Privacy and FOI advice for the COVID-19 pandemic. Learn more
Main menu
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Privacy determinations
The OAIC can make determinations on privacy complaints where conciliation has not resolved the matter. These are the summary details of privacy determinations made under s 52 of the Privacy Act 1988 since 1 November 2010. The AustLII website provides a comprehensive database of privacy decisions as part of the Australian Information Commissioner (AICmr) series.
Total results: 65.
Finding: No breach
Privacy - Privacy Act 1988 (Cth) s 52 - Australian Privacy Principles - APP 12 - Access to personal information - Exception to access - Other means of access - Refusal to give access - No breach
Finding: Breach of NPP 2 and NPP 4
Remedies: Apology — Damages $3,000 or $6,000 (non-economic loss including aggravation component) — Independent review of current privacy compliance, including of subsidiaries —independent assessment of implementation of review recommendations after 6 months
Privacy — Privacy Act 1988 (Cth) — National Privacy Principles — NPP 1.3 — Notice of collection of personal information - NPP 2 — Disclosure of personal information — NPP 3 - Accuracy of personal information - NPP 4 — Security of personal information — Breach substantiated — Compensation awarded - Economic loss — Non-economic loss — Aggravated damages
Finding: Breach of APP 10.2
Remedies: Apology— Damages of $15,000 (non-economic loss) — undertake changes to its policies and operation processes and procedures — obtain independent assessment of the effectiveness of its amended policies and operation processes — provide independent report to the OAIC
Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles —APP 10 Quality of personal information disclosed — Breach of APP 10.2 — Compensation awarded — Non-economic loss — Aggravated damages not awarded
Finding: Breach of NPP 1.5
Remedies: Apology— Damages of $1,500 (non-economic loss) — produce or update a notice in a tenant-accessible section of its website that complies with Australian Privacy Principle (APP) 5.2
Privacy — Privacy Act 1988 (Cth) — National Privacy Principles — Australian Privacy Principles — Definition of 'personal information' - Collection of personal information - NPP 1 - Breach substantiated -Data quality - NPP 3 - APP 10 - Compensation awarded for non-economic loss - Declaration that respondent must take specified steps
Finding: Breach of NPP 2
Remedies: Apology — Provide written confirmation by 30 April 2018 that proposed remedial measures have been adopted and implemented. — By 30 September 2018 undertake a review of the remedial measures and advise the OAIC the findings and outcomes of that review
Privacy — Privacy Act 1988 (Cth) — National Privacy Principles — s 52 — NPP 2 — Unauthorised disclosure of personal information — Apology - Compensation not awarded
Finding: No breach
Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 — Disclosure of personal information — s 95 — Medical research guidelines for agencies
Finding: No breach
Privacy — Privacy Act 1988 (Cth) — Information Privacy Principles — IPP 11.1 — Disclosure of personal information — Australian Privacy Principles — APP 6.2 - Use or disclosure of personal information — s 52 — Disclosure required by law — No breach
Finding: Breach of IPP 4 — breach of IPP 10
Remedies: Review procedures and report in nine months — Apology — Damages of $10,000 (non-economic loss) — reimbursement of $3,000 reasonably incurred expenses
Privacy — Privacy Act — Information Privacy Principles — Privacy Act 1988 (Cth) s 52 — IPP 4 — Data security failure — IPP 10 — Unauthorised use of sensitive personal information — Compensation awarded - Non-economic loss - Section 52(3) expenses awarded