Disclaimer: The summaries below have been extracted from the 1996-1997 Annual Report of the Privacy Commissioner. They illustrate how the Privacy Commissioner has previously resolved privacy complaints and should not be relied on as legal advice.

• Intrusive collection of personal information - IPP 3
• An immigration matter
• Inappropriate handling of personnel information - IPPs 4, 8, 10 & 11
• Lost claims - IPP 4
• Security of employee personal information - IPP 4
• Disclosure of employee's medical records for air crash inquiry - IPP 11
• Credit information disclosed to third party
• Home loan application information disclosed to real estate agent
• Compensation not accepted by complainant
• Use of the ''clearout' code for a serious credit infringement - Section 18E(8)(b)
• Criminal history checks - Spent Convictions
• Tax File Numbers on files unrelated to taxation administration
• Tax File Number disclosed to third party

Intrusive collection of personal information - IPP 3

The Australian Securities Commission (ASC) was investigating a group of companies where the complainant was employed part time as an adviser.  The complainant's employer asked the complainant to ascertain the procedure for an extension of time for an ASC notice.  The ASC assumed that the complainant was the in-house Counsel for the companies and because of certain answers received to questions posed by the ASC, the decision was taken by the ASC to check where the complainant worked.  The ASC subsequently disclosed to the complainant's full time employer that the complainant was working part time for another company.  The complainant was then dismissed for having a second job.

The complainant received an acknowledgement from the ASC that the complainant was never the subject of an investigation and received $5,000 in general damages and $4,164 for loss of wages.

An immigration matter

The complainant won a court case against the Department of Immigration and Multicultural Affairs (DIMA).  Subsequent to the litigation, the Department disclosed personal information sufficient to identify the complainant in a cable (despite attempts to de-identify by removal of the name) in response to a Freedom of Information request by a third party.

The complainant alleged that the information disclosed was extremely damaging to his sense of self-esteem and to his standing in his ethnic community.   He said it contained suggestions that he may have lied about his foreign national service, causing speculation that he and his wife had connections with the military intelligence of the foreign nation.

The Commissioner proposed various changes to administrative procedures to DIMA which were accepted.  DIMA declined to accept liability in the complaint, but agreed to offer the complainant $7,000 in full settlement of the matter which was accepted by the complainant.

Inappropriate handling of personnel information - IPPs 4, 8, 10 & 11

The complainant had a range of privacy complaints against the Department of Defence and had also alleged a grievance alleging discrimination and harassment.

The complainant's supervisor disclosed information about the complainant within the Branch in breach of IPP 11.  The Department formally apologised to the complainant; the supervisor was advised that the comments were inappropriate; and the Department agreed to organise privacy training for the Division.  There was a similar outcome in response to a situation where a friend of the complainant telephoned the complainant's direct line and was informed by a colleague that the complainant was ''off being counselled".

The complainant's performance appraisal was  left face up on the complainant's desk while unattended.  It was found that this action constituted a breach of IPP 4.  The Department formally apologised and Division management were directed to take appropriate action to address the matter, including privacy training.

The complainant sought copies of all relevant personnel records and documents held by the Department in a request to the Secretary of the Department.  The complainant did not receive the documents which were sent by ordinary mail.  Although it was found that the Department took reasonable steps in sending the material, and there was no breach of IPP 4, the Department has since changed its procedures where all future requests for material containing personal information will be sent by certified mail.

The complainant alleged that a work performance report contained unfounded criticism and inaccuracies about the complainant's performance.  It was found that the document was a manager's perception of the complainant's work performance and a subjective opinion, consequently it could not be argued that the opinion was inaccurate.  In this particular case, there were no grounds to conclude that the manager was not competent to accurately record observations on the complainant's performance.  There was no breach of IPP 8

Lost claims - IPP 4

The complainant forwarded a claim to Comcare.  After some time had passed and the complainant had not heard from Comcare, the complainant telephoned and was informed that Comcare did not have the claim.  The complainant personally delivered a replacement claim to the Comcare office and obtained a receipt.  Again, as some time passed without contact, the complainant contacted Comcare and was informed that they did not have the claim.  The complainant requested that a search be conducted.  After more than a year had passed, one of the claims was located by Comcare.

An apology was given by Comcare and the complainant compensated by an amount of $2,500.  Comcare also agreed to procedural changes which were referred to Comcare's Fraud and Security Committee.

Security of employee personal information - IPP 4

An employee of the Australian Taxation Office (ATO) complained that the ATO did not place payslips in envelopes before distribution and the payslip bearing deductions for child support was left on complainant's unattended desk in an open office plan environment.  This information was also placed on the complainant's personnel file.  The complainant was also concerned that as an ATO employee, there were restricted access conditions against browsing on the ATO system, but this was not extended to the Child Support Agency (CSA) system.

Distribution of payslips was changed and employees access their pay details through the computer system and may print out their payslips if required.  The CSA system was modified to provide restricted access for ATO/CSA employees and any restricted access paper files are only accessed by special case officers.  Any access to personnel files is overseen by the Employment Relations Unit managers.

