Touchpoint Legal Privacy Law

Avoid these simple but damaging privacy mistakes

‘Simple privacy mistakes can do the most damage’  the Information Commissioner stated upon release of several determinations against businesses. The businesses were found to have contravened the Privacy Act (1988) Cth.*

So what kinds of simple privacy mistakes did these businesses make and what damage did they suffer?

Mistake #1 – leaving identification documents in a ‘double locked’ shipping container on private property

When trespassers broke into a shipping container on private land, copies of individuals’ identification documents, such as Medicare cards were left exposed. A company had stored customer documentation in the containers pending destruction.  A journalist from A Current Affair found the documents and contacted one of the owners of the information.

Touchpoint Legal Privacy LawThe owner complained to the Commissioner that the company ‘had not taken reasonable steps to protect their personal information (“information”) from interference’ and had failed to destroy or de identify the information given that it was no longer needed by them.

The Commissioner had to decide (among other things) whether the company had taken reasonable steps to protect the individual’s information. The company argued that the documents had been stored in double locked containers on private property, had been periodically checked on by staff and that this constituted reasonable steps to protect the information.  The Commissioner however, did not agree. He found that the documents had been left on ‘unfenced property in a relatively isolated location in bush land’ and as such the information was not adequately monitored and protected. The Commissioner made a determination against the company responsible. 

The Consequences

The consequences to the company were damaging. In my view, it wasn’t so much the award of $3,500 to the complainant, the fact that the Company was required to issue an apology or the enforceable undertaking. A story about the matter was aired on ‘A Current Affair’.  One can only assume how damaging that was for the company’s reputation and brand. I suspect there were a number of very unhappy customers involved too!

Mistake #2 – disclosing an individual’s car insurance details to his wife and daughterTouchpoint Legal Privacy Law

In this case the wife and daughter of the ‘complainant’ (husband)  attended an insurance office to discuss car insurance. During the discussion, a staff member accessed the husband’s car insurance policy with a view to offering the wife the same no claim bonus discount to that of her husband. The staff member then discussed the husband’s insurance policy with his wife  and in addition, turned the computer monitor towards the wife, daughter and other customers such that the husband’s car policy information was visible to them.

The husband complained to the Information Commissioner that the insurer had ‘interfered’ with his privacy by making unauthorised disclosure of his car policy details to his wife, daughter and other customers. He indicated that details regarding the car were ‘nothing to do with her (his wife).’  The Commissioner found that disclosing information to a spouse was not within the terms of the insurer’s Privacy Charter and that the insurer had improperly disclosed the husband’s car policy information to his wife and daughter!

The Consequences 

The insurer was required to pay $2,000 in damages to the husband and issue an apology. The insurer was also encouraged to review its staff training procedures in respect to handling information.  

How to avoid these privacy mistakes!

Every business that is regulated under the Privacy Act must have in place privacy compliance plans, processes and procedures to meet their obligations under the privacy laws. If they don't, they risk hefty fines, orders to pay damages, brand damage and customer dissatisfaction. 

Why not avoid these damaging consequences and get your privacy obligations right from the beginning! Contact Angela at Touchpoint Legal here to arrange a complimentary discussion about how we can help you to meet your privacy obligations. We look forward to hearing from you!

* The Privacy Act (1988) Cth includes the Australian Privacy Principles.

This information does not constitute legal advice and should not be relied upon as such. Touchpoint Legal does not represent that the information is error free or up to date. 


About The Author

Angela Stackelbeck

Angela Stackelbeck is a Legal Director at Touchpoint Legal. She has practised law in Sydney in large corporates and private practice, for over 20 years. Angela's broad experience allows her to uniquely offer the dual benefit of practical legal expertise gained in private practice and commercial pragmatism learned from the in-house environment. You can contact Angela at or on 02 8005 0692 or 0404 872 644.