Australia: FYI - FOI Case Notes

Last Updated: 14 November 2008
Article by James Stellios and Avinesh Chand

Haneef and Department of Immigration and Citizenship [2008] AATA 587 - Freedom of Information Act 1982 (Cth); section 36; internal working documents; public interest

On 8 July 2008, the Administrative Appeals Tribunal (Justice Tamberlin) ordered that certain documents found to be exempt from release under the Freedom of Information Act 1982 (Cth) by the Department of Immigration and Citizenship were in fact not so exempt.

In an application lodged under the FOI Act, Dr Haneef had sought access to documents relating to the cancellation of his subclass 457 Business (Long Stay) visa, the decision to detain him and his ongoing detention in 2007. In his application, Dr Haneef also sought documents relating to the issue of a Criminal Justice Stay certificate in respect of him and any documents recording or relating to communications between various Government Departments concerning him.

In his decision of 24 April 2008, the Department's decision-maker claimed exemptions under the FOI Act in respect of 282 documents. Subsequently, the claims for exemption were removed in relation to 141 documents and the Department stated that it would consider its position in relation to the others. Shortly before the hearing, the Department indicated that 73 documents were duplicates, and Dr Haneef did not pursue release of them. By the time the Tribunal hearing was completed, the claims for exemptions, based solely on section 36(1) of the FOI Act, applied to only six documents, described as Document 8, 38, 40, 46, 52 and 56.

Document 8

Document 8 was described as an options paper with respect to how the Minister may deal with issues raised by Dr Haneef's arrest. The Department argued that Document 8 disclosed the processes of an officer of the Department in relation to the way in which the functions of government agencies might operate in the circumstances that existed at the time that Dr Haneef was a person of interest to the Australian Government. The Department claimed that Document 8 was part of a preliminary process of eliciting views or brainstorming with the intention of formulating options which the Minister might employ with dealing with Dr Haneef's case. The Department described the contents of Document 8 as "mere musings".

The Tribunal found that Document 8 came within the scope of section 36(1)(a) as it disclosed matters in the nature of or relating to the giving of advice or opinions or recommendations for the purpose of the deliberative processes involved in the Minister's ultimate decision to cancel Dr Haneef's visa. The Tribunal found that Document 8 gathered information and expresses some very preliminary or nascent opinions about the import of that information for the purpose of formulating, at some later stage, recommendations and options to be presented to the Minister.

The Tribunal found also that the disclosure of Document 8 would be contrary to the public interest. The Tribunal found that the content of Document 8 would be misunderstood by the public and mischaracterised by those who are unacquainted with the full details of Dr Haneef's case and the way in which various Australian government agencies and officers handled it. In particular, the Tribunal found that the characteristics of Document 8 such as the preliminary nature of the views expressed, the questions which are raised but not answered, the speculation as to how events may unfold in the future and the way in which the Department might respond, demonstrate that disclosure of the document would more readily lead to its misconstruction in the public arena.

Accordingly, the Tribunal concluded that Document 8 qualified for exemption under section 36 of the FOI Act.

Document 38, 40, 46, 52 and 56

The Tribunal noted that these documents were directed to the Minister or senior members of his staff. The Tribunal found that the documents differed from Document 8 in that the information contained in them was not in any way expressed to be tentative or requiring further investigation. The documents were options papers or a draft of the Statement of Reasons explaining the decision of the Minister

The Tribunal found that the documents were clearly an important part of the deliberative process which the Department and the Minister engaged in before selecting the final course of action in respect of the cancellation of Dr Haneef's visa.

The Tribunal also found however that the disclosure of the documents would not be contrary to the public interest and that as such, the documents were not exempt under section 36 of the FOI Act. In coming to this conclusion, the Tribunal noted that no convincing evidence had been presented to it by the Department establishing any direct, significant or specific disadvantage that would be likely to flow from disclosure of the documents. In relation to the Department's argument that disclosure of the documents would lead the Department's officers to resort to a lack of candour if they were concerned that their draft opinions and the various options that they propose might later be subjected to public scrutiny, the Tribunal found that such arguments did not demonstrate that it would be contrary to the public interest for the documents to be disclosed.

The Tribunal held that the documents were not exempt from disclosure under the FOI Act pursuant to section 36(1).

