Australia: Can You Keep a Secret? When a Work Address Is Personal Information

By Alan Bradbury © BAL Lawyers Jul 17, 2017
LIKE SAVE PRINT
Reuse Permissions

​A recent decision in the New South Wales (NSW) Civil and Administrative Tribunal in Australia highlights the importance of thinking carefully about whether information constitutes personal information that may be protected by the Privacy and Personal Information Protection Act 1998 (NSW).

In CRP v. Department of Family and Community Services it was found that, in the particular circumstances of the application before the tribunal, an individual's work address was personal information that was protected by the act.

Following an incident in which a departmental employee released the applicant's work address to an estranged family member, the tribunal has definitively stated that, in these circumstances at least, doing so amounted to a breach of privacy. (The applicant's name was not provided in the decision.)

Given how easy it can be to reveal seemingly harmless information, this case demonstrates how important it is to be careful with any information that might be considered to be personal information.

The Background

The applicant was employed with the Department of Family and Community Services. He was estranged from his father, with whom he had a long-running personal dispute. The applicant's father phoned the office without identifying himself. He requested, and received, the address of the applicant's workplace: previously, he had only known the name of the organization for which his son worked.

Following this, the applicant's father went to the son's place of work, where he confronted him and handed him some documents.

The son—the applicant in the proceedings—argued that through the department's actions, his personal information had been shared in breach of the act.

The Findings

The tribunal considered whether the applicant's work address was information 'about an individual' for the purposes of s4 of the act. If so, by providing the information, the employee had breached ss 17 and 18 of the act. The respondent argued that it was not, as this was information that had been shared within the normal course of business, as part of the applicant's work. The tribunal, however, found that this was not the case.

In coming to its decision, the tribunal considered the findings of several previous tribunal decisions saying that the definition of 'personal information' was to be interpreted broadly and that the tribunal should not adopt an overly technical approach. Instead, the tribunal said that it was important to consider the information that was provided in context.

Ultimately the tribunal decided that the information had been provided in a context that solely related to the applicant. At the time, there had been no indication that the phone call was made in connection with the applicant's work, or as part of his role as a caseworker. No other information was requested. By giving out the applicant's work address, the department's employee provided personal information about him, and as a result breached his privacy.

The Consequences

As a result of this breach, the department was ordered both to apologize to the applicant, and to review its current Privacy Management Plan. However, this case could evidently have significant general consequences. While providing a work address for a co-worker may seem harmless, as we have seen here, the results can be serious.

Alan Bradbury is an attorney with BAL Lawyers in Canberra, Australia.  © BAL Lawyers. All rights reserved. Reposted with permission of Lexology.


LIKE SAVE PRINT
Reuse Permissions

SEMINARS

HR Education in a City Near You

Find a Seminar

Job Finder

Find an HR Job Near You
Post a Job

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect