BE v University of Technology, Sydney

Case

[2008] NSWADT 139

14 May 2008


Details
AGLC Case Decision Date
BE v University of Technology, Sydney [2008] NSWADT 139 [2008] NSWADT 139 14 May 2008

CaseChat Overview and Summary

The matter before the Australian Information Commissioner involved a complaint from a former student, BE, against the University of Technology, Sydney (UTS) regarding the handling of personal information. BE argued that UTS had violated privacy principles by improperly using, disclosing, and failing to adequately secure her personal information. The dispute centred on whether UTS had breached the Privacy Act 1988 by not adhering to the information protection principles when managing BE's personal data. The Australian Information Commissioner was tasked with deciding whether UTS had indeed contravened these principles and, if so, what action should be taken.

The primary legal issue the Commissioner had to resolve was whether UTS had breached the information protection principles by using, disclosing, and failing to secure BE's personal information. Specifically, the Commissioner needed to assess if UTS had acted in accordance with the requirements set forth under the Privacy Act 1988, particularly in relation to the use and disclosure of personal information, and the measures in place to protect such information from misuse or unauthorised access. The Commissioner also had to determine whether the University had taken appropriate steps to mitigate any potential harm arising from any breaches.

In reaching a decision, the Commissioner examined the evidence presented by both parties and considered relevant legislative provisions and guidelines. The Commissioner concluded that while there were some shortcomings in UTS's handling of BE's personal information, these did not amount to a breach of the Privacy Act 1988. The Commissioner found that UTS had taken reasonable steps to protect BE's personal information and had not misused or improperly disclosed her data. Consequently, the Commissioner determined that no action should be taken against UTS.

The final order of the Tribunal was to take no action on the matter. This decision reflects the Commissioner's finding that, despite some issues in the management of personal information, UTS had not contravened the privacy laws to a degree warranting corrective measures.
Details

Areas of Law

  • Privacy Law

Legal Concepts

  • Personal Information

  • Use of Personal Information

  • Disclosure of Personal Information

  • Security of Personal Information

Actions
Download as PDF Download as Word Document


Cases Citing This Decision

28

Cases Cited

7

Statutory Material Cited

2