Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Determinations

The Office of the Australian Information Commissioner (OAIC) can, under s 52 of the Privacy Act 1988 (Privacy Act), make determinations on privacy complaints where conciliation has not resolved the matter or in relation to Commissioner initiated investigations (CII).

Below is a table with summary details of privacy determinations made under s 52 since 1 November 2010. The links in the first column take you to the decision itself, in PDF or HTML format on this website and in HTML format on the AustLII AICmr series webpage. The table below refers to provisions of the Privacy Act 1988 unless otherwise specified.

Other resources about decisions on privacy matters include Privacy CII reports.

Privacy determinations — summary table (from 1-11-2010)
Decision Legislative provision/s Catchword summary Determination Determination Status

‘LU’ and Department of Defence (Privacy) [2017] AICmr 61 (26 June 2017)

pdfPrintable version633.46 KB

IPP 4 — IPP 10

Privacy — Privacy Act — Information Privacy Principles — Privacy Act 1988 (Cth) s 52 — IPP 4 — Data security failure —  IPP 10 — Unauthorised use of sensitive personal information  — Compensation awarded – Non-economic loss – Section 52(3) expenses awarded

Finding: Breach of IPP 4 — breach of IPP 10

Remedies: Review procedures and report in nine months — Apology — Damages of $10,000 (non-economic loss)  — reimbursement of $3,000 reasonably incurred expenses

Under review: Administrative Appeals Tribunal

‘LS’ and ‘LT’ (Privacy) [2017] AICmr 60 (26 June 2017)

pdfPrintable version301.55 KB

APP 12.3, APP 12.5, APP 12.9

Privacy — Privacy Act 1988 (Cth) — s 52 — Australian Privacy Principles — APP 12.3 — Serious threat to life, health or safety — Breach of 12.5 – Failure to consider steps (if any) to give access — Breach of APP 12.9 — Failure to give written reasons for refusal — Use of intermediary — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 12.5 — breach of APP 12.9

Remedies: Access may be given through intermediary — Damages of $1,000 (non-economic loss)

Finalised

‘LP’ and The Westin Sydney (Privacy) [2017] AICmr 53 (7 June 2017)

pdfPrintable version611.2 KB

APP 3, APP 12

Privacy — Australian Privacy Principles — Privacy Act 1988 (Cth) — APP 3 — Whether collection of personal information was by lawful and fair means – Recording of phone call without participants’ knowledge – APP 12 – Access to personal information – Whether three days was an unreasonable period within which to provide access to a call recording

Finding: Breach of APP 3.5 — collection by unfair means

Remedies: A written apology — Damages of $1,500 (non-economic loss)

Under review: Federal Court

 

‘LB’ and Comcare (Privacy) [2017] AICmr 28 (24 March 2017)

pdfPrintable version268.22 KB

IPP 4, IPP 11

Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 4 — Data security failure — IPP 11 —Unauthorised disclosure of personal information — Compensation awarded — Non-economic loss — Economic loss not awarded— Aggravated damages not awarded — Section 52(3) expenses awarded

Finding: Breach of IPP 4  — breach of IPP 11

Remedies: Damages of $20,000 (non-economic loss) — reimbursement of $3,000 reasonably incurred expenses

Under review: Administrative Appeals Tribunal

‘LA’ and Department of Defence (Privacy) [2017] AICmr 25 (17 March 2017)

pdfPrintable version544.2 KB

APP 6

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 – Unauthorised disclosure of personal information-

Breach of APP 6 — Compensation awarded — Non-economic loss — Aggravated damages not awarded—Section 52(3) — reasonably incurred expenses awarded

Finding: Breach of APP 6

Remedies: Damages of $12,000 (non-economic loss) — reimbursement of $3,420 reasonably incurred expenses

Finalised

Financial Rights Legal Centre Inc. & Others and Veda Advantage Information Services and Solutions Ltd [2016] AICmr 88 (9 December 2016)

pdfPrintable version2.68 MB

20R — APP 7 — Paragraphs 19.3 and 19.4 of the CR Code Privacy — Privacy Act 1988 — Part IIIA — Privacy (Credit Reporting) Code 2014 (Version 1.2) — APP 7

Finding: Breach of the Privacy Act by contravening paragraphs 19.3(a) and (b) of the CR Code, APP 7 and s 20R(5).

