Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Print | Email this page

Case note 274491 [2016] NZ PrivCmr 8: Man says bank unfairly disclosed his name to debt collector

We received a complaint from a man who said a bank’s efforts to recover a $70,000 overpayment to him breached his privacy.

The man, who was not a customer of the bank, received a large sum of money by bank transfer from his ex-wife as a result of a Family Court decision. But the bank overpaid the man by $70,000.

When the debt collection agency contacted the man to recover the debt, the man complained to the Banking Ombudsman. The Banking Ombudsman said it had no issue with the bank asking the man to repay the overpaid amount but there was an issue with the action the bank took when the man declined to pay.

The Banking Ombudsman said the bank should have established its claim through the courts. Had the bank’s claim been upheld, it would then have been entitled to take action to recover the debt, including engaging a debt collection agency.

The man also complained to our office. He claimed the bank breached his privacy in two ways – by opening a bank account in his name into which he was supposed to make repayments on the overpayment, and by passing his contact information to a debt collection agency.

The man said the actions of the bank and the debt collection agency had made him feel threatened and stressed – so much so that he had committed a crime and had suicidal thoughts.

We investigated to see if the bank had breached principle 10 and principle 11 of the Privacy Act.

Principle 10 – use of information

We looked at the issue of the bank opening an account in the man’s name to receive repayments from him under principle 10. Principle 10 says that an agency that holds personal information that was obtained in connection with one purpose must not use the information for any other purpose unless the agency believes that one of the exceptions to principle 10 applied.

Principle 10(e) allows personal information that was obtained in connection with one purpose to be used for another purpose if the agency believed that the purpose for which the information is used is directly related to the purpose for which it was obtained.

The bank said it used the man’s details to open an account in his name for the purpose of receiving repayments from him. This was an account operated by the bank’s recoveries team and not an account for the man to operate. In the end, no transactions were made through this account and it was subsequently closed. We decided the bank was entitled to rely on the exception set out in principle 10(e) and found no breach.

Principle 11 – disclosure of information

We also looked at the bank’s actions of passing on the man’s information to the debt collection agency. Principle 11 says an agency must not disclose personal information unless one of the principle’s exceptions applied. We noted the decision by the Banking Ombudsman and the fact the legal basis for referring the man to a debt collector had not been established at the time the referral was made. We decided the bank had breached principle 11 by making the referral in this way. The breach had added to the man’s stress and amounted to an interference with his privacy.

The bank apologised to the man for breaching his privacy and reduced the amount owed by $500. In our view, these steps were an adequate response to the man’s complaint. We did not consider that the case warranted being referred to the Human Rights Review Tribunal but provided a certificate of investigation to the man in the event he wanted to take the matter to the Tribunal.

June 2016

Debt collection  ─  banking   disclosure Banking Ombudsman   Human Rights Review Tribunal  ─  Privacy Act 1993; principles 10 and 11

Back to top