Privacy cleared for take off.

1 August 2014 | Reading time: 2 minutes

This is your Privacy Commissioner speaking…

In a recent decision by the Privacy Commissioner1, a Virgin Australia airline passenger suffered damage through the collection and disclosure of his sensitive personal information by a Virgin sub-contractor. The compensation award to the passenger is a timely reminder that privacy law is a hot compliance issue following the recent introduction of the new Australian Privacy Principles.

Please make your way to the gate.

Aerocare Pty Ltd, a sub-contractor of Virgin, was responsible for providing passenger services at a Queensland airport. A visually impaired passenger, who had recently undergone surgery, was accompanied by an assistance dog and a sighted companion while flying from the Sunshine Coast to Melbourne. The companion was unaware of the full extent of his condition. The passenger had a hospital letter certifying that he was fit to fly.

Arm doors and cross check.

Virgin’s conditions of carriage entitle it to refuse to carry a passenger if it is not satisfied that a passenger is medically fit to fly. The Aerocare representative questioned the passenger in the departure lounge about his medical condition, in the presence of his sighted companion, who was unaware of the full extent of his condition and also within the possible earshot of other passengers. The passenger was distressed and upset by the manner Aerocare used to collect his personal information.

Your privacy may have been breached in transit.

The Commissioner determined that Aerocare’s representative had breached the National Privacy Principles (now the Australian Privacy Principles because it:

  • collected personal information in an unreasonably intrusive way (the passenger should have been taken out of earshot of others to be questioned);
  • did not explain why the information was being collected nor on whose behalf it was being collected (Aerocare should have disclosed its role and should not have assumed that the passenger knew why the information was being collected); and
  • was not protected from unauthorised disclosure (Aerocare questioned the passenger in earshot of others).

While this decision was determined with reference to the old National Privacy Principles, it serves to highlight the types of everyday situations in which privacy laws may be breached and the level of care required when dealing with an individual’s personal information.

Please remain compliant until the issue has come to a complete halt.

In light of the Commissioner’s decision, businesses should review their privacy policies and staff training programs to ensure staff are aware of the correct ways to use, disclose and secure personal information. If the collection of information occurs in a public setting, extra care should be taken to ensure that the information can’t be heard by others.

1‘BO’ and AeroCare Pty Ltd [2014] AICmr 32