EJX v University of Newcastle

Case

[2023] NSWCATAD 53

13 March 2023


Details
AGLC Case Decision Date
EJX v University of Newcastle [2023] NSWCATAD 53 [2023] NSWCATAD 53 13 March 2023

CaseChat Overview and Summary

The case before the court involved EJX, the applicant, and the University of Newcastle, the respondent. The dispute centred on the alleged contraventions of the Australian Privacy Principles (APPs) and the Health Records Information Protection Principles (HPPs) by the University. These contraventions were said to have arisen from the establishment and operation of an email account and address solely operated and controlled by the university on behalf of the applicant. The applicant sought redress for the alleged breaches, including compensation for harm, distress, humiliation, and embarrassment caused by the university's actions.

The legal issues that the court had to address were primarily concerned with whether the university had contravened the APPs and HPPs in its handling of the applicant’s personal and health information. This involved examining the university’s policies and practices regarding the creation and use of the email account, the adequacy of the security measures implemented, and the accuracy, relevance, and completeness of the information held. The court also needed to consider the impact of the university's policies on its obligations under the Privacy and Personal Information Protection Act and the Health Records Information Protection Act, and whether there was any aggravating conduct that warranted additional compensation.

In its reasoning, the court found that the university had indeed contravened several APPs and HPPs. The court highlighted that the university’s operation of the email account on behalf of the applicant without proper authorisation and its failure to provide adequate information and notice to the applicant were significant breaches. Additionally, the court determined that the university’s conduct was aggravating due to its repeated and unnecessary breaches of privacy. Consequently, the court ordered the university to cease its use of the dedicated email, provide a formal written apology, pay compensation including aggravated damages, and take various steps to rectify its privacy practices.

The final orders of the court included the setting aside of previous internal review and interlocutory orders, mandating the university to cease using the dedicated email, issue an apology, pay compensation, and implement various privacy measures. These included providing the applicant with all required notices and information, ensuring the security and accuracy of the applicant's information, and using the information only in accordance with the principles. The university was also required to confirm its compliance with these orders in writing.
Details

Areas of Law

  • Administrative Law

Legal Concepts

  • Jurisdiction

  • Res Judicata

  • Compensatory Damages

  • Aggravated & Exemplary Damages

  • Injunction

Actions
Download as PDF Download as Word Document


Cases Citing This Decision

4

GGP v Lismore City Council [2024] NSWCATAD 308
GGP v Lismore City Council [2024] NSWCATAD 308
Cases Cited

28

Statutory Material Cited

6

ALZ v SafeWork [2017] NSWCATAD 52
ALZ v WorkCover NSW (No 2) [2014] NSWCATAD 122
BVV v Commissioner of Police [2020] NSWCATAD 182