Individuals can complain to the VI Commissioner about an A written law made by parliament. Also called an ‘Act of parliament’, ‘statute’ or legislation. or practice that may breach a Victorian IPP. The Claimed but not proved. For example, the police can allege in court that a car was stolen, but they then have to prove it with evidence. If you say a person did something illegal you are making an allegation. Unless you can back it up, you will not be able to win a court case about it. breach must be in relation to the personal information of a living person. The VI Commissioner deals with complaints in the same way as the previous Victoria Commissioner for Privacy and Data Protection.
There are provisions under the PDP Act that enable minors or people who are unable to complain because of a physical or mental disability to have someone complain on their behalf (ss 59, 60).
The VI Commissioner must try to conciliate complaints wherever possible. Where appropriate, complaints can be referred to the Victorian A public official appointed to investigate citizens’ complaints against government departments and statutory authorities. A specialised ombudsman resolves consumer complaints in a particular industry, for example the banking ombudsman for the banking industry. See also statutory authority., the Victorian Health Complaints Commissioner, the Australian Privacy Commissioner, the Disability Services Commissioner, the Commissioner for Children and Young People, or the Mental Health Complaints Commissioner.
Under the The right of any person to access documents held by government agencies, except documents excluded by legislation. A change made to a legal document or Act of parliament. (Office of the Victorian Information Commissioner) Act 2017 (Vic) (‘FoI Amendment Act 2017’), the VI Commissioner can investigate complaints received under the PDP Act as if received under the Freedom of Information Act 1982 (Vic) and vice versa.
In conducting investigations, the VI Commissioner has enforceable powers to obtain information and documents, and to take Material presented to a court to prove or disprove a fact. It can include what witnesses say as well as documents and other objects. on A person’s promise when they swear to tell the truth in court, or when signing an affidavit. A person taking an oath places one hand on the Bible or other holy book to demonstrate how seriously they take their promise. See also affirmation.. The FoI Amendment Act 2017 enhanced these powers and they apply to all the VI Commissioner’s investigations.
The VI Commissioner has the power to decline to investigate complaints in certain circumstances (s 62).
These circumstances include where:
- the organisation complained about is adequately dealing with, or has adequately dealt with, the complaint;
- the A person who begins a criminal prosecution against another in the Magistrates’ Court, or formally starts an action in a court or tribunal or makes a complaint to a complaint-handling body. In a civil action they could also be referred to as a plaintiff or an applicant. has not complained to the organisation before making a complaint to the VI Commissioner;
- the VI Commissioner believes the complaint is frivolous, Causing trouble without good legal reason. A vexatious litigant repeatedly starts court cases that have no chance of succeeding. Vexatious litigation is a court action that is unnecessary or undertaken only to cause trouble, embarrassment or inconvenience for the other party. or lacking in substance;
- the complainant does not make a complaint to the VI Commissioner within 45 days of becoming aware of the alleged privacy breach.
If an alleged privacy breach is done by an employee or an A person who acts for someone else. They can make decisions, carry out tasks or make agreements for the other person. For example, if you ask someone to bid for you at an auction they will be acting as your agent. acting on behalf of an organisation, the organisation is held responsible unless it can establish that it took reasonable precautions and exercised due diligence to avoid the privacy breach (s 118 PDP Act).
In the case of TSJ v Department of Health & Human Services (Human Rights)  VCAT 687, a social worker employed by the Department of Health and Human Services (DHHS) sent personal information about the complainant to the wrong email address. The person who received the information immediately contacted the social worker, who took steps to retrieve the information, notified the complainant, and apologised for the breach. VCAT found that the DHHS had taken reasonable precautions and exercised due diligence to prevent the privacy breach under IPP 2, and to protect the personal information under IPP 4, and dismissed the complaint.
If the VI Commissioner declines to investigate a complaint – or A form of alternative dispute resolution. The parties negotiate with the help of an independent person called a conciliator. The aim is to sort out the dispute by mutual agreement, rather than having a decision made by a court or tribunal. See also arbitration; mediation; negotiation. of the complaint is not possible or has been attempted but has failed – a complainant may, in writing, direct the VI Commissioner to refer their complaint to the Victorian Civil and Administrative A body set up to hear and decide disputes, usually with less formality and less strict rules of evidence than in a court proceeding. (VCAT). A referral to VCAT is considered to be a fresh The time and place at which a court or tribunal hears the parties argue their case and makes a decision. of the complaint.
The VI Commissioner can decide to intervene in any proceeding before VCAT and can be joined by VCAT as a A person or organisation directly involved in a court case. Parties include the plaintiff or applicant, the defendant, and any third party added to the action, but not independent witnesses. to the proceeding.
If VCAT upholds a complaint as a breach of privacy, potential remedies include:
- orders to correct information;
- restraint orders;
- reimbursement of expenses;
- compensation orders of up to $100 000.
Compliance notices (s 78)
The VI Commissioner can serve a compliance notice on an organisation when that organisation has seriously breached one of the IPPs (or an approved Guidelines setting out proper practice in an industry or occupation. For example, the franchising code of practice sets out rules for businesses operating under a franchise. Codes can be voluntary or statutory (required by legislation).). A notice can also be served on an organisation if the act that breached one of the IPPs (whether serious or not) has occurred five times in the last two years.
If an organisation is served with a compliance notice, penalties apply for failure to comply and it is an A serious crime that is generally heard before a judge and jury in the County Court or the Supreme Court a criminal case. Examples of indictable offences include assault and armed robbery.. An individual or organisation whose interests are affected by a compliance notice can seek a review from VCAT.
Information and materials
The website, https://ovic.vic.gov.au, contains a number of resources under ‘Privacy’ and ‘Data Protection’. Case notes are also published under ‘Victorian Case Law’ at www.austlii.edu au.