The Applicant alleged that the Respondent's conduct contravened several of the Health Privacy Principles ("HPP"s) of the Health Records and Information Privacy Act 2002 ("HRIP Act") and also several of the Information Protection Principles ("IPP"s) of the Privacy and Personal Information Protection Act 1998 ("PPIP Act").
In these reasons the names of private individuals have been anonymised so as to preserve the privacy of their personal affairs. The Applicant is referred to as ALZ. At relevant times ALZ was employed by a local council ("the Council").
The background is set out in my decisions reported as ALZ v WorkCover NSW [2014] NSWCATAD 49 ("ALZ v WorkCover No.1") and ALZ v WorkCover NSW (No 2) [2014] NSWCATAD 122 ("ALZ v WorkCover No.2"). Also relevant is the Appeal Panel decision in ALZ v WorkCover NSW [2015] NSWCATAP 138 ("the Appeal Panel decision"). The Applicant did not appeal against the Appeal Panel decision.
WorkCover NSW was the Respondent to the earlier proceedings. However, on 1 September 2015, the State Insurance and Care Governance Act 2015 ("the SICG Act"), abolishing WorkCover and transferring its relevant functions as the regulator under the Work Health and Safety Act 2011 to SafeWork NSW. The appropriate respondent to these proceedings is now SafeWork NSW.
The conduct concerns a medical report dated 10 November 2011 ("the medical report") by a psychiatrist, Dr Prabal Kar. The medical report was prepared in relation to a workers compensation claim brought by ALZ against the Council. The workers compensation insurer which covered the Council for workers compensation claims was StateCover Mutual Limited ("StateCover"). StateCover and the Council were responsible for processing and managing ALZ's workers compensation claim. The Respondent obtained a copy of the medical report from the Council.
The decision in these proceeding was reserved pending the conclusion of various related proceeding. Following the publication of the Appeal Panel decision, the Applicant applied for the referral to the Supreme Court of a number of questions said to arise in the present proceeding. Deputy President Hennessy refused that application: ALZ v WorkCover NSW [2015] NSWCATAD 241.
The parties were given the opportunity to make further submissions on any matters affecting these proceeding that are said to arise from the Appeal Panel decision and I ultimately made a number of findings in regard to alleged breaches of the HRIP Act and the PPIP Act. I found that the Respondent has contravened a number of HPPs:
i. HPP 3 - on account of the collection of the medical report from a third party, rather than from ALZ;
ii. HPP 4 - on the basis that the Respondent failed to take reasonable steps to notify ALZ that the medical report had been collected, and what it was going to do with it;
iii. HPP 5 - on account of the Respondent's failure to take appropriate steps to secure the medical report; and
iv. HPP 6 - on account of the Respondent's failure to have an adequate and intelligible privacy plan.
The matter is now before the Tribunal for consideration of what, if any, consequential orders should be made pursuant to section 55(2) of the PPIP Act. The Tribunal may order damages by way of compensation for any loss or damage suffered due to conduct in contravention of an HPP, where it is satisfied that the applicant has suffered financial loss, or psychological or physical harm, because of agency's conduct. Section 55 provides:
55 Administrative review of conduct by Tribunal
…
(2) On reviewing the conduct of the public sector agency concerned, the Tribunal may decide not to take any action on the matter, or it may make any one or more of the following orders:
(a) subject to subsections (4) and (4A), an order requiring the public sector agency to pay to the applicant damages not exceeding $40,000 by way of compensation for any loss or damage suffered because of the conduct,
(b) an order requiring the public sector agency to refrain from any conduct or action in contravention of an information protection principle or a privacy code of practice,
(c) an order requiring the performance of an information protection principle or a privacy code of practice,
(d) an order requiring personal information that has been disclosed to be corrected by the public sector agency,
(e) an order requiring the public sector agency to take specified steps to remedy any loss or damage suffered by the applicant,
(f) an order requiring the public sector agency not to disclose personal information contained in a public register,
(g) such ancillary orders as the Tribunal thinks appropriate.
...
(4) The Tribunal may make an order under subsection (2) (a) only if:
…
(b) the Tribunal is satisfied that the applicant has suffered financial loss, or psychological or physical harm, because of the conduct of the public sector agency.
