Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s): Access and correction

G v Finance Company [2010] PrivCmrA 8

document icon pdf (326.23 KB)

Case Citation:

G v Finance Company [2010] PrivCmrA 8

Subject Heading:

Denial of access to personal information

Law:

National Privacy Principle 6.1(d) in Schedule 3 of the Privacy Act 1988 (Cth)

Facts:

The complainant requested access to their personal information held by a finance company. The finance company sought to deny the complainant access on the basis that the request was frivolous and vexatious.

Issues:

National Privacy Principle 6.1 requires organisations to provide individuals with access to their personal information when requested, unless an exception applies.

An organisation may deny an individual access under NPP 6.1(d) if the request is frivolous or vexatious.

Outcome:

The Privacy Commissioner investigated the matter under section 40(1) of the Privacy Act.

The Commissioner takes the view that frivolous and vexatious requests for access can include those that are:

trivial and made for amusement's sake
made as a means of pursuing some unrelated grievance against the organisation
repeated requests for the same information.

The complainant had made numerous requests, over a period of four years, for access to account statements held by the finance company that related to the complainant. The complainant had also raised their access request with a number of government bodies and Members of Parliament. Evidence showed that the finance company had provided the complainant with access to their information on at least two occasions.

The Commissioner found that the complainant's request for access was a repeat request for information that had been previously provided.

While NPP 6 does not require individuals to have a specific ‘purpose' for requesting access to the personal information an organisation holds about them, the Commissioner considered the purpose for requesting access in this case was relevant to the finance company's claim that the request was vexatious.

The complainant and the finance company had been involved in court proceedings several years previously. The Commissioner found that the repeated requests for access were substantially, if not solely, a means of obtaining documents to revisit the earlier litigation and pursue an unrelated grievance.

The Commissioner formed the view that the finance company could rely on NPP 6.1(d) to deny the complainant access to their information as the request was vexatious.

The Commissioner closed the complaint under section 41(1)(a) of the Privacy Act on the grounds that the finance company had not interfered with the complainant's privacy.