Remedies: Within 6 months Veda to take action to ensure its service of providing free access to credit reporting information is as available, and as easy to identify and access as it is through its fee-based services including in relation to its phone service and to refund individuals the cost of its expedited delivery charge, in circumstances where those individuals had not sought access to credit reporting information within the preceding 12-months period.

Finalised

‘KB’ and Veda Advantage Information Services and Solutions Ltd [2016] AICmr 81 (25 November 2016)

pdfPrintable version617.63 KB

s 20N – s 20S – s 20P – s 20T Privacy — Privacy Act — Credit Reporting — Privacy Act 1988 (Cth) s52 — s 20N — s 20S – s 20P – s 20T —Compensation awarded — Review to be conducted — Civil penalty provision

Finding: Breach of ss 20N(1), 20N(2), 20P and 20S

Remedies: Apology —Damages of $10,000 (non-economic) – reimbursement of $5,830 reasonable expenses – Review of procedures for accuracy of court information

Finalised

‘KA’ and Commonwealth Bank of Australia Limited [2016] AICmr 80 (25 November 2016)

pdfPrintable version609.52 KB

NPP 2 – NPP 4 Privacy — Privacy Act —National Privacy Principles — Privacy Act 1988 (Cth) s 52 —NPP 2 —Use or disclosure of personal information— NPP 4  — Date security — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of NPP 6 and NPP 4

Remedies: Apology – Damages of $10,000 (non-economic) – Review of information handling procedures

Finalised

‘JO’ and Comcare [2016] AICmr 64 (21 September 2016)

pdfPrintable version579.79 KB

APP 6 – APP 6.1
APP 11 – APP 11.1

Privacy — Australian Privacy Principles — Privacy Act 1988 (Cth) s 52 — APP 6 — Use or disclosure of personal information — Breach of APP 6.1 — APP 11 — Security of personal information — Breach of APP 11.1 — Compensation awarded — Non-economic loss

Finding: Breach of APP 6.1 and 11.1

Remedies: Damages of $3,000 (non-economic loss) — Review of Comcare’s quality assurance practices and quality control measures in relation to automated bulk data file transfers

Finalised

‘IY’ and Business Services Brokers Pty Ltd t/a TeleChoice [2016] AICmr 44 (30 June 2016)

pdfPrintable version543.61 KB

APP 11 — APP 11.1, APP 11.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 11 – Security of personal information — Breach of APP 11.1 —Destruction or de-identification of personal information — Breach of APP 11.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 11.1 and 11.2

Remedies: Apology —Damages of $3,500 (non-economic loss)

Finalised

‘IX’ and Business Services Brokers Pty Ltd t/a TeleChoice [2016] AICmr 42 (30 June 2016)

pdfPrintable version543.61 KB

APP 11 — APP 11.1, APP 11.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 11 – Security of personal information —
Breach of APP 11.1 —Destruction or de-identification of personal information — Breach of APP 11.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 11.1 and 11.2

Remedies: Apology — Damages of $3,500 (non-economic loss)

Finalised

‘IV’ and ‘IW’ [2016] AICmr 41 (27 June 2016)

pdfPrintable version616.27 KB

APP 6 — APP 6.1
APP 10 — APP 10.2

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 – Disclosure by medical practitioner of patient’s medical information — Breach of APP 6.1 — APP 10 — Quality of personal information — Breach of APP 10.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 6.1 and 10.2

Remedies: Damages of $10,000 (non-economic loss)

Finalised

‘IR’ and NRMA Insurance, Insurance Australia Limited [2016] AICmr 37 (27 June 2016)

pdfPrintable version618.7 KB

APP 6 — APP 6.1
APP 11 — APP 11.1

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 – Use or disclosure of personal information —
Breach of APP 6.1 — APP 11 — Security of personal information — Breach of APP 11.1 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 6.1 and 11.1