In AOZ v Rail Corporation NSW (No 2) [2015] NSWCATAP 179 the Appeal Panel considered a number of decisions where a damages award was made under subsection 55(2) of the PPIP Act. At paragraphs [28] - [29] the Appeal Panel stated:
28. Other cases where damages award have been made in this jurisdiction include: GR v Department of Housing (No 2) [2005] NSWADT 301 ($4200); NZ v Director General, Department of Housing [2006] NSWADT 173 ($4000); JD v NSW Medical Health Board (No 2) [2006] NSWADT 345 ($7500); JD v NSW Dept of Health [2007] NSWADT 219 ($4500); WT v Auburn Council [2007] NSWADT 253 ($5000 each); FM and FN v Department of Community Services [2008] NSWADT 288 ($5000). In the federal jurisdiction in Re Rummery and Federal Privacy Commissioner [2004] AATA 1221 there was an award of $8000 for a 'serious breach' (the federal law has an open-ended damages provision).
29. In NK v Northern Sydney Central Coast Area Health Service (No.2) [2011] NSWADT 81 the Tribunal made an order for financial compensation in the maximum amount of $40,000. In this case the Tribunal drew on the detailed consideration of the principles found in HP v Hunter New England Area Health Services [2009] NSWADT 186. These are the main points: damages are compensatory in that the applicant should be awarded such sums of money so as that he/she may be restored to the position that he/she would have been in but for the breach:.... However, this must also be viewed in the context of the $40,000 limit as provided for in the PPIP Act;
◦ in measuring compensation the principles of damages as apply in tort law are a guidance but the ultimate guide is the wording of the PPIP Act and its objectives;
◦ compensation should be assessed having regard to the complainant's reaction and not to the perceived reaction of the majority of the community or of a reasonable person in similar circumstances;
◦ 'psychological harm' in s.55(4) of the PPIP Act is intended to encompass situations where an individual suffered some impairment of the mental states and processes. These being conditions such as depression and anxiety.
◦ even where an applicant is able to substantiate loss or damage as a result of conduct that contravenes an 'information principle' under the PPIP Act, an award of damages under that Act remains a discretionary one;
◦ compensation for alleged financial loss and alleged psychological and physical harm can only be considered where the Tribunal finds that the alleged loss and harm was 'because of' or 'caused by' the contravening conduct of the respondent.
It is for an applicant to produce evidence of causation, and establish the causal link between the breach of privacy and the damage suffered.
ALZ sought the following orders:
"1) An order that the Respondent locate and delete all the copies of Dr Kar's report that it holds, other than those which the Tribunal has found to be securely retained, and an order that the Respondent verify that this has been done.
2) An order requiring the Respondent to pay me damages, by way of compensation, if the Tribunal is satisfied that I suffered psychological harm because of the conduct of the Respondent."
She clarified the first requested order by noting that the reasonably protected copies of Dr Kar's report are the copies that are held in the Respondent's investigations database and in the Respondent's archives.
In regard to the second requested order she submitted:
The issue of whether the Respondent's breaches of HPP s 3, 4, 5 and 6 caused me to suffer loss or damage can be approached from two positions. The first position is that the upset that I experienced when I learned of the conduct caused me anxiety and depression (or contributed significantly to or exacerbated an existing psychological injury), and the second position links the privacy breaches to the inspector's decision that no further action was warranted in the investigation, and the anxiety and depression caused by subsequent work place bullying.
She subsequently sought to amend the first part of her request and to seek a further order. She expressed this application in the following terms:
Order 1
Amend "An order that the Respondent locate and delete all the copies of Dr Kar's report that it holds, other than those which the Tribunal has found to be securely retained, and an order that the Respondent verify that this has been done" to read "An order that the Respondent locate and destruct all the copies of Dr Kar's report that it holds, other than those which the Tribunal has found to be securely retained, and an order that the Respondent verify that this has been done".
I am requesting the amendment because I was unaware that the word "delete" had a technical meaning.
I am now aware that deleting information does not mean that the information is completely gone, which is the result I was seeking, whereas information that has been destroyed cannot be recovered or reconstructed.
