NEW SOUTH WALES COURT ISSUES JUDGEMENT FOR MS TELINA WEBB V/S PORT STEPHENS COUNCIL CASE

Australia, Sept. 1 -- New South Wales Land and Environment Court issued text of the following judgement on Aug. 1:

1. This is an application under s 55(1) of the Privacy and Personal Information Protection Act 1998 (NSW) ("PPIP Act") made by the Applicant on 8 January 2025 for administrative review of the conduct of the Port Stephens Council which the Applicant alleges was in contravention of the Information Protection Principles ("IPPs") of the PPIP Act ("External Review Application").

2. At the heart of the External Review Application is the alleged conduct of the Respondent in disclosing, using and continuing to hold certain of the Applicant's personal information in order for the Respondent to use a tool ("GIPA Tool") promoted by the Information and Privacy Commission NSW ("IPC") to assist the Respondent with handling the Government Information (Public Access) Act 2001 ("GIPA Act") access applications it received from the Applicant between 2015 and 2022 ("Conduct of Concern"). The Applicant alleges that the Conduct of Concern breached the PPIP Act and the IPPs.

3. The Applicant submits that her personal information used/disclosed and still held in the GIPA Tool by the Respondent is the Applicant's full name, the type of applicant she was, her address, phone number(s) and email address which were all taken from her GIPA Act access applications made to the Respondent and uploaded by the Respondent into the GIPA Tool ("Applicant Personal Information"). This was done to enable the Respondent to use the GIPA Tool in relation to the Applicant's GIPA Act access applications during the period from 18 June 2015 to February 2022.

4. On 14 October 2024 the Applicant applied to the Respondent for an internal review by the Respondent in relation to the Conduct of Concern relating to the Applicant Personal Information ("Internal Review Application"). The Applicant did not use the IPC internal review application form to make the Internal Review Application and so she was not prompted to detail the specific IPPs (as one is prompted to do on the IPC form) that she alleges were breached by the Conduct of Concern. The Applicant did note in her Internal Review Application, in summary and most relevantly, that:

1) the "IPC External Review Report Ref No: IPC 24/R0000307 dated 8 October 2024" confirmed that the information uploaded to the GIPA Tool (i.e. the Applicant Personal Information) was personal information;

2) the GIPA Tool is operated/on the IT infrastructure owned by a third party (not the IPC) and is provided to agencies on a subscription basis;

3) at no time was the Applicant notified of or gave her permission for or consent to the sharing of the Applicant Personal Information:

(a) with any other entity; or

(b) for a secondary or collateral purpose; and

4) the Respondent has a mandatory obligation to notify the IPC of the Internal Review Application.

5. On 12 November 2024 Mr Crosdale of the Respondent wrote to the Applicant acknowledging receipt of the Internal Review Application and noted that he had identified "(IPPs) 10 and 11 to be at issue".

*Rest of the document can be viewed at: (https://www.caselaw.nsw.gov.au/decision/1985964cad7de672b2bfcf8a)

Disclaimer: Curated by HT Syndication.