The Tribunal's decision in this case highlights the need, where possible, to provide evidence of likely damage that will result if documents are disclosed when arguing that the public interest does not favour disclosure of documents under the FOI Act rather than relying merely on assertions about the impact on frankness and candour of public servants if documents are disclosed.

Administrative Decisions Tribunal Appeal Panel v Director General, Department of Commerce [2008] NSWCA 140 - Freedom of Information Act 1989 (NSW); adequacy of searches undertaken by agency; power of the Administrative Decisions Tribunal on review

On 19 June 2008, the New South Wales Court of Appeal (Justices Beazley, Giles and Basten) held that the jurisdiction of the New South Wales Administrative Decisions Tribunal conferred by section 53 of the Freedom of Information Act 1989 (NSW) does not extend to review of the adequacy of searches undertaken by an agency in response to a request for access to an agency's documents.

Mr Cianfrano had made an application under the FOI Act for access to certain documents purportedly held by the New South Wales Department of Commerce and the Department of Public Works and Services.

Access was provided to a number of documents and exemptions from disclosure under the FOI Act were claimed in relation to others.

Mr Cianfranco applied to the Tribunal seeking review of the decision to claim exemptions from disclosure in relation to some of the documents. During the course of the Tribunal's hearing, a question arose as to the sufficiency of the searches undertaken by the Director-General of the Department of Commerce in relation to the documents that Mr Cianfranco was seeking from the Department.

Justice O'Connor, the President of the Tribunal, dismissed the Director-General's objection to the Tribunal's jurisdiction to hear and determine the question of the sufficiency of an agency's search for documents within the scope of an application under the FOI Act. The Director-General appealed from that determination to an Appeal Panel which referred the matter as a question of law to the New South Wales Court of Appeal.

At first instance Justice O'Connor had relied on the decision of Beesley v Commissioner of Police, New South Wales Police Service [2000] NSWADT 52 in finding that the Tribunal had jurisdiction to deal with an objection that an agency had not engaged in a sufficient search.

In Beesley, Smith JM found that a determination to refuse access to documents pursuant to section 24 of the FOI Act could impliedly be made on the basis that the documents could not be identified or located, or had been found positively not to exist. As section 53 of the FOI Act provided the Tribunal with the power to review a determination made under section 24, Smith JM found that the Tribunal had jurisdiction to inquire into and make a determination as to the adequacy of an agency's search in deciding whether the determination under section 24 to refuse access to documents was the correct determination.

The Court of Appeal (Justices Beazley and Basten wrote separate judgments which did not differ materially in their reasoning) found that it is not correct to construe a statement by an agency that a document does not exist or that it does not have the document, as a refusal to give access to a document. The Court of Appeal also noted that, under the FOI Act, there are only two available determinations that may be made: to grant access or to refuse access. The Court of Appeal further noted that a determination to refuse access under the FOI Act could only be made on one or more of the bases specified in section 25 of the FOI Act which did not include that documents could not be identified or located, or had been found positively not to exist.

As such, the Court of Appeal found that there was nothing in the FOI Act that confers jurisdiction to conduct a review of, or inquiry into, the sufficiency of an agency's search for documents. The Court of Appeal noted that the appropriate recourse to a person dissatisfied with an agency's response that a document does not exist or is not held by an agency is to seek prerogative relief, or relief via the New South Wales Ombudsman.

In the course of his judgment, Justice Basten noted that the Freedom of Information Act 1982 (Cth) differed from the FOI Act in respect of the issue that the Court of Appeal was considering. Section 24A of the Commonwealth FOI Act provides that where an agency is satisfied that a document is in its possession but cannot be found or that the document does not exist, it is empowered to refuse a request for access to the document. The Court of Appeal noted that such a satisfaction depends on all reasonable steps having been taken to find the document and because the result is a refusal to grant access, the agency's decision is reviewable by the Commonwealth Administrative Appeals Tribunal which has power under the Commonwealth FOI Act to review decisions to refuse access. The FOI Act does not contain a provision equivalent to section 24A of the Commonwealth FOI Act.

University of Melbourne v McKean [2008] VSC 325 - Freedom of Information Act 1982 (Vic); section 34(4)(c); exam papers and marking guides

On 28 August 2008, the Victorian Supreme Court (Justice Kyrou) dismissed an appeal by the University of Melbourne from the decision of the Victorian Civil and Administrative Tribunal that the exemption at section 34(4)(c) of the Freedom of Information Act 1982 (Vic) did not apply to exam papers and a marking guide which had already been used and was sought by Mr McKean from the University.

