Privacy determinations

Finding: Breach of APP 12.5 — breach of APP 12.9

Remedies: Access may be given through intermediary — Damages of $1,000 (non-economic loss)

Privacy — Privacy Act 1988 (Cth) — s 52 — Australian Privacy Principles — APP 12.3 — Serious threat to life, health or safety — Breach of 12.5 - Failure to consider steps (if any) to give access — Breach of APP 12.9 — Failure to give written reasons for refusal — Use of intermediary — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Review application to Federal Court dismissed: [2018] FCA 1212

Finding: Breach of APP 3.5 — collection by unfair means

Remedies: A written apology — Damages of $1,500 (non-economic loss)

Privacy — Australian Privacy Principles — Privacy Act 1988 (Cth) — APP 3 — Whether collection of personal information was by lawful and fair means - Recording of phone call without participants' knowledge - APP 12 - Access to personal information - Whether three days was an unreasonable period within which to provide access to a call recording

Finding: Breach of IPP 4 — breach of IPP 11

Remedies: Damages of $20,000 (non-economic loss) — reimbursement of $3,000 reasonably incurred expenses

Privacy — Privacy Act — Information Privacy Principles — (CTH) Privacy Act 1988 s 52 — IPP 4 — Data security failure — IPP 11 — Unauthorised disclosure of personal information — Compensation awarded — Non-economic loss — Economic loss not awarded — Aggravated damages not awarded — Section 52(3) expenses awarded

Finding: Breach of APP 6

Remedies: Damages of $12,000 (non-economic loss) — reimbursement of $3,420 reasonably incurred expenses

Privacy — Privacy Act — Australian Privacy Principles — Privacy Act 1988 (Cth) — s 52 — APP 6 - Unauthorised disclosure of personal information - Breach of APP 6 — Compensation awarded — Non-economic loss — Aggravated damages not awarded—Section 52(3) — reasonably incurred expenses awarded

Finding: Breach of the Privacy Act by contravening paragraphs 19.3(a) and (b) of the CR Code, APP 7 and s 20R(5).

Remedies: Within 6 months Veda to take action to ensure its service of providing free access to credit reporting information is as available, and as easy to identify and access as it is through its fee-based services including in relation to its phone service and to refund individuals the cost of its expedited delivery charge, in circumstances where those individuals had not sought access to credit reporting information within the preceding 12-months period.

Download the PDF version which includes screenshots

Privacy — Privacy Act 1988 — Part IIIA — Privacy (Credit Reporting) Code 2014 (Version 1.2) — APP 7

Finding: Breach of ss 20N(1), 20N(2), 20P and 20S

Remedies: Apology — Damages of $10,000 (non-economic) - reimbursement of $5,830 reasonable expenses - Review of procedures for accuracy of court information

Privacy — Privacy Act — Credit Reporting — Privacy Act 1988 (Cth) s52 — s 20N — s 20S - s 20P - s 20T — Compensation awarded — Review to be conducted — Civil penalty provision

Under review: Administrative Appeals Tribunal

Finding: Breach of NPP 6 and NPP 4

Remedies: Apology - Damages of $10,000 (non-economic) - Review of information handling procedures

Privacy — Privacy Act — National Privacy Principles — Privacy Act 1988 (Cth) s 52 — NPP 2 — Use or disclosure of personal information — NPP 4 — Date security — Compensation awarded — Non-economic loss — Aggravated damages not awarded

Finding: Breach of APP 6.1 and 11.1

Remedies: Damages of $3,000 (non-economic loss) — Review of Comcare's quality assurance practices and quality control measures in relation to automated bulk data file transfers

Privacy — Australian Privacy Principles — Privacy Act 1988 (Cth) s 52 — APP 6 — Use or disclosure of personal information — Breach of APP 6.1 — APP 11 — Security of personal information — Breach of APP 11.1 — Compensation awarded — Non-economic loss