DMW and DMX v NSW Rural Fire Service

Case

[2019] NSWCATAD 158

09 August 2019

No judgment structure available for this case.

Civil and Administrative Tribunal


New South Wales

Medium Neutral Citation: DMW and DMX v NSW Rural Fire Service [2019] NSWCATAD 158
Hearing dates: 17 December 2018
Date of orders: 09 August 2019
Decision date: 09 August 2019
Jurisdiction:Administrative and Equal Opportunity Division
Before: S Montgomery, Senior Member
Decision:

The Tribunal determines to take no further action on the matter.

Catchwords: Administrative Law – privacy and personal information whether collection of personal information – use of personal information – disclosure of personal information - whether agency exempt from compliance with information protection principle - law enforcement purposes
Legislation Cited: Privacy and Personal Information Protection Act 1998
Government Information (Public Access) Act 2008
Environmental Planning and Assessment Act 1979
Civil and Administrative Tribunal Act 2013
Administrative Decisions Review Act 1997
Cases Cited: Department of Education and Training v GA (No 3) [2004] NSWADTAP 50
DMW and DMX v NSW Local Land Services [2019] NSWCATAD 128
GA v Department of Education and Training and NSW Police (No 3) [2005] NSWADT 70.
JD v Department of Health [2005] NSWADTAP 44
Category:Principal judgment
Parties: DMW (First Applicant)
DMX (Second Applicant)
NSW Rural Fire Service (Respondent)
Representation:

DMW and DMX (Applicants in person)

  Solicitors:
Crown Solicitor (Respondent)
File Number(s): 2018/00279736
Publication restriction: The names of the applicants are not to be disclosed in relation to these proceedings

Reasons for Decision

Introduction

  1. In these reasons the names of some private individuals have been anonymised so as to preserve the privacy of their personal affairs. The Applicants are referred to as DMW and DMX. I have also limited my discussion of the evidence in order to avoid the possibility that the identities of individuals might be revealed.

  2. These proceedings concern the question of whether the NSW Rural Fire Service ("the Respondent" or "the RFS") breached the Applicants' privacy under the Privacy and Personal Information Protection Act 1998 ("the PPIP Act").

Background to the complaint

  1. Each party provided an outline of the background leading to the Applicants’ complaint. I do not understand the chronology of events to be in dispute in any material way.

  2. DMW contacted the Office of Environment and Heritage ("OEH") seeking approval to clear trees and rebuild a broken fence. He was advised that approval would need to be obtained through the Hawkesbury City Council (“the Council”). DMW queried whether provisions concerning bush fire protection might apply to his circumstances. The OEH forwarded DMW’s email to the RFS on the basis that the RFS might have some insights as to whether clearing for bushfire protection could be used to clear the fence line in the Applicants' situation. The RFS suggested that the Applicants may wish to apply for a hazard reduction certificate to create and maintain an asset protection zone along the boundary of their property.

  3. The Applicants subsequently applied to the RFS for a hazard reduction certificate. That application was refused. Mr Nick Neilsen, an Operational Officer with the RFS’ Hawkesbury Fire Control Centre received the OEH email and he corresponded with DMW. He forwarded email correspondence with DMW to the Council because he believed that DMW was threatening to clear vegetation illegally.

  4. On the following day the Applicants received an unannounced inspection from the Council’s Compliance and Enforcement Officer.

The complaint

  1. On 20 June 2018, the Applicants applied to the RFS for an internal review of the following conduct:

"Collection, storage, use and distribution of our personal information and the refusal to provide us access to our personal information held by your agency."

  1. The Applicants provided contextual information explaining the basis for their complaint. They complained that:

  1. the RFS holds personal information about the Applicants that it did not obtain directly from them;

  2. the RFS forwarded DMW’s email to the Council on 18 October 2017 without his permission; and

  3. the RFS refused to provide the Applicants with access to personal information about them that it held;

  1. The RFS clarified that conduct that was the subject of the review as:

  1. the RFS received an email containing DMW’s personal information on 25 September 2017 from Tobi Edmonds at OEH, instead of collecting the personal information from DMW himself;

  2. the RFS forwarded an email containing the Applicants' personal information to the Council on 18 October 2017, and

  3. the RFS asked DMW to apply for access to his personal information under the GIPA Act.

The internal review

  1. The application for internal review sets the parameters for the application to the Tribunal. As the Appeal Panel noted in Department of Education and Training v GA (No 3) [2004] NSWADTAP 50 at paragraph [7].