Order 3
I request an order that the Tribunal require the Respondent to communicate to SafeWork's WHS officers that they "must collect health information about an individual only from that individual, unless it is unreasonable or impracticable to do so", as HPP 3 requires, and must, at or before the time they collect the information (or if that is not practicable, as soon as practicable after that time) take reasonable steps in the circumstances to ensure that the individual is aware of:
(a) the identity of the organisation and how to contact it,
(b) the fact that the individual is able to request access to the information,
(c) the purposes for which the information is collected,
(d) the persons to whom (or the types of persons to whom) the organisation usually discloses information of that kind,
(e) any law that requires the particular information to be collected,
(f) the main consequences (if any) for the individual if all or part of the information is not provided.
as HPP 4 requires.
At the hearing on 18 February 2016 ALZ indicated that she no longer seeks Order 3. In regard to Order 1, she requested that backup copies be encrypted.
The Applicant relies on a report dated 10 December 2012 from Claudia Valenzuela, a Clinical Psychologist. In that report Ms Valenzuela indicated that she had been seeing the Applicant in her capacity as a Clinical Psychologist since October 2011. She noted that the Applicant had been referred for psychological assistance due to feeling bullied and harassed at work. At the time she had been diagnosed with depression, anxiety and a sleep disorder. Ms Valenzuela made reference to Dr Kar's report and noted that the Applicant had:
"reported that this confidential report had been forwarded to an unauthorised party. She again felt that this breach of confidentiality trespassing her privacy rights added to the deleterious impact on her psychological health."
The Applicant also relies on a report dated 30 September 2015 from Dr David Stirling. Dr Stirling indicated that he had seen the Applicant in March 2012 and had diagnosed her with major anxiety and depression. Also in March 2012 he had issued a WorkCover medical certificate that stated that the depression and anxiety occurred through bullying and harassment, and unreasonable actions by the Applicant's employer. In his report he noted:
You told me that in March 2012 you became aware that the WorkCover inspector, Michael Dall, who had investigated your complaint to WorkCover of workplace bullying had collected from the Council a copy of Dr Kar's report and that Inspector Dall had used Dr Kar's opinion to support his conclusion that the Council had not breached the OHS Act with respect to their treatment of you.
You were acutely distressed and in a state of high anxiety when you found out that Inspector Dall had collected Dr Kar's report and used it in his inspector's report.
You stated that you felt that your privacy had been grossly violated as the report contains deeply personal information that you would not share with anyone that you did not trust implicitly, and this did not include the inspector who you felt had shown bias in the investigation and made your work situation worse.
You stated that you understood that the report was confidential and that it would only be used for the purpose of the workers compensation claim that it had been prepared for, and its use in the bullying investigation was very unfair because the report only represented the opinion of the insurer's doctor.
Since at the time I completely disagreed with Dr Kar's assessment of you I could readily understand your extreme distress at the breach of your privacy.
You justifiably felt misrepresented by Dr Kar's opinion, and felt that it attacked your personality, character, and integrity and were aggrieved that the inspector had gone behind your back to collect it, and aggrieved that he had not asked your permission to use the report or asked you for any other medical information.
You stated that you felt, and still feel, humiliated in knowing that Dr Kar's opinion was quoted in the inspector's report and that other people will think that you misused drugs and alcohol, had characteristics of borderline personality disorder, and had faked a work injury.
You stated that the inspector, who you had relied on for help, had collected the report after he had notified you that he had completed his investigation, and after you had contacted WorkCover to make enquiries about his investigation. You stated your belief that the inspector had used Dr Kar's opinion to justify his investigation to his supervisor, and this made you feel down trodden and disempowered.
Dr Stirling stated his opinion that :
The inappropriate sharing of Dr Kar's report had a very major impact on [ALZ's] mental state. Having been a happy and well-adjusted lady before it and her work issues she became clinically depressed, tearful, agitated and angry. She felt abused and deeply hurt by a system set up to protect her and her rights.
Fortunately as a result of her underlying resilience coupled with sound medical treatment she has made a good recovery but remains somewhat scarred by the experience.
Privacy breaches especially the mishandling of sensitive medical information are egregious, and potentially very dangerous. This is a case in point.
ALZ submitted that if the Respondent had complied with HHPs 3 and 4 the other issues would not have arisen. She accepts that any award of damages is in the Tribunal's discretion and that an amount is hard to quantify. However, she says that in circumstances of this matter the consequence of the depression that she suffered was that she has lost her whole career.
The Respondent accepts that it is appropriate for the Tribunal to make an order that it undertake to delete copies of the medical report in its possession, other than those identified as securely retained for the purposes of HPP 5. It submits that an order in the following terms is appropriate:
SafeWork NSW provides ALZ with the following undertaking: to delete or destroy copies of the IME Report, other than:
(a) The copy of the report held in SafeWork's investigations database; and
(b) The copy held in the respondent's archives;
including any copy held as a result of the 'backing up' of electronic data.
The Respondent to advise the applicant when this has been done.
The Respondent also accepts that ALZ has placed evidence before the Tribunal of psychological distress resulting from the Respondent's conduct associated with its collection and use of the medical report.
The Respondent also made detailed submissions in regard to the quantum of damages awarded in various decisions. Mr Ganziera, solicitor for the Respondent, referred to those decisions discussed in AOZ v Rail Corporation NSW (No 2.) and another of other related decisions. I agree with Mr Ganziera's summary of the approach that this Tribunal and the Administrative Decisions Tribunal have taken in matters where contraventions of the IPPs and HPPs have been found. I adopt Mr Ganziera's summary.
An order for compensation of the statutory maximum amount of $40,000 is reserved for the most serious breaches of the PPIPA. The damages awarded have mostly been for amounts of less than $5,000. In NZ v Department of Housing [2006] NSWADT 173, the Tribunal's President considered the approach to be taken in regard to awards of damages in privacy related matters. His Honour stated at paragraphs [25] - [27]:
25 The AAT referred to the need for a restrained approach to awards of damages in relation to legislation of the kind that Privacy laws represent - a type of human rights measure - so as not to undermine their public policy objectives and respect for these laws. It also referred to the possibility of making an additional award by way of aggravated damages. There was in Rummery [and the Federal Privacy Commissioner and anor [2004] AATA 1221] substantial evidence of a conduct on the part of the agency that went well beyond the conduct which might be expected necessary for the ordinary defence of a claim.
26 The way the Federal Court had approached the application of s 81 of the Sex Discrimination Act in Hall v A & A Sheiban Pty Ltd [1989] FCA 72; (1989) 20 FCR 217 commended itself to the AAT. Influenced by that case, the AAT formulated the following principles to guide the determination of damages in Commonwealth Privacy Act matters:
'The principles which are relevant to this matter are:
(a) where a complaint is substantiated and loss or damage is suffered, the legislation contemplates some form of redress in the ordinary course;
(b) awards should be restrained but not minimal;
(c) in measuring compensation the principles of damages applied in tort law will assist, although the ultimate guide is the words of the statute;
(d) in an appropriate case, aggravated damages may be awarded;
(e) compensation should be assessed having regard to the complainant's reaction and not to the perceived reaction of the majority of the community or of a reasonable person in similar circumstances.'
27 This approach is in line with an early determination of the Federal Privacy Commissioner, Complaint Determination No 1 of 1993, A and The Secretary, Department of Defence, see Federal Privacy Handbook (CCH) [13-020]. ...
In matters where the applicant has suffered psychological harm as a result of a respondent's conduct, the evidence provided must establish a "causal link" between the conduct and the psychological harm. An example of psychological harm is where an applicant became anxious and depressed and resumed a course of anti-depressants: JD v NSW Medical Board (No.2) [2006] NSWADT 345.
To date, the Tribunal has declined to award punitive damages under the terms of section 55(2)(a) of the PPIP Act. The Tribunal has raised the possibility of including a punitive component in a damages award, but only in circumstances where an agency has not remedied an error upon recognising that it has occurred or the agency's conduct was so egregious as to warrant such an award. Otherwise, the Tribunal has indicated that its power to award damages "by way of compensation" is unlikely to include exemplary damages.
