Privacy determinations

1 to 10 of 78 results

    Decision

    ‘ADH’ and Secretary to the Department of Defence (Privacy) [2023] AICmr 24 (6 April 2023)

    Decision year

    6 April 2023

    Status

    Finalised

    Legislative provision

    APP 3 – APP 5 – APP 6 – APP 10 – APP 13.5

    Determination

    Breach

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3 — APP 5 — APP 6 — APP 10 — APP 13.5 — Whether inaccuracies in file note and draft psychological referral — Whether reasonable steps were taken to ensure information collected in a file note and draft psychological referral was accurate — Whether APP 5 matters were notified — Whether there was implied consent to collection — Whether collection was done via unlawful or unfair means — Whether reasonable steps were taken to correct information — No award of damages for non-economic loss — No award of aggravated damages.

    Decision

    'D' and Wentworthville Leagues Club [2011] AICmr 9

    Decision year

    2011

    Status

    Finalised

    Legislative provision

    NPP 2 - NPP 2.1(g)

    Determination

    Finding: Breach of NPP 2.1(g)

    Remedies: Apology - Staff training - Compensation of $7,500

    Catchword summary

    Privacy - Privacy Act - National Privacy Principles - (CTH) Privacy Act 1988 s 52 - NPP 2 - NPP 2.1(g) - disclosure - non-economic loss - assessment of damages measured by statute, assisted by rules in tort - aggravated damages not awarded - pecuniary damages not awarded

    Decision

    'ADO' and Telstra Corporation Limited (Privacy) [2023] AICmr 47 (14 June 2023)

    Decision year

    14 June 2023

    Status

    Finalised

    Legislative provision

    APP 10.2 – s 21C – s 21D

    Determination

    Breach

    Acknowledgment of interference with privacy and conduct must not be repeated or continued. Respondent to ensure correction of credit file with Credit Reporting Body. Compensation of $2,154.37.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 10.2 — Section 21C — Section 21D — Use of information regarding grant of authority — Use and disclosure of identification information to credit reporting body — Whether personal information was complete, accurate, up-to-date and relevant — Whether reasonable steps taken to ensure personal information was complete, accurate, up-to-date and relevant — Breach of APPs and s 21C and s 21D — Compensation awarded — Must not repeat or continue conduct — Credit file to be corrected

    Decision

    'AEZ' and Serco Group Pty Limited (Privacy) 2023 AICmr 93 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    APP 10 and APP 13

    Determination

    Breach

    Remedies

    Respondent to acknowledge their interference with the complainant’s privacy in a written apology, and to not repeat or continue conduct. Respondent to pay compensation in the amount of $1,500 to the complainant.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 10.1 — APP 10.2 — APP 13.3 — Whether reasonable steps taken to ensure personal information was complete, accurate, up-to[1]date and relevant — Failure to provide written notice with mechanisms available to complain about refusal to correct personal information — Breach of APP 10.1 — Breach of APP 13.3 — Acknowledgement of interference with privacy — Must not repeat or continue conduct — Compensation awarded — Reasonable act or course of conduct to redress loss or damage required.

    Decision

    Datateks Pty Ltd (Privacy) [2023] AICmr 97 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 26WH and s26WK

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and prepare incident response plan, a copy of which is to be provided to the Commissioner within 3 months of determination.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Section 26WH — Section 26WK — Eligible data breach — Assessment of suspected eligible data breach — Whether assessment was reasonable and expeditious — Whether all reasonable steps taken to complete assessment within 30 days — Statement about eligible data breach — Whether copy of statement was provided to Commissioner as soon as practicable — Breach of s 26WH(2) and s 26WK(2) — Must not repeat or continue conduct

    Decision

    Pacific Lutheran College (Privacy) [2023] AICmr 98 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 26WH and s26WK

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct. Respondent must prepare and implement incident response plan. Respondent must prepare and implement information security program.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Section 26WH — Section 26WK — Eligible data breach — Assessment of suspected eligible data breach — Whether assessment was reasonable and expeditious — Whether all reasonable steps taken to complete assessment within 30 days — Statement about eligible data breach — Whether copy of statement was provided to Commissioner as soon as practicable — Breach of s 26WH(2) and s 26WK(2) — Must not repeat or continue conduct

    Decision

    Cardiac Dynamics [2023] AICmr 96 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

    Decision

    Burwood Westfield Medical Centre (Privacy) 2023 AICmr 108 (9 November 2023)

    Decision year

    9 November 2023

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

    Decision

    'HW' and Freelancer International Pty Limited [2015] AICmr 86

    Decision year

    2015

    Status

    Set aside following review: [2017] AATA 2426

    Legislative provision

    NPP 1 - NPP 1.1, NPP 1.2, NPP 1.3 - NPP 2 - NPP 2.1 - NPP 4 - 4.2

    Determination

    Finding: Breach of NPPs 1.3 and 2.1

    Remedies: Apology - Staff training - General damages of $15,000 - Aggravated damages of $5,000

    Catchword summary

    Privacy - Privacy Act - National Privacy Principles - Privacy Act 1988 (Cth) - s 52 - NPP 1.1 - Necessary collection - NPP 1.2 - Fair and lawful collection - NPP 1.3 - Notice of collection - Breach of NPP 1.3 - NPP 2.1 - Use and disclosure of customer's personal information online - Breach of NPP 2.1 - NPP 4.2 - Retaining of data - Compensation awarded - Non-economic loss - Aggravated damages awarded

    Decision

    'IQ' and NRMA Insurance, Insurance Australia Limited [2016] AICmr 36

    Decision year

    2016

    Status

    Finalised

    Legislative provision

    NPP 2 - NPP 2.1 - NPP 4 - NPP 4.1

    Determination

    Finding: Breach of NPP 2.1

    Remedies: Apology - Damages of $2,000 (non-economic loss)

    Catchword summary

    Privacy - Privacy Act - National Privacy Principles - Privacy Act 1988 (Cth) - s 52 - NPP 2 - Use or disclosure of personal information - Breach of NPP 2.1 -NPP 4 - Security of personal information - No breach of NPP 4.1 - Compensation awarded - Non-economic loss - Aggravated damages not awarded

Showing 1 to 10 of 78 results