|
Where am I now? Lawlink > privacynsw > NSW Privacy Laws > How does Privacy NSW determine if there has been a breach of privacy?
|
Print page
|
How does Privacy NSW determine if there has been a breach of privacy?
Privacy NSW’s job is to determine whether or not there has been a “violation or interference with” a person’s privacy. Another phrase for this is a “breach of privacy”.
If there are privacy principles set by law that apply to a complaint, Privacy NSW will assess whether or not the person or organisation complained about (the respondent) has complied with those privacy principles.
If we find that the privacy principles set by law have not been complied with, without lawful excuse, we can determine that there has been a breach of privacy.
Which privacy principles apply to a complaint?
If a complaint is:
- about a NSW public sector agency, and
- about how they handled a person's personal information (including health information), and
- about conduct happened between 1 July 2000 and 1 September 2004,
the complaint will be assessed against the IPPs (or the special rules for public registers) in the PPIP Act.
If a complaint is:
- about a NSW public sector agency, and
- about how they handled a person's personal information (excluding health information), and
- about conduct happened on or after 1 September 2004,
the complaint will be assessed against the IPPs (or the special rules for public registers) in the PPIP Act.
If a complaint is:
- about a NSW public sector agency, and
- about how they handled a person's health information, and
- about conduct happened on or after 1 September 2004,
the complaint will be assessed against the HPPs in the HRIP Act.
If a complaint is:
- about a private sector person or organisation, and
- about how they handled a person's health information, and
- about conduct happened on or after 1 September 2004,
the complaint will be assessed against the HPPs (or the special rules on keeping and providing access to health information) in the HRIP Act.
What if none of the above privacy principles apply to a complaint?
In some cases there will be other laws, policies or standards that we can use to judge whether or not a person's privacy has been breached. Which one applies to a given complaint will depend on the circumstances. For example, a complaint about the disclosure of a person's criminal record will be assessed against compliance with the Criminal Records Act; a complaint about a bag search at the supermarket will be assessed against industry best practice guidelines.
When investigating complaints about the handling of personal information by organisations which are not obliged to comply with the IPPs or the HPPs, we follow the data protection principles.
In other cases we will rely on the following general tests as to whether or not a person's privacy has been breached. These tests treat the following as breaches of privacy:
- the intrusion upon a person’s seclusion or solitude, or private affairs
- public disclosure of embarrassing facts about a person
- publicity which places a person in a false light in the public eye
- appropriation of a person’s name or likeness.
|
|
