If things go wrong
If you think an organisation has interfered with your privacy, you can:
Contact their privacy officer
In the first instance, you should always try to resolve your privacy issue with the organisation concerned. Contact the organisation’s privacy officer and follow the complaints process (if it has one).
How to complain
Contact the Privacy Commissioner
If you’re unhappy with how the organisation has dealt with your privacy concerns, you can make a complaint to the Privacy Commissioner.
Making a complaint(external link) — Office of the Privacy Commissioner
The Office of the Privacy Commissioner handles complaints regarding an organisation that has interfered with privacy.
An interference with privacy to an individual occurs when an organisation breaches one of the Information Privacy Principles(IPP) 1-5 and 8-13 under the Privacy Act and causes harm to that individual.
Examples of harm can include:
- financial loss
- breach of your rights
- damage to an interest you have
- significant humiliation, loss of dignity or injury to your feelings.
Information Privacy Principals 6 and 7 are about your rights to access or correct your personal information.
Once you have complained, the Privacy Commissioner may choose to investigate your matter. The Commissioner’s focus will be on facilitating a resolution between the parties wherever possible.
If your complaint is about access to your personal information and the Privacy Commissioner upholds your complaint, but the organisation concerned fails to meet its obligations, the Privacy Commissioner may issue an access direction to require the organisation to grant you access to your personal information.
The Privacy Commissioner can’t award you compensation for any privacy breaches but does have the power to fine organisations up to $10,000 for serious breaches of the Privacy Act. For more information on this, please see the Office of the Privacy Commission’s website here:
Privacy Commissioner(external link)
Apply to the Human Rights Review Tribunal
After going to the Office of the Privacy Commissioner the next step could include going to the Human Rights Review Tribunal (HRRT).
The HRRT is an independent judicial body that hears claims relating to breaches of human rights, including interferences with privacy under the Privacy Act.
Following the conclusion of the Privacy Commissioner’s investigation, you have six months to file a claim in the HRRT.
Make a claim(external link) — Human Rights Review Tribunal
The HRRT can award various remedies after hearing a case, including:
- a declaration that the organisation breached the law
- an order preventing repetition of the breach
- an order to do something to rectify the breach
- an award of costs against the losing party.
The HRRT has the power to make a binding decision on the parties, including awarding compensation.
You can't go to the Disputes Tribunal or to court to complain about a breach of your privacy.
Get support at any point from:
- Citizens Advice Bureau (CAB) — this is a free, independent service, run by volunteers. CAB can advise you on your consumer rights and obligations, in person, by phone, or online.
- Community Law Centre — this service offers free one-on-one legal advice to people with limited finances. The organisation has 24 community law centres throughout the country. You can find legal information and other resources on its website.
Find a CAB(external link) — Citizens Advice Bureau
Our law centres(external link) — Community Law Centres