ACCforum: AMI vs Lochead-Macmillan - ACCforum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

AMI vs Lochead-Macmillan

#1 User is offline   shulgin 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 57
  • Joined: 05-August 11

Posted 06 May 2012 - 10:39 AM

The full ruling.................

Attached File(s)


0

#2 User is offline   Huggy 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 1218
  • Joined: 18-October 05

Posted 06 May 2012 - 04:31 PM

Well done.
0

#3 User is offline   hukildaspida 

  • Advanced Member
  • PipPipPip
  • Group: Member
  • Posts: 3353
  • Joined: 24-August 07

Posted 06 May 2012 - 09:42 PM

Looks like Lochead-MacMillan v AMI insurance has set a preceedent, it is refered to in this case..

http://www.nzlii.org...RRT/2012/8.html

Director of Human Rights Proceedings [EFG (No.2)] v Commissioner of Police [2012] NZHRRT 8 (13 April 2012)


Data Quality Principle


8. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

[25] As its name suggests, the Data Quality Principle in Annex Guideline 8 underlines the need for data to have quality or integrity vis-à-vis the purpose for which it is to be used. Hence the stress on the need for the data to be accurate, complete and up to date. It is these terms which quantify the “quality” principle inherent in the OECD Guidelines. The only reasonable interpretation of Guideline 8 is that it imposes a continuing duty of “quality” because the reference to “the purposes for which [the data] is to be used” requires a case by case assessment of what the particular circumstances require in terms of accuracy, completeness and “up to dateness”.

[26] The notion of “quality” lies at the heart of the information privacy principles articulated in Part 2 of the Privacy Act. As recently stated in Lochead-MacMillan v AMI Insurance Limited [2012] NZHRRT 5 at [50]:

The principles stress that if an agency is to collect and hold personal information there is a need for the information to be accurate. For example, the information must be collected for a purpose and be necessary for that purpose (principle 1). The information should be collected directly from the individual (principle 2) and the individual must know that the information is being collected and the purpose for which it is being collected (principle 3). The agency must protect against (inter alia) loss, unauthorised access, modification or disclosure. Above all the agency is under a mandatory duty to give to the individual access to the information (principle 6) and the individual has a right to request correction of that information (principle 7). Indeed the agency has an obligation on its own initiative to take such steps to correct the information as are, in the circumstances, reasonable to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading (principle 7). It is not surprising that an agency holding personal information is under a mandatory duty not to use the personal information without taking such steps as are in the circumstances reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant and not misleading (principle 8).

[27] Principle 8 itself provides:

Principle 8

Accuracy, etc, of personal information to be checked before use

An agency that holds personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.

[28] It is to be noted that the mandatory obligation on the agency holding personal information not to “use” the information without “ensuring” that the information is “accurate, up to date, complete, relevant and not misleading”. It is clear from the phrase “shall not use” that this duty applies to each “use” of the information. Deployment of the time-focused expression “up to date” and the imposition of a mandatory duty to ensure that the information is accurate, complete, relevant and not misleading unambiguously point to the ongoing, ambulatory nature of the duty. Looked at another way, the terms “accurate”, “up to date”, “complete”, “relevant” and “not misleading” are not empirical or absolute standards. As conceived of by Principle 8, they take their meaning from the context and from the particular circumstances of the case, including the purpose for which the personal information is to be used. The content of the Principle 8 duty is largely controlled by the purpose for which the information is proposed to be used. This necessarily requires a case by case analysis. In some circumstances “historical” information of the kind set out in the Noting may be adequate such as where the purpose of the personal information request is to ascertain only what allegations were made against EFG. But where the personal information is to be provided many years later to a prospective employer, much more is required, as this Tribunal held in its first decision at [70][b].

[29] We conclude that the text of Principle 8, read in the context of the information principles, imposes a continuing or ambulatory obligation on the agency and that that obligation attaches to each and every occasion on which the personal information is “used” by the agency. This interpretation is reinforced by the Data Quality Principle in Annex Guideline 8.

Duplication of remedies

[30] Our holding that Principle 8 imposes a continuing or ambulatory duty on an agency will, of course, impact on the remedies which can be granted.

[31] Once an “action” of an agency breaches an information privacy principle and once, in the opinion of the Tribunal, that action has caused one or more of the three forms of harm listed in s 66(1)(B)(i) to (iii), that action satisfies the definition of “an interference with the privacy of an individual” set out in s 66(1) of the Act. If such interference is established on the balance of probabilities the Tribunal is empowered by s 85(1) to grant one or more of the following remedies:
0

#4 User is offline   MG 

  • Advanced Member
  • PipPipPip
  • Group: Members
  • Posts: 503
  • Joined: 05-February 04

Posted 06 May 2012 - 11:34 PM

Interesting decision and sensible too. I can think of another wannabe "insurance company" that screwed up, big time, in terms of the Privacy Act and its Information Privacy Principles. I reckon 10K damages to each claimant affected is about right as a remedy, provided it is paid out of staff bonuses and not rehabilitation entitlements.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users