Remedies: Apology — Amendment of complainant’s certificates of insurance — Damages of $3,000 (non-economic loss) — Revision of NRMA customer information guides — Review of NRMA disclosure practices in relation to certificates of insurance

Finalised

‘IQ’ and NRMA Insurance, Insurance Australia Limited [2016] AICmr 36 (27 June 2016)

pdfPrintable version512.71 KB

NPP 2 — NPP 2.1

NPP 4 — NPP 4.1

Privacy — Privacy Act — National Privacy Principles — Privacy Act 1988 (Cth) — s 52 — NPP 2 – Use or disclosure of personal information —

Breach of NPP 2.1 —NPP 4 — Security of personal information — No breach of NPP 4.1 — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of NPP 2.1

Remedies: Apology —Damages of $2,000 (non-economic loss)

Finalised

‘HW’ and Freelancer International Pty Limited [2015] AICmr 86 (18 December 2015)

pdfPrintable version747.33 KB

NPP 1 — NPP 1.1, NPP 1.2, NPP 1.3
NPP 2 — NPP 2.1
NPP 4 — 4.2

Privacy — Privacy Act — National Privacy Principles — Privacy Act 1988 (Cth) — s 52 — NPP 1.1 – Necessary collection — NPP 1.2 — Fair and lawful collection — NPP 1.3 — Notice of collection – Breach of NPP 1.3 — NPP 2.1 — Use and disclosure of customer’s personal information online — Breach of NPP 2.1 — NPP 4.2 — Retaining of data — Compensation awarded — Non-economic loss — Aggravated damages awarded

Finding: Breach of NPPs 1.3 and 2.1

Remedies: Apology — Staff training — General damages of $15,000 — Aggravated damages of $5,000

Set aside following review: [2017] AATA 2426

‘HS’ and AMP Life Ltd [2015] AICmr 81 (17 December 2015)

pdf 2015 AICmr 81Printable version541.41 KB

NPP 1 — NPP 1.5
NPP 4 — NPP 4.1

TFN Guidelines 2, 5 and 6

Privacy — Privacy Act — Collection of complainant’s personal information — National Privacy Principles (NPP) — NPP 1.5 — Collection of complainant’s tax file number (TFN) — TFN Guidelines 1992 — TFN Guideline 5

Security of personal information — NPP 4.1 — Disclosure of TFN — TFN Guideline 2

Storage, security and destruction of TFN information — TFN Guideline 6

Compensation awarded — Privacy Act 1988 s 52

Finding: Breach of NPPs 1.5 and 4.1, and TFN Guidelines 2, 5 and 6.

Remedies: Apology — Compensation of $10,000

Finalised

Ben Grubb and Telstra Corporation Limited [2015] AICmr 35 (1 May 2015)

pdf 2015 AICmr 35 Printable version 755.88 KB
NPP 6 – NPP 6.1 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 — s 52 — NPP6.1 — Access Finding: Breach of NPP 6.1

Remedies: Access to personal information free of charge

Set aside following review: [2015] AATA 991

Subsequent appeal dismissed: [2017] FCAFC 4

‘EZ’ and ‘EY’ [2015] AICmr 23 (27 March 2015)

pdf 2015 AICmr 23 Printable version 588.78 KB
NPP 2 — NPP 2.1
NPP 3 — NPP 3.1
NPP 4 — NPP 4.1
Privacy — Privacy Act — National Privacy Principles (NPP) — NPP 2.1, 3.1, 4.1 — Use and disclosure by medical practitioner of patient’s medical information to police officer — Breach of NPPs 2.1 and 4.1 — Compensation awarded Finding: Breach of NPPs 2.1 and 4.1

Remedies: Apology — Compensation of $6,500

Finalised

‘EQ’ and Great Barrier Reef Marine Park Authority [2015] AICmr 11 (2 February 2015) (AustLII link)

pdf 2015 AICmr 11 Printable version 588.78 KB
IPP 11 — IPP 11.1(d) Privacy Act —Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 11 — IPP 11.1(d) — Disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of IPP 11.1

