Case note
Case Citation:
G v Finance Company [2010] PrivCmrA 8
Subject Heading:
Denial of access to personal information
Law:
National Privacy Principle 6.1(d) in Schedule 3 of the Privacy Act 1988 (Cth)
Facts:
The complainant requested access to their personal information held by a finance
company. The finance company sought to deny the complainant access on the basis
that the request was frivolous and vexatious.
Issues:
National Privacy Principle 6.1 requires organisations to provide individuals with
access to their personal information when requested, unless an exception applies.
An organisation may deny an individual access under NPP 6.1(d) if the request is
frivolous or vexatious.
Outcome:
The Privacy Commissioner investigated the matter under section 40(1) of the Privacy
Act.
The Commissioner takes the view that frivolous and vexatious requests for access
can include those that are:

trivial and made for amusement’s sake

made as a means of pursuing some unrelated grievance against the
organisation

repeated requests for the same information.
The complainant had made numerous requests, over a period of four years, for
access to account statements held by the finance company that related to the
Office of the Privacy Commissioner
1
complainant. The complainant had also raised their access request with a number of
government bodies and Members of Parliament. Evidence showed that the finance
company had provided the complainant with access to their information on at least
two occasions.
The Commissioner found that the complainant’s request for access was a repeat
request for information that had been previously provided.
While NPP 6 does not require individuals to have a specific ‘purpose’ for requesting
access to the personal information an organisation holds about them, the
Commissioner considered the purpose for requesting access in this case was relevant
to the finance company’s claim that the request was vexatious.
The complainant and the finance company had been involved in court proceedings
several years previously. The Commissioner found that the repeated requests for
access were substantially, if not solely, a means of obtaining documents to revisit the
earlier litigation and pursue an unrelated grievance.
The Commissioner formed the view that the finance company could rely on
NPP 6.1(d) to deny the complainant access to their information as the request was
vexatious.
The Commissioner closed the complaint under section 41(1)(a) of the Privacy Act on
the grounds that the finance company had not interfered with the complainant’s
privacy.
Office of the Privacy Commissioner
May 2010
Office of the Privacy Commissioner
2