In this series of posts, I will look at the state of privacy in Australia and what this means for the insurance industry. I’d like to start with breaches of privacy against common law and duties of confidentiality.
In Australia, breach of privacy is not a legal offence. Instead, Australia’s privacy law regime involves a range of Commonwealth and State/ Territory legislation, judicial decisions with variation between jurisdictions, industry codes of practice, and self-regulation in the form of privacy policies adopted by businesses and other entities. Historically, Australia’s privacy regime has evolved through incremental changes by legislatures and courts in response to particular abuses and community concerns about intrusions by the media, government or business. As a result, protection across Australian states and territories is uneven.
Let’s look at Common Law and Duty of Confidentiality;
As mentioned, there is no general right to privacy under either statute or common law[1]. General insurers, however, have long been subject to a common law duty of confidentiality. This duty is imposed when information of a confidential nature is told to a person who agrees on its confidentiality. For the duty to arise, two limbs must be satisfied: firstly, the information itself must be of a confidential nature, and secondly, it must have been revealed in circumstances of confidence.
Whether information is confidential or not depends on the type of information. According to the courts, for information to be considered confidential, it should be in the nature of a secret, but not necessarily be completely secret. In addition, the information in question must not be trivial, nonsensical, or a matter of common knowledge due to it being in the public domain. Examples of confidential information include the personal affairs and private lives of a prominent married couple, the contents of illegally taped telephone conversations, customer lists, and personal confidences.
The second part of the test is whether information was received in circumstances of confidence. In some circumstances, confidential information is revealed when nothing is said about it being confidential.
In the context of the general insurance industry, it is safe to say the information imparted by insureds to their insurance company for the purpose of attaining a policy will satisfy both limbs of the test and fall within the common law duty of confidentiality.
This means that insureds will have a cause against their insurer in the event of a breach of confidentiality. However, the practical problem in relying on the common law as the sole remedy is that an insured must bear the upfront cost of funding a civil action and gamble that they will receive a favourable judicial decision against a well-funded and experienced opponent.
Additionally, given the courts often have difficulty calculating a monetary value on a person’s privacy for the purpose of awarding damages, this appears to be a weak model for protecting an individual’s personal information and an inadequate stick for encouraging the correct corporate behaviours.
Next week I’ll look at privacy against the National Privacy Principles.
Jason Maywald is a highly experienced legal and transactional advisor in the insurance and medical assistance sectors. He holds a Bachelor of Laws from the Queensland University of Technology, and has significant experience in competitive corporate acquisitions, IPOs, commercial property acquisitions and disposals, corporate restructures, and hostile and friendly takeovers.