The Respondent submits that any damages award that the Tribunal might see fit to make in this case should be at the lower end of the scale. This submission is based on its contention that the primary causes of ALZ's distress were matters other than the Respondent's conduct.
The Respondent accepts that there is evidence that ALZ's distress was exacerbated by the Respondent's conduct. However, it submits that it is far from clear that the Respondent's conduct caused the damage for which ALZ now seeks compensation. It submits that damages payable under section 55(2) of the PPIP Act are to be calculated according to the damage caused by the relevant breach of the HPPs, and not by reference to damage said to arise from distinct matters such as litigation in which ALZ has been involved.
The Respondent submits that an order that it "perform HPPs 3 and 4" would do no more than restate the Respondent's existing legal obligations and therefore there would be no utility in the Tribunal making that order.
The Respondent submits that no further orders are necessary or appropriate in these matters because of the steps it has taken to address the privacy issues. It relies on the evidence of Ms Carmel Donnelly. Ms Donnelly is the Executive Director, Strategy and Regulatory Services for the State Insurance Regulatory Authority. She was previously General Manager, Strategy and Performance for the Safety, Return to Work and Support Division of the NSW Office of Finance and Services ("SRWSD"). The SRWSD included WorkCover. In relation to Actions taken by SafeWork NSW to address privacy issues Ms Donnelly stated:
SafeWork NSW takes issues relating to privacy very seriously. With the transfer of WorkCover NSW's functions, the agency has implemented a number of reforms and changes in an effort to address privacy issues that may arise with respect to the exercise of these functions. SafeWork NSW has also sought to address the specific concerns raised by the Tribunal and the Appeal Panel in these proceedings.
Steering Committee
A Privacy Management Steering Committee has been convened at a senior level as part of the structural changes implemented with the SICG Act, and meets weekly. Membership of the Committee comprises Executive Directors, Directors, Senior Managers and other advisors as necessary and appropriate, from across SafeWork NSW and SIRA. The Committee's terms of reference are to develop a best practice Privacy Management Framework which will:
a. determine what personal and health information is held, and how it is managed;
b. evaluate the effectiveness of systems currently in place to manage information in compliance with privacy legislation;
c. identify any areas of actual or potential non-compliance with privacy legislation;
d. identify appropriate enhancements to support improvements;
e. develop a framework and auditing tools to ensure ongoing compliance; and
f. develop reporting systems and tools to manage and address potential breaches.
Engagement of external consultants
In addition, specialist privacy consultants Information Integrity Solutions (IIS) have been engaged to conduct privacy "health checks" of the entities formerly forming the SRWSD. This work involves review of current practices, identification of any areas of potential concern and making recommendations to address any areas where current practices may not be compliant with best privacy practice.
The findings of IIS will be reported to the Privacy Management Steering Committee, which will consider and implement any recommendations arising.
Revision of Privacy Management Plans
A project team has been established to revise and redraft the Privacy Management Plans of SafeWork NSW, SIRA and icare. The recent structural changes have contributed to some delay in the finalisation of this review, however, work is well under way.
It is anticipated that the new Plan for SafeWork NSW will comprehensively address how SafeWork NSW collects, stores, uses and discloses personal and health information across all areas of its operations. In particular, the project team has had regard to the Appeal Panel's decision in the ALZ Appeal in formulating the revised Plan. It is expected that the Plan will be finalised before the end of 2015, and will be published on SafeWork NSW's internet and intranet sites.
Training
SafeWork NSW is currently reviewing its arrangements for privacy training for staff. It is intended that external consultants will develop training materials addressing the Privacy and Personal Information Protection Act 1998, the Health Records and Information Privacy Act 2002 and the Government Information (Public Access) Act 2009 generally, and also with respect to issues unique to SafeWork NSW's environment specifically.
This training will be delivered via SafeWork NSW's online training system "PULSE", and will be compulsory for all staff to complete. Refresher training every two years will also be mandatory. It is envisaged that this training will be made available before the end of 2015.
Further training requirements for specific groups, such as WHS inspectors, will be identified, developed and rolled out in due course.