7 The Tribunal has jurisdiction to review "the conduct that was the subject of the application" under s 53. Consequently, the Tribunal cannot review any conduct that was not the subject of the application to the agency. That conduct may be more accurately or specifically identified in subsequent correspondence or discussions between the applicant and the agency.

  1. Accordingly, only conduct that the Applicants identified as having occurred prior to their 20 June 2018 application for internal review is within the scope of this review. Issues that the Applicants raised subsequently are not considered as part of this matter.

  2. The Respondent undertook the requested internal review. The internal review found that:

  1. The RFS breached Information Protection Principle (“IPP”) 7 which requires an agency to provide an individual with access to their personal information without excessive delay or expense. An apology was given in regard to that finding.

  2. There was no breach of Information Protection Principle 2 which relates to the collection of personal information as the receipt of the information by the RFS from the OEH was unsolicited. It found that there was no ‘collection’ by the RFS within the meaning of the PPIP Act. However, even if the information was ‘collected’ the exemption under section 27A(b)(ii) of the PPIP Act would apply, because the ‘collection’ was reasonably necessary to enable inquiries to be referred between the OEH and the RFS.

  3. There was no breach of Information Protection Principle 5 with respect to the retention and security of the Applicants’ personal information.

  4. There was no breach of Information Protection Principle 10, which relates to the use of the Applicants’ personal information, because the RFS used the information provided by the OEH for the purpose for which it was obtained. Alternatively, the RFS used the information provided by the OEH for a purpose which was directly related to the purpose for which it was obtained.

  5. There was no breach of Information Protection Principle 11, which relates to the disclosure of the Applicants’ personal information, on the basis that the RFS officer made the disclosure for law enforcement purposes.

  1. The Applicants were not satisfied with the outcome of the internal review and sought external review in the Tribunal.

Applicable legislation

  1. Section 53 of the PPIP Act provides that a person who is aggrieved by the conduct of a public sector agency is entitled to a review of that conduct. This provision relates to alleged breaches of the PPIP Act. Section 53 provides that:

(7) Following the completion of the review, the public sector agency whose conduct was the subject of the application may do any one or more of the following:

(a) take no further action on the matter,

(b) make a formal apology to the applicant,

(c) take such remedial action as it thinks appropriate (eg the payment of monetary compensation to the applicant),

(d) provide undertakings that the conduct will not occur again,

(e) implement administrative measures to ensure that the conduct will not occur again.

  1. Section 55 of the PPIP Act provides:

55 Administrative Review of Conduct By Tribunal

(1) If a person who has made an application for internal review under section 53 is not satisfied with:

(a) the findings of the review, or

(b) the action taken by the public sector agency in relation to the application,

the person may apply to the Civil and Administrative Tribunal for an administrative review under the Administrative Decisions Review Act 1997 of the conduct that was the subject of the application under section 53.

...

(2) On reviewing the conduct of the public sector agency concerned, the Tribunal may decide not to take any action on the matter, or it may make any one or more of the following orders:

(a) subject to subsections (4) and (4A), an order requiring the public sector agency to pay to the applicant damages not exceeding $40,000 by way of compensation for any loss or damage suffered because of the conduct,

(b) an order requiring the public sector agency to refrain from any conduct or action in contravention of an information protection principle or a privacy code of practice,

(c) an order requiring the performance of an information protection principle or a privacy code of practice,

(d) an order requiring personal information that has been disclosed to be corrected by the public sector agency,

(e) an order requiring the public sector agency to take specified steps to remedy any loss or damage suffered by the applicant,

(f) an order requiring the public sector agency not to disclose personal information contained in a public register,

(g) such ancillary orders as the Tribunal thinks appropriate.

  1. The Applicants’ complaint was in regard to the “collection, storage, use and distribution” of their personal information and the refusal to provide access to their personal information.

  2. Section 4 of the PPIP Act provides that:

"personal information" means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.

(4) For the purposes of this Act, personal information is held by a public sector agency if:

(a) the agency is in possession or control of the information, or

(b) the information is in the possession or control of a person employed or engaged by the agency in the course of such employment or engagement, or

(c) the information is contained in a State record in respect of which the agency is responsible under the State Records Act 1998.

(5) For the purposes of this Act, personal information is not collected by a public sector agency if the receipt of the information by the agency is unsolicited.

  1. In these proceedings the relevant personal information is the Applicants’ identities, property details and personal contact information.

  2. As noted above, the RFS identified a number of provisions in the PPIP Act as relevant considerations. These included IPPs 2, 5, 7, 10, and 11 (i.e. IPPs found in sections 9, 12, 14, 17 and 18 of the PPIP Act) and sections 23(5)(a) and 27A(b)(ii) of the PPIP Act.

  3. Section 9 of the PPIP Act provides:

9 Collection of personal information directly from individual

A public sector agency must, in collecting personal information, collect the information directly from the individual to whom the information relates unless:

(a) the individual has authorised collection of the information from someone else, or

(b) in the case of information relating to a person who is under the age of 16 years—the information has been provided by a parent or guardian of the person.

  1. Section 12 of the PPIP Act provides:

12 Retention and security of personal information

A public sector agency that holds personal information must ensure:

(a) that the information is kept for no longer than is necessary for the purposes for which the information may lawfully be used, and

(b) that the information is disposed of securely and in accordance with any requirements for the retention and disposal of personal information, and

(c) that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse, and

(d) that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or disclosure of the information.

  1. Section 14 of the PPIP Act provides:

14 Access to personal information held by agencies

A public sector agency that holds personal information must, at the request of the individual to whom the information relates and without excessive delay or expense, provide the individual with access to the information.

  1. Section 16 of the PPIP Act provides:

16 Agency must check accuracy of personal information before use

A public sector agency that holds personal information must not use the information without taking such steps as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is proposed to be used, the information is relevant, accurate, up to date, complete and not misleading.

  1. Section 17 of the PPIP Act provides:

17 Limits on use of personal information

A public sector agency that holds personal information must not use the information for a purpose other than that for which it was collected unless:

(a) the individual to whom the information relates has consented to the use of the information for that other purpose, or

(b) the other purpose for which the information is used is directly related to the purpose for which the information was collected, or

(c) the use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual to whom the information relates or of another person.

  1. Cases that have considered the issue suggest that section 17 is concerned with an agency's internal use of personal information, rather than the disclosure of the information.

  2. A public sector agency is generally prohibited from disclosing personal information that it holds. Section 18 of the PPIP Act provides:

18 Limits on disclosure of personal information

(1) A public sector agency that holds personal information must not disclose the information to a person (other than the individual to whom the information relates) or other body, whether or not such other person or body is a public sector agency, unless:

(a) the disclosure is directly related to the purpose for which the information was collected, and the agency disclosing the information has no reason to believe that the individual concerned would object to the disclosure, or

(b) the individual concerned is reasonably likely to have been aware, or has been made aware in accordance with section 10, that information of that kind is usually disclosed to that other person or body, or

(c) the agency believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person.

(2) If personal information is disclosed in accordance with subsection (1) to a person or body that is a public sector agency, that agency must not use or disclose the information for a purpose other than the purpose for which the information was given to it.

  1. Section 23 of the PPIP Act provides:

23 Exemptions relating to law enforcement and related matters

...

(5) A public sector agency (whether or not a law enforcement agency) is not required to comply with section 18 if the disclosure of the information concerned:

(a) is made in connection with proceedings for an offence or for law enforcement purposes (including the exercising of functions under or in connection with the Confiscation of Proceeds of Crime Act 1989 or the Criminal Assets Recovery Act 1990), or

...

  1. Section 27A of the PPIP Act provides that in certain circumstances public sector agencies may exchange personal information. Section 27A provides:

27A Exemptions relating to information exchanges between public sector agencies

A public sector agency is not required to comply with the information protection principles with respect to the collection, use or disclosure of personal information if:

(a) the agency is providing the information to another public sector agency or the agency is being provided with the information by another public sector agency, and

(b) the collection, use or disclosure of the information is reasonably necessary:

(i) …, or

(ii) to enable inquiries to be referred between the agencies concerned, or

(iii) ...

The issue for determination

  1. The issue for determination by the Tribunal in these proceedings is whether the collection, use or disclosure of the Applicants’ personal information and the refusal to provide the Applicants with their personal information was in breach of the PPIP Act.

The Applicants’ case

  1. The Applicants attended the hearing. DMW gave evidence however they rely primarily on a bundle of material filed in support of their case and their written submissions. I note that the Applicants provided a considerable amount of additional material that dealt with issues that were not raised in the 20 June 2018 internal review application. I am unable to take that information into account.