Mr McKean sought access to documents including his examination paper and the examination marking guide for the subject "Intermediate Personal Finance" as well as the marking guide for the subject "Investments" which he had also studied. The University refused access, relying on section 30(1) which deals with internal working documents and section 34(4)(c) which deals with examination papers and similar documents whose use has been completed.

The Victorian Civil and Administrative Tribunal considered a review application by Mr McKean and ordered that the documents be released to him. The Tribunal concluded that none of the three documents are exempt under section 30(1) or 34(4)(c) of the Act.

Section 34(4)(c) provides that a document is an exempt document if it is an examination paper, paper submitted by a student in the course of an examination , an examiner's report or similar document and the uses or uses for which the document was prepared have not been completed.

The University's evidence before the Tribunal indicated that for the two subjects in question, there was a relatively narrow syllabus and that only a limited amount of information can be examined in relation to the two subjects. The University indicated that as such, examination questions are recycled from year to year from a limited bank of questions and that disclosure of marking guides from a particular semester would enable students in a future semester to "learn by heart" answers to common questions. The University indicated that while examinations are not replicated from year to year, some examination questions will appear on later exams and the marking guide for that question will also correlate with the earlier one.

In deciding that section 34(4)(c) of the Act did not apply to the three documents in question, the Tribunal found that each of the three specific documents was prepared solely for use in the particular examination in the particular subject in the particular semester to which it related. The Tribunal found that the use of the documents was completed at the end of the examination assessment period when the results were published.

Before the Supreme Court, the University only challenged the Tribunal's decision that section 34(4)(c) did not apply to the relevant documents as an exemption from disclosure.

In the course of the Court's judgment, Justice Kyrou noted that the subject matter for review before the Tribunal in relation to section 34(4)(c) was whether the uses for which the three documents were prepared had been completed.

The Court noted the evidence provided to the Tribunal by the University that the three documents requested by Mr McKean were used only once for the particular examination and the documents as a whole were not used again while the examination questions and correct answers to those questions that appear in the three documents were drawn from a larger number of questions and answers in the bank of questions kept by the University in electronic form. The Court held that the Tribunal had correctly decided that the documents were not exempt under section 34(4)(c).

The Court rejected the University's argument that the Tribunal had erred by failing to advert to the fact that "document" for the purposes of the FOI Act includes a part of a document - that is, that each part can itself be a "document". The definition of "document" at section 5(1) of the FOI Act includes any part of a copy, reproduction or duplicate of a document.

The University argued that the Tribunal failed to consider whether the uses for which parts of the document had been prepared had been completed, and that had the Tribunal asked itself that question, the evidence would have led the Tribunal to conclude that the documents were exempt under section 34(4)(c).

The Court found that the evidence before the Tribunal indicated that the three documents in issue are not complete or exact copies, reproductions or duplicates of any other document. The Court found that even if it is accepted that the marking guides and the examination paper were copies, reproductions or duplicates of other documents in the University's bank of questions, the Tribunal's reasoning indicated that it was not satisfied that the uses for which the three documents in issue, whether considered as a whole or in their constituent parts, had been prepared, had not been completed.

The Court dismissed the University's appeal.

I v Contracted Service Provider to Commonwealth Agency [2008] PrivCmrA 9 - Privacy Act 1988 (Cth); collection of personal information; IPP 2

On 26 June 2008, the Privacy Commissioner made a decision pursuant to section 41(2)(a) of the Privacy Act 1988 (Cth) closing a complaint after she was satisfied that the respondent agency had adequately dealt with the matter following the Privacy Commissioner's receipt of the complaint.

The respondent organisation, which managed premises of an Australian Government agency, collected personal information of people entering the premises as a condition of entry. The collected information was then entered into a computer database by the respondent organisation and held on behalf of the agency.

The complainant alleged that they were not informed of the purpose for which their personal information was collected nor the purposes for which the information would be used or disclosed.

The respondent organisation advised the Privacy Commissioner that it collected the personal information for security purposes and to fulfil the agency's obligations as specified in that agency's governing legislation. The Privacy Commissioner agreed that one of the organisation's lawful functions was to maintain the security of the agency's premises and, in the circumstances, the collection of personal information from people visiting the premises was integral to that purpose.

However, the Privacy Commissioner formed the view that the respondent organisation had breached IPP 2 by not providing visitors to the premises with adequate notice as to the purpose for which their information was collected or to whom the information might be disclosed.

In order to resolve the matter, the respondent organisation added a notice to its Visitor Application form that advised visitors of the purpose of the collection of personal information which included investigating any incidents involving visitors to the premises. The notice also advised visitors that their personal information would be treated confidentially and used and disclosed only in accordance with the contracting agency's governing legislation and the Privacy Act. The respondent organisation also agreed to display this notice on the premises in the visitors' area in several languages.

The Privacy Commissioner noted in its decision that section 95B of the Privacy Act requires an agency to take contractual measures to ensure that a contracted organisation providing services to it does not act or engage in any practice that would breach the Information Privacy Principles if the act or practice had been done by the agency. In particular, section 95B requires an agency to ensure that the Commonwealth contract between the agency and the contracted organisation does not authorise the contracted organisation to do or engage in such an act or practice.

The Commissioner closed the complaint as she was satisfied that the respondent agency had adequately dealt with the matter.

O v Commonwealth Agency [2008] PrivCmrA 15 - Privacy Act 1988 (Cth); disclosure of personal information; required or authorised under law; IPP 11.1(d)

On 26 June 2008, the Privacy Commissioner decided not to investigate this matter further after being satisfied that the complainant's privacy had not been interfered with.

The respondent agency requested information from the complainant relevant to a decision the agency was making between the complainant and a third party. The information provided by the complainant included details about the complainant's occupation. At the time the information was provided, the complainant asked that information about their occupation not be disclosed to anyone unless there was sufficient justification for the agency to do so.

As information relating to the occupation of the complainant was an integral component of its decision in relation to the matter between the complainant and the third party, the agency disclosed information relating to the occupation of the complainant to the third party as part of its decision-making process.

The complainant alleged that the agency had improperly disclosed person information to the third party.

Following the provision of information from the agency explaining its actions, the Privacy Commissioner reached the view that the agency was required by a Commonwealth Act, in certain circumstances (which were met in this case), to disclose the complainant's occupation to the third party. The Privacy Commissioner also reached the view that the legal doctrine of procedural fairness obliged the agency to provide the information on which it based its decision, including information relating to the complainant's employment, to the third party who was affected by the agency's decision.

The Privacy Commissioner came to the view that the disclosure of the personal information was required or authorised under law (IPP 11.1(d)) and that the privacy of the complainant had not been interfered with.

S v Health Service Provider [2008] PrivCmrA 19 - Privacy Act 1988 (Cth); protection of personal information from misuse, loss or unauthorised access; NPP 4.1

On 29 August 2008, the Privacy Commissioner closed her investigation in this matter after the respondent health service provider agreed to participate in conciliation in order to effect a settlement of the matters that gave rise to S's complaint.

In the course of receiving a medical service from the respondent health service provider, the complainant gave the health service provider their x-rays. The complainant later requested the return of their x-rays.

The health service provider forwarded copies of the complainant's medical records and original x-rays by general post (a postal service that could not track the transmission of items of mail).

The Privacy Commissioner noted that National Privacy Principle 4.1 provides that an organisation must take reasonable steps to protect the personal information that it holds from misuse and loss and from unauthorised access, modification or disclosure. The Privacy Commissioner stated that in deciding what "reasonable steps" are, an organisation must consider a number of factors including the circumstances in which personal information is held and the sensitivity of the personal information.

The Privacy Commissioner noted that as health information, the complainant's medical records and x-rays are sensitive information as defined in the Privacy Act 1988 (Cth) and that such information is generally afforded a higher level of protection than other forms of personal information. The Privacy Commissioner further noted that the potential harm the complainant would suffer, should the x-rays be lost in the mail was significant as the loss of this record of the complaint's condition would be permanent.

The Privacy Commissioner stated that while the health service provider was not a large organisation, the cost of alternative methods to transmit the documents would not be a significant financial burden. The Privacy Commissioner formed the view that the health service provider breached NPP 4.1 by failing to take reasonable steps to protect the complainant's personal information by using the general mail.

The Privacy Commissioner closed her investigation after the health service provider agreed to participate in conciliation in order to effect a settlement of the matters that gave rise to the investigation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Mondaq Advice Centre (MACs)
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.