Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

A passenger contacted an airline, requesting all the information they had about him relating to a ticket dispute. Over a month later, he emailed to the airline’s CEO saying he hadn’t received the requested information.

After another month of correspondence he emailed the CEO again, expressing his frustration. He also asked for recordings of two calls he had made that day, claiming call centre staff were rude to him.

He continued to call the airline for several months, requesting recordings of calls as he did so. The airline refused most of these requests, so the man complained to our office.

The requests

The man said the airline had delayed in responding to his requests. In response to his first request, the airline told him he had to make his request in writing.

He claimed the airline didn’t provide the requested information within 20 working days. When they did provide some audio files, he could not open them. The airline later refused to provide further information, claiming his requests were “vexatious”.

He told us he wanted all the recorded calls he’d previously requested.

Issues raised

The man’s complaint raised issues under principle 6 of the Privacy Act 1993. Principle 6 says individuals have a right to access personal information an agency holds about them. There are some valid reasons for an agency to refuse access.

The Act doesn’t require people to make requests for personal information in writing. Section 40(1) of the Act states that an agency has 20 working days to respond to a request.

The airline’s response

The airline acknowledged that its staff shouldn’t have told the complainant he had to make his request in writing. Waiting for the complainant to do this caused the first 20 working days to elapse.

After the man emailed the CEO, the airline tried to reach him several times. They apologised and asked for clarification on what information the man wanted. The man didn’t respond.

The airline offered transcripts and audio files of some of the requested calls. They also offered him the opportunity to listen to the calls by phone.

The man continued to email the CEO and call the airline’s contact centre. The airline said the man was abusive and difficult to engage with. He continued to request recordings of the calls he was making.

The airline eventually decided to refuse the man’s requests, citing section 29(1)(j) of the Privacy Act.

Section 29(1)(j)

Section 29(1)(j) lets an agency withhold personal information if:

  • the request is frivolous or vexatious
  • the information they’re requesting is trivial.

This provision is to stop someone using their right under principle 6 to disrupt an agency or process.

Although it’s rarely used, it’s an important protection against malicious or improper requests. To decide if a request is vexatious, we look at the request and the context it was made in.

Frivolous or vexatious

An agency can’t use this just because a requester is difficult or even malicious. The request itself needs to be frivolous or vexatious.

Things that could suggest a vexatious request include:

  • many requests for the same information without any clear reason
  • using information from one request to demand more information – one request leading to another, and another
  • abusive or aggressive behaviour and no clear need for the information
  • clear intent to use the request to divert the agency's resources or upset people.

Our view

Our investigator formed the view that the man’s first request wasn’t vexatious, but his later requests were. He based this view on the way the man engaged with the airline.

Frequency and method of contact

The man contacted the airline many times. This isn’t a problem in itself, but he also ignored communication the airline was trying to establish.

Appropriate teams at the airline tried to contact him many times. They offered information and asked for clarification that would help resolve his issue.

Despite this, the man kept trying to engage with the CEO. This made it difficult for the airline to manage and understand his requests.

Behaviour during calls

The airline described many of the man’s calls as abusive and threatening. Our investigator listened to some of the calls – including one the man said showed the airline’s rudeness. The calls featured the man:

  • yelling
  • speaking over staff
  • refusing to listen to attempts to resolve issues
  • name calling.

Our investigator believed this was to intimidate staff and make it difficult to respond to his requests.

Nature and volume of requests

As the dispute continued, the man continued to make requests.  The Privacy Act doesn’t limit the number of requests someone can make.

However, he was unwilling to clarify or resolve his older requests as he kept making more. Our investigator saw this as vexatious behaviour.

Stated purpose for requesting information

The Privacy Act doesn’t require a specific purpose for making a request. However, in some cases the reason for a request can indicate bad faith.

In one call, the man stated he wanted to edit a call and spread it through media and social media. He said this was to make the airline “look as bad as possible” and hurt them as much as he could.

Our investigator saw this as an attempt to aggravate and upset the airline and its staff.

Conclusion

For these reasons, it was our investigator's view that the airline could rely on section 29(1)(j) to refuse the man’s requests.

The man disputed this but presented no evidence that would alter our view. We informed him of his right to bring the case before the Human Rights Review Tribunal.

The man made further calls to our office, during which he was rude and confrontational. We decided to block his phone number and close the file.

March 2018

Airline ‒ ticket dispute ‒ access ‒ vexatious requests ‒ Privacy Act 1993; principle 6  section 29(1)(j)