THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Federal Privacy Law > 2005 - Complaint Case Note 11 Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Federal Privacy Law
Spacer Gif Bullet Privacy Act
Spacer Gif Bullet Privacy Act Regulations
Spacer Gif Bullet Public Interest Determinations
Spacer Gif Bullet Guidelines
Spacer Gif Bullet Complaint Case Notes & Determinations
Spacer Gif Bullet Audits
Spacer Gif Bullet Information Privacy Principles
Spacer Gif Bullet National Privacy Principles
Spacer Gif Bullet Private Sector Codes and Opt-in Registers
Spacer Gif Bullet Credit Reporting
Spacer Gif Bullet Health
Spacer Gif Bullet Telecommunications
Spacer Gif Bullet Tax File Numbers
Spacer Gif Bullet Spent Convictions
Spacer Gif Bullet Data-matching
Spacer Gif Bullet Privacy Advisory Committee
Spacer Gif Bullet Private Sector Review 2005
Spacer Gif Bullet ALRC Privacy Inquiry 2006 - 08
Spacer Gif Bullet Privacy Law History
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

2005 - Complaint Case Note 11

View printable version of this page

Case Citation:
OPC v Banking Institution [2005] PrivCmrA 11

Subject Heading:
Automated disclosure of personal information following use of incorrect facsimile number.

Law:
Section 40(2) of the Privacy Act 1988 (Cth) and National Privacy Principles 2 and 4 in Schedule 3 of the Privacy Act.

Facts:
The banking institution published an internal newsletter advising its staff of a new facsimile number for a particular department within the banking institution. On occasion, staff miskeyed the number when they intended to send customers' personal information to that department. Consequently, the personal information was not received by the department but rather by another organisation, with a similar facsimile number, whose business involved the collection and forwarding of automated information updates to its customers. The organisation did not normally accept facsimiles from unauthorised update providers. However, in at least two instances it received and automatically forwarded the personal information from the banking institution through its computer-generated fax update service to its customers.

Issues:
None of the individuals whose information was disclosed brought a complaint before the Commissioner, but the Commissioner decided to commence an own motion investigation under section 40(2) of the Privacy Act on the grounds that this problem had happened before and therefore may point to the existence of a systemic problem.

The Commissioner asked the banking institution why this problem had reoccurred. The banking institution advised that following the first incident the facsimile number had been decommissioned. When the banking institution moved location the number was subsequently returned to the pool of unused numbers and reactivated.

Outcome:
To ensure that the problem would not recur, the banking institution stopped using a facsimile-based service and introduced a secure on-line service and permanently decommissioned the fax number. The other organisation also confirmed that it blocked all faxes other than those from designated numbers. Consequently, the Commissioner closed the matter on the grounds that it had been adequately dealt with.

OFFICE OF THE PRIVACY COMMISSIONER
June 2005
Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter