In the following, recent, disturbing Workcover NSW legal matter—kindly shared by “Nemesia”—the NSW Civil and Administrative Tribunal (NCAT) upheld an injured worker’s claims about the “extraordinary conduct of WorkCover’s privacy officer”, and made factual findings that amounted to contraventions of privacy principles without specifically stating them.
WorkCover NSW Privacy officer collects misleading health info to deny claim
ALZ v WorkCover NSW  NSWCATAD 93
The applicant in the case (a local government employee who’d made a bullying complaint to WorkCover) had applied to WorkCover, under NSW privacy legislation, for an internal review of a privacy breach.
She complained that the WorkCover inspector who’d investigated her bullying complaint had collected her health information (an insurer-initiated psychiatric independent medical examination (IME) report) from the council, contravening her entitlement to privacy.
WorkCover’s privacy officer conducted the internal review. Rather than investigate the worker’s complaint the privacy officer purported to understand that the worker was complaining about the management of her workers compensation claim. The privacy officer used this false understanding as an excuse to collect incorrect and misleading personal and health information from the insurer.
The privacy officer also made a deliberately erroneous finding that the inspector had collected the IME report from the insurer, not the council.
The privacy officer used the incorrect and misleading health information, with the above erroneous finding, in the internal review decision to imply that the worker was a danger to herself and other people and her complaints have no merit.
Not being satisfied with this response to her privacy complaint the worker applied to the Administrative Decisions Tribunal (ADT) for an administrative review of the inspector’s conduct and this caused the workers compensation information contained in the internal review decision to be disclosed to the Privacy Commissioner, the ADT, and WorkCover’s legal representatives.
The worker applied, under privacy legislation, to WorkCover then to the ADT, for a review of the conduct of WorkCover’s privacy officer.
WorkCover’s legal representative, from the Crown Solicitors Office (who train Government agencies on compliance with NSW’s privacy legislation, including training on how to conduct an internal review), argued that section 53 of the Privacy and Personal Information Protection Act 1998 (PPIP Act) authorised WorkCover’s failure to comply with the privacy principles when conducting their internal review.
Thankfully the Tribunal (which by now had become the NSW Civil and Administrative Tribunal (NCAT)) did not agree.
The Tribunal’s findings upheld the worker’s claims about the extraordinary conduct of WorkCover’s privacy officer, agreed with her interpretation of section 53, and made factual findings that amounted to contraventions of privacy principles without specifically stating them. Instead and unusually the Tribunal remitted the matter to WorkCover for their reconsideration.
Here is the link to the full text of the case: http://www.caselaw.nsw.gov.au/action/PJUDG?jgmtid=172588