WorkCover NSW Privacy officer collects misleading health info to deny claim

privacy-breach

In the following, recent, disturbing Workcover NSW legal matter—kindly shared by “Nemesia”—the NSW Civil and Administrative Tribunal (NCAT) upheld an injured worker’s claims about the “extraordinary conduct of WorkCover’s privacy officer”, and made factual findings that amounted to contraventions of privacy principles without specifically stating them.

WorkCover NSW Privacy officer collects misleading health info to deny claim

By ‘Nemesia

ALZ v WorkCover NSW [2014] NSWCATAD 93

The applicant in the case (a local government employee who’d made a bullying complaint to WorkCover) had applied to WorkCover, under NSW privacy legislation, for an internal review of a privacy breach.

She complained that the WorkCover inspector who’d investigated her bullying complaint had collected her health information (an insurer-initiated psychiatric independent medical examination (IME) report) from the council, contravening her entitlement to privacy.

WorkCover’s privacy officer conducted the internal review. Rather than investigate the worker’s complaint the privacy officer purported to understand that the worker was complaining about the management of her workers compensation claim. The privacy officer used this false understanding as an excuse to collect incorrect and misleading personal and health information from the insurer.

The privacy officer also made a deliberately erroneous finding that the inspector had collected the IME report from the insurer, not the council.

The privacy officer used the incorrect and misleading health information, with the above erroneous finding, in the internal review decision to imply that the worker was a danger to herself and other people and her complaints have no merit.

Not being satisfied with this response to her privacy complaint the worker applied to the Administrative Decisions Tribunal (ADT) for an administrative review of the inspector’s conduct and this caused the workers compensation information contained in the internal review decision to be disclosed to the Privacy Commissioner, the ADT, and WorkCover’s legal representatives.

The worker applied, under privacy legislation, to WorkCover then to the ADT, for a review of the conduct of WorkCover’s privacy officer.

WorkCover’s legal representative, from the Crown Solicitors Office (who train Government agencies on compliance with NSW’s privacy legislation, including training on how to conduct an internal review), argued that section 53 of the Privacy and Personal Information Protection Act 1998 (PPIP Act) authorised WorkCover’s failure to comply with the privacy principles when conducting their internal review.

Thankfully the Tribunal (which by now had become the NSW Civil and Administrative Tribunal (NCAT)) did not agree.

The Tribunal’s findings upheld the worker’s claims about the extraordinary conduct of WorkCover’s privacy officer, agreed with her interpretation of section 53, and made factual findings that amounted to contraventions of privacy principles without specifically stating them. Instead and unusually the Tribunal remitted the matter to WorkCover for their reconsideration.

WorkCover NSW’s misuse of injured worker’s confidential and private workers compensation information for political or other reasons has been discussed previously in this blog and although the case is not over I feel that NCAT’s findings-to-date in this matter vindicate, in some way, all the injured workers concerned.

Here is the link to the full text of the case: http://www.caselaw.nsw.gov.au/action/PJUDG?jgmtid=172588

 

You can learn more about the NSW Privacy and Personal Information Protection Act 1998 here

 



This post has been seen 4512 times.

5 Responses to “WorkCover NSW Privacy officer collects misleading health info to deny claim”

  1. Nice to see use of my submission to WorkCover bullying inquiry (para 81(b)). Be nicer to see ncat finish my privacy complaint against WorkCover and the Minister of Finance. Not surprisingly McBride is involved in mine as well.

    Thumb up 0 Thumb down 0

    • @ Nemesia – THANK YOU so much for your amazing article… and contribution to countless injured workers’ pursuit of justice. Much appreciated.

      Thumb up 0 Thumb down 0

      WorkcoverVictim July 13, 2014 at 7:56 pm
      • Thank you WorkcoverVictim for your comment, and thank you most sincerely for this blog.

        Thumb up 0 Thumb down 0

    • Hi CGU sux, Good luck with your case. Are you self-represented? Wish we could swap notes.

      Thumb up 0 Thumb down 0

  2. Mr Craig McBride is Privacy Officer in name only.

    He is actually a part of the Executive & Ministerial Services Unit (EMSU) of WorkCover NSW. It is this unit that runs dirt files on people, it is this unit that lies in response to Privacy Complaints, and it is this unit (in fact, Mr Craig McBride himself) who has written “Dorothy Dixers” for use in NSW Parliament for the government of the day.

    Mr Craig McBride is head of the EMSU, and quite simply, is a person who cannot be trusted.

    Refer to Hansard for information on McBride’s “Dixer”: https://www.parliament.nsw.gov.au/prod/lc/lcpaper.nsf/0/EB80E57E9DD395D8CA257735004C18D9/$file/Q100601.152.pdf

    Thumb up 0 Thumb down 0