  2. The Applicants sought a hazard reduction certificate from the RFS. However their application was refused. They say that the RFS did not visit their property before refusing the application and this occurred in circumstances where the RFS had access to their person information from other agencies. The RFS had obtained that personal information without the Applicants’ consent and without checking with them.

  3. The Applicants also say that on 18 October 2017 the RFS sent an email to the Council (“the 18 October email”) attaching an email that DMW had written. The RFS’ email contained the Applicants’ personal information and allegations about DMW’s proposed actions. As a result of the provision of that information to the Council, a Council inspector visited the Applicants’ property.

  4. The Applicants also contend that they requested that the RFS provide them with the personal information about them that the RFS held and that, in breach of the PPIP Act, that request was refused. Instead of providing the information the RFS requested that they make an access application pursuant to the Government Information (Public Access) Act 2008 (“the GIPA Act”).They subsequently found out about the information that was held when they lodged a GIPA Act access application. That process also revealed that the RFS had sent the 18 October email to the Council.

  5. In regard to the RFS’ reliance on section 23(5)(a) of the PPIP Act the Applicants submit that there were no law enforcement proceedings, there was never any evidence that an offence was about to be committed and there was no justification for law enforcement. In the circumstance the RFS should have disclosed the referral to the Council to the Applicants.

  6. DMW denied that he threatened to undertake clearing without the appropriate authorisation. He denied comments attributed to him in evidence given by Mr Neilsen.

The Respondent’s case

  1. The Respondent contends that it did not solicit the information that it received from the OEH and therefore, pursuant to section 4(5) of the PPIP Act, it did not collect the Applicants’ personal information for the purposes of the PPIP Act. Accordingly, it submits that there was no breach of the section 9 requirement that personal information be collected directly from the Applicants.

  2. The Respondent also contends that it was not required to comply with section 9 because of section 27A(b)(ii) of the PPIP Act. Section 27A(b)(ii) provides that a public sector agency is not required to comply with the information protection principle with respect to the collection of personal information if the collection is reasonably necessary "to enable inquiries to be referred between the agencies concerned". DMW had requested assistance from the OEH in regard to the question of whether clearing for bushfire protection could be used to clear a fence line. His request was forwarded to the RFS in that context as the RFS was the appropriate agency to deal with issues concerning clearing for bushfire protection. The Applicants subsequently applied to the RFS for a hazard reduction certificate and Mr Neilsen dealt with that application.

  1. In regard to the section 16 requirement that an agency must check the accuracy of personal information before using the information, the Respondent concedes that it received the information from the OEH and the information was used in relation to Mr Neilsen’s decision to refuse to issue a hazard reduction certificate. The Respondent contends that Mr Neilsen spoke to DMW to check the accuracy of the information before he used it in making his decision. The Respondent contends that Mr Neilsen used the information that he received from the OEH for the purpose for which it was provided i.e. to assist DMW with his request for assistance in regard to hazard reduction.

  2. As a result of the conversation that he had with DMW, Mr Neilsen believed that DMW was threatening to clear vegetation illegally. In that context he sent the 18 October email to the Council.

  3. In regard to the issue of disclosure of the Applicants’ personal information, the Respondent relies on the exemption in section 23(5)(a) of the PPIP Act. The Respondent contends that Mr Neilsen sent the 18 October email to the Council for law enforcement purposes. It does not contend that the 18 October email was sent in connection with proceedings for an offence. Nor does it contend that an offence had been committed. It submits that in the circumstances the agency was not required to comply with section 18 of the PPIP Act.

  4. It relies on Mr Neilsen’s evidence in this regard.

  5. Ms Sanders, solicitor for the RFS, submitted that the RFS does not prosecute illegal land clearing. However, the Council has law enforcement powers in relation to the unauthorised clearing of vegetation. Any clearing of vegetation without a permit issued by the Council would be deemed a "prohibited development" and would constitute an offence under the Environmental Planning and Assessment Act 1979.

Nick Neilsen

  1. Mr Neilsen provided an affidavit and also attended the hearing and was cross-examined. He did not alter his evidence in any material sense as a result of the cross-examination.

  2. Mr Neilsen’s evidence is that he was sent an email chain which indicated that DMW wanted to clear vegetation and build a new fence. He contacted the Local Land Service ("LLS") to ask about the process for land clearing approvals and was told that the Council was the relevant consent authority. He contacted the Council and asked about the approval process. He was told that a person wanting to clear land and build a new fence needed to get development approval from the Council.

