Privacy and your ISP

The privacy Act has had a wide ranging effect on all manner of company. The real difficulty in determining the application of the National Privacy Principles to private corporations such as Internet Service Providers is reading the fine print.

In N v Internet Service Provider [2004] PrivCmrA 10 the Privacy Commissioner rightly directed a complainant to contact the ISP (who allegedly committed the breach) before coming to the Commission. This is the correct application of Section 40(1A) of the Act which states that the Commission cannot investigate a matter that has not been brought to the attention of the potential respondent.

The complainant could not just notify the potential respondent and then make a complaint as the Commission has the discretion to ignore complaints where the complainant has not given adequate oppurtunity to resolve the issue under Section 41(2)(b) of the Act.

The complainant appeared to settle the matter without having to return to the Commission.

This case shows that be carefully reading the rather complex Act you can avoid the costs of taking unnecesary steps when protecting your privacy.