Australian Regulatory Compliance Review

« Takeovers Panel jurisdiction restored | Main | ACCC report into unleaded petrol prices »

Privacy case notes 25-27, 2007

The Privacy Commissioner has released three new case notes:

• In W v Telecommunications Company [2007] PrivCmrA 25, it was found that the customer's residential address had been improperly disclosed by the telecommunications provider even though a fee had been paid to suppress it.

  The Commissioner also found that the complainant had attempted to resolve the matter with the telecommunications company a number of times, but the company did not take timely action to correct the error once they were informed of it.

  The complainant subsequently agreed to a settlement proposed by the telecommunications company.
• In X v Transport Company [2007] PrivCmrA 26, the Office investigated whether there was an improper disclosure of personal information relating to a medical assessment. It was found that the transport company advised the employees that someone had failed the medical assessment.  However, the company did not disclose who had failed the assessment, or for what reasons. In this case, the Commissioner was not satisfied that the information disclosed by the transport company was sufficient to make it likely that the workers could identify the complainant as the individual who had not passed the medical assessment. However, the Commissioner also advised the transport company to adopt additional security measures to minimise the possibility that any such incidents may occur in the future.
• In Y v Ticketing Company [2007] PrivCmrA 27, the issue of the security of personal information including credit card information was considered.The ticketing company stated that the information was for purposes of identification and to minimise the incidence of fraud. It held that this is a common practice across a number of industries.

  The ticketing company also informed the Commissioner that it used a merchant EFTPOS facility provided by a banking institution and it was this facility that printed full credit card details on the receipt.

  The Commissioner reached the view that the ticketing company had not interfered with the privacy of the individual as it appeared that the company was fulfilling its obligations under National Privacy Principle 4.1 by providing customer credit receipts directly to the credit card holder only, and that steps were taken to secure the merchant copy of the receipt held by the ticketing company.

December 18, 2007 in Privacy | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341d4c5453ef00e54fbbd2858834

Listed below are links to weblogs that reference Privacy case notes 25-27, 2007:

Comments

Post a comment

Name:

Email Address:

URL:

Remember personal info?

Comments: