Category: Central North Island

Source:

As a parent or guardian of a child under 16, you are entitled to request health information about your child as if it were your own information. For other personal information, the Privacy Act does not provide a right of access by a parent, but a parent or guardian can request information if the child is either too young to act on their own behalf, or where the child has consented.

This information will often be necessary to help parents raise and look after their children. But the parent or guardian’s right to access information is not absolute.

There will be some cases where information should be withheld from parents. Sometimes information is requested in situations of family breakdown and violence. Sometimes children will have suffered abuse and may be caught in the middle of bitter custody disputes.

An example is where a child undergoes counselling, and whether a parent should see the disclosures a child may make in those counselling sessions. In these situations, the child will be free discuss sensitive personal information, and needs to feel safe while doing this. This can be intensely sensitive and personal, and the improper release of such information could be detrimental to a child’s wellbeing.  Trust in the counsellor will be diminished, and the child will be less likely to share sensitive information in the future.

In some cases a child may disclose abuse by a parent or a close family member. Releasing this information would very often be dangerous and unsafe.

The Privacy Act gives some protections around this. Information can be withheld under sections 27-29 of the Act. In particular under section 29(1)(d), an agency may refuse to disclose any information requested, if this is contrary to the interests of a child under the age of 16. 

Sometimes it is not clear cut. When an agency is asked for information from a parent or guardian, there may be competing interests to consider and these can be hard to judge. Parents should be able to access information about their children, but ultimately the welfare of the child must come first. If you work in an agency, and you are asked for information and you have concerns or something raises alarm bells, you should ask for advice. If you are in doubt as to whether release is in the best interests of the child, do not release the information. If parents make a complaint to the Privacy Commissioner, we will look into it The outcome of that may be that further information is released. This is not a big deal if you’re acting with good intentions.  

Whether requesting, withholding or releasing information, the welfare of the child must always be paramount and be at the forefront of any decision.

complaints, children, health, Health Information Privacy Code

Back

Source:

The case for government agencies identifying opportunities to work together to provide public services is compelling. We expect government to be efficient, to deliver services based on sound reasoning and in ways that bring the most benefit to the people they are trying to help.

Public programmes can be designed in ways that allow sensible service delivery and a collaborative approach, without intruding on individuals’ rights, or exposing the agencies involved to legal risk.

The Privacy Act is, at its core, a flexible and enabling piece of legislation. However, sometimes it has been perceived as getting in the way of agencies working together. Sometimes those perceptions have been true, particularly when personal information gathered for a narrowly defined purpose is to be used in a new way, and by other agencies, as part of a proposed service delivery innovation.

The Approved Information Sharing Agreement (AISA) mechanism, proposed by the Law Commission and brought into law in February 2013, is designed to provide an answer to the “Because of the Privacy Act” objection to innovation in service delivery.

To support public sector understanding of how to design an AISA and make it work, we’ve published a guidance document that explains what an AISA can do and how to make it comply with the Privacy Act’s requirements.

Our AISA guidance includes checkpoints, scenarios and tips to help you.

Consider this hypothetical scenario. There is high youth unemployment in Northland and the government wants to improve outcomes for this group. An AISA could enable a wraparound service to be developed for school leavers. This might involve Work and Income, CYFS, Police, local schools, iwi organisations, the local employers’ association and other youth focused community groups. These parties could regularly meet to discuss individual cases. The AISA would describe the personal information that each party may share with each other.

If an agency can describe which parties are to be involved in delivering a public service, what information they need to do it, and what they are going to do with that information, they can begin to draft an AISA that will remove any questions about whether the Privacy Act will get in the way.

From our perspective as a watchdog, the AISA model means agencies can build in protections that allow the public to have confidence that the proposal is reasonable, proportionate and subject to adequate safeguards.

AISAs can enable efficient and responsive public services in ways that do not sacrifice important rights, and without adding unnecessary risk of privacy breaches. One additional safeguard is that I have the power to review an AISA 12 months after it becomes operational.

