July 21, 2018

July 20, 2018

Subscribe to Latest Legal News and Analysis

July 19, 2018

Subscribe to Latest Legal News and Analysis

July 18, 2018

Subscribe to Latest Legal News and Analysis

OAIC's Controversial Decision Broadens Scope for the Disclosure of Personal Information

In 2017 Andie Fox, a recipient of Centrelink benefits, wrote a highly critical opinion piece on Centrelink’s debt recovery system, alleging that she was being pursued for a non-existent debt.  In response Centrelink provided Ms Fox’s personal information, previous communications and claims history to a journalist who published an article claiming that Centrelink had been ‘unfairly castigated’ by Fox.  The OAIC commenced an investigation into the release and has controversially confirmed Centrelink’s disclosure as permitted under the Privacy Act.

The OAIC found that the disclosure was permitted by Australian Privacy Principle (APP) 6.2(a)(ii).  Pursuant to the APPs, an APP entity may only use or disclose personal information for the purpose for which it was collected (the primary purpose) or, where an exception applies, a secondary purpose.  APP 6.2(a)(ii) permits disclosure where the individual would reasonably expect the entity to disclose their information and the disclosure is related to the primary purpose.

Relevantly, APP Guideline 6.22 provides examples of when the OAIC considers that an individual may reasonably expect disclosure of their personal information, and includes circumstances in which the individual has made negative comments about an APP entity to the media about the way the entity has treated them.  Here, the OAIC explains in the APP Guidelines that it may be reasonable to expect that the entity would wish to respond to the criticism in a similarly public manner, including by revealing personal information specifically relevant to the issues the individual has raised.  The decision reinforces the broad range of circumstances in which governmental agencies and private companies may legally release personal information about individuals to the public – though presumably, if an APP entity’s privacy policy or other disclosures were inconsistent with that expectation (for example, if the entity states that it does not share information in that way), it would not have been considered to be “reasonably expected” by the individual.

It’s worth noting that in this case the OAIC stated that it carefully considered the specific public statements made by the individual, and the specific information disclosed in response, to determine if the disclosure was consistent with those expectations, so any APP entity wishing to rely on this exception will need to ensure it has carefully considered and can justify its decisions and the specific range of information to disclose.  However, while the decision is viewed in this way as consistent with existing privacy laws, some Australian civil and digital rights advocates are arguing that it may not be consistent with community expectations about privacy protection.  In light of the backlash, organisations should be aware of the potential commercial and reputational ramifications of disclosure, even when that disclosure would otherwise seem to be permitted by privacy laws.

Copyright 2018 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Warwick Andersen Technology Lawyer KL Gates
Attorney

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.

+61-2-9513-2508
Rob Pulham, KL Gates, Corporate technology requirements lawyer, contracts drafting attorney
Senior Associate

Mr. Pulham is a corporate and commercial lawyer. His practice includes advising clients in managing their technology requirements and contracts (including drafting, review and negotiation of contracts for the provision of technology products and services), providing advice regarding privacy, data protection and copyright law, marketing and advertising, website content and general commercial intellectual property advice.

Mr. Pulham's experience includes having worked for leading technology suppliers, large Australian financial institutions, and food and beverage manufacturers, as well as Australian and Victorian government agencies.

61-3-9640-4414