Measures to raise awareness of issues arising from these proceedings
There have been a number of communications to officers within the WHS Division of WorkCover NSW (as it then was) to communicate the outcomes of the Tribunal's decisions in these proceedings, and to ensure that appropriate steps are taken to prevent future contraventions of the privacy legislation.
In particular, communications have emphasised the importance of:
a. Only information relevant to the administration of the WHS legislative regime is collected;
b. That where personal information is collected other than from the applicant to whom it relates, collection is by way of formal notice issued under the Work Health and Safety Act; and
c. Once information has been obtained, appropriate measures are put in place to ensure that only authorised staff have access to that information.
Ms Donnelly appeared at the hearing on 18 February 2016 and was cross-examined. She confirmed that the processes that she outlined are in train to ensure that the contraventions will not be repeated. She confirmed that the policy statements are now online. She stated that as Chair of the committee she feels strongly about protecting privacy and working to improve health and safety. She denied that the processes being implemented are simply about preventing liability. She is confident that appropriate measures are in place to ensure compliance with the privacy legislation.
The Respondent relies on the evidence of Mr Michael Pepper. Mr Pepper is a Senior Manager, Service Delivery, Corporate Services, Department of Finance, Services and Innovation. He was previously Manager, Solutions Design and Delivery Unit at WorkCover NSW. He manages the position of 'Systems Administrator, Information Services'. His evidence is that the relevant emails were deleted in February 2016. Subsequent searches were not able to identify any emails containing the medical report. He did not personally undertake those actions.
His evidence is that a complete backup is made of all emails for all users each day, week, month and year. All annual backups are stored indefinitely by a third party company. All archives are automatically deleted at regular intervals, being:
a. daily email backups are automatically deleted 30 days after being created;
b. weekly email backups are automatically deleted 60 days after being created;
c. monthly email archives are automatically deleted 5 years after being created.
Mr Pepper also stated that the deleted emails will not be saved into any new backups. However, some records of the emails, in particular certain monthly and yearly automatic backups, will remain on backup offsite tapes after mid-April 2016.
Mr Pepper estimated that to fully delete the emails from all of these remaining monthly and yearly backups would require a full time worker to be working for approximately 12 months on this work alone, and it may take significantly longer than that. This is because to delete these copies of the emails would require:
a. building a bespoke environment which needs to include a database server, file server and application server for an application called 'Enterprise Vault';
b. building a bespoke environment which needs to include a database server, file server and application server for an application called 'Microsoft Exchange';
c. connecting a full NetBackup environment and populating that environment with our production backup catalogue;
d. connecting a compatible tape drive to the environment;
e. restoring each entire backup (i.e. the backup of all users' emails), locating and deleting the Emails from the restored emails, and then re-backing up the entire system;
f. each of steps (a) to (e) above would need to be repeated for each separate backup tape which contains a copy of the Medical Report.
Mr Pepper also stated that only the Respondent's IT support staff can request the recall of any email backups from the offsite provider. The emails are not in a form that can be read.
ALZ has also expressed concerns in regard to the adequacy of the storage of a copy of the medical report that has been retained for purposes associated with an access application brought under the Government Information (Public Access) Act 2009 ("the GIPA Act"). She was also concerned that a hard copy of the medical report remained on the premises of the Ballina office of WorkCover.
In regard to the GIPA Act issue, the Respondent relies on the evidence of Ms Sue Stewart, the Acting Senior Coordinator of the Respondent's Right to Information Team. Ms Stewart provided the following statement:
Applicant's request regarding location of Medical Report
On 16 February 2016 the Applicant sent a letter to the respondent which relevantly stated:
a. "Is there a copy of the report in File 2011/017659, and if so how is it protected?"; and
b. "Is there a copy of the medical report on the Right to Information File, and if so how is it protected?"
2012 Right to Information File - File number 2012/001984
On 18 February 2016 [Right to Information Officer Paige Allen ("Ms Allen")] retrieved a 2012 Right to Information file from archives, being file number 2012/001984. This 'right to information' file was created for the purpose of providing the Applicant with a copy of the documents forming part of the investigation by Inspector Dall, including the Medical Report. A copy of this file was retained by SafeWork NSW as a record of the documents that were provided to the Applicant. A copy of the Medical Report was located on both the hard copy and electronic version of this file.
