We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our privacy policy.

News Join our team Contact us

Privacy determinations

1 to 10 of 89 results

    Decision

    ‘ATE’ and ‘ATF’ (Privacy) [2025] AICmr 10 (13 January 2025)

    Decision year

    13 January 2025

    Status

    Finalised

    Legislative provision

    Section 8 APP 6 APP 11 APP 1

    Determination

    Finding:

    Breach

    No breach – Dismissed

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles —APP 6 – APP 11 – APP 1 – Disclosure of personal information – Whether employer directly liable for disclosure by employee – Whether employer vicariously liable for disclosure by employee – Whether reasonable steps were taken to protect personal information from unauthorised disclosure – Open and transparent management of personal information – No breach – Complaint dismissed.

    View on Austlii

    Decision

    Commissioner Initiated Investigation into Property Lovers Pty Ltd (Privacy) [2024] AICmr 249 (22 November 2024)

    Decision year

    22 November 2024

    Status

    Finalised

    Legislative provision

    APP 3.5

    APP 5.1

    APP 10.2

    APP 1

    Determination

    Finding:

    Breach

    Remedies:

    Specified steps. Must not repeat or continue conduct

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3.5 – APP 5.1 – APP 10.2 – APP 1 – whether collection of personal information was by lawful and fair means – whether reasonable steps taken to notify individuals of APP 5.2 matters – whether reasonable steps taken to ensure quality of personal information used and disclosed – whether privacy policy was clearly expressed and up to date – breaches substantiated – must not repeat or continue acts and practices found to be an interference with individuals’ privacy – cease unfair collection of personal information – remove personal information collected by unfair means and destroy records – publish written apology on website – review and update privacy policy

    View on AustLii

    Decision

    Commissioner Initiated Investigation into Master Wealth Control Pty Ltd t/a DG Institute (Privacy) [2024] AICmr 243 (18 November 2024)

    Decision year

    18 November 2024

    Status

    Finalised

    Legislative provision

    APP 3.5

    APP 5.1

    APP 10.2

    Determination

    Finding:

    Breach

    Remedies:

    Specific steps, must not repeat or continue conduct

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3.5 – APP 5.1 – APP 10.2 – whether collection of personal information was by lawful and fair means – whether reasonable steps taken to notify individuals of APP 5.2 matters – whether reasonable steps taken to ensure quality of personal information used and disclosed – whether privacy policy was clearly expressed and up to date – breaches substantiated – must not repeat or continue acts and practices found to be an interference with individuals’ privacy – cease unfair collection of personal information – remove personal information collected by unfair means and destroy records – review and update privacy policy.

    View on AustLii

    Decision

    Commissioner initiated investigation into Bunnings Group Limited (Privacy) [2024] AICmr 230 (29 October 2024)

    Decision year

    29 October 2024

    Status

    Finalised

    Legislative provision

    APP 3.3

    APP 5.1

    APP 1.2

    APP 1.3

    Determination

    Finding:

    Breach

    Remedies:

    Specified steps
    Must not repeat or continue conduct

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 3.3 – APP 5.1 – APP 1.2 – APP 1.3 – whether personal information was collected – whether permitted general situation existed in relation to collection – whether reasonable steps were taken to notify individuals of APP 5.2 matters – whether reasonable steps were taken to implement practices, procedures and systems that ensured compliance with APPs – breaches substantiated – must not repeat or continue acts and practices found to be an interference with individuals’ privacy.

    View on Austlii

    Decision

    'AQE' and Noonan Real Estate Agency Pty Ltd (Privacy) [2024] AICmr 237 (1 November 2024)

    Decision year

    1 November 2024

    Status

    Finalised

    Legislative provision

    APP 6

    APP 1

    Determination

    Finding:

    Breach

    Remedies:

    Written apology to acknowledge interference with privacy

    Must not repeat or continue conduct

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 – Use or disclosure of personal information – Whether personal information was disclosed for a secondary purpose – Breach of APP 6 – APP 1 – Open and transparent management of personal information – Whether reasonable steps were taken to deal with complaints about APP compliance – Acknowledgement of interference with privacy – Must not repeat or continue – Respondent must give an apology.

    View on Austlii

    Decision

    'AHL' and TICA Default Tenancy Control Pty Ltd (Privacy) [2024] AICmr 26 (9 February 2024)

    Decision year

    9 February 2024

    Status

    Finalised

    Legislative provision

    APP 6

    APP 11.2

    Determination

    Finding

    Breach

    Remedies

    Acknowledgement of interference with privacy Must not repeat or continue conduct Reasonable act or course of conduct required

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 6 — APP 11.2 – Whether personal information disclosed for a primary purpose – Failure to take reasonable steps to destroy or de-identify personal information no longer needed – Breach of APP 11.2 – Acknowledgement of interference with privacy – Must not repeat or continue conduct – Reasonable act or course of conduct required

    View on AustLII

    Decision

    ‘ALI’ and ‘ALJ’ (Privacy) [2024] AICmr 131 (20 June 2024)

    Decision year

    20 June 2024

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 7B(3) APP 6.1

    Determination

    Remenedies

    Acknowledgement of interference with privacy Respondent must not continue or repeat conduct Compensation for non-economic loss and reasonably incurred expenses

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — Employee records exemption – Whether act or practice is directly related to employment relationship – APP 6 – Use or disclosure of personal information – Whether personal information was used for primary purpose – Breach of APP 6 – Acknowledgment of interference with privacy – Must not repeat or continue conduct – Compensation for non-economic loss – Reasonably incurred expenses

    View on AustLII

    Decision

    Cherrybrook Medical Centre (Privacy) [2024] AICmr 40 (28 February 2024)

    Decision year

    28 February 2024

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Finding:

    Breach

    Respondent must not repeat conduct

    Catchword summary

    Privacy

    My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice

    View on AustLII

    Decision

    Rao Medical Centre (Privacy) [2024] AICmr 40 (23 February 2024)

    Decision year

    23 February 2024

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice – Must take specified steps to address interference with privacy

    View on AustLII

    Decision

    AGX’ and ‘AGY’ (Privacy) [2024] AICmr 16 (29 January 2024)

    Decision year

    29 January 2024

    Status

    Breach

    Legislative provision

    APP 12.1, APP 12.8

    Determination

    Remedies>

    Must not repeat or continue such conduct.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 12 – Whether personal information was held – Whether exception to access applied – Whether request for access was frivolous or vexatious – Whether charge for access was excessive – Breach of APP 12.1 – Breach of APP 12.8

    View on AustLII

Showing 1 to 10 of 89 results

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia