A Department of Defence employee was asked if he
consented to a medical report commissioned by the Department being
made available to his own doctor, in relation to a compensation
claim he'd made. He said no. Defence sent it to the doctor
The employee was quite miffed and made a complaint to the
Privacy Commissioner, requesting an apology and some cash. The
Commissioner obliged, finding that Defence had breached its
obligation not to disclose personal information without consent,
and ordering that it say sorry and pay the complainant $5,000. The
Department also got some homework: to amend its personal
information handling procedures and report back in six months.
We don't think $5k will cause a blip on Defence's
financial radar, but the decision has us wondering what the
Commissioner will do about more serious breaches of privacy. In the
digital age, single data breaches can affect millions of people at
once (think the recent examples of 250,000 Aussie dating site
users, 40 million US Target and 60 million Home Depot customers,
all of whom had their credit card details stolen). If the
Commissioner is willing to award $5k to an individual who had a
medical report sent to his own doctor, what should you expect if
someone handed your credit card details to the Russian mafia?
Multiply a few million customers by $5,000 and we're talking
What's more, the Defence case was decided under the old
Privacy Act. The laws were overhauled in March this year, and the
Commissioner now has much broader powers to award compensation,
including to individuals who haven't even asked for it. He can
also now impose penalties on corporations of up to $1.7 million. If
you're not taking the protection of your customer's
personal info seriously yet, you are betting against the house.
We do not disclaim anything about this article. We're
quite proud of it really.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).