The complaint investigation revealed limited evidence of embarrassment suffered due to actual access/disclosure.  The CSA offered the complainant $2,000 in full settlement of a claim for general damages, and this was accepted by the complainant.

Disclosure of employee's medical records for air crash inquiry - IPP 11

The complainant and a co-worker (supervisor) were involved in an air crash inquiry.  The supervisor's solicitor asked the supervisor to obtain the complainant's medical and compensation history to assist the supervisor's case before the inquiry.  The supervisor subsequently obtained the information and passed it to the solicitor.  The information was later published in the media.

The Civil Aviation Safety Authority and the supervisor both apologised to the complainant.  The complainant  received a copy of the investigation report into the matter and the CASA undertook staff training in relation to handling of sensitive personal information.  A review of the complainant's performance appraisal was also undertaken as it may have been affected by the matter.  An amount of $8,000 was paid to the complainant.

Credit information disclosed to third party

The complainant  alleged that a credit provider breached her privacy when her department store account statements were posted to her ex-husband's work address without her authority.  The ex-husband's new wife had telephone the credit provider claiming to be the complainant and requested that the statements be sent to her husband's work address.  The complainant  also alleged that her credit card statements were provided by a bank to her ex-husband without her authority.

The credit provider offered an apology, undertook to amend its procedures and paid a sum of $1,000 to the complainant in settlement of her complaint.  The bank also apologised, undertook to provide privacy training to staff and paid a sum of $1,000 to the complainant. 

Home loan application information disclosed to real estate agent

The complainant alleged that a home loan provider disclosed information from their loan application to a real estate agent involved in the sale of a property they intended to purchase, without their authorisation.

The lender accepted responsibility for the disclosure of the information relating to the credit worthiness of the applicants and provided a formal apology.  An amount of $975, equal to the loan application fee, was also paid to the complainant  in settlement of the complaint.

Compensation not accepted by complainant

The complainant alleged that a bank disclosed details of his overdraft (credit) to his daughter without his consent.  The bank offered an amount of $400 for stress suffered by the complainant and on further representation increased the offer to $750.  The release was sent to the complainant for signature, but was not signed as the complainant then felt that the $750 was no longer adequate.  The Commissioner held the view that the matter had been adequately dealt with by the bank and closed the matter.  The complainant did not accept the offered compensation.

The complainant later sought re-opening of his complaint through his Member of Parliament, alleging recurrence of incorrect addressing of statements.  No evidence was presented to substantiate the allegation and the matter was again closed.

Use of the ''clearout' code for a serious credit infringement - Section 18E(8)(b)

The Privacy Act only allows a credit reporting agency to include certain types of information in an individual's credit information file.  One of the pieces of information that is permitted is a record of an opinion of a credit provider that the individual has committed a serious credit infringement.  A serious credit infringement is defined, in part, as the intention of the individual to no longer comply with the terms of the credit contract, and includes fraudulent conduct.

The Credit Reference Association of Australia (the major credit reporting agency in Australia) has decided that it will not allow a credit provider to list a serious credit infringement, (as this involves the subjective opinion of a reasonable person), but will allow the listing of a narrower term, clearout.   The CRAA defines a clearout as occurring where the individual has not replied to two letters of demand sent by the credit provider to the person's last know address.  The failure to respond to such correspondence is sufficient to suggest that the individual had left (or cleared out of) the address known to the credit provider.

A person complained that a clearout listing on his file was inaccurate in that he was still living at the address given to the credit provider. 

The complainant also disputed that he had committed any type of serious credit infringement.

Following an investigation of the complaint, it came to light that the credit provider had sent two letters of demand to the complainant, which the complainant had not answered.   Consequently, the Commissioner formed the view that the clearout entry was accurate in terms of the definition CRAA uses, although the Privacy Commissioner is still concerned by the practice of the CRAA in limiting credit providers to listing serious credit infringements only as a clearout listing.  There are clearly cases where a person has fraudulently obtained credit, but has not left their address and cannot be described as a clearout.  A credit provider, wanting to list such an individual, has no option but to list them as a credit default (a less serious listing) or wrongly list them as a clearout, as occurred initially in this complaint.

Criminal history checks - Spent Convictions

A union representing a State education service has complained to the Commissioner that a Ministerial Order which may be cited as ''suitability for employment (records check) order' which requires prospective appointees to the service to complete a ''Consent to Check and release Criminal Record' does not meet the provisions of the Crimes Act 1914 (Commonwealth) relating to spent convictions.  Investigations are continuing.

Tax File Numbers on files unrelated to taxation administration

A TFN was held on a complainant''s personnel file and disclosed by the employer in a ''Disclosure' hearing arising from a compensation case.  The agency conceded that the TFN should not have been on the file and took steps to ensure that a similar incident did not occur in the future.  The agency provided a letter of apology to the complainant

Tax File Number disclosed to third party

A motor repair company disclosed a former employee's TFN to a third party.  The company admitted that the disclosure had occurred, but in explanation advised that through human error, an envelope containing the TFN was wrongly addressed and the recipient of the envelope opened it.  An apology was provided to the complainant.