The Office of the Privacy Commissioner has now backed the health agency’s decision and in a preliminary view, concluded it had lawfully refused the request for names.
It said in a decision released this month that there is a “relatively high threshold” to meet before an agency can lawfully refuse access to records.
It also said the agency has assured it that any employee outside the allocated team did not and would not be able to access the file because of the security safeguards in place.
The Privacy Commissioner was swayed by evidence it requested to support the agency’s stance, which showed that releasing the names would lead to a “significant likelihood of serious harassment”.
The information showed behavioural patterns in previous dealings with the woman which may have constituted harassment such as attempting to contact employees via social media platforms, threats of self-harm, and repeated contact in a manner that caused significant discomfort and distress.
“This was not a finding that the harassment had occurred, rather, based on the information we reviewed, and which the agency relied on to refuse access, we were satisfied that the agency had a proper basis for its belief that disclosing the individuals’ names to the woman would create a significant likelihood of serious harassment,” the decision said.
The woman disagreed with the decision and has now been informed of her right to bring proceedings in the Human Rights Review Tribunal if she wants to pursue her complaint further.
The agency agreed it would work with the woman to raise any issues of unauthorised access based on the information she had and answer any other questions that came up.
The office of the Privacy Commissioner said agencies that hold personal information have a responsibility to make sure the information they hold is kept safe and secure.
This also means protecting it against unauthorised or inappropriate access.
