Privacy Commissioner, Timothy Pilgrim, has ordered Telstra to pay $18,000 and apologise to a family law judge after it published his name and address in the White Pages.
According to Pilgrim, the telco failed to provide the judge with reasonable notice that his details would be published in print and online.
The judge contacted Telstra in April 2013 to have a phone line for an alarm system connected at his home because of security concerns. Pilgrim said the judge regularly receives threats from parties whose cases he has heard.
When the judge contacted Telstra through its instant messaging facility to arrange the connection of the phone line, he told the Telstra representative that the sole purpose of the phone line was for the alarm system.
However, Telstra published the complainant’s name, address and the number of the phone line in both the White Pages online and hard copy directory through its subsidiary Sensis.
In his [[xref:http://www.oaic.gov.au/images/documents/privacy/applying-privacy-law/privacy-determinations/2014-aicmr-118.pdf|ruling| (PDF), Pilgrim found that Telstra breached National Privacy Principle (NPP) 1.3 and NPP 2.1 of the Privacy Act because it did not tell the judge that it would publish his personal information in the White Pages.
NPP 1.3 states that organisations cannot collect personal information unless it is necessary for one or more of its functions or activities.
NPP 2.1 states that personal information can not be disclosed other than for a permitted purpose.
Pilgrim also found that the privacy breach has had serious consequences for the judge including fears for his physical safety.
In March 2014, an investigation by Pilgrim and the Australian Communications and Media Authority (ACMA) concluded that Telstra breached privacy rules after 15,775 phone numbers, names and home addresses contained in spreadsheets were found online through a Google search in May 2013.
Following the breach, Telstra agreed to stop using the Right Now software platform on which the data breach incident occurred, establish a policy for central software management, and review contracts with third parties relating to personal information-handling.
Follow Hamish Barwick on Twitter: @HamishBarwick