- Organisations may be able to escape liability for privacy breaches caused by ‘rogue’ employees, but only if proper protections were in place to start with.
- The NSW Civil and Administrative Tribunal recently reviewed an agency’s staff training program, and found it inadequate.
- Liability for breaches by rogue employees will depend on the adequacy of an organisation’s privacy management program, including comprehensive staff training.
Privacy Awareness Week, an annual initiative of the Office of the Australian Information Commissioner, will be held from 12 to 18 May. The aim of the week is to promote and raise awareness of privacy issues and the importance of protecting personal information. This presents an opportunity to discuss two recent NSW privacy cases that have illustrated the importance of organisations training staff properly to avoid privacy breaches – or, if a breach does happen, in order to avoid liability for when a rogue employee goes off on a privacy-invading frolic of their own.