Council found to have committed privacy breaches

On 27 October 2021, the NSW Civil and Administrative Tribunal published its decision in EIG v North Sydney Council [2021] NSWCATAD 313 and determined that North Sydney Council (who is referred to as the Respondent below) breached Information Protection Principles 10 and 11. This decision is now subject to a pending appeal by North Sydney Council. 

 

In its decision, on 27 October 2021, the Tribunal made the following orders:  

     (3) Pursuant to s 55(2)(b) Privacy and Personal Information Protection Act, in relation to all future applications of the Applicant under ss 53 and 55 Privacy and Personal Information Protection Act the Respondent is to refrain from:

  • (i) any use of the Applicant’s personal information relating to such applications in contravention of s 17 Privacy and Personal Information Protection Act/IPP 10; and
  • (ii) any disclosure of the Applicant’s personal information relating to such applications in contravention of s 18 Privacy and Personal Information Protection Act/ IPP 11.

     (6) Within 30 days of the date of these Reasons for Decision the Respondent must:

  • (a) anonymise the Applicant’s name in all publicly available digital publications of the Respondent (including on the Respondent’s website) in relation to any reference to the Decision proceedings or the Decision; and
  • (b) make reasonable efforts to recover and destroy or anonymise the Applicant’s name in all printed and hardcopy materials in relation to any reference to the Decision proceedings or the Decision.

On 2 December 2021, the Appeal Panel amended the operation of order 6(b) above so that it does not operate to the extent that it applies to the provision to or retention of material by North Sydney Council’s internal or external legal representatives.

 

 

 

Posted on 3 December 2021

Back to Listing
North Sydney Council