Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
When are you eligible for a legal remedy when an agency breaches your privacy? The answer, as with most things in the legal realm, is “it depends”.
This was one of the issues the Human Rights Review Tribunal grappled with in a recent judgement.
Here’s what happened:
A woman worked for the National Library for a number of years. In 2011, the library was folded into the Department of Internal Affairs (DIA) and restructured. During this restructure, the woman was made redundant.
Two years later, she made an information request under Principle 6, asking for everything the DIA held about her. As well as asking for everything the DIA held, her request specifically mentioned a number of documents, such as her official personnel file and handwritten notes from interviews she had with library staff.
The DIA responded with almost all of the information, along with reasons why they could not release some of the information – for example, some of the information had been deleted in keeping with the DIA’s document destruction policy, and some of the information did not exist.
The woman believed that the DIA was still withholding information, so she made a complaint to our office. We found that the DIA staff did in fact have handwritten notes about the woman. They shared these notes with her and we closed the file.
The Tribunal finds a breach . . .
The woman alleged that the DIA’s withholding of these notes had caused her serious harm. She took her case to the Tribunal, which found that the DIA had in fact breached her privacy by withholding the handwritten notes.
The fact that the DIA withheld the notes wasn’t taken in isolation. Rather, the DIA was found in breach because not only did it withhold the notes, it did so in the context of knowing that taking notes was a common practice, and the people handling the personal information request did not ask whether hand written notes existed. This was enough to constitute a privacy breach.
. . . But no harm
However, the Tribunal also found that the breach did not cause harm. While the woman did outline her harm, that harm was related to the general experience of being made redundant and a number of other unpleasant circumstances – there was no causal relationship between the harm she suffered and the fact that the DIA did not release the handwritten notes.
Furthermore, the content of the notes was not materially dissimilar from the summary report. While this is not an excuse for withholding the notes, it also means that any harm that could have been prevented by releasing the notes would also have been prevented by releasing the summary report – which the DIA did do.
In light of these facts, the Tribunal did not award any damages.
What have we learned?
There are a couple key takeaways from this case:
Photo credit: Library by Tara Ross, via Flickr
Back