The Federal Privacy Commissioner has released case notes on four finalised privacy complaints. Two of the cases contain pointers for organisations regardless of which of Australia's diverse privacy laws apply to them.
In B v Australian Government Agency (2006) PrivCmrA2 an employee of the agency became aware that records consisting of confidential emails and reports about their employment were held in a computer file that was not restricted from general access and could be viewed by other staff in the complainant’s staff group. The agency admitted this was a breach of the privacy principle which requires protection of personal information from unauthorised access. The agency agreed to remedy the situation and to pay for the complainant to receive counselling for the distress caused by the incident.
D v Banking Institution (2006) PrivCmrA4 shows that old habits, or more correctly old computer systems, die hard but can give rise to a privacy problem if they involve the collection of information not necessary for a function or activity. They can also prove to be expensive in responding and dealing with complaints that might arise.
In order to open a deposit account the Institution asked the complainant to complete a question about their marital status and said that if it wasn't supplied the computer system would not accept the application. It agreed during the course of the Privacy Commissioner’s investigation that this information had no bearing on the complainant’s eligibility to open an account and it was therefore in breach of the principle. The Institution agreed to change its computer system, to provide reports on progress and to raise the issue of marital status collection with its industry body as it appeared to be an industry wide practice
No comments:
Post a Comment