Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Access and correction

C v Insurance company [2006] PrivCmrA 3

document icon pdf (83.98 KB)

Case Citation: C v Insurance company [2006] PrivCmrA 3

Subject Heading: Denial of access to personal information contained in documents held by an organisation.

Law: National Privacy Principles 6.1(c) and 6.2 of the Privacy Act 1988 (Cth)

Facts: The complainant made an insurance claim, which was investigated and paid. The complainant sought access to information about them collected during the course of the investigation under National Privacy Principle 6.

The insurance company supplied the complainant with a number of documents however it refused to provide access to some documents, claiming that releasing the documents would compromise the privacy of other individuals and would reveal commercially sensitive information.

Issues: National Privacy Principle 6 provides a general right of access to individuals to obtain information held about themselves by organisations. However, there are some exceptions.

National Privacy Principle 6.1(c) allows organisations to withhold access to information where providing access would have an unreasonable impact upon the privacy of other individuals.

National Privacy Principle 6.2 allows organisations to withhold access to information where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision-making process.

The issue before the Privacy Commissioner was whether the documents in question contained information that would have an unreasonable impact on the privacy of other individuals, and whether the documents contained information that was of a commercially sensitive nature.

Outcome: The Commissioner conducted preliminary enquiries into this matter under section 42 of the Privacy Act. The Commissioner examined the documents relating to the investigation of the complainant's insurance claim which had not already been provided to the complainant.

National Privacy Principle 6.1(c): Unreasonable impact on the privacy of others

In assessing whether or not the provision of access to documents containing the personal information of third parties would have an unreasonable impact on the privacy of those individuals, the Commissioner may consider factors including:

whether the individual would expect that their information would be disclosed to the third party, including whether any assurance of confidentiality was provided;
the extent of the impact on the individual's privacy;
whether any public interest reasons for providing access to the information outweigh any expectation of confidentiality; and
whether masking the identifying details of the third parties would sufficiently protect the privacy of these individuals.

In this case, the Commissioner's view was that providing access to some of the documents would have an unreasonable impact on the privacy of other individuals. These documents contained personal information about witnesses to the events leading to the insurance claim. The Commissioner considered that, in this case, the individuals who provided the witness statements would not have expected that their identity would be revealed, and that masking the names of the individuals would not prevent their identification, which could be discerned from the content of the statement. The Commissioner considered the organisation could rely on the exception of National Privacy Principles 6.1(c) to refuse access to these documents.

However, the Commissioner also found that access could be provided to some documents that identified third parties if the identifying information was masked. The Commissioner advised the insurance company to mask these portions before providing them to the complainant.

National Privacy Principle 6.2: Commercially sensitive information

The Commissioner was also of the view that some of the documents if released to the complainant would reveal commercially sensitive information. These documents described the type of information the insurance company considered important in assessing insurance claims during an investigation. In the case of these documents the Commissioner considered the organisation could rely on the exception in National Privacy Principle 6.2.

However the Commissioner found that in respect of some other documents that contained commercially sensitive information, access could be provided to the majority of the document with the commercially sensitive components masked. The Commissioner advised the insurance company to provide access to these documents by masking the parts that were deemed commercially sensitive.

The insurance company agreed to the Commissioner's recommendation and supplied the complainant with access to the documents, some of which had portions masked. As a result the Commissioner decided she would not open a formal investigation into the matter as the respondent had adequately dealt with the matter, and subsequently closed the complaint under section 41(2)(a) of the Privacy Act.

OFFICE OF THE PRIVACY COMMISSIONER February 2006