'Do you really need to include that personal information?'

Friday October 17, 2014

The below article from September 2014 has been provided by Philippa Hore, Maddocks.

The complainant attended St Paul's School in Brisbane and alleged that, during his time there, he was sexually abused by a teacher.

St Paul's School forms part of the Corporation of the Synod of the Diocese of Brisbane (Diocese), but it has a separate constitution. The Diocese is ultimately accountable for the general control and management of schools, but the School Council is delegated the power to control and manage the affairs of St Paul's School.

The complainant contacted the Diocese about the alleged abuse in March 2007, seeking settlement of his complaint and compensation.

In August 2007, the Diocese's lawyers wrote to the Diocese about the complainant's legal action and sent a copy of the letter to St Paul's School. The correspondence included documents containing details of the complainant's allegations of sexual abuse.

In September 2007, the School Council of St Paul's School met to discuss a number of matters, including the complainant's legal action. In preparation for this meeting, an Information Pack was provided to School Council members a week before the meeting, containing documents which included details of the complainant's allegations of sexual abuse. The Information Pack was also inadvertently sent to one non-School Council member, a staff member of St Paul's School who was scheduled to give a presentation at the School Council meeting.

In August 2009, the complainant wrote to the Diocese, alleging the distribution to School Council members and the non-School Council member of documents containing his personal information was a breach of his privacy. The Diocese responded by stating, given the nature of the issues raised by the complainant, it preferred to have the matters independently assessed by the Privacy Commissioner.

Determination by the Privacy Commissioner
The complainant's allegations, and the Privacy Commissioner's response to them, are summarised in the table below. The Australian Privacy Principles (APPs) had not commenced at the time the relevant events occurred, so the case was decided under the National Privacy Principles (NPPs). The table below indicates what APPs would be relevant if the case was decided under the APPs.

As the table shows, the allegations largely centred around NPP 4.1, which required the Diocese to take reasonable steps to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. This requirement is now contained in APP 11.1.

Click here to read more.


© 2014. Copyright in this material is retained by the authors.


A licence to publish in this format has been granted to Legalwise Seminars Pty Ltd. Apart from any fair dealing for the purposes of private study, research, criticism or review, as permitted under the Copyright Act 1968, no part of these materials may be reproduced by any process without written permission of the author.




The statements, analyses, opinions and conclusions in these materials are those of the author and not of Legalwise Seminars Pty Ltd which acts only in the capacity as convenor of educational courses.


No part of any paper can be regarded as legal advice. Although all care has been taken in preparing all papers, readers must not alter their position or refrain from doing so in reliance on any paper. Neither the author nor Legalwise Seminars Pty Ltd accept or undertake any duty of care relating to any part of any paper.


All enquiries should be directed to Legalwise Seminars Pty Ltd.


Legalwise Seminars Pty Ltd (ABN 40 049 329 749) (ACN 102 742 843)




"Great, fantastic to see such esteemed authorities on the subject area all gathered together and contributing/engaging with each other’s presentations."

Delegate - Use of Indigenous Land: The Legal Issues, Sydney, November 2017





, Use of Indigenous Land: The Legal Issues

Read more testimonials