RM v Queensland Police Service  QCAT 71
RM was a police officer with the Queensland Police Service (QPS). After his [Police] partner was killed on duty, RM suffered a deterioration in his mental and emotional well-being. He asked for non-operational duties, and was placed into a role he had held previously. In that role, he had previously been bullied by colleagues.
RM filed a WorkCover claim in respect of his injuries, and made mention of the bullying he had sustained along with his claims arising from his partners’ death.
CF was named as a bully in the WorkCover claim. That notwithstanding, CF received a copy of the claim, and sent it to RM’s former colleagues in an email. The email did not provide any direction or request any action be taken by the recipients. It expressly stated that they need not do anything in relation to the email.
- Did QPS breach the Information Privacy Principles (IPP) in the Information Privacy Act 2009 (Qld) (IPA);
- Did the email contain ‘personal information’;
- Did QPS ‘collect’ the information;
- Was the information used for a purpose other than that for which it was obtained;
- What losses did RM suffer as a result of the breach;
- What remedy should be afforded to RM.
FINDINGS AND CONCLUSION
For an action to breach the IPA it must contain personal information. The email contained personal information because it was about RM, and was capable of identifying RM. Although individual components of the email did not themselves amount to ‘personal information’ because they were contained in a single email, they were capable of identifying RM.
Although the information was not actively sought by the QPS – it was provided to them – once it was in their possession they had ‘collected’ it, or at least ‘obtained’ it. At the very least the QPS was ‘handling’ the information. In any case – it is immaterial how they came into possession of it, QPS still had an obligation to handle it in a fashion consistent with the IPP and IPA.
The information was provided to QPS for the purpose of allowing them to respond to the WorkCover claim. By sending the email without any express instructions to do anything, indeed – instructing to do nothing, CF did not use the information in a way consistent with the reason for which it was obtained. The tribunal found that the main reason for which the information was emailed was to address rumours about a WorkCover claim rather than to obtain statements in response. Therefore, the information was used for a reason other than that for which it was obtained.
RM suffered humiliation and hurt feelings as a result of his personal details being passed on to recipients of the email, as well as legal costs in bringing the application. The legal costs were assessed at $4,400. The tribunal ordered that QPS pay RM $4,400 in recompense for RM’s legal expenses, $5,000 in compensation for humiliation and hurt feelings, and that QPS provide a written apology to RM.
Entities subject to the IPA must take great care in how they handle a one’s personal information, even where that information will be kept within the entity. It is not simply a case of who should have access to information, but for what purpose. Employees of those entities should consider carefully how they share information, and for what purpose they do so.