Disclaimer: The summaries below have been extracted from the 1993-94 Annual Report of the Privacy Commissioner. They illustrate how the Privacy Commissioner has previously resolved privacy complaints and should not be relied on as legal advice.

• Clayton's privacy protection
• Short term overseas trips and pensioner benefits - IPP 1
• Confused identity - IPPs 3 & 8
• A repeated data matching error - IPPs 8 & 11
• Workers' compensation claim released to colleagues - IPP 10
• Mail redirection should remain confidential - IPP 1
• Agency takes prompt action to minimise the effect of the breach - IPP 11
• Criminal conviction passed on to employer - IPP 11
• Disclosure of information relation to application for refugee status - IPP 11
• Credit defaults incorrectly listed in credit information file
• Credit defaults deleted from credit information file
• Bank disclosed credit details to complainant's ex-spouse
• Unsealed credit information left in letter box
• Disputed credit application notation in a credit file
• Bank incorrectly accessed credit file
• Tax File Numbers disclosed on group certificates
• Quick action to restore benefit - Tax File Number
• Inadequate Tax File Number notice

Clayton's privacy protection

A private employment agency required job applicants to complete a very long and detailed questionnaire about their personal affairs.  Attached to the questionnaire was a "Privacy authorisation" that stated that the personal information collected in the questionnaire was protected by the Privacy Act.  Several people complained that they had only provided their personal details because of this legislative protection and were very upset to find that the Privacy Act does not have jurisdiction over private companies in relation to personal information.  The company agreed to drop all reference to the Privacy Act from its material.

Short term overseas trips and pensioner benefits - IPP 1

The Department of Social Security is required to collect a significant number of personal details from pensioners who are travelling overseas for longer than six months to ensure that benefits are correctly paid.  Although the agency may also need to collect some details from pensioners who are travelling overseas for less than six months, it did not need to collect the same level of detailed personal information.  The agency did not recognise that there were two classes of pensioners, and was collecting full details from all pensioners when they travelled overseas, irrespective of the duration of the trip.

As a result of a complaint from a pensioner, the procedures for pensioners travelling overseas for less than six months were completely rewritten to remove the requirement to collect unnecessary information about details of travel, source of finance, and (in most cases) passport details.

Confused identity - IPPs 3 & 8

Some years ago, person A had his wallet stolen by person B.  Person B then passed himself off as person A when arrested for various crimes.  Both the Federal and NSW Police computerised records listed person A as having a criminal record despite representations from person A that it was inaccurate.  After many frustrating and fruitless attempts to correct the problem, person A complained to the Privacy Commissioner.  Although he had convinced the State Police of the separate existence of person B, he was not able to convince the Australian Federal Police.  Following investigation, the Australian Federal Police agreed to apologise to person A, provide him with a letter of explanation and place a note in the computerised records requiring a police officer to make certain checks before taking any action against person A.  It took the Australian Federal Police about two years to respond positively to the complainant's concern which the Privacy Commissioner considers to have been quite an unsatisfactory delay in dealing with a very real and pressing problem.

A repeated data matching error - IPPs 8 & 11

As a result of a data mis-match, an agency disclosed personal information about the complainant to his mother.  This was the second time this mis-match had occurred.  The agency was able to identify the officer who had not followed procedures that would have identified the previous occurrence.  The officer was counselled and an apology was given to the complainant.

Workers' compensation claim released to colleagues - IPP 10

A complainant's statements in support of a workers compensation claim were released by the manager to all of her colleagues.  While it is recognised that there was a need to discuss certain aspects of the statements with relevant members of staff, it was not appropriate to broadly release the material to all staff in the section.  The agency admitted that it had breached the Privacy Act, apologised to the complainant, provided monetary compensation of $500 for embarrassment and humiliation and reinforced privacy procedures in the workplace.

Mail redirection should remain confidential - IPP 1

On several occasions, the details of confidential arrangements with Australia Post to re-direct mail to a new address were disclosed directly to third parties.  Unfortunately, the consequences of such disclosure can be quite severe when, for example, a person has moved house in an attempt to hide from a person who has been harassing them.  In each case the agency admitted the breach, undertook to re-train staff and paid compensation for resultant anxiety in the order of $500 to $1000.  In one case a notice about this conduct was included in the pay slips of all staff of the agency in one state.  In another, the agency took action to attempt to minimise the risk of further harassment by contacting the third party and warning him of criminal charges that could be laid if the conduct continued.

Agency takes prompt action to minimise the effect of the breach - IPP 11

An employee of an agency claimed in part, that his worker's compensation claim papers were sent to the Commonwealth Medical Officer without his prior authorisation.  The agency acted promptly in advising that an apparent breach of the Privacy Act appeared to have occurred as a result of the disclosure.  In order to avoid the possibility of the disclosure affecting the fitness for continued duty medical assessment process, the agency agreed to cancel the specialist appointment at very short notice and to start the medical assessment process again.

Criminal conviction passed on to employer - IPP 11

A person with a criminal conviction obtained employment through a Commonwealth Employment Service office.  The details of the conviction were disclosed by the CES to the employer without the person's knowledge or consent.

The agency apologised to the complainant and revised its procedures, although the broarder policy issues in relation to such disclosures are still to be resolved.

Disclosure of information relation to application for refugee status - IPP 11

A church social worker provided information to the Immigration Review Tribunal expecting it to be treated in confidence.  The information was adverse to the interests of a person applying for refugee status.  Without informing the social worker, the Tribunal disclosed this information to the applicant, who then confronted the worker at her home.  The Tribunal apologised to the charity worker, undertook a review of its guidelines regarding the disclosure of documents, and received the understanding of its staff in relation to those guidelines.

Credit defaults incorrectly listed in credit information file

A company director complained that the commercial debts of his company were incorrectly listed in his Individual Consumer Credit File held by the Credit Reference Association of Australia.  The Association transferred the default listings to his Commercial Credit File.

Credit defaults deleted from credit information file

A person alleged that a finance company had incorrectly listed a default in his Individual Credit Information File.  The finance company had correctly listed the default at the time, prior to the credit reporting amendments to the Privacy Act.  However, as a result of the amendments in 1992, there was a possibility that the default was no longer a permitted content of the file.  The Credit Reference Association of Australia agreed to remove the disputed default listing. 

Bank disclosed credit details to complainant's ex-spouse

A bank sent the complainant's Visa card and bank statement to the address of his ex-spouse, thus disclosing to her, without his consent, his credit details.  The bank admitted that the statement had been sent to the wrong address as a result of a "keying" error when the bank changed its computer software.  The bank corrected its records and apologised to the complainant.

Unsealed credit information left in letter box

A credit union sent an employee to the complainant's home to discuss details of his overdue account.  As the complainant was not at home, the employee left a note, containing credit details, in the letterbox in an unsealed envelope.  The note was later found and read by another person who lived with the complainant.  The credit union apologised and assured the complainant that this type of conduct was not normal practice.  The credit union has provided the employee with further training in relation to communications concerning overdue accounts.

Disputed credit application notation in a credit file

A person complained that she had not applied for credit with a particular credit provider, and therefore she disputed the accuracy of a notation on her Individual Consumer Credit Information File stating that she had applied for credit.  After discussions with the credit provider, the Credit Reference Association of Australia removed the entry and reviewed its procedures in relation to this type of notation.

Bank incorrectly accessed credit file

A bank incorrectly accessed a Consumer Credit Information File for the wrong credit applicant.  The bank admitted the error which was the result of a "one off" clerical error.  The bank has revised its procedures and training in relation to access to Credit Information Files, requested a deletion of the notation and apologised to the complainant.

Tax File Numbers disclosed on group certificates

An employee of a State police service complained that her employer left her income tax group certificate unsealed and face up on her desk.  This conduct allowed other staff to read the details of the group certificate including the tax file number.  The employer undertook to change its procedures and made arrangements for all pay slips and group certificates to be delivered in sealed envelopes.

Quick action to restore benefit - Tax File Number

A benefit paying agency lost a complainant's tax file number.  The complainant refused to re-supply it, and as a result, his benefits were stopped.  This complaint referred to the agency was by telephone in order to make some preliminary enquiries and clarify the status of the benefit.  As a result of that enquiry, the agency very quickly restored the benefit and apologised to the complainant.

Inadequate Tax File Number notice

A bank added a notice onto its statements of existing accounts requesting the account holder to provide their Tax File Number.  The notice did not advise the account holder of the legal basis for the collection; that declining to provide a tax file number was not an offence; nor the consequences of not providing the number.  Following a complaint, the bank has changed its notice to ensure that it complied with the Privacy Commissioner's Compliance Note 2/90 issued in September 1990.