Privacy determinations

Decision

'AQE' and Noonan Real Estate Agency Pty Ltd (Privacy) [2024] AICmr 237 (1 November 2024)

Decision year

1 November 2024

Status

Finalised

Legislative provision

APP 6

APP 1

Determination

Finding:

Breach

Remedies:

Written apology to acknowledge interference with privacy

Must not repeat or continue conduct

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 – Use or disclosure of personal information – Whether personal information was disclosed for a secondary purpose – Breach of APP 6 – APP 1 – Open and transparent management of personal information – Whether reasonable steps were taken to deal with complaints about APP compliance – Acknowledgement of interference with privacy – Must not repeat or continue – Respondent must give an apology.

Decision

'AHL' and TICA Default Tenancy Control Pty Ltd (Privacy) [2024] AICmr 26 (9 February 2024)

Decision year

9 February 2024

Status

Finalised

Legislative provision

APP 6

APP 11.2

Determination

Finding

Breach

Remedies

Acknowledgement of interference with privacy Must not repeat or continue conduct Reasonable act or course of conduct required

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 — APP 11.2 – Whether personal information disclosed for a primary purpose – Failure to take reasonable steps to destroy or de-identify personal information no longer needed – Breach of APP 11.2 – Acknowledgement of interference with privacy – Must not repeat or continue conduct – Reasonable act or course of conduct required

View on AustLII

Decision

‘ALI’ and ‘ALJ’ (Privacy) [2024] AICmr 131 (20 June 2024)

Decision year

20 June 2024

Status

Finalised

Legislative provision

Privacy Act 1988 (Cth) s 7B(3) APP 6.1

Determination

Acknowledgement of interference with privacy Respondent must not continue or repeat conduct Compensation for non-economic loss and reasonably incurred expenses

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — Employee records exemption – Whether act or practice is directly related to employment relationship – APP 6 – Use or disclosure of personal information – Whether personal information was used for primary purpose – Breach of APP 6 – Acknowledgment of interference with privacy – Must not repeat or continue conduct – Compensation for non-economic loss – Reasonably incurred expenses

View on AustLII

Decision

Cherrybrook Medical Centre (Privacy) [2024] AICmr 40 (28 February 2024)

Decision year

28 February 2024

Status

Finalised

Legislative provision

My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

Determination

Finding:

Breach

Catchword summary

Privacy

My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice

View on AustLII

Decision

Rao Medical Centre (Privacy) [2024] AICmr 40 (23 February 2024)

Decision year

23 February 2024

Status

Finalised

Legislative provision

My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

Determination

Remedies

Respondent must not repeat conduct and must take specified steps to address interference with privacy.

Catchword summary

Privacy — My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice – Must take specified steps to address interference with privacy

View on AustLII

Decision

AGX’ and ‘AGY’ (Privacy) [2024] AICmr 16 (29 January 2024)

Decision year

29 January 2024

Status

Breach

Legislative provision

APP 12.1, APP 12.8

Determination

Remedies>

Must not repeat or continue such conduct.

Catchword summary

Privacy — Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 12 – Whether personal information was held – Whether exception to access applied – Whether request for access was frivolous or vexatious – Whether charge for access was excessive – Breach of APP 12.1 – Breach of APP 12.8

View on AustLII

Decision

'AHM' and JFA (Aust) Pty Ltd t/a Court Data Australia (Privacy) [2024] AICmr 29 (12 February 2024)

Decision year

12 February 2024

Status

Finalised

Legislative provision

APP 3.5, APP 5, APP 10 and APP 13

Determination

Remedies

Cease unlawful collection of personal information and remove unlawfully collected personal information and destroy records

Catchword summary

Privacy

Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 3.5 – APP 5 – APP 10 – APP 13 – Collection and disclosure of personal information – Whether collection and disclosure of personal information was fair and lawful – Whether reasonable steps taken to notify of collection and disclosure – Whether reasonable steps taken to ensure accuracy of personal information – Breach of APP 3.5 and APP 5 and APP 10 – Case unlawful collection of personal information – Remove unlawfully collected personal information and destroy records

View on AustLII

Decision

Cardiac Dynamics [2023] AICmr 96 (24 October 2023)

Decision year

24 October 2023

Status

Finalised

Legislative provision

My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

Determination

Breach

Remedies

Respondent must not repeat conduct and must take specified steps to address interference with privacy.

Catchword summary

Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

Visit AUSTLII

Decision

Burwood Westfield Medical Centre (Privacy) 2023 AICmr 108 (9 November 2023)

Decision year

9 November 2023

Status

Finalised

Legislative provision

My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

Determination

Breach

Remedies

Respondent must not repeat conduct and must take specified steps to address interference with privacy.

Catchword summary

Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

Visit AUSTLII

Decision

Pacific Lutheran College (Privacy) [2023] AICmr 98 (24 October 2023)

Decision year

24 October 2023

Status

Finalised

Legislative provision

Privacy Act 1988 (Cth) s 26WH and s26WK

Determination

Breach

Remedies

Respondent must not repeat conduct. Respondent must prepare and implement incident response plan. Respondent must prepare and implement information security program.

Catchword summary

Privacy — Privacy Act 1988 (Cth) — Section 26WH — Section 26WK — Eligible data breach — Assessment of suspected eligible data breach — Whether assessment was reasonable and expeditious — Whether all reasonable steps taken to complete assessment within 30 days — Statement about eligible data breach — Whether copy of statement was provided to Commissioner as soon as practicable — Breach of s 26WH(2) and s 26WK(2) — Must not repeat or continue conduct

Visit AUSTLII