Loading...
Queensland Judgments

beta

Authorised Reports & Unreported Judgments
Exit Distraction Free Reading Mode
  • Unreported Judgment

Purrer v Information Commissioner

 

[2018] QSC 272

 

SUPREME COURT OF QUEENSLAND

 

CITATION:

Purrer v Information Commissioner [2018] QSC 272

PARTIES:

Joseph PURRER
(appellant)
v
INFORMATION COMMISSIONER
(respondent)

FILE NO:

SC No 8444 of 2018

DIVISION:

Trial Division

PROCEEDING:

Application

ORIGINATING COURT:

Supreme Court at Brisbane

DELIVERED ON:

22 November 2018

DELIVERED AT:

Brisbane

HEARING DATE:

10 October 2018

JUDGE:

Boddice J

ORDERS:

  1. I shall hear the parties as to the form of orders and costs.

CATCHWORDS:

ADMINISTRATIVE LAW – JUDICIAL REVIEW – GROUNDS OF REVIEW – ERROR OF LAWwhere applicant made a privacy complaint – where the complaint related to OneSchool records – where complaint concerned the applicant’s personal information, as well as the personal information of others – whether there was an error of law in the respondent’s refusal to accept the applicant’s complaint

Information Privacy Act 2009 (Qld), s 168

George v Rockett (1990) 170 CLR 104, cited

COUNSEL:

The appellant was self-represented

S A McLeod for the respondent

SOLICITORS:

Office of the Information Commissioner for the respondent.

  1. [1]
    BODDICE J: By application, filed 7 August 2018, Joseph Purrer makes application for a statutory order of review of the decision of the Respondent Information Commissioner, made on 11 July 2018, declining to accept the applicant’s privacy complaint under section 168(1)(c) of the Information Privacy Act 2009 (Qld) (“the Act”). 
  2. [2]
    The grounds of review are that the respondent erred in law in interpreting the Act and in the application of the Act to the applicant’s complaint.  However, at the hearing the applicant accepted his application was to be determined by a consideration of whether there was an error of law in the respondent’s refusal to accept the applicant’s complaint.

Background

  1. [3]
    The applicant is the parent of a child attending a secondary school under the control of the Department of Education and Training (“the department”).
  2. [4]
    In the latter half of 2017, the applicant, as parent of his child, had contact with a law enforcement officer attached to the school, on a confidential basis.  Subsequent to that contact, the applicant discovered there was a record of that contact recorded in OneSchool, an Education Department Information Base. 
  3. [5]
    After reviewing that record, the applicant sent email communications to the relevant school.  In response, the school indicated the record simply recorded a contact, not the content of the discussion in that contact.  That response was unacceptable to the applicant, who engaged in further email communications with the school and, subsequently, officers of the Department.
  4. [6]
    The applicant requested the matter be referred to the Department’s Ethical Standards Unit, with respect to a breach of privacy and an allegation that records had been deliberately modified by staff at the relevant school.  The applicant also requested an audit be conducted of the information held on the particular information base. 
  5. [7]
    After the Department advised the applicant that the complaint was not within the scope of matters to be considered by its Ethical Standards Unit, the applicant made a complaint to the respondent of a breach of privacy principles under the Information Privacy Act 2009.  Following receipt of that complaint, the respondent sought clarification of the nature and extent of the applicant’s complaint.  In response, the applicant provided further and extensive information.
  6. [8]
    By letter dated 11 July 2018, the respondent advised the privacy complaint against the Department was not accepted by the respondent.