An A to Z of Approved Information Sharing Agreements is designed to be a practical user friendly guide. We depend on your feedback. If you have ideas on how to improve it, please get in touch.

information sharing

Back

Source:

Late last year, one of my senior investigating officers came to me with a file she’d been working on for quite a while. She was convinced the facts supported a finding of an “interference with privacy”, that is, a breach of the privacy principles, that had caused harm to the complainant. She’d tried to reach a settlement, but the parties were too far apart.

When we get to an end point like that, we have to decide whether or not to refer the matter to the Director of Human Rights Proceedings, an independent statutory officer who decides whether to litigate the matter in the Human Rights Review Tribunal. That can take a long time, and be quite stressful for the parties. It is also expensive.

What had happened was that a social worker out on her rounds had her car broken into. Her notebook was in the car. In the notebook were jotted details of some 90 clients she had seen in recent years. This is an important point – it was not just her current clients.

Her employer, a DHB, did the right thing, and got in touch with all the clients, to let them know what had happened. Some of them were understanding, some were a bit upset, but the one who complained to us was devastated. It had been some years since she had seen the social worker and she could not understand why she would still be carrying around her extremely sensitive personal information, which revealed details of mental ill health following the birth of a child.

Often, when a third party like a thief intervenes maliciously to release personal information, it would not be fair to hold the agency responsible. However in this case, we had to consider whether the agency had taken reasonable steps to ensure the information was protected from loss. While we acknowledged that there would be cases where it was necessary to take patient information ‘offsite’ when treating patients in the community, we were not satisfied it was reasonable to expose this type of historic information to the additional risks inherent in taking patient information out of the DHB.

As a last effort to resolve the complaint I arranged to meet with the chief executive of the DHB. We had a very productive conversation and were able to agree to terms on which the complaint would be settled without referral to the Director of Proceedings. It was helpful for me to learn that the DHB’s biggest concern was the perception that we were requiring a significant change of professional practice (namely that we were saying patient information should never be taken offsite). That would have had quite significant implications given the change in clinical service delivery to community care. This means that more health and support staff will be out and about, which means the ability of health care workers to access patient information when they are outside traditional facilities (think clinics and hospitals) will become increasingly important.

Part of the settlement was that my Office agreed to provide some guidance to help health workers and others who are increasingly mobile, to reduce the risks of things going wrong. We will be beginning that work soon, and will hope to canvas the views of a range of community workers to see how they practically manage their information securely without compromising their ability to deliver top quality care.

And here’s a final tip. One of the things that the complainant was very pleased about was that it had reached the highest level of the organisation. She felt that if it had come to the attention of the chief executive, she knew it had been taken seriously and that something would be done. Don’t underestimate the power of a personal approach from the top level in appropriate circumstances!

(Image courtesy of the National Library: Complaint to the editor in Clutha Leader 1907)

complaints, breach

Back

Source:

It began with a photo shared privately among friends and set in motion events that resulted in a precedent setting award for damages for a privacy breach.

This week, the Human Rights Review Tribunal awarded Karen Hammond over $168,000 dollars, largely in part for the severe humiliation she suffered through the actions of her former employer, NZCU Baywide.

The amount is ground breaking because it exceeds by a wide margin the previous highest award of $40,000 set in 2003 (Hamilton v The Deanery) and sets a new benchmark for compensating harm caused by a breach of the Privacy Act for unlawfully disclosing personal information.

The Tribunal said in its decision that NZCU Baywide was in breach of principle 11 of the Privacy Act, which states an agency that holds personal information shall not disclose the information to a person or body or agency.

The information related to a photo that Ms Hammond had shared among a circle of friends on Facebook. The photo featured a cake with written obscenities referring to NZCU Baywide, which was her employer at the time – although she was in the process of leaving the company for another employer. The privacy setting meant only those who had been accepted by Ms Hammond as friends had access to the photo, taken at a private dinner party.

The Tribunal said the company management received evidence of the photo and the human resources manager then coerced a junior employee to reveal the photo on her Facebook page. The manager made a screenshot of the photo and disclosed it to other senior managers. The screenshot was then distributed to several employment agencies in the Hawke’s Bay area by email, and was accompanied by phone calls from NZCU Baywide warning against employing Ms Hammond.

The Tribunal said the photo had become the basis for a “sustained campaign by the company to inflict as much harm and humiliation as possible by ensuring she (Ms Hammond) could not be employed in the Hawkes Bay area” and to get her dismissed by her subsequent employer.

The campaign against Ms Hammond made her new position untenable, forcing her to resign because of the threat by NZCU Baywide to boycott her new employer. She was unemployed for 10 months and was not been able to find employment in her preferred field of finance. Her close relationships were severely affected and the stress caused significant harm to her family. The Tribunal noted that she and her partner had struggled financially and emotionally.

The company did admit to breaching principle 11 and had apologised to Ms Hammond. However, the Tribunal said on the balance of evidence, it had established that loss, detriment, damage or injury, as set out in section 66 of the Privacy Act, had occurred to Ms Hammond. It was also satisfied that there had been significant humiliation, loss of dignity and injury to her feelings.

The Tribunal awarded damages of $98,000 for humiliation, loss of dignity and injury to feelings. Further damages were awarded, including $38,350 for loss of income, $15,543 for legal expenses and $16,177 for the loss of a salary benefit Ms Hammond might have expected to obtain, but for the interference to her privacy.

The decision sets a new benchmark for compensating harm caused by a breach of the Privacy Act for unlawfully disclosing personal information.

Human Rights Review Tribunal, Facebook

Back

Source:

Over the last few months we’ve talked about how our Office is trying to provide more effective and efficient responses when we investigate complaints by taking a practical approach to dispute resolution –  including trying to talk with people more and calling compulsory conferences where appropriate.

That said, the bulk of our complaint work – about 60 percent – relates to complaints where we have been asked to review an agency’s decision to withhold personal information. In case you don’t already know, under the Privacy Act, individuals are entitled to request a copy of any personal information an agency holds about them.

This is not an absolute right, as an agency can withhold personal information in limited circumstances, but if it withholds personal information, the individual is entitled to have us review that decision.

A key requirement to us reviewing a decision to withhold information is that we need to see a copy of the information in question (although there will obviously be the odd case where this just isn’t possible – for instance because the agency no longer holds the information that has been requested).

But all too frequently we have issues with agencies who are reluctant to hand the information over to us to review, for any number of reasons. They might believe the information is covered by some sort of privilege, or they don’t have time to collate the information, and other reasons.

While we understand that some agencies will have genuine concerns about providing us with information to review and are always happy to talk about this with them, the simple fact is that it’s necessary for us to be able to see this information to do our job and, as such, we have the power to order this information is provided to us.

Under section 91 of the Privacy Act, we can require any individual provide any information we consider is necessary for us to look at as part of a complaint investigation. This includes asking to be provided with personal information for review where it’s being withheld, regardless of whether that information is privileged or subject to any other confidentiality.

You don’t just have to take my word for it though – this is a matter which has been all the way to the Supreme Court (see William Patrick Jeffries v The Privacy Commissioner). In that case, a lawyer didn’t want to provide us with information because it was legally privileged. The Supreme Court said this information must be provided to our Office, if we request it under section 91.

If you or your agency receives a letter from us requesting information so we can review it and the letter refers to section 91, then providing this information is not optional. If we don’t receive the requested information, we can consider enforcement action – such as prosecution.

If you are dealing with us on a complaint and you’ve got any questions or concerns, you should always feel free to get in touch with us to discuss these further. But there is simply no good excuse for failing to comply when we request information as part of an investigation.

complaints, IPP6 – access

Back

Source:

People have a right to access information about themselves. When workplace policies reinforce this right, it is risky to deviate from them. This was recently underlined in a Human Rights Review Tribunal decision to award a former Capital Coast DHB (CCDHB) nurse $15,000 for being denied information about a harassment complaint she made against her manager.

