New Zealand Law Society

Navigation menu

Recent financial settlements following Privacy complaints

17 March 2020

The Office of the Privacy Commissioner has financially settled several complaints involving a phone company, identity fraud and the shaming of a business online.

Incorrect information on man provided to debt collectors

In one case, a man alleged his application to a finance company for a loan was declined because a phone company provided a debt collector with incorrect contact information about him.

The man owed about $800 to a phone company and the phone company passed on an incorrect email address, physical address and landline number, which the phone company was disconnecting, to debt collectors.

With only inaccurate contact information available, the man couldn’t be reached by debt collectors and was listed as having a credit default.

Principle 8 of the Privacy Act requires agencies that hold personal information take reasonable steps to ensure the information is accurate, up to date, relevant and not misleading before it is used.

The Office of the Privacy Commissioner facilitated a discussion between the man and the phone company. The phone company  agreed to pay the man a $10,000 settlement for the harm caused to him.

Man's personal information compromised by employer

In another case, an employer had to pay $7000 to a man after failing to secure his personal information.

The man had discovered that a large debt had accumulated against his name and he suspected identity fraud.

He spent a significant amount of time working with Police as well as contacting third party agencies directly to find out what had happened.

Eventually he discovered copies of his personal information, including a driver’s licence, had been stolen from his ex-employer.

His ex-employer had kept employee personal information in a locked cabinet which was accessible by several staff, including maintenance workers. The workplace had no policies and procedures in place to ensure the security of the information.

Principle 5 of the Privacy Act requires that agencies that hold personal information should ensure the information is protected by security safeguards reasonable to protect against loss, access, modification or other misuse.

The Office of the Privacy Commissioner found the ex-employer was in breach of Principle 5 and facilitated a settlement conference which resulted in the man receiving a $7,000 settlement.

Man awarded $500 after online business shaming

In a further case, a delivery driver was awarded $500 after a bad review resulted in the man being targeted by a business with photos of him online.

The delivery driver complained to the Office of the Privacy Commissioner after a business shamed him online for leaving them a bad review with a one-star rating.

The delivery driver had arrived to collect an order from the business.

He claims he waited for an extended time for his pickup order to be ready.

The business said the driver did not have the correct equipment required for pick up - and that had accounted for the delay.

Following the experience, the delivery driver left a one-star review of the business on Google.

In response, the business posted a CCTV photo of the driver and his partner from when they had visited their premises online and shamed him for leaving a one-star rating. More than 50 people responded to the post before it was deleted, with some leaving abusive comments.

Principle 11 of the Privacy Act requires agencies to not disclose personal information to others unless an exception applies. It found the respondent had breached Principle 11 by making the disclosure.

The dispute was resolved with the business agreeing to pay $500 to the delivery driver.

Last updated on the 17th March 2020