Can the Privacy Commissioner award damages for a privacy breach?
No, the Privacy Commissioner helps parties settle privacy disputes and sometimes settlement may include damages (financial compensation) if the party that caused the breach agrees. Only the Human Rights Review Tribunal has the power to award damages, following an investigation by the Privacy Commissioner.
If the dispute can’t be settled between the parties, proceedings can be brought in the Human Rights Review Tribunal (external link) and remedies sought can include damages. Damages are available at the Tribunal’s discretion to appropriately compensate for the humiliation, loss of dignity and injury to feelings caused serious breaches.
Here’s a summary of damages awards by the Tribunal (external link) .
Here are some examples of cases where the Tribunal awarded substantial damages to the complainants:
- Record damages awarded for cake photo breach
- What we learned from Taylor v Orcon
- $18,000 damages for disclosing private letter.
Damages can also been awarded in cases where an agency fails to respond in a timely manner (or at all) to an information request by an individual. See this example (external link) .
In many cases however, the Tribunal may find a breach is not sufficiently serious to award damages and may award a declaration only or another non-monetary remedy. Here’s an example where damages were denied by the Tribunal: