It's happened to all of us – that inadvertent
'reply all' in which you ridicule the managing
partner's male pattern baldness, or email the wrong Darren who
receives a link to a cat
Vine instead of your learned legal advice.
In what must be one of the grandest email stuff-ups of all time,
just prior to the recent G20 Summit an employee at the Commonwealth
Department of Immigration and Border Protection inadvertently
emailed personal details of several world leaders to the wrong
person. Yes, WORLD LEADERS. And we're talking really serious
ones like the Presidents of the US, China and India, and Mr Putin
(who we believe is quite prone to crankiness). Details included
name, date of birth, passport and visa numbers. The pesky autofill
function in Outlook was to blame.
While there is no requirement under the Privacy Act to disclose
breaches, the Department thought it best to advise the Privacy
Commissioner of the stuff-up (they didn't think it was
necessary to advise the world leaders though).
In its fessing up letter, the Department noted "The risk
remains only to the extent of human error, but there is nothing
systemic or institutional about the breach". We don't know
whether the Privacy Commissioner will take any action against the
Department, but he has found in the past that breaches of the
privacy laws caused by human error are OK, as long as the entity
has appropriate policies and procedures in place to avoid breaches.
Back in 2010 Telstra inadvertently sent customer details of about
60,000 customers to the wrong people. The breach was due to human
error and, while the breach was significant, the Commissioner took
no action against Telstra as it generally took reasonable steps to
protect personal information.
The short answer: accidentally emailing personal information to
the wrong person is fine, as long as you have procedures in place
to prevent what happened from happening. Even though it actually
did happen. One of those situations where having a rule and failing
to follow it is better than having no rule at all.
We do not disclaim anything about this article. We're
quite proud of it really.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).