The Office of the Privacy Commissioner has determined that a university did not have to comply with a request from an academic to allow him access to all his emails over a year.
The Office says in its decision that, while emails generated at work could be personal emails, it was reasonable for the university to refuse to provide them in the form requested.
The academic had been dismissed from his university position. He then requested all of his work emails from a 12-month period of his employment. The university refused, saying the about 12,000 emails were university property.
In his complaint, the academic said he had been unfairly dismissed. On the day of his dismissal, access to his work email account was terminated. As a result, he lost contact with many of his colleagues, business partners and personal contacts.
After he made a request to the university, he was told he would be allowed access to some of the emails through an approval process. The academic said the effect of being cut off from his email account meant a significant financial loss, as well as humiliation, loss of dignity and injury to feelings. He said his candidacy for two roles he was applying for was seriously undermined because of the sudden termination.
He told the Office he wanted access to all the emails, an apology and $100,000 in financial compensation.
The academic’s complaint raised issues under principle 6 of the Privacy Act 1993 which says individuals have a right to have access to personal information held by an agency - but that right is subject to a number of withholding grounds.
The university said the academic had been dismissed for serious misconduct. It withheld the emails because in its view, the emails sent or received using the university’s IT system were university property, and most were work-related.
The university also argued that disclosing the information would involve the unwarranted disclosure of the affairs of another individual. In addition, many of the emails were likely to contain information that was confidential to the university, its stakeholders and clients.
Reasonable to refuse
The Office says that even though emails generated in a work capacity did meet the test of being ‘personal information’, it was reasonable for the university to refuse to provide them in the form requested.
It says it accepted that in order to process a request for such a large amount of personal information, and to determine what was and wasn’t personal information, would be significantly burdensome to the university.
“We noted the university had made an offer to release approved emails in some form other than the totality of a computer hard drive. But the academic declined this offer, despite attempts by our investigator to reach a compromise between the two parties,” the decision says.
“We formed a final view that there was no interference with the academic’s privacy. We advised him that he could provide the university with a specific list of the information he wanted to access, but we did not consider any further action by our office was necessary. We offered the academic an opportunity to respond to our view but he did not reply.”