 4 — NPP 4.1
Privacy — Privacy Act — National Privacy Principles (NPP) — NPP 2.1, 3.1, 4.1 — Use and disclosure by medical practitioner of patient’s medical information to police officer — Breach of NPPs 2.1 and 4.1 — Compensation awarded Finding: Breach of NPPs 2.1 and 4.1

Remedies: Apology — Compensation of $6,500
‘EQ’ and Great Barrier Reef Marine Park Authority [2015] AICmr 11 (2 February 2015) (AustLII link)

pdf 2015 AICmr 11 Printable version 588.78 KB
IPP 11 — IPP 11.1(d) Privacy Act —Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 11 — IPP 11.1(d) — Disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of IPP 11.1

Remedies: Apology — Review training of staff and agents — Compensation of $5,000
‘DO’ and Department of Veterans’ Affairs [2014] AICmr 124 (13 November 2014) (AustLII link)

pdf 2014 AICmr 124 Printable version 571.99 KB
IPP 11 — IPP 11.1(a), IPP 11.1(c), IPP 11.1(d), IPP 11.1(e) Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 11.1 — Use and disclosure — 11.1(a), 11.1(c), 11.1(d) 11.1 (e) — Exceptions Finding: Breach of IPP 11.1

Remedies: Apology — Review management of privacy complaints
‘DK’ and Telstra Corporation Limited [2014] AICmr 118 (30 October 2014) (AustLII link)

pdf 2014 AICmr 118 Printable version 314.94 KB
NPP1 — NPP1.3 NPP2 — NPP2.1(a), NPP2.1(g) Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP1 — Collection — NPP 2 — Use and disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of NPP 1.3

Remedies: Apology — Review processes — Review Privacy Statement — $18,000 for non-economic loss
‘CP’ and Department of Defence [2014] AICmr 88 (2 September 2014) (AustLII link)

pdfPrintable version520.35 KB
IPP11 — IPP11.1(a) Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s.52 — IPP 11 — IPP 11.1(a) — Disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of IPP 11.1(a)

Remedies: Apology — Amend information handling practices — Staff training — Compensation of $5,000
‘CM’ and Corporation of the Synod of the Diocese of Brisbane [2014] AICmr 86 (2 September 2014) (AustLII link)

pdfPrintable version626.57 KB
NPP 4 — NPP 4.1 — NPP 4.2 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1982 s 52 — NPP 2 — Use and disclosure — NPP 4 — NPP 4.1 — NPP 4.2 —Data security — Compensation — Non-economic loss — Aggravated damages not awarded — Pecuniary damages not awarded Finding: Breach of NPP 4.1

Remedies: Compensation of $7,500
‘BO’ and AeroCare Pty Ltd [2014] AICmr 32 (8 April 2014) (AustLII link)

pdf 2014 AICmr 32Printable version 587.76 KB
NPPs 1.2, 1.3 and 4.1 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP 1 — NPP 1.2 and NPP 1.3 — Collection — NPP 4 — NPP 4.1 — Data security — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of NPPs 1.2, 1.3 and 4.1

Remedies: Apology — Review staff training  — Compensation of $8,500
‘S’ and Veda Advantage Information Services and Solutions Limited [2012] AICmr 33 (20 December 2012) (AustLII link)

html 2012 AICmr 33 OAIC website version
s 18G(a) — s 18R(1) Privacy — Privacy Act — Credit Reporting — (CTH) Privacy Act 1988 s 52 — s 18G(a) — accurate, up-to-date, complete and not misleading  — s 18R(1) — misleading credit report — noneconomic loss — assessment of damages measured by statute, assisted by rules in tort — aggravated damages not awarded Finding: Breach of s 18G(a) and s 18R(1)

Remedies: Apology — Amend credit file — Review processes and staff training — Compensation of $2,000
'D' and Wentworthville Leagues Club [2011] AICmr 9 (9 December 2011) (AustLII link)

html 2011 AICmr 9 OAIC website version
NPP 2 — NPP 2.1(g) Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP 2 — NPP 2.1(g) — disclosure — non-economic loss — assessment of damages measured by statute, assisted by rules in tort — aggravated damages not awarded — pecuniary damages not awarded Finding: Breach of NPP 2.1(g)

Remedies: Apology — Staff training — Compensation of $7,500

Latest privacy determinations