Decision

  1. [9]
    In summary, the respondent gave the following reasons for the decision not to accept the applicant’s privacy complaint:
  • the complaint was multi-faceted and concerned dissatisfaction with a number of different officers, both within the department and other agencies, about different events and differing alleged breaches of the privacy principles;
  • the complaint concerned the applicant’s personal information, as well as the personal information of the applicant’s wife and son;
  • the complaint related to dissatisfaction with the services provided to the applicant’s son by his school and the Department in general, as well as dissatisfaction with the conduct of the Queensland Police Service and a particular school based police officer;
  • the concerns against the school and its staff were serious in nature.  They included a failure to comply with their notification obligations as well as falsification of records and possible sexual harm to children.  There was also concern in respect of the record management practices of the school and of the Department;
  • the complaint concerned, in some respects, the potential for improper access to a student’s departmental records as well as concerns as to the content of the Departmental records, including the motivations for the making of a record and the accuracy of records;
  • misconduct and/or breaches of codes of conduct are not able to be pursued through the privacy jurisdiction, nor were privacy principles able to oversight general administrative practices or general record keeping practices;
  • there were well established and effective mechanisms for contesting the quality of government records, through which the applicant could seek amendment of the records.  That mechanism provided a right to seek both internal and external reviews, as well as potential recourse of review before the Queensland Civil & Administrative Tribunal; and,
  • not all dealings with personal information involve privacy issues and many of the applicant’s complaints related to incidents that were more appropriately dealt with under their respective legislative schemes.
  1. [10]
    The respondent stated, in dealing with the substance of the privacy complaint, that the Act was not the appropriate mechanism to pursue the applicant’s complaint in respect of the collection of information.  Further, the applicant’s complaint did not involve any breaches of the Information Privacy Principles.
  2. [11]
    First, the respondent was not persuaded the information entered into OneSchool, departed from the purpose of making of such records, which included the recording of information about communications relating to students.  There was nothing in the complained of records concerning the applicant and his son, that did not fall into the category of communications connected to or relating to the son’s education at the school, or that supported a conclusion they were collected unlawfully.  For that reason, the respondent did not accept the applicant’s complaint of a breach of Principle 1.
  3. [12]
    Second, the information had not been collected from the applicant.  It had been collected from a third party.  Accordingly, Principle 2 was not enlivened for the particular record.  The fact that personal information was collected for the purpose of gaining assistance with the welfare of a student who had suffered harm, was not mutually exclusive from the purpose of assisting with the education or general management of a school.  The welfare of students was a necessary component of both providing education services and general management of educational institutions.
  4. [13]
    Third, the applicant’s complaint related to the accuracy of the record.  Principle 3 dealt with relevance, completeness and currency.  That principle did not require a record to be absolutely relevant, complete and up to date.  It required the Department to take all reasonable steps to ensure relevance, completeness and currency.  The record retained by the school constituted a reasonable step to ensure relevance, completeness and currency of the record of the applicant’s contact with the school based police officer.
  5. [14]
    Fourth, the information retained by the school struck a balance between practical accessibility and security for more sensitive information.  A breach of Principle 4 required an incident of unauthorised access, use, modification or disclosure, or a loss or any other misuse of the relevant departmental records.  At best, the applicant’s complaint was as to the potential for this to occur in the future.
  6. [15]
    Fifth, the Department had taken reasonable steps to ensure a person could find out the type of information contained in its departmental documents and had used the main purpose for which that personal information was included in the document.  The department had a dedicated website seeking the relevant information as well as long established right to information processes and principles.  Accordingly, there was no breach of Principle 5.
  7. [16]
    Sixth, the applicant had not pursued amendment of the relevant records in accordance with the formal amendment process set out in chapter 3 of the Act.  Accordingly, the respondent did not accept the applicant’s complaint in respect of Information Privacy Principle 7. 
  8. [17]
    Seventh, Principle 8 did not require only accurate information be contained in an agency record.  It required the agency to take all reasonable steps to ensure the information was accurate, complete and up to date.  The Department had taken such steps.  Any inaccuracies were relatively minor and there was an established mechanism to seek amendment of those records.
  9. [18]
    Eighth, Principle 9 was not about file management.  It ensured only relevant information was used for a particular purpose.  Nothing in the material pointed to use by the school of personal information for a non-relevant purpose.
  10. [19]
    Ninth, Principle 10 dealt with the situation where personal information is obtained for one purpose, but used for a different or secondary purpose.  The school had not used that personal information for a secondary purpose.
  11. [20]
    Finally, section 168(1)(d) of the Act gave the respondent authority to not accept a privacy complaint in whole or in part where there was a more appropriate course of action available under another Act to deal with the substance of the complaint or part of that complaint.  Breaches of confidentiality, misconduct, corrupt conduct, criminal matters or failures to afford child protection were more appropriately dealt with under other legislation.

