It is important to understand the implications when a confidentiality breach occurs. A breach of confidentiality can result in legal actions against an offender.
The Privacy Act 1988 (Cth) promotes and protects an individual’s privacy and confidential information. The Privacy Act 1988 refers to how a person’s rights to their personal information are treated and dealt with. The Act regulates and governs how Australia’s government agencies and organisations deal with an individual’s personal information. The Privacy Act applies to individuals, Commonwealth Government Agencies, and businesses.
Personal information may include:
· Name
· Signature
· Date of birth
· Contact details: email, telephone number, residential or IP address
· Income
· Healthcare conditions, medical records, and healthcare service providers
· Bank details
· Photos and videos
· Disability or care information
· Information about family members and emergency contact details
Businesses must understand the obligations around privacy. The Australian Privacy Principles or APP requires government agencies and organisations to comply with the following guidelines according to Schedule 1 of the Australian Privacy Principles on handling an individual’s personal information. The guidelines are:
· Manage personal information with transparency
· Allow a person to remain anonymous or have the option to use a pseudonym
· Personal information of a person may only be collected if it is reasonable and necessary
· Allow a person to stop unwanted direct marketing
· Ensure a person is aware personal data is collected
· Ensure a person knows how the information will be used
· Ensure a person knows to whom the information will be disclosed to
· To not use or disclose personal information for any other purpose other than the primary purpose a person consented to
· Ensure personal information is accurate and updated regularly
· To take reasonable steps to ensure personal information is protected from interference, misuse, loss, unauthorised access, modification, or disclosure of personal information
· A person’s personal information has to be destroyed or de-identified if not needed
· Allows a person access to their personal information subject to certain outlines specified in Schedule 1 of the Privacy Act 1988
· Allow a person to update inaccurate personal information
· Ensure a person can lodge a complaint if confidentiality has been breached
There are remedies available to protect individual confidentiality when any of the privacy principles are breached by the Australian Government or private businesses or organisations. According to Section 90 of the Privacy Act 1988 (Cth), relief for breach of confidentiality may be obtained in legal proceedings. Section 15 of the Privacy Act 1988 (Cth) stipulates an APP entity must not breach Australian Privacy Principles as outlined in Schedule 1 of the Australian Privacy Principles.
One of these legal proceedings includes the recovery of damages as stated in Section 93 of the Privacy Act 1988 (Cth). Section 36A of the Privacy Act 1988 provides a mechanism for lodging a complaint when a breach of confidentiality law in Australia has been broken.
A complaint is lodged to the Commissioner. The Commissioner is required to investigate the alleged breach of confidence. The Commissioner can appease complaints, make preliminary inquiries, require documents, host compulsory conferences, or transfer the matter to alternative complaint bodies. The Commissioner can make a decision after a thorough investigation. The accused have to comply with the declarations made in the determination, and if the accused fails to comply, the requirements or conditions may be enforced by a court during court proceedings.
Under Section 52 of the Privacy Act 1988, the determination can include any of the following:
· The Commissioner can dismiss the complaint
· The Commissioner can declare a breach of confidentiality or privacy
· The Commissioner can declare no further action is required
If the Commissioner declares a breach of confidentiality, he/ she can stipulate the following:
· The breach cannot be repeated
· Specific steps are required within a specific time frame to ensure a breach of confidentiality does not happen again
· Reasonable conduct has to be performed to rectify any loss or damages suffered
· A specific amount is payable as compensation for any loss or damages suffered
The Privacy and Personal Information Act 1998 (NSW) protects an individual’s personal information and privacy rights in the NSW public sector. The Health Records Information Privacy Act 2002 (NSW) protects a person’s personal and health information. A Privacy Commissioner protects a person’s privacy and confidentiality including a confidentiality agreement, similar to the Commissioner outlined in the Commonwealth Act.
Personal information can be described as “information or an opinion, including information or an opinion forming part of a database and whether or not recorded in a material form, the identity of an individual is apparent or can be reasonably determined from the information or opinion” as defined in Section 4 of the Privacy and Personal Information Protection Act 1998 (NSW).
Section 36(2) of the Privacy and Personal Information Protection Act 1998 (NSW) outlines and explains the main roles of the privacy commissioner. The Privacy Commissioner has to monitor compliance with the information protection principles and publish guidelines about the protection of personal information. The Privacy Commissioner has to investigate and resolve complaints about privacy issues and personal information.
If you require assistance in relation to this, you should contact experienced criminal lawyers in liverpool.
The difference between privacy and confidentiality is found in the type of information they can protect. Privacy and confidentiality differ in how they protect these different types of information. Privacy and privacy laws protect personal information as per the different privacy legislation in Australia. Privacy is governed by legislation such as the Privacy Act 1988 (Cth). Confidentiality isn’t covered in the legislation. Confidentiality is covered by common law.
Privacy dictates how the personal information of people should be handled. Confidentiality protects people or entity information. Confidential information was communicated in confidence and is not available to the public.