  3. Mr Neilsen spoke to DMW in regard to his application for a hazard reduction certificate and clarified that DMW wanted to rebuild a fence. That is, he did not want to build a new fence. Mr Neilsen subsequently determined to refuse DMW's application for a hazard reduction certificate. He attempted to call and speak with DMW but DMX answered. He informed her that the application for a hazard reduction certificate would be refused. The refusal was based on Mr Neilsen’s understanding that the primary purpose of the clearing was to rebuild a fence and that it was not for hazard reduction. DMW rang Mr Neilsen and was clearly unhappy about Mr Neilsen’s decision.

  4. Mr Neilsen stated that in a subsequent phone call, DMW indicated that if he could not get the permission that he was seeking, he would undertake clearing anyway. Under cross-examination he confirmed that this was his understanding of what DMW had told him. Mr Neilsen said that he warned DMW against taking that action and indicated that there would be consequences if he did.

  5. Mr Neilsen said that he believed that DMW was threatening to clear vegetation illegally and he decided to pass the information onto the Council so that it could investigate and take action. That was because the RFS is not authorised to undertake such investigations. He contacted the Council to ascertain the appropriate person at the Council to deal with illegal clearing because he wanted to send the information to the correct person at the Council. He was given contact details for Mr Chris Carlos and he sent Mr Carlos the 18 October email outlining his concerns.

  6. Mr Neilsen said that this action was in accordance with his training. His training was that if he was aware of a possible offence, he would record relevant information and pass it on to the Council. His evidence is that he would contact the Council more than once a week about possible offences but he was not always made aware of whether or not the Council took action on the information that he provided.

  7. He believed that he had an obligation to report his belief that DMW was threatening to clear vegetation without the required approval.

  8. Mr Neilsen did not accept that he had any other motivation for sending the 18 October email.

Discussion

  1. The chronology of events in this matter is not in dispute. The background to the Applicants’ dealings with the LLS, the Council and the OEH is discussed in my recent decision in DMW and DMX v NSW Local Land Services [2019] NSWCATAD 128.

  2. As noted above, the issues for consideration concern the collection, use and disclosure of the Applicants’ personal information. The RFS has conceded that it breached the requirement in section 14 of the PPIP Act that it provide the Applicants with access to their personal information without excessive delay or expense. An apology was given in regard to that finding. I agree with that decision and I agree that the apology and refunding the GIPA access application fee was the appropriate response.

  3. In my view, no further action is warranted on that issue.

Receipt of an email from the OEH

  1. It is not in dispute that the OEH forwarded correspondence that contained the Applicants’ personal information to the RFS. I agree with the Respondent that the email was not solicited and therefore the section 9 requirement that personal information be collected directly from the Applicants is not applicable. I also agree that those requirements are not applicable because of the operation of section 27A(b)(ii) of the PPIP Act. I am satisfied that the OEH forwarded correspondence that contained the Applicants’ personal information in circumstances where DMW had requested assistance from the OEH but the RFS was the appropriate agency to deal with issues that DMW had raised. In my view, disclosure of the information to the RFS was reasonably necessary "to enable inquiries to be referred between the agencies concerned".

  2. In my view, no further action is warranted on that issue.

Use of the Applicants’ personal information

  1. It is not in dispute that the OEH forwarded correspondence that contained the Applicants’ personal information to the RFS. The OEH forwarded the information so that the RFS could assist with the Applicants’ inquiry regarding hazard reduction. Mr Neilsen conceded that he used the information that he had received from the OEH in relation to the decision to refuse DMW’s application for a hazard reduction certificate.

  2. Mr Neilsen’s evidence is that he spoke with DMW and checked the accuracy of the information that he had received from the OEH. In my view this consultation satisfied the requirements of section 16 of the PPIP Act.

  3. I am also satisfied that Mr Neilsen used the information that he had received from the OEH for a purpose that was directly related to the purpose for which the information was forwarded to him. In my view this satisfied the requirements of section 17 of the PPIP Act.

  4. In my view, no further action is warranted on that issue.

Disclosure to the Council

  1. It is not in dispute that Mr Neilsen sent the 18 October email to Mr Carlos at the Council. Mr Neilsen believed that he had an obligation to do so because he believed that DMW was threatening to clear vegetation without the required approval. The Council was the appropriate agency to investigate the issue. The RFS is not authorised to undertake such investigations.

