Privacy determinations

Decision

Commissioner Initiated Investigation into IRE Pty Ltd (Privacy) [2026] AICmr 24 (1 April 2026)

Decision year

1 April 2026

Status

Finalised

Legislative provision

APP 3.2; 3.5

Determination

Finding: Breach

Remedies Must not repeat or continue acts and practices found to be an interference with individuals’ privacy — Specified steps to address interference.

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3.2 − APP 3.5 – whether personal information collected was reasonably necessary – whether means of collection were fair

View on Austlii

Decision

Commissioner Initiated Investigation into Vinomofo Pty Ltd (Privacy) [2025] AICmr 175 (17 October 2025)

Decision year

17 October 2025

Status

Finalised

Legislative provision

APP 11

Determination

Finding: Breach

Remedies: Must not repeat or continue acts and practices found to be an interference with individuals’ privacy — Specified steps to address interference.

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 11.1— Whether reasonable steps taken to protect personal information — Breach of APP 11.1 — Failure to take reasonable steps — Must not repeat or continue acts and practices found to be an interference with individuals’ privacy — Specified steps to address interference.

View on AustLii

Decision

AYN’ and Fortrend Securities Pty Ltd (Privacy) [2025] AICmr 167 (15 September 2025)

Decision year

15 September 2025

Status

Finalised

Legislative provision

APP 6

Determination

Finding: Breach

Remedies: Compensation for non-economic loss awarded – Aggravated damages awarded – Apology - Specified steps to address interference

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — Employee records exemption – Whether act or practice is directly related to employment relationship – APP 6 – Disclosure of personal information – Compensation for non-economic loss awarded – Aggravated damages awarded – Apology - Specified steps to address interference

View on AustLii

Decision

Commissioner Initiated Investigation into Kmart Australia Limited (Privacy) [2025] AICmr 155 (26 August 2025)

Decision year

26 August 2025

Status

Finalised

Legislative provision

APP 3.3 APP 3.4 APP 5.1 APP 5.2 APP 1.3 APP 1.4

Determination

Finding: Breach

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3.3 – APP 3.4 – APP 5.1 – APP 5.2 – APP 1.3 – APP 1.4 — whether personal information was collected – whether permitted general situation existed in relation to collection – whether reasonable steps were taken to notify or otherwise ensure individuals were aware of APP 5.2 matters – whether the respondent had a clearly expressed and up-to-date privacy policy – breaches substantiated – must not repeat or continue acts and practices found to be an interference with individuals’ privacy

View on AustLii

Decision

'AXF' and 'AXG' (Privacy) [2025] AICmr 121

Decision year

27 June 2025

Status

Finalised

Legislative provision

APP 11

Determination

Finding: Breach

Remedies: Compensation for non-economic loss awarded – Specified steps to address interference

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 11.1 – Security of personal information – Whether reasonable steps taken to protect personal information – Breach of APP 11.1 – Failure to take reasonable steps – Compensation for non-economic loss awarded – Specified steps to address interference

View on AustLii

Decision

Commissioner Initiated Investigation into Regional Australia Bank Limited (Privacy) (Corrigendum dated 23 February 2026) [2025] AICmr 89 (14 May 2025)

Decision year

14 May 2025

Status

Finalised

Legislative provision

Competition and Consumer Act 2010 (Cth) s 56T

Determination

Finding

Breach of Privacy Safeguard 1

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Competition and Consumer Act 2010 (Cth) — Consumer Data Right Rules — Privacy Safeguards

View on Austlii

Decision

'ATU' and 'ATX' (Privacy) [2025] AICmr23 (30 January 2025)

Decision year

30 January 2025

Status

Finalised

Legislative provision

APP 12

Determination

Finding: No breach; complaint dismissed

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 12.1 – APP 12.9 – Access to personal information – Whether valid access requests made – Whether personal information held at the time of access request – Refusal to give access to personal information – Whether written notice of refusal complied with APP 12 obligations – No breach – Complaint dismissed.

View on AustLii

Decision

‘ATP’ and ‘ATR’ (Privacy) [2025] AICmr 18 (23 January 2025)

Decision year

23 January 2025

Status

Finalised

Legislative provision

APP 6 APP 10.2

Determination

Finding:No breach; complaint dismissed

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 – APP 10.2 – use or disclosure of personal information – whether personal information was disclosed for a secondary purpose – whether individual would reasonably expect secondary disclosure – whether reasonable steps taken to ensure quality of personal information disclosed – no breach – complaint dismissed.

View on Auslii

Decision

'ATQ' and CEO of Services Australia (Privacy) [2025] AICmr 19 (23 January 2025)

Decision year

23 January 2025

Status

Finalised

Legislative provision

APP 6.1, APP 10.2, APP 11.1

Determination

Finding: Breach

Remedies: Written apology Specified steps

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6.1 – APP 10.2 – APP 11.1 – intertwinement of sensitive information with that of other individuals – unauthorised disclosure of personal information – whether reasonable steps taken to ensure personal information was up-to-date and accurate – whether reasonable steps taken to protect from unauthorised disclosure – serious and repeated interferences with privacy – Breach of APP 6 and APP 10 and APP 11– Compensation for non-economic loss – Written apology – Specified steps to undertake

View on Austlii

Decision

‘ATE’ and ‘ATF’ (Privacy) [2025] AICmr 10 (13 January 2025)

Decision year

13 January 2025

Status

Finalised

Legislative provision

Section 8 APP 6 APP 11 APP 1

Determination

Finding:

Breach

No breach – Dismissed

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles —APP 6 – APP 11 – APP 1 – Disclosure of personal information – Whether employer directly liable for disclosure by employee – Whether employer vicariously liable for disclosure by employee – Whether reasonable steps were taken to protect personal information from unauthorised disclosure – Open and transparent management of personal information – No breach – Complaint dismissed.

View on Austlii

We use cookies on this site

Privacy determinations

We can make a determination on a privacy complaint where conciliation has not resolved the matter.