Privacy and confidentiality are not just different in definition but also differ in how they are enforced. Privacy imposes obligations on a business on what is required under the Privacy Act. If a business has an annual turnover of more than $3 million, the business has to comply with the Privacy Act. A business might even have to comply with the Privacy Act if its annual turnover is less than $3 million. This will be determined by the type of business:
· A business in the healthcare sector
· A business that sells or purchases personal information
· A contractor providing services under contract with the Australian Government
· A credit provider or reporting body
· A residential tenancy database operator
Confidential information is protected, defined, and enforced within employee contracts or company policies. A business does not need specific laws for this. However, business owners often include confidentiality clauses to protect valuable business information. Confidentiality is more flexible than privacy obligations. A Business owner defines their own confidentiality requirements in their policies and procedures or employee contracts and can decide what is considered confidential and what is not.
The High Court acknowledges breach of confidence or confidentiality as an equitable cause of action. These equitable causes of action exist to prevent extreme unfairness. A breach of confidentiality can be found in common law, contract law, or tort. Confidentiality is not explicitly regulated in Australia, and it is important to carefully draft a confidentiality clause.
A breach of confidence occurs when a party tells another party about a private information matter with the understanding that the communication is shared with a restricted purpose and that the other party will use the information without consent. For example, a breach of confidentiality includes information disclosed by your doctor. This confidential information is protected.
There is no specific legislation to govern confidential information. However, a person can still take legal action if a business’s confidential information is breached. Not all information will be considered confidential. It is important to take the following into consideration to establish a possible breach of confidentiality:
· Information entered into the public domain and has become common knowledge.
· Have all parties been informed of the information’s confidential nature
· Have all parties received the information in confidential circumstances and with an obligation to retain the confidence
· Facts in legal proceedings and court documents will not be confidential – disclosure is required by law
· Publication with different views of similar information may destroy confidence
· Publication of information subjected to personal confidence may destroy confidentiality
· The disclosing party was given written consent to disclose the information
· Disclosure is required to provide the goods or services under a contract
· Information is disclosed to a professional advisor, for example, a lawyer
A breach of confidence can occur when a person uses confidential information for a purpose other than that for which the information was disclosed. In Australia, it is not necessary to show that damage has been suffered to establish a cause of action in breach of confidentiality. A breach of confidentiality can take place in the following sectors:
Confidentiality Breach in Healthcare
Healthcare professionals cannot disclose personal information for any secondary purposes. They also have a common law and ethical duty not to disclose any information about a person. A person will be guilty of breach of confidence if they do, and their actions can result in legal actions for damages caused. A patient can sue the health care professional for breach of confidentiality. This can also result in disciplinary action against the healthcare professional by the relevant healthcare professional body.
Confidential information can only be disclosed with consent and in limited circumstances such as medical research, public interest, legal court proceedings, and to other healthcare providers or agencies.
Confidentiality Breach in Childcare
The Privacy Act 1988 deals with breaches of confidentiality in the childcare industry. Legal proceedings can follow after a breach. Childcare organisations have to inform the Notifiable Data Breaches scheme and the Office of the Australian Commissioner and the affected people of any data breach if the data leak might cause serious harm. Failure to do so can result in a fine of up to $360,000 for individuals or $1.8 million for an organisation.
Confidentiality Breach in Businesses or Organisations
An employer has to keep his employee’s personal information confidential. A breach can occur under the Privacy Act with possible legal actions entered into against the employer. However, the Privacy Act 1988 (Cth) does not apply to the NSW public sector. The Privacy and Personal Information Protection Act only applies to NSW State Government.
Advances in technology led to a greater risk for breach of confidentiality in the workplace, for example, an employee copying data from a work computer before termination of a contract. An employee may be sued for damages through legal proceedings.
The following possible defences can be applied depending on the circumstances of each matter.
· The information was not confidential
· Information was disclosed due to a legitimate public interest
· Information was already available in the public domain
· The defendant can prove confidential information was shared with the plaintiff’s consent
There are some possible remedies available for breach of confidentiality. Some of these remedies might include:
Injunction
The victim may obtain an injunction to stop the offender from disclosing or using confidential information. An injunction is a special court order that will compel the offender to refrain from disclosing personal information.
Damages
The victim may be awarded some compensation for any loss or damages suffered as a result of the breach of confidentiality and the information being disclosed.
Account of Profits
The victim of the breach of confidentiality may be awarded an equitable remedy in circumstances where the offender has benefited from the breach of confidentiality or if it is anticipated that the offender will benefit from the breach of confidentiality in the future.
Constructive Trust
The victim of the breach of confidentiality may be awarded an equitable remedy in circumstances where the victim has been deprived of a right relating to the confidential information disclosed as a result of the offender’s breach of confidentiality. The offender’s gains will be held in trust for the benefit of the victim.
If you require assistance on any breach of confidentiality matter, please contact Lyons Law Group for professional advice.
Mohammad Khan is the Principal Solicitor of Lyons Law Group. After graduating with a Bachelor of Aviation from the University of New South Wales, Mohammad took a keen interest in the law. He began training in criminal law under the tutelage of Australia’s leading criminal lawyer Adam Houda and studied law at the University of Sydney.
(02) 7205 5934
Main Office: Level 3, 302/58 Kitchener Parade Bankstown NSW 2200
Sydney Office: Level 1, 60 Martin Place Sydney NSW 2000 (By Appointment Only)
Parramatta Office: Level 49, 8 Parramatta Square, Parramatta NSW 2150 (By Appointment Only)