UQ undertook a national telephone survey conducted with 1106 adults across Australia between November 17 and December 14, 2011. Reported data was proportionally weighted to adjust for design (chance of selection), contact opportunities (mobile only, landline or both) and demographics (gender, age, education and state)

The survey found that Australians have a high level of internet use but are wary of websites that collect too much information about their visitors.

More than 90 per cent of the survey’s respondents supported regulations that would allow them to control the capture and use of their personal information online and they would like companies to be legally required to notify people at the time when they are collecting personal information; to provide users with the ability to “opt out” of having their information collected; and to allow users to request their personal information be deleted.

The survey also found that Australians also overwhelmingly support the creation of a legal right to privacy – a measure recommended Read the rest of this entry »

In G and Parking Services Organisation [2011] AICmrCN 1 the Commissioner considered a complaint in the context of NPP 1.1, requiring organisations to only collect personal information if the information is necessary for one or more of its functions or activities, NPP 1.2, that an organisation must collect personal information only by lawful and fair means an not in an unreasonably intrusive way, and NPP 4.2, that an organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.

FACTS

The complainant alleged that a parking services organisation had no reason to collect personal information and they wanted the organisation to destroy the information.  The parking services organisation had a short business relationship with the complainant and believed it was owed money from that relationship. To pursue the debt, the organisation obtained a court subpoena for records held by a state government department. These records contained the complainant’s personal information, relating to the complainant.

The complainant alleged there was a mistake in the organisation’s internal processes, and the complainant was not in debt to the organisation. On that basis, the complainant did not consider it necessary for the organisation to collect their personal information and did not want the organisation to hold information.

DECISION

The  organisation argued Read the rest of this entry »

In H and Registered Club [2011] AICmrCN 2 the Commissioner made a determination involving NPP 1.1, whereby an organisation must not collect an individual’s personal information, unless that information is necessary for one of more if its functions or activities, 1.3, at or before the time an organisation collects an individual’s personal information it must take reasonable steps to ensure an individual is aware of a number of factors, including the purposes for which the information is collected, and 4.2, an organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

FACTS

The complainant alleged that a registered club interfered with his/her privacy by scanning his/her driver licence and, in doing so, recording unnecessary information.  While the complainant conceded that the club was required to collect their name, address and signature he/she considered the collection of the other information on the licence, including their date of birth, driver’s licence number, driver’s licence type and photograph to be unnecessary.

DECISION

As part of the conciliation process, the complainant Read the rest of this entry »

Acting Victorian Privacy Commissioner, Dr Anthony Bendall, today released an Information Sheet on Surveillance and privacy for organisations regulated by the Victorian Information Privacy Act 2000.

The Information sheet provides (without footnotes):

In I and Insurance Company [2011] AICmrCN 3 the Commissioner considered the operation of NPP 3, which requires an organisation to take reasonable steps to make sure that the personal information it collects, uses or discloses about an individual is accurate, complete and up-to-date.

FACTS

The complainant was a loss assessor in the insurance industry. In the course of investigating an alleged fraud an insurance company collected the complainant’s personal information from a third party insurance industry database.  The complainant accessed his/her file on the industry database and discovered that the insurance company had made multiple enquiry listings and had inaccurately listed the purpose for the enquiries, stating that the complainant was  a ‘witness’, ‘insured’ and a ‘third party claimant’. The enquiries did not provide any reference number.

DECISION

The insurance industry database had a field to place a reference number for enquiries but it was not mandatory. The insurance company did not include an enquiry reference number when Read the rest of this entry »

In K and Finance Company [2011] AICmrCN 5 the Privacy Commissioner considered the application of section 18E which prohibits a credit provider from listing information on an individual’s credit file unless it has notified the individual that it may disclose their information to a credit reporting agency and section 6 which considers the defintion of serious credit infringement.

FACTS

The complainant advised he/she had signed as guarantor for a loan for a family member. The finance company who provided the loan to the family member subsequently listed a serious credit infringement on the complainant’s consumer credit information file held by a credit reporting agency.

The Commissioner after obtaining a copy of the loan contract Read the rest of this entry »

In L and Insurer [2011] AICmrCN 6 the Privacy Commissioner considered the operation of section 7B(5) of the Privacy Act, which provides an exemption when acting under a State contract.

FACTS

The complainant lodged workers compensation claims with two current employers. The complainant alleged the insurer handling those claims disclosed details about a third, unrelated workers compensation claim against a previous employer to the solicitors handling the claims for the two current employers.

DECISION

The Commissioner Read the rest of this entry »

In M and Law Firm [2011] AICmrCN 7 the Privacy Commissioner considered the operation of NPP 2, where NPP 2.1 provides that an organisation must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection with the relevant exception at NPP 2.1(a) which permits the use or disclosure of personal information for a secondary purpose where that purpose is related to the primary purpose of collection, and the individual would reasonably expect the disclosure.

FACTS

A law firm, acting on behalf of the complainant’s former utility service provider, commenced debt recovery action Read the rest of this entry »

In N and Law Firm [2011] AICmrCN 8 the Privacy Commissioner considered the operation of NPP 1.2, that an organisation must collect personal information only by lawful and fair means and not in an unreasonably intrusive way, and NPP 10.1, requring an organisation not to collect sensitive information about an individual unless one or more of the exceptions at NPP 10.1 applies of which NPP 10.1(e) allows an organisation to collect sensitive information about an individual if the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

FACTS

The complainant alleged that a law firm interfered  by improperly collecting personal information, including their health information, by using covert film surveillance. This information was subsequently disclosed during court proceedings. The law firm was acting for its client, an insurer, when it collected the complainant’s personal information.

DECISION

While the Commissioner  interprets ‘fair’ in the context of NPP 1.2 as to mean ‘without intimidation or deception’ that usually precludes Read the rest of this entry »

In O and Professional Association [2011] AICmrCN 9 the Privacy Commissioner considered the operation of NPP 6.1 , requiring an organisation that holds personal information about an individual to  provide that person with access to that information unless exceptions apply, and NPP 6.2 which provides that an organisation may need not to provide direct access to information that will reveal commercially sensitive decision making processes if it gives an explanation for the commercially sensitive decision.

FACTS

The complainant sought access to a completed and marked exam paper and the associated documents which were used to mark and rate his/her performance along with the application for special consideration and all relevant documentation used in assessment of that application from a professional association. The professional association provided the complainant with a copy of the front page of the exam paper and the multiple choice sheet that contained his/her personal information Read the rest of this entry »