  2. I accept the Applicants’ evidence that the Council acted on the 18 October email and that a Council inspector attended the Applicants’ property. I also accept that this caused them embarrassment.

  3. Section 18 of the PPIP Act places limits on the disclosure of personal information by a public sector agency. The Respondent contends that there is no breach of section 18 because of the operation of section 23(5)(a) of the PPIP Act.

  4. The test in section 23(5)(a) of the PPIP Act is directed to the ‘purpose’ of the disclosure. In JD v Department of Health [2005] NSWADTAP 44 the Appeal Panel noted at paragraph [98]:

98   Our provisional view is that the words ‘law enforcement purposes’ do not carry the broad meaning attributed to them by the Department and the Tribunal. The words, we think, bear the connotation, especially when considered within the context of this Act, of purposes relating to the conduct of policing or police-like functions. They have to do, we consider, with the operation of the criminal law and the enforcement of criminal offence provisions.

  1. Judicial Member Robinson applied JD v Department of Health in his decision in GA v Department of Education and Training and NSW Police (No 3) [2005] NSWADT 70. At paragraphs [71] – [74] he stated:

71 Notwithstanding the Tribunal was dealing with the expression in a different context, I accept this definition of the expression and I would adopt it and apply it to the provision relied upon by the first respondent, section 23(5)(a) of the Act.

72   ...

73 It should be noted that the test in section 23(5)(a) of the Act is directed to the "purpose" of the disclosure. The statutory test is not directed to the quality or relevance of the information. The test is in contrast to other law enforcement tests in the Act, for example in section 23(4) or section 23(5)(d) which rely on a finding based on "reasonably necessary" or "reasonable belief". None of those tests are applicable here.

74 On the section 23(5)(a) test, determining the purpose for which information was provided is a factual matter. The purpose in the present case was plain. It was to assist a police investigation. I see no reason to read down or narrowly construe the terms of the section. If the disclosure was made for the purposes of law enforcement, that will suffice to attract the exemption.

  1. The Respondent submits that the Council’s law enforcement powers in relation to the unauthorised clearing of vegetation are "police-like functions" and "have to do... with the operation of the criminal law and the enforcement of criminal offence provisions". Councils could authorise any person, including a council employee, to serve penalty notices for prescribed offences such as carrying out a "prohibited development" by unauthorised land clearing.

  2. I agree with that submission.

  3. There is no suggestion that the Applicants had undertaken any unauthorised clearing of vegetation or that they had committed any offences. The Applicants deny that they intended to commit any offences. That may well be true. However, for the purposes of section 23(5)(a) of the PPIP Act Mr Neilsen’s intention is the relevant consideration. Determining the purpose for which the information was provided is a factual matter. The purpose in the present case was plain. It was to assist the Council to undertake an investigation.

  4. Mr Neilsen sent the 18 October email so that the Council could investigate the issues that he raised. In the circumstances, that outcome could not have been achieved if the Applicants’ personal information had been removed from the 18 October email.

  5. I am satisfied that the disclosure of the Applicants’ personal information was for law enforcement purposes. It follows that the RFS did not need to comply with section 18 of the PPIP Act in regard to the disclosure of the Applicants’ personal information by sending the 18 October email.

  6. In my view, no further action is warranted on that issue.

  7. It follows that I agree with the Respondent that there was no breach of the PPIP Act other than the breach of the requirement in section 14 of the PPIP Act that it provide the Applicants with access to their personal information without excessive delay or expense. As I have noted, it is my view that no further action should be taken in regard to that breach.

  8. The appropriate determination pursuant to section 55(2) of the PPIP Act is to take no further action on the matter.

Order

The Tribunal determines to take no further action on the matter.

**********

I hereby certify that this is a true and accurate record of the reasons for decision of the Civil and Administrative Tribunal of New South Wales.


Registrar

Decision last updated: 09 August 2019

Actions
Download as PDF Download as Word Document
Cases Citing This Decision

2

FZZ v Department of Climate Change, Energy, the Environment and Water [2024] NSWCATAD 131
CJU v HealthShare NSW [2021] NSWCATAD 372
Cases Cited

4

Statutory Material Cited

5

Department of Education and Training v GA (No 3) [2004] NSWADTAP 50
DMW and DMX v NSW Local Land Services [2019] NSWCATAD 128
JD v Department of Health (GD) [2005] NSWADTAP 44