Remedies: Apology — Review training of staff and agents — Compensation of $5,000

Varied following review: [2016] AATA 785

‘DO’ and Department of Veterans’ Affairs [2014] AICmr 124 (13 November 2014) (AustLII link)

pdf 2014 AICmr 124 Printable version 571.99 KB
IPP 11 — IPP 11.1(a), IPP 11.1(c), IPP 11.1(d), IPP 11.1(e) Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 11.1 — Use and disclosure — 11.1(a), 11.1(c), 11.1(d) 11.1 (e) — Exceptions Finding: Breach of IPP 11.1

Remedies: Apology — Review management of privacy complaints

Set aside following review: [2017] AATA 1560

Subsequent appeal pending.

‘DK’ and Telstra Corporation Limited [2014] AICmr 118 (30 October 2014) (AustLII link)

pdf 2014 AICmr 118 Printable version 314.94 KB
NPP1 — NPP1.3 NPP2 — NPP2.1(a), NPP2.1(g) Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP1 — Collection — NPP 2 — Use and disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of NPP 1.3

Remedies: Apology — Review processes — Review Privacy Statement — $18,000 for non-economic loss

Finalised

‘CP’ and Department of Defence [2014] AICmr 88 (2 September 2014) (AustLII link)

pdfPrintable version520.35 KB
IPP11 — IPP11.1(a) Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s.52 — IPP 11 — IPP 11.1(a) — Disclosure — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of IPP 11.1(a)

Remedies: Apology — Amend information handling practices — Staff training — Compensation of $5,000

Finalised

‘CM’ and Corporation of the Synod of the Diocese of Brisbane [2014] AICmr 86 (2 September 2014) (AustLII link)

pdfPrintable version626.57 KB
NPP 4 — NPP 4.1 — NPP 4.2 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1982 s 52 — NPP 2 — Use and disclosure — NPP 4 — NPP 4.1 — NPP 4.2 —Data security — Compensation — Non-economic loss — Aggravated damages not awarded — Pecuniary damages not awarded Finding: Breach of NPP 4.1

Remedies: Compensation of $7,500

Finalised

‘BO’ and AeroCare Pty Ltd [2014] AICmr 32 (8 April 2014) (AustLII link)

pdf 2014 AICmr 32Printable version 587.76 KB
NPPs 1.2, 1.3 and 4.1 Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP 1 — NPP 1.2 and NPP 1.3 — Collection — NPP 4 — NPP 4.1 — Data security — Compensation — Non-economic loss — Aggravated damages not awarded Finding: Breach of NPPs 1.2, 1.3 and 4.1

Remedies: Apology — Review staff training  — Compensation of $8,500

Finalised

‘S’ and Veda Advantage Information Services and Solutions Limited [2012] AICmr 33 (20 December 2012) (AustLII link)

html 2012 AICmr 33 OAIC website version
s 18G(a) — s 18R(1) Privacy — Privacy Act — Credit Reporting — (CTH) Privacy Act 1988 s 52 — s 18G(a) — accurate, up-to-date, complete and not misleading  — s 18R(1) — misleading credit report — noneconomic loss — assessment of damages measured by statute, assisted by rules in tort — aggravated damages not awarded Finding: Breach of s 18G(a) and s 18R(1)

Remedies: Apology — Amend credit file — Review processes and staff training — Compensation of $2,000

Finalised

'D' and Wentworthville Leagues Club [2011] AICmr 9 (9 December 2011) (AustLII link)

html 2011 AICmr 9 OAIC website version
NPP 2 — NPP 2.1(g) Privacy — Privacy Act — National Privacy Principles — (CTH) Privacy Act 1988 s 52 — NPP 2 — NPP 2.1(g) — disclosure — non-economic loss — assessment of damages measured by statute, assisted by rules in tort — aggravated damages not awarded — pecuniary damages not awarded Finding: Breach of NPP 2.1(g)

Remedies: Apology — Staff training — Compensation of $7,500

Finalised

Latest privacy determinations