Applicant’s submissions

  1. [21]
    The applicant submits the respondent erred in law as there were no grounds for a reasonable belief that the complaint, or part of it was frivolous, vexatious, misconceived or lacking in substance and there were not more appropriate courses of action available under another Act to deal with that complaint.  Section 3 of the Act placed an obligation on the respondent to interpret and apply the Act to further the fair collection and handling of personal information.  The respondent relied on incorrect interpretations of the complaint to refuse to accept the information.  The failure to accept the information was without reason or justification.
  2. [22]
    The applicant submits the respondent misapprehended that the complaint was limited to the operation and management of the department’s records and criticisms of that record.  The complaint alleged much more.  Section 166(2) of the Act placed an obligation on the respondent to give reasonable help to put the complaint into written form.  The respondent’s failure to provide that requested assistance led to a misunderstanding of the substance of the complaint and a consequent error of law.
  3. [23]
    Further, the applicant submits the respondent erred in rejecting the complaint in respect of the breach of the Principles.  No reason is provided to question the substance of the complaint or to provide justification for the reasonable belief and no clarification is provided for the assumption that the information was collected fairly or lawfully as for use for its intended purposes. 
  4. [24]
    Further, the finding misinterpreted the substance of the complaint, relied upon a non-existent ground for the purpose, incorrectly found the existence of a broad purpose was sufficient to meet the requisite obligations, erroneously failed to deal with the department’s obligations and the complaint that several of the records were incomplete, out of date, inaccurate, misleading or irrelevant for the purpose.
  5. [25]
    The applicant submits that despite a finding that the record appeared inaccurate, the respondent misstated and re-phased the complaint, relied on factual errors to support its rejection and did not address the substance of the complaint.  As a consequence the respondent erred in forming a belief which was not reasonable and which was insufficient to justify application of section 168 of the Act.

Respondent’s submissions

  1. [26]
    The respondent submits the applicant’s complaint was administered in accordance with Chapter 5 of the Act and involved a proper interpretation of the applicant’s complaint.  There was no error of law.  The application for review amounts to no more than a review of the merits of the respondent’s decision, which is impermissible.
  2. [27]
    The respondent submits the appropriate process for the applicant was to seek amendment of the document containing personal information, insofar as that document contained inaccurate, incomplete, out of date or misleading information.  The applicant has no difficulty in articulating the matters of complaint.  Accordingly, there was no failure on the respondent’s part to give the applicant reasonable help to put that complaint into written form.
  3. [28]
    Finally, the respondent submits that to the extent that the applicant’s outline of argument contains new allegations not part of the initial privacy complaint, they are not properly to be the subject of the application for statutory review, or are appropriately to be pursued through that the appropriate legislative scheme or against the appropriate agency.

Consideration

  1. [29]
    The Act provides a legislative scheme for the determination of privacy complaints by individuals about an act or practice of a relevant entity in relation to the individual’s personal information.  That is a breach of the relevant entity’s obligations under the Act to comply with the privacy principles or an approval under section 157 of the Act.[1]
  2. [30]
    The complaint, the subject of the application for an order for statutory review, was about an act or practise of a relevant entity.  However, the complaint was not only in respect to the applicant’s personal information.  It was a complaint in respect of the personal information of other individuals.  To that extent, the complaint involved matters outside the definition of a privacy complaint under section 165 of the Act.
  3. [31]
    Whilst the applicant submits that in those circumstances there was an obligation upon the respondent to give reasonable help to the complainant to put the complaint into written form,[2] a consideration of the material relied upon by the applicant, evidences compliance with that obligation.  The respondent, on multiple occasions, sought to assist in a reasonable way, the applicant to ensure the complaint satisfied the requirements for a privacy complaint under section 166 of the Act.  There is no substance to the applicant’s contention to the contrary.
  4. [32]
    Further, the respondent’s decision to decline to accept the complaint pursuant to section 168(1)(c) of the Act was made in accordance with a proper application of the Act, and of the Principles.  No error of law has been established in the making of that determination.
  5. [33]
    Section 168(1)(c) gives the respondent a broad discretion to decline to deal with the whole or part of a privacy complaint, if the respondent “reasonably believes the complaint or part, is frivolous, vexatious, misconceived or lacking in substance”.  Nothing in the applicant’s complaint raises a proper basis to call into question the respondent’s belief to that effect, or the reasonableness of that belief.
  6. [34]
    A reasonable belief does not require proof of the existence of the subject matter.  In George v Rockett,[3] the High Court stated:

The objective circumstances sufficient to show a reason to believe something need to point more clearly to the subject matter of the belief, but that is not to say that the objective circumstances must establish on the balance of probabilities that the subject matter in fact occurred or exists: the assent of belief is given on more slender evidence than proof.  Belief is an inclination of the mind towards assenting to, rather than rejecting, a proposition and the grounds which can reasonably induce that inclination of the mind may, depending on the circumstances, leave something to surmise or conjecture.”

  1. [35]
    The respondent properly characterised the central thrust of the applicant’s complaint insofar as it related to inaccuracy in the records of OneSchool, as being subject to well established and effective mechanisms for amendment of those records.  The Act provides an individual with a right to amend inaccurate, incomplete, out of date or misleading documents of an agency of a relevant entity, to the extent they contain the individual’s personal information.[4] 
  2. [36]
    The respondent’s conclusion that in such circumstances pursuit of the inaccuracy by way of a privacy complaint was not an appropriate mechanism, was in accordance with a proper interpretation of the Act.  Such a conclusion supports a reasonable belief that that part of the complaint is “misconceived or lacking in substance”.  No error of law is shown in the respondent’s determination to that effect.
  3. [37]
    Further, to the extent the applicant’s complaint dealt with the disclosure by others of sensitive information given confidentially, the respondent properly determined the applicant’s complaint did not involve any breaches of the Information Privacy Principles.  The information had been collected from a third party.  The complained of information fell into the category of communications connected to or related to the applicant’s son’s education at the particular school.  The inclusion of the fact of the applicant’s contact with a law enforcement officer attached to the school, albeit on a confidential basis, was consistent with the purpose of the information site, namely, assisting with the education or general management of a school.
  4. [38]
    The respondent’s determination that the agency had taken reasonable steps to ensure relevance, completeness and currency of the information was open on the available material.  That conclusion supported a reasonable belief by the respondent that that part of the complaint was “misconceived or lacking in substance”.
  5. [39]
    Finally, it was open on a proper consideration of the whole of the applicant’s complaint for the respondent to reasonably believe, in accordance with section 168(1)(d) of the Act, that insofar as the complaint dealt with breaches of confidentiality, misconduct, corrupt conduct, criminal matters or failure to afford child protection, there was more appropriate courses of action available under another Act to deal with the substance of the complaint, or part of that complaint. 
  6. [40]
    Each of these matters is the subject of discrete specific statutory regimes.  Those matters are more appropriately dealt with under those specific regimes. No error of law is shown in the respondent’s determination to that effect.

Conclusions

  1. [41]
    The applicant has failed to establish any error of law in the respondent’s interpretation of the Act or in the application of that Act to the applicant’s complaint. 
  2. [42]
    The application for a statutory order of review is dismissed.
  3. [43]
    I shall hear the parties as to the form of orders and costs.

Footnotes

[1] Information Privacy Act 2009, s 164.

[2] Information Privacy Act 2009, s 166(2).

[3]  (1990) 170 CLR 104 at 116.

[4] Information Privacy Act 2009, s 41.

Close

Editorial Notes

  • Published Case Name:

    Purrer v Information Commissioner

  • Shortened Case Name:

    Purrer v Information Commissioner

  • MNC:

    [2018] QSC 272

  • Court:

    QSC

  • Judge(s):

    Boddice J

  • Date:

    22 Nov 2018

Litigation History

No Litigation History

Appeal Status

No Status