The nurse made her harassment complaint during an investigation into complaints made against her by seven co-workers. The first investigation began in 2011 and took 15 months. During this time, the nurse was removed from her paediatric workplace and from May 2012, she was suspended without pay.

In August 2012, the nurse made her complaint against her manager who was responsible for the ward where she worked. She sought access to a written response made by her manager about the nurse’s complaint against the manager. The information sought had been given to the investigator by the manager and was in the form of two documents.

Initially, CCDHB refused to give the nurse the documents she requested, but later it provided the information to her in a heavily redacted form. This was despite CCDHB’s harassment prevention policy which stated “each involved party must be given the opportunity to be represented, and be given a reasonable opportunity to answer the allegations and rebut the defences”.

The Tribunal said the policy document was explicit about the procedure to be followed – while the person complained against must be given the signed written complaint and given an opportunity to answer the allegations, the complainant in turn must have the opportunity to rebut the defences.

The added difficulty in this case arose because the nurse’s manager specifically requested that her account be kept confidential to the investigation and not be provided to the complainant. However, the investigator gave no assurance of confidentiality to the manager.

The nurse said the first time she became aware of her manager’s response to her complaint was when she received the investigator’s report in March 2013, which included extracts of her manager’s account. The report found there was no substance to the nurse’s complaint that would warrant a fuller investigation. The CCDHB accepted the finding but the nurse did not.

The nurse told the Tribunal that being unable to access the documents of her manager’s account meant she was unable to tell which part or parts to challenge and to request that any corrections be made.

Under principle 6 of the Privacy Act, people can request access to personal information held about them by an agency. Under principle 7, people can request that a correction be made to that personal information.

To establish a breach of principle 6, a complainant must show they had made an information privacy request and that the agency refused to make the information available in response to that request or failed to respond to the request within the 20 working days.

When an agency relies on any of the withholding grounds in sections 27 to 29 of the Act, the agency has to prove the exceptions apply. CCDHB had relied on section 29(1)(a) which says an agency may refuse to disclose information if the disclosure of the information would involve the unwarranted disclosure of the affairs of another individual. CCDHB had argued that the information sought by the nurse was as much about her manager as it was about the complainant.

The Tribunal disagreed. It said the information provided by the manager was potentially of a highly prejudicial nature and could affect the nurse’s return to work in the ward. There were compelling reasons in favour of disclosing the withheld information to the complainant.

Secondly, the Tribunal noted that CCDHB’s harassment prevention policy explicitly stated that, as the complainant, the nurse would have an opportunity to rebut the defences raised by her manager. On the face of that policy, there could be no expectation that the manager’s response in the two documents would be withheld from the complainant.

The Tribunal said it was satisfied there had been an interference with the nurse’s privacy and subsequent humiliation, loss of dignity and injury to feelings followed. It awarded $10,000 and ordered access to the unredacted documents.

It also awarded the nurse $5,000 damages for the loss of a benefit she might have expected to obtain if she had been able to access the unredacted documents. The documents, it said, were of potential relevance to her separate employment dispute with CCDHB.

Dissenting view

One of the Tribunal members, Mr Shirley, took a different view. In his dissenting decision, he noted that in the investigation into complaints made by seven co-workers against the complainant, the nurse had received written copies of all the complaints and witness statements. But the complainants or witnesses in that investigation were not given the opportunity to rebut the nurse’s response to those complaints.

Mr Shirley was of the view that CCDHB had fair and balanced procedures around staff inter-relationships and there was good reason for refusing the nurse’s request for personal information because it would involve the unwarranted disclosure of the affairs of another person – her manager.

Image credit: Medical privacy – Electronic Frontier Foundation (EFF)

IPP6 – access, Human Rights Review Tribunal, health

Back

Source:

A Housing New Zealand tenant who found himself in a bureaucratic limbo when he complained to several agencies about a noisy neighbour has been awarded $400 damages.

Fed up with the noise from a neighbouring apartment in March 2012, the man complained to Housing NZ, Police and the Dunedin City Council. But he was told by Housing NZ and the Dunedin City Council that the matter was the responsibility of the other agency.

