BE v University of Technology, Sydney
Case
•
[2008] NSWADT 139
•14 May 2008
Details
AGLC
Case
Decision Date
BE v University of Technology, Sydney [2008] NSWADT 139
[2008] NSWADT 139
14 May 2008
CaseChat Overview and Summary
The matter before the Australian Information Commissioner involved a complaint from a former student, BE, against the University of Technology, Sydney (UTS) regarding the handling of personal information. BE argued that UTS had violated privacy principles by improperly using, disclosing, and failing to adequately secure her personal information. The dispute centred on whether UTS had breached the Privacy Act 1988 by not adhering to the information protection principles when managing BE's personal data. The Australian Information Commissioner was tasked with deciding whether UTS had indeed contravened these principles and, if so, what action should be taken.
The primary legal issue the Commissioner had to resolve was whether UTS had breached the information protection principles by using, disclosing, and failing to secure BE's personal information. Specifically, the Commissioner needed to assess if UTS had acted in accordance with the requirements set forth under the Privacy Act 1988, particularly in relation to the use and disclosure of personal information, and the measures in place to protect such information from misuse or unauthorised access. The Commissioner also had to determine whether the University had taken appropriate steps to mitigate any potential harm arising from any breaches.
In reaching a decision, the Commissioner examined the evidence presented by both parties and considered relevant legislative provisions and guidelines. The Commissioner concluded that while there were some shortcomings in UTS's handling of BE's personal information, these did not amount to a breach of the Privacy Act 1988. The Commissioner found that UTS had taken reasonable steps to protect BE's personal information and had not misused or improperly disclosed her data. Consequently, the Commissioner determined that no action should be taken against UTS.
The final order of the Tribunal was to take no action on the matter. This decision reflects the Commissioner's finding that, despite some issues in the management of personal information, UTS had not contravened the privacy laws to a degree warranting corrective measures.
The primary legal issue the Commissioner had to resolve was whether UTS had breached the information protection principles by using, disclosing, and failing to secure BE's personal information. Specifically, the Commissioner needed to assess if UTS had acted in accordance with the requirements set forth under the Privacy Act 1988, particularly in relation to the use and disclosure of personal information, and the measures in place to protect such information from misuse or unauthorised access. The Commissioner also had to determine whether the University had taken appropriate steps to mitigate any potential harm arising from any breaches.
In reaching a decision, the Commissioner examined the evidence presented by both parties and considered relevant legislative provisions and guidelines. The Commissioner concluded that while there were some shortcomings in UTS's handling of BE's personal information, these did not amount to a breach of the Privacy Act 1988. The Commissioner found that UTS had taken reasonable steps to protect BE's personal information and had not misused or improperly disclosed her data. Consequently, the Commissioner determined that no action should be taken against UTS.
The final order of the Tribunal was to take no action on the matter. This decision reflects the Commissioner's finding that, despite some issues in the management of personal information, UTS had not contravened the privacy laws to a degree warranting corrective measures.
Details
Key Legal Topics
Areas of Law
-
Privacy Law
Legal Concepts
-
Personal Information
-
Use of Personal Information
-
Disclosure of Personal Information
-
Security of Personal Information
Actions
Download as PDF
Download as Word Document
Most Recent Citation
FYH v Commissioner of Police, NSW Police Force [2025] NSWCATAD 71
Cases Citing This Decision
28
FZP v Sydney Children's Hospitals Network
[2025] NSWCATAD 144
FYH v Commissioner of Police, NSW Police Force
[2025] NSWCATAD 71
GKT v Fire and Rescue New South Wales
[2024] NSWCATAD 335
Cases Cited
7
Statutory Material Cited
2
OD v Department of Education and Training (GD)
[2005] NSWADTAP 74
Director General, Department of Education and Training v MT
[2005] NSWADTAP 77
Director General, Department of Education and Training v MT
[2006] NSWCA 270