Case Citation: Z v Credit Provider [2004] PrivCmrA 16

Subject Heading: Unnecessary collection of personal information when exchanging a 'cash' cheque

Law: National Privacy Principles 8 and 1 in Schedule 3 of the Privacy Act 1988 (Cth)

Facts: The complainant attended a bank branch and presented a cheque marked to 'cash' to the bank teller. The bank teller asked the individual for identification and recorded the information on the back of the cheque.

The complainant argued that the bank did not need to collect the personal information because the cheque was made out to cash and could be exchanged only for cash.

Issues: National Privacy Principle 1 regulates the collection of personal information by organisations that are subject to the Act. Under National Privacy Principle 1.1, organisations must not collect personal information unless the information is necessary for one or more of its functions or activities. National Privacy Principle 8 provides that wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transaction with organisations.

The Commissioner's investigation focused on whether the bank needed to collect personal information that identified the customer, given that the cheque was made out to cash.

The bank advised that if it pays a cash cheque in error, it is responsible for the funds and will not be able to recover them from the account holder. It also noted that when presented with a cash cheque it must, under the Cheques Act 1986, either honour or dishonour the cheque promptly. It may decide not to pay if it considers, for example, there is a risk of forgery, but in doing so faces the risk of an action for wrongful dishonour by its customer. However, it the bank honours the cheque and later finds that it did not have a mandate to do so, because the cheque has been stopped but the countermand has been overlooked or if the bank is otherwise on notice that the cheque has been lost or stolen, then the bank pays away its own money and has a claim against the cashing party for the recovery of a payment by mistake. Personal information identifying the cashing party will provide a starting point for the recovery of the money from the recipient.

The Commissioner's view was that, given the potential liability for the cashing bank, the collection of identification details are necessary for one or more of the functions and activities of the organisation. In view of this, the Commissioner took the view that in the circumstances it would not be practicable for the complainant to have the option of not identifying themselves in this transaction.

Outcome: In all of the circumstances, the Commissioner decided under section 41(1)(a) of the Act to cease investigation of the matter on the grounds that the collection of personal information to identify an individual who wanted to exchange a cash cheque did not breach National Privacy Principles 8 and 1.1.

OFFICE OF THE PRIVACY COMMISSIONER December 2004