'We take our obligations under the Privacy Act seriously" is a common refrain, sadly, observed more in the breach. This was the case in the ruling of the Human Rights Review Tribunal in a case involving a former employee who iced a cake expressing her feelings towards her former employer at a private function before uploading its image on to her Facebook page, with privacy settings limiting access to her friends.
Despite the employer stating its supposed adherence to the Privacy Act the evidence produced at the hearing was anything but. It emerged that the plaintiff and her colleague had been among the best qualified and talented employees at the agency in question (the credit union Baywide) which led senior managers who felt threatened by them to persecute them. Ironically, one of the concerns that had been raised by the plaintiff was Baywide being put at legal risk for non-compliance with the Privacy Act among other legal requirements.
This was just the beginning of the saga, however. After the plaintiff and her colleague had resigned and a report of their private party came to the attention of some staff at Baywide, there was an enormous over-reaction on the latter's part. In the first place Baywide's human resources manager coerced a junior employee, a Facebook friend of the plaintiff's, to allow access to her Facebook profile in order that a screenshot of the expletive-laden cake could be obtained.
This image was then widely circulated to recruitment agencies throughout the region in order to damage the plaintiff's future employment prospects. The junior employee also resigned shortly thereafter - the employer bullying resulting in the loss of three talented employees.