Housing NZ said noise complaints were the responsibility of the Dunedin City Council which in turn said it didn’t investigate noise complaints if the tenants had the same landlord – in this case, Housing NZ.

To further complicate matters, the man was also informed by Housing NZ that it would not take any action because it had not been able to establish that Mr Holmes had called the Dunedin City Council as he had claimed.

The man then began a quest to hold the right agency to account.

He wrote to the regional manager of Housing NZ requesting a recording of his calls to the agency’s 0800 number, together with all records of his calls, as well as the action taken by Housing NZ regarding those calls.

Mr Holmes believed these recordings would show he had made a complaint about noise to the Dunedin City Council and that the complaint had been to no avail.

But Housing NZ said it did not receive the letter asking for the recordings or transcripts of the recordings. This became the issue at the heart of this dispute before the Human Rights Review Tribunal. The Tribunal had to establish on the balance of probabilities whether Mr Holmes had sent the letter and whether Housing NZ had received it.

Information Privacy Principle 6 of the Privacy Act establishes an entitlement to personal information. Where an agency holds personal information in such a way it can be readily retrieved, an individual is entitled to obtain from the agency confirmation of whether or not the agency holds such personal information; and to have access to that information.

In making a decision on whether a request is to be granted, an agency must do so “as soon as reasonably practicable” and in any case not later than 20 working days after the day on which the request is received by that agency.

In its decision, the Tribunal said it was satisfied, based on Mr Holmes’ evidence, that he had sent the letter – dated 27 March 2012 – and that it had been received. It was not the responsibility of Mr Holmes if Housing NZ had lost or mislaid the letter.

“Mr Holmes’ account of his posting of the letter and subsequent call to the call centre is consistent with his almost obsessive preoccupation of ensuring all his dealings with officialdom are clearly documented, including the obtaining of a confirmation of receipt for all documents supplied by him,” the Tribunal said.

If no decision is made within the statutory 20 day working period of an access request, then there would be an interference with Mr Holmes’ privacy as defined in section 66 of the Privacy Act.

Mr Holmes sought damages of $20,000 for humiliation, loss of dignity or injury to feelings. In a statement to the Tribunal, he described the figure as “conservative”. The Tribunal did not accept that Mr Holmes had experienced consequences of the gravity necessary to justify such a high award. Instead it valued the extent of his damage at a more modest $400.

IPP6 – access, Human Rights Review Tribunal

Back

Source:

The Human Rights Review Tribunal says a former Massey University extramural student society president suffered humiliation and significant injury to her feelings after a private letter addressed to her was leaked to a student magazine.

The woman was also subjected to sustained harassment from the respondent in this case, the society’s former vice president, who during a long running dispute sent her an average of 150 emails a week and made phone calls to her, forcing her to change her phone number twice in a year.

The respondent’s behaviour towards her in early 2013 became so worrying that she sought legal advice and arranged for a trespass notice to be issued against him. She also attempted unsuccessfully to remove him from his position as vice-president.

The woman described the respondent’s behaviour towards her as ‘extreme harassment’ and that his emails and phone calls often used profanities and contained threats. The harassment included an attempt by him to ‘confiscate’ her personal belongings in her university office.

In March 2013, the woman received a letter from a member of the society’s executive, purportedly on behalf of the executive. It was headed ‘Written Warning’ and contained extensive and serious allegations about her performance as president.

Shortly after she received the letter, she was interviewed by two members of the university magazine and shown a copy of the letter. One of the journalists told her it had been given to them by the respondent. The magazine later quoted excerpts from the letter in an article published in print and online in April 2013.

The woman said the impact of information in the three page letter being made public was humiliating and irrevocably damaged her reputation for hard work and ethics. Following the story’s publication, she received a deluge of emails from extramural students, many of them angry from what they assumed to be factual information in the story. She said she felt degraded by the flood of hate mail she received from strangers.

A doctor told the Tribunal that the woman suffered from stress and anxiety, including headaches and panic attacks, for which he had prescribed anxiety medication.

In her complaint to us, the woman named the then vice president and the university magazine as respondents.

