Privacy determinations

1 to 10 of 83 results

    Decision

    ‘ALI’ and ‘ALJ’ (Privacy) [2024] AICmr 131 (20 June 2024)

    Decision year

    20 June 2024

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 7B(3) APP 6.1

    Determination

    Acknowledgement of interference with privacy Respondent must not continue or repeat conduct Compensation for non-economic loss and reasonably incurred expenses

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — Employee records exemption – Whether act or practice is directly related to employment relationship – APP 6 – Use or disclosure of personal information – Whether personal information was used for primary purpose – Breach of APP 6 – Acknowledgment of interference with privacy – Must not repeat or continue conduct – Compensation for non-economic loss – Reasonably incurred expenses

    View on AustLII

    Decision

    Cherrybrook Medical Centre (Privacy) [2024] AICmr 40 (28 February 2024)

    Decision year

    28 February 2024

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Finding:

    Breach

    Respondent must not repeat conduct

    Catchword summary

    Privacy

    My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice

    View on AustLII

    Decision

    Rao Medical Centre (Privacy) [2024] AICmr 40 (23 February 2024)

    Decision year

    23 February 2024

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) – Whether interference with privacy of healthcare recipient – breach of s 73(1)(a) – My Health Record Rule 2016 – Compliance with rules 41 and 42 – Eligibility to hold registration – No written policy that reasonably addressed matters in rule 42(4) – Privacy Act 1988 (Cth) – breach of s 13 – Must not repeat or continue act or practice – Must take specified steps to address interference with privacy

    View on AustLII

    Decision

    AGX’ and ‘AGY’ (Privacy) [2024] AICmr 16 (29 January 2024)

    Decision year

    29 January 2024

    Status

    Breach

    Legislative provision

    APP 12.1, APP 12.8

    Determination

    Remedies>

    Must not repeat or continue such conduct.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 12 – Whether personal information was held – Whether exception to access applied – Whether request for access was frivolous or vexatious – Whether charge for access was excessive – Breach of APP 12.1 – Breach of APP 12.8

    View on AustLII

    Decision

    'AHM' and JFA (Aust) Pty Ltd t/a Court Data Australia (Privacy) [2024] AICmr 29 (12 February 2024)

    Decision year

    12 February 2024

    Status

    Finalised

    Legislative provision

    APP 3.5, APP 5, APP 10 and APP 13

    Determination

    Remedies

    Cease unlawful collection of personal information and remove unlawfully collected personal information and destroy records

    Catchword summary

    Privacy

    Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 3.5 – APP 5 – APP 10 – APP 13 – Collection and disclosure of personal information – Whether collection and disclosure of personal information was fair and lawful – Whether reasonable steps taken to notify of collection and disclosure – Whether reasonable steps taken to ensure accuracy of personal information – Breach of APP 3.5 and APP 5 and APP 10 – Case unlawful collection of personal information – Remove unlawfully collected personal information and destroy records

    View on AustLII

    Decision

    Cardiac Dynamics [2023] AICmr 96 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

    Visit AUSTLII

    Decision

    Burwood Westfield Medical Centre (Privacy) 2023 AICmr 108 (9 November 2023)

    Decision year

    9 November 2023

    Status

    Finalised

    Legislative provision

    My Health Records Act 2012 (Cth) s 73(1)(a) and Privacy Act 1988 (Cth) s 13

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and must take specified steps to address interference with privacy.

    Catchword summary

    Privacy — My Health Records Act 2012 (Cth) — Whether interference with privacy of healthcare recipient — breach of s 73(1)(a) — My Health Record Rule 2016 — Compliance with rules 41 and 42 — Eligibility to hold registration — No written policy that reasonably addressed matters in rule 42(4) —Privacy Act 1988 (Cth) — breach of s 13 — Must not repeat or continue act or practice — Must take specified steps to address interference with privacy

    Visit AUSTLII

    Decision

    Pacific Lutheran College (Privacy) [2023] AICmr 98 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 26WH and s26WK

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct. Respondent must prepare and implement incident response plan. Respondent must prepare and implement information security program.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Section 26WH — Section 26WK — Eligible data breach — Assessment of suspected eligible data breach — Whether assessment was reasonable and expeditious — Whether all reasonable steps taken to complete assessment within 30 days — Statement about eligible data breach — Whether copy of statement was provided to Commissioner as soon as practicable — Breach of s 26WH(2) and s 26WK(2) — Must not repeat or continue conduct

    Visit AUSTLII

    Decision

    Datateks Pty Ltd (Privacy) [2023] AICmr 97 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    Privacy Act 1988 (Cth) s 26WH and s26WK

    Determination

    Breach

    Remedies

    Respondent must not repeat conduct and prepare incident response plan, a copy of which is to be provided to the Commissioner within 3 months of determination.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Section 26WH — Section 26WK — Eligible data breach — Assessment of suspected eligible data breach — Whether assessment was reasonable and expeditious — Whether all reasonable steps taken to complete assessment within 30 days — Statement about eligible data breach — Whether copy of statement was provided to Commissioner as soon as practicable — Breach of s 26WH(2) and s 26WK(2) — Must not repeat or continue conduct

    Visit AUSTLII

    Decision

    'AEZ' and Serco Group Pty Limited (Privacy) 2023 AICmr 93 (24 October 2023)

    Decision year

    24 October 2023

    Status

    Finalised

    Legislative provision

    APP 10 and APP 13

    Determination

    Breach

    Remedies

    Respondent to acknowledge their interference with the complainant’s privacy in a written apology, and to not repeat or continue conduct. Respondent to pay compensation in the amount of $1,500 to the complainant.

    Catchword summary

    Privacy — Privacy Act 1988 (Cth) — Australian Privacy Principles — APP 10.1 — APP 10.2 — APP 13.3 — Whether reasonable steps taken to ensure personal information was complete, accurate, up-to[1]date and relevant — Failure to provide written notice with mechanisms available to complain about refusal to correct personal information — Breach of APP 10.1 — Breach of APP 13.3 — Acknowledgement of interference with privacy — Must not repeat or continue conduct — Compensation awarded — Reasonable act or course of conduct to redress loss or damage required.

    View on AUSTLII

Showing 1 to 10 of 83 results

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia