Disclaimer: The summaries below have been extracted from the 1994-1995 Annual Report of the Privacy Commissioner. They illustrate how the Privacy Commissioner has previously resolved privacy complaints and should not be relied on as legal advice.

Case Studies Extracted from Annual Report (July 1994 to June 1995)

• Disclosed criminal convictions - IPP 11
• Incorrect garnishee order causes severe embarrassment - IPPs 8 and 11
• Harassment of a client led to sacking - IPP 10
• Psychological assessment not relevant to the functions of an agency - IPPs 1, 8, 9 and 10
• Group certificates and tax file numbers
• Social responsibility that went wrong - IPP 11
• Incorrect address on child support notice - IPPs 8 and 11
• Disclosure of HIV status - IPP 11
• Intrusive security checks - IPP 3
• Video hire company using tax file numbers as proof of identity
• Insurance company collects tax file numbers
• Unlawful access of CRAA credit information file
• Bank disclosed credit details to complainants' tenants
• Removal of default listing - credit information file

Disclosed criminal convictions - IPP 11

A private company employed a man who had been referred by a government employment agency.  The company received an allowance in relation to the employment because the man belonged to a special employment category as a result of his previous criminal convictions.  The employer rang the agency and asked whether the company was entitled to the allowance.  Instead of responding with a simple "yes", the agency also said that the man had been convicted of arson and social security fraud. 

This disclosure was considered to be in breach both of IPP 11 and the agency's own guidelines.  The agency paid the man $1,500 for his embarrassment, apologised and reviewed its own procedures in relation to this type of employment referral.

Incorrect garnishee order causes severe embarrassment - IPPs 8 and 11

A student was overpaid a student allowance due to a miscalculation in relation to her parent's income.  She was advised of the overpayment and paid it back by cheque.  Two years later, she obtained a position with a community centre after the previous occupant of the position was sacked for stealing.  Due to the nature of the position, it was very important that the employee was seen to be a person of good repute.  Shortly after her employment in this position, her employer asked her why the community centre had received an order garnishing her wages to cover the debt.  At the time the agency spoke to the employer and incorrectly disclosed that they had been chasing the student for the debt over a number of years. 

Both the ex-student and her employer were very upset about this order and disclosure, and the ex-student spent one whole week investigating the matter.  It transpired that the original cheque had been paid into the wrong account and the garnishee order had been based upon incorrect information.

The agency apologised, reviewed its procedures and paid the complainant $2,000 to compensate her for her embarrassment and inconvenience.

Harassment of a client led to sacking - IPP 10

A woman visited a government office and provided details including her name, address and telephone number in relation to employment.  A very junior officer of the agency then made use of the information improperly by telephoning her at home and asking her to go out with him. The woman felt very threatened and reported the incident.

The agency apologised to the woman and disciplinary procedures resulted in the termination of the officer's employment.

Psychological assessment not relevant to the functions of an agency - IPPs 1, 8, 9 and 10

Some years ago, the complainant's wife had provided a number of documents to a government agency in relation to their financial liability to the agency.  One of the documents explained that the husband had not been working for a certain period of time because he suffered from a particular psychological condition.  The man complained that the agency had retained the document on its files for a number of years in breach of the Privacy Act.

The agency argued that the document was being retained because it alerted its staff to the possibility that the man may become violent if and when he visited the agency's local office.  The agency had no evidence to suggest that the man had been, or may become violent, and was not able to produce any expert opinion that the psychological condition was one that could lead to violent behaviour.

It was considered by the Privacy Commissioner's office that the collection of the document was unfair, there was evidence that the content of the document was no longer accurate or relevant to the functions of the agency, and it was being used for a different purpose to the one that caused the wife to produce it in the first instance.  Eventually, the agency removed the document from its files because it recognised that the document was out of date.

Group certificates and tax file numbers

There continue to be a number of complaints about organisation improperly distributing group certificates to their staff resulting in tax file numbers being disclosed to other employees.  One such case is as follows.

An ACT agency left the complainant's group certificate on his desk, not in an envelope, thus allowing other staff in the vicinity to read his tax file number.  The respondent agreed to use a system whereby the group certificates are directly printed into sealed envelopes, where the only information on the envelope will be the employee's name and location.

Social responsibility that went wrong - IPP 11

A complainant advised a government agency that a client of the agency had wrongly obtained a payment.  The agency was able to substantiate the allegation and, as a result, an overpayment was raised against the client.  Due to a file handling accident during an interview with the client, the identity of the informant was disclosed.  The informant was afraid for her safety and the safety of her children.

The agency accepted that a breach of the Privacy Act had occurred and offered the informant $600 to install some home security screens to minimise the perceived danger from the client.

Incorrect address on child support notice - IPPs 8 and 11

A government agency received an application from a custodial parent to collect child support from the father.  The agency attempted to contact the father at his place of work and ended up disclosing personal information about the matter to the man's secretary.  The agency also posted a notice to the man's employer giving details of his liability.  The envelope contained the correct street address for the employer, but described the Personnel Manager who was handling the garnishee claim simply as "Mary".  As the man worked for a very large organisation, the envelope was opened and the notice was seen by many employees of that name before it reached the correct recipient.

The agency apologised and paid the man $1,000 for his embarrassment and $986 for his legal costs.

Disclosure of HIV status - IPP 11

In a small town, two HIV positive men applied for a rehabilitation program.  The government agency responsible for rehabilitation telephoned a private health service provider and asked whether that provider would accept people who were HIV positive.  The provider said ''yes' and shortly afterwards, the agency referred the two men to the service provider.  Although there had not been an actual disclosure of the HIV status of the two men, it was considered that there had been a constructive disclosure because of the short period between the phone enquiry and the referral.

Although it was not conclusively established that a breach of the Privacy Act had occurred, the agency agreed to review its procedures and has made extensive additions to its procedure manual to take into consideration the requirements of the Privacy Act.

Intrusive security checks - IPP 3

The Migration Agents Registration Scheme set down a number of requirements to be met by persons applying to become registered to practise as migration agents.  Complaints were received from several solicitors who objected to the collection of what was seen as irrelevant and overly intrusive personal information.  In particular they objected to a requirement to provide extensive details to establish their good character, when they had already satisfied the Supreme Court of this in order to be admitted to practise as solicitors.  They also objected to a requirement to sign a very broadly worded consent form, allowing the agency administering the scheme to exchange personal information with other agencies. 

The complaints were partially resolved by negotiation with the agency, which agreed to redesign the consent form, and to clarify vetting procedures, to ensure compliance with both the Privacy Act and the spent convictions scheme under the Crimes Act (Commonwealth).  Administration of the criminal record checking process was passed to the Australian Federal Police, which confirmed its standing commitment to comply with the legislation.  The agency explained that the legislation establishing the Registration Scheme required character checks for all applicants, and that the legislative criteria differed in some respects from those governing admission to practise as solicitors.

The Privacy Commissioner notified both the complainants and the agency that he would address outstanding policy issues arising from the complaints in a submission to the Joint Standing Committee on Migration Inquiry into the Migration Agents Registration Scheme.  That submission was made in August 1994.

Video hire company using tax file numbers as proof of identity

A branch of a video hire company asked all of its customers to complete an application form that asked for their tax file number.  The company has reprinted its application form to delete all reference to tax file numbers and has deleted all collected tax file numbers from its customer database.

Insurance company collects tax file numbers

An insurance company provides insurance to protect individuals and companies against costs associated with the risk of being audited by the Taxation Office.  Its application form asked for both the company's tax file number and the personal tax file numbers of the directors for the purpose of identifying the parties insured under the policies.  The insurance company has redesigned its forms deleting all reference to tax file numbers and refunded the complainant his $80 application fee when he decided not to proceed with the insurance cover.

Unlawful access of CRAA credit information file

A bank wanted to contact a client to pay him some money that he was owed.  Unfortunately, the bank had lost contact with the complainant, so a staff member accessed the CRAA credit information file in order to obtain the correct address.  Although this access was well intentioned, it was an unauthorised access.  The bank counselled the staff member and provided its staff with further training in relation to their obligations under the Privacy Act.

Bank disclosed credit details to complainants' tenants

The complainants had a mortgage on a property that they were renting out, and had made arrangements for the tenants to pay their rent directly into the mortgage account.  When asked, a bank teller informed the tenants of the amount outstanding in the mortgage.  The bank apologised to the complainants and instituted tighter procedures to minimise the risk of such an unauthorised disclosure in the future.

Removal of default listing - credit information file

During the reporting year a number of listings have been removed from the credit information files held by the CRAA where the credit provider was not able to substantiate the listing.  In one such case, a man complained that a car dealer had accessed his CRAA file, but he claimed that he had never applied for credit at that car yard.  The dealer claimed that the man had applied for credit via the telephone, but it did not have sufficient procedures established to enable it to provide a record of the transaction.

The CRAA removed the access note from the man's credit information file on the basis that the access could not be verified.  At the request of the car dealer, the CRAA provided further training for the dealer's credit staff.