Emil Ford Lawyers

Education Law Articles - Privacy

Questions about privacy?
Contact +61 2 9267 9800

 


A costly breach of privacy principals

The Privacy Commissioner has issued a determination with respect to the handling of a complaint of sexual abuse by the religious organisation which operated a Brisbane school.

The school issued the school council with information packs which contained information about the allegations and the identity of the former student.

(From Education Law Notes Term 3, 2015

Read more ...


Privacy is important!

An employee worked for a company for several years before resigning. At that time, the employee owed money to another organisation.

The organisation which was owed money contacted the employee’s former employer seeking information about the employee’s whereabouts. The employer disclosed the employee’s personal information to the organisation, including his address and financial details.

The Privacy Commissioner investigated the matter under section 40(1) of the Privacy Act. The Commissioner found that, as the disclosure of the employee’s personal information was to an organisation to which the employee was personally indebted and this disclosure was not related to his employment, this was an act unrelated to the administration of the employee’s employment with the company. The Commissioner found that the company had interfered with the employee’s privacy.

The employer agreed to conciliation of this matter, apologised, and agreed to develop and implement privacy training for all staff in the management of personal information. Do your staff know how to manage employees’ personal details?
 


Privacy Commissioner Case Note

The Federal Privacy Commissioner issued a case note in May 2008. A student was asked to leave a non-government school as a result of an investigation carried out by the school. After the student left, he sought access to his personal information held by the school including details of the investigation which led to him being asked to leave. The school indicated that it held a number of categories of documents in relation to the student which included reports, correspondence relating to his withdrawal from the school, and details of the investigation that led to this. At the time the complaint was made to the Privacy Commissioner, the school had given the student access to the reports and correspondence relating to the withdrawal, but had refused the student access to other records.

National Privacy Principle 6.1(c) states: If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that providing access would have an unreasonable impact upon the privacy of other individuals.

The school claimed that providing access to the documents relating to the investigation which led to the withdrawal of the student from the school would have an unreasonable impact upon the privacy of other individuals as those individuals had provided that information on the understanding that their details would not be revealed to the student for fear of reprisal. The Commissioner inspected the documents and agreed.
 


Who gets school reports?

The information in school reports is personal information and therefore its use is governed by the Privacy Act. Under NPP 2.1(a), the use and disclosure of personal information is permitted for the primary purpose for which it was collected. The information in a school report is collected so that the school can record and follow the progress of a student.

Personal information may be used for a related secondary purpose that is within the reasonable expectations of the student. Most students expect their school reports to be provided to their parents (whether or not they are living with their parents). 

However, schools must be alert to particular family situations. For example, if there are orders of the Family Court directed at preventing a parent from knowing the whereabouts of a child (usually for safety reasons), the school ought not to send a school report to that parent. Hence, the importance for schools to obtain copies of current court orders from parents.
 


Trouble in Cyberspace – Privacy Concerns in the USA

Dr Felsher, six years after he was dismissed as professor of French by the University of Evansville, created Internet web sites and email addresses containing portions of the names of the University President, Vice President and a College Dean and the letters "UE", a common abbreviation for the University. On his web site, Felsher included negative articles about the University officials and accused the University President of violating the University faculty manual. Felsher also used the email accounts to nominate the University staff for various academic positions at other universities. The email would direct the reader to the web site Felsher created about the university officials. The University and the staff members sued for invasion of privacy. Felsher then removed the email addresses and websites. However, he later created another twelve websites containing roughly the same information as had appeared on the previously removed sites.

The University and the staff members obtained a preliminary injunction prohibiting Felsher from engaging in certain Internet activities, including creating web sites or email accounts having the appearance of association with the University or its officials. The Court of Appeals affirmed the lower court's ruling and Felsher appealed to the Indiana Supreme Court on two issues:

  1. he claimed that the University as a corporation was not entitled to bring an action for invasion of privacy; and
  2. he challenged the validity of the injunction placed upon him.

The Supreme Court held that the University did not have an action for invasion of privacy but said that the injunction against Felsher's use of the name of the University staff was correct. The injunction was considered necessary because, without it, Felsher might well continue his inappropriate actions. The Court did, however, modify the scope of the injunction allowing him to send nominations for employment from himself but from no-one else associated with the University.

