The Federal Privacy Commissioner has published case notes on seven attempts to mediate complaints. All concern issues arising under the Federal Privacy Act. Some raise some important points, but it is also clear that different results might have emerged if these issues were examined under state or territory laws.
For example this medical practitioner resisted the provision of a copy of medical records sought by the individual concerned (B v Surgeon (2007) PrivCmrA2). How widespread is this issue in the health sector?
A Federal government agency was found to have breached privacy principles by routinely asking job applicants whether they had ever suffered from a work related injury or illness, Own Motion Investigation v Australian Government Agency (2007) PrivCmrA4. My guess is they're not the only organisation who might have been asking this sort of question.
For some of the potential privacy pitfalls when information available on a public register of a Federal government body, is then posted on another organisation's website, see Own Motion Investigation v Bankruptcy Trustee Firm (2007) PrivCmrA5.
And the Commissioner found in E v Retail Organisation (2007) PrivCmrA7, that a retail company who replaced a faulty computer, but then resold the computer without erasing personal information from the hard drive as promised, was "deemed" to have collected the personal information, and breached privacy obligations by selling the computer with hard drive intact to someone else.
No comments:
Post a Comment