On 18 February 2016, the electronic copy of the Medical Report was deleted from file 2012/001984, and the hard copy of the Medical Report which was located on this file was shredded and placed in a secure confidential waste bin.
Accordingly, the Medical Report is no longer located in file 2012/ 001984 in either hard copy or electronic form.
Prior to the hard copy and electronic copies of the Medical Report being destroyed, the following access restrictions had been in place regarding the copy of the Medical Report that was kept on this file:
a. In relation to the electronic copy of the Medical Report, only the Right to Information team had access to this document;
b. In relation to the hard copy document, this was stored in secure off-site archives at the West Gosford Repository. From my review of the TRIM record of this file, it appears that no-one has retrieved this file from archives prior to 18 February 2016.
2011 Original Inspector's File - File Number 2011/017659
File 2011/017659 is an original hard copy investigation file which was prepared by Inspector Dal!. This investigation file is retained securely in the archives of SafeWork NSW.
On 23 February 2016 a copy of file 2011/017659 was retrieved from archives by Ms Allen. From 23 February 2016 to 25 February 2015, the 2011/017659 file has been kept in a locked cupboard accessible to only Right to Information Unit Staff, and in an Information Storage area accessible only to Right to Information Unit Staff. The file has only been accessed by myself and Ms Allen.
On 25 February 2016 the Medical Report was taken out of file 2011/017659 and placed in a sealed envelope marked 'Sensitive: Health Information'. The sealed envelope was then returned to file 2011/017659 and the file was then returned to secure storage in the archives of SafeWork NSW.
Searches for copies of the Medical Report
I have undertaken electronic TRIM searches to consider whether any copies of the Medical Report remain accessible to Right to Information staff in the TRIM system. From these searches, I have not been able to identify any electronic copies of the Medical Report being stored by SafeWork NSW. The only physical copy of the Medical Report that I am aware of is the copy that is securely stored in file 2011/017659.
In relation to that issue the Respondent submitted that the hard and electronic copies of the medical report that were associated with the GIPA Act access application have been deleted. The retained hard copy of the medical report is securely retained and is now also marked "SENSITIVE - HEALTH INFORMATION" in accordance with the "NSW Government Information Classification, Labelling and Handling Guidelines" dated July 2015.
Mr Granziera submitted that there is no evidence before the Tribunal to suggest that the Respondent holds any copies of the medical report in addition to those previously identified.
ALZ was critical of the Respondent's evidence. She submitted that the Respondent could have presented affidavit evidence from a senior officer from the Respondent's information technology unit that outlined the steps it had taken to locate and destroy the report but did not. She submitted that this approach left the Tribunal in the position that it will need to draw inferences from the evidence that has been provided. However she nevertheless concluded:
Although the evidence is not satisfactory and the Respondent is "is not in a position to give an undertaking in absolute terms that it does not hold any copies of the IME report beyond those identified" I am prepared to accept that the Respondent's security safeguards are reasonable in the circumstances to protect my sensitive health information because I have accepted and am relying on the sincerity of Mr Dunphy's apology and Ms Donnelly's evidence.
I trust that as a result of the procedural and cultural changes promised by Mr Dunphy and Ms Donnelly, trained officers, who are aware of the Respondent's HPP 5 obligations, will rectify any security issues that may arise because the Respondent has taken a grudging piecemeal approach to compliance with HPP 5 in these proceedings.
[2]
Discussion
This has been a long and difficult matter. However, it appears that the parties have been able to resolve all of the outstanding issue with the exception of the issue of damages.
As noted, ALZ's seeks an order requiring the Respondent "to pay me damages, by way of compensation, if the Tribunal is satisfied that I suffered psychological harm because of the conduct of the Respondent".