This case reminds us that all schools should have policies regarding the appropriate use of technology by current students and employees and that steps should be taken to safeguard schools against inappropriate use of their name and image by former employees or people external to them. 


Breach of Privacy

In the good old days, students passed notes around the classroom. Although these notes may have made derogatory comments about teachers (possibly including a crude limerick or an unflattering illustration), the audience was fairly limited. These days, students have traded pages from a notebook for webpages on a notebook and the potential audience is now global. Individuals also seem to have a false bravado in cyberspace where they say things they would not say in "real life". It is not surprising that some online comments go far further than what may have been scribbled in a note at the back of a classroom.
Teachers became aware of a website containing derogatory comments made about them. Students were accessing this site on school computers and the principal started an investigation, which led to the site being shut down a few days later.

One of the teachers at the school, who was the object of some of the derogatory comments (which included death threats), was deeply disturbed by these events. Ultimately, the situation resulted in him taking stress leave and lodging a worker's compensation claim.
Due to the worker's compensation claim, a psychologist interviewed the principal about the teacher. During the course of this interview, the principal disclosed that the teacher had engaged in abusive and aggressive behaviour towards the principal, which included making a scurrilous remark and racially vilifying the principal.

The teacher brought a claim against the NSW Education Department in the Administrative Decisions Tribunal claiming that the principal's actions had breached the Privacy and Personal Information Protection Act 1998 (NSW). The Tribunal decided that the Department (through the principal) had breached that Act.

Since the Privacy and Personal Information Protection Act only applies to public schools and the decision was largely concerned with whether the disclosure was authorised by worker's compensation legislation in NSW, the decision does not have a wide application (especially since the decision may have been different under the Privacy Act 1988). However, the situation does raise some important issues (legal and non-legal) that schools should consider:

1. Be mindful of what may or may not be relevant

In this case, the principal probably did not consider whether he was breaching the Privacy and Personal Information Protection Act. He may have simply been trying to do his best to give the psychologist a complete picture of the teacher. However, as the case shows, he was still in breach of the Act. Everyone should be careful about what they say. It=s not always possible to know every law but, as a general principle, if something is relevant and true, it should be safe to say. In this case the Tribunal ruled that the personal information about the teacher=s comments and behaviour, which the principal disclosed to the psychologist, was not sufficiently relevant.

2. Be mindful of what students are doing

It is not always possible to monitor what students are doing. However, if the school allows students to access the internet on school computers, the school should take all reasonable steps to monitor students= activities appropriately and to ensure they are using the internet safely. The school may have to give certain warnings with regard to computer monitoring under the Workplace Surveillance Act if staff also use the computers. If prevention is not possible, the school should be prepared to act quickly once it discovers an issue.

3. Be mindful of how situations may affect others

Some people may be able to laugh off the comments from students. However, the same comments may deeply distress other people. Schools can be stressful places to work at the best of times without the added stress of having derogatory comments or death threats published online. Schools should consider how they would respond in this type of situation and whether they should have services available for staff and students in stressful situations. 


Privacy is important!

An employee worked for a company for several years before resigning. At that time, the employee owed money to another organisation.

The organisation which was owed money contacted the employee’s former employer seeking information about the employee’s whereabouts. The employer disclosed the employee’s personal information to the organisation, including his address and financial details.

The Privacy Commissioner investigated the matter under section 40(1) of the Privacy Act. The Commissioner found that, as the disclosure of the employee’s personal information was to an organisation to which the employee was personally indebted and this disclosure was not related to his employment, this was an act unrelated to the administration of the employee’s employment with the company. The Commissioner found that the company had interfered with the employee’s privacy.

The employer agreed to conciliation of this matter, apologised, and agreed to develop and implement privacy training for all staff in the management of personal information.

Do your staff know how to manage employees’ personal details?

Questions about privacy?
Contact +61 2 9267 9800
 

Suite 4 Level 5
580 George Street
Sydney NSW 2000
Phone: +61 2 9267 9800
Fax: +61 2 9283 2553