By Caren Whip -
Snapshot
- In his most recent determination made under section 52 of the Privacy Act 1988 (Cth), the Australian Privacy Commissioner has found that customer metadata held by Telstra constituted personal information and that Telstra is obliged to give customers access to this information on request.
- Even if a customer’s information is spread across various network and records management systems within an organisation, a customer is entitled to be provided with access if the customer’s identity can reasonably be ascertained from that information.
- Whether or not metadata held by an organisation meets the definition of personal information under the Privacy Act depends on the circumstances of each case, subject to variables such as the operational capacity and practices of the organisation which has been requested to provide access.
In Ben Grubb and Telstra Corporation Ltd [2015] AICmr 35 (1 May 2015), the Commissioner declared that Telstra Corporation Limited (Telstra) had interfered with the privacy of journalist complainant Ben Grubb by refusing him access to personal information, in the form of metadata held by Telstra. The Commissioner ordered Telstra to hand the metadata over to Mr Grubb within 30 days.