The expression 'psychological harm' is not defined in the PPIP Act however it has been considered in a number of matters. In JD v NSW Medical Board (No.2) I considered a number of earlier decisions that discussed the approach to be taken in determining whether an applicant has suffered psychological harm because of the conduct of the Respondent agency. At paragraphs [49] - [54] I stated:
49 In GR v Department of Housing (No 2) [2005] NSWADT 301 Judicial Member Robinson recognised the applicant's depression as 'psychological harm'. He stated at paragraph 23:
23 On any view of the medical evidence, I am satisfied that the conduct of the respondent's officer, ... was a direct and relevant cause of the psychological harm (a depressive disorder - DSM IV category) that ensued, and which continues to this day. I am satisfied that the evidence established this causal connection. It is not to the point that the applicant was particularly fragile, vulnerable or even that he was pre-disposed to injury of this kind. The respondent had to take its tenant as it found him in this regard.
50 In RD v Department of Education and Training [2005] NSWADT 195 the Tribunal's President considered that an applicant who had become very anxious and depressed had suffered 'psychological harm'.
51 The Macquarie Dictionary Fourth edition Macquarie University NSW 2005 defines the relevant terms:
"harm" is defined as "injury; damage; hurt".
"damage" is defined as "injury or harm that impairs value or usefulness".
"injury" is defined as "wrong or injustice done or suffered" and "the infringement of a right".
"psychological" is defined as "of or relating to psychology" and "relating to the mind or to mental phenomena, especially as the subject matter of psychology".
"psychology" is defined as "the systematic study of the mind, or of mental states and processes; the study of human nature" and "the mental states and processes of a person or of a number of persons, especially as determining action".
52 ...
53 The authorities suggest that the use of the expression 'psychological harm' in section 55(4) of the Privacy Act is intended to encompass a situation where an individual suffers some impairment of their mental states and processes. In this matter, JD has suffered from depression and anxiety. In my view, depression and anxiety fall within the scope of the expression.
54 It is therefore necessary to determine whether JD has suffered that 'psychological harm' because of the Board's conduct and if so whether an award of damages is warranted. ...
Compensation may be awarded where the conduct at issue caused a contribution towards, or exacerbation of, a pre-existing psychiatric condition or psychological state: NZ v NSW Department of Housing at paragraph [46].
It is apparent from Ms Valenzuela's report that when ALZ had been referred to her for psychological assistance she had been diagnosed with depression, anxiety and a sleep disorder due to feeling bullied and harassed at work. The issues relating to the medical report had a deleterious impact on ALZ's psychological health.
Dr Stirling has expressed a similar view in his report and indicated that the Respondent's conduct had a very major impact on ALZ's mental state.
I accept that evidence. In the circumstances, I am satisfied that ALZ suffered psychological harm because of the conduct of the Respondent. I accept that she "became clinically depressed, tearful, agitated and angry. She felt abused and deeply hurt by a system set up to protect her and her rights."
However, in my view, only an aspect of ALZ's current state of health can be attributed to the particular event that is the subject of these proceedings. ALZ's distress has a wider compass than the aspect of the Respondent's conduct in relation to which I have found contraventions.
Nevertheless, I consider that an award of damages is warranted. However, I agree with the Respondent that any damages award should be at the lower end of the scale.
In my view, taking account of all the factors, and having regard to the various considerations referred to above, an appropriate award for the pain and suffering caused to ALZ by the conduct is $5,000.
I note that I am in general agreement with ALZ in regard to the other orders that she sought. However, given the action that has been taken by the Respondent in regard to the destruction of copies of the medical report, the likely cost associated with fully deleting the retained emails, and the efforts to ensure that similar conduct is unlikely to be repeated, along with the fact that an apology has been issued and accepted and ALZ's other concessions, I do not consider that any further orders are necessary or appropriate in these matters.
[3]
Orders
SafeWork NSW is pay to ALZ damages of $5,000.
Otherwise, the Tribunal determines to take no further action on these matters.
[4]
I hereby certify that this is a true and accurate record of the reasons for decision of the Civil and Administrative Tribunal of New South Wales.
Registrar
DISCLAIMER - Every effort has been made to comply with suppression orders or statutory provisions prohibiting publication that may apply to this judgment or decision. The onus remains on any person using material in the judgment or decision to ensure that the intended use of that material does not breach any such order or provision. Further enquiries may be directed to the Registry of the Court or Tribunal in which it was generated.
Decision last updated: 04 January 2017