We concluded that by disclosing the letter to the student magazine, the respondent had breached principle 11 of the Privacy Act. We then referred the case to the Director of Human Rights Proceedings who in turn brought proceedings before the Tribunal. The Tribunal ordered the respondent to pay the woman $18,000 and ordered him to undertake training in the Privacy Act.

Image credit: “Lettering for draftsmen, engineers and students; a practical system of freehand lettering for working drawings” (1917) Internet Archive Book Images Creative Commons Licence

IPP11 – disclosure, Human Rights Review Tribunal, complaints

Back

Source:

In the recent decision Taylor v Orcon Ltd, the Human Rights Review Tribunal ordered a telecommunications company, Orcon, to pay $25,000 in damages to Mr Taylor. This case sends a strong reminder to agencies to check the accuracy of personal information before using it.

Mr Taylor had a dispute with Orcon over a bill. Before the dispute was resolved, Orcon sent the debt to the collection agency, Baycorp. Baycorp then listed a payment default on Mr Taylor’s credit report with Veda Advantage.

The story has had quite a bit of media coverage, but none has yet covered the clear guidance the Human Rights Review Tribunal has given us about how to treat such cases in the future.

The Tribunal disagreed with the view we came to on the complaint and we’ve learned some important lessons.  

Mr Taylor complained to us, and we considered whether Orcon’s actions were a breach of principle 8 of the Act. Principle 8 says that agencies must take reasonable steps to make sure information it is uses is “accurate, up to date, complete, relevant and not misleading.”

We concluded Orcon had breached principle 8 by failing to take steps to ensure the accuracy of information relating to the Orcon default.

But we did not consider this breach caused Mr Taylor the harm he claimed (as required by section 66 of the Privacy Act). For an action to be an interference with privacy, there must be a breach of a privacy principle, which causes harm to the individual.

Mr Taylor claimed the Orcon default on his credit report caused him harm including:

• a finance company declined his application for a loan,
• he was unable to secure rental accommodation (because landlords do not want tenants with a negative credit rating)
• his family was significantly stressed and embarrassed.

We thought there were other contributing factors that caused Mr Taylor harm, not just Orcon’s actions. Accordingly, we concluded Orcon had not interfered with Mr Taylor’s privacy.

As part of the investigation, both the finance company and the property manager told us the Orcon default was not the sole or material reason for their decisions to decline Mr Taylor’s applications. Rather, those decisions were based on a combination of factors, of which the Orcon default was just one part.

The Tribunal agreed Orcon was in breach of principle 8 because they failed to take steps to determine whether a debt was in fact owed by Mr Taylor before the debt was referred to Baycorp.

But the Tribunal materially disagreed with the legal test we applied to determine whether the breach of principle 8 lead to interference with Mr Taylor’s privacy.

Causal connection

On the issue of ‘causal connection’ between the harm claimed by Mr Taylor and Orcon’s action in breaching principle 8, the Tribunal stated no clear causation standard has yet been established. But the purpose of the Act and the wording of the relevant provision should be considered. The causal connection standard set in section 66(1) of the Act requires evidence to show that harm has actually occurred or that it might occur.

The Tribunal disagreed with the causal connection standard we applied in our investigation, considering the threshold for harm in this case to be lower than the one we applied. In other words, it was enough that the Orcon default had “a real influence” or “more than minimal” influence upon Mr Taylor’s situation, and it did not have to be the sole or the material cause.

The Tribunal said it was sufficient for Mr Taylor to establish the Orcon’s default was a materially contributing cause leading to the complainant’s harm. Therefore the sole or the material cause assessment we followed was incorrect.

The Tribunal clearly articulated the need to consider the connection between the harm and the defendant’s action in the broad sense. It was sufficient the Orcon default was considered as a contributing factor by the finance company and the property manager when declining Mr Taylor’s applications. The fact that other adverse information was present on Mr Taylor’s credit file is irrelevant.

The Tribunal does not address the degree to which the Orcon default was a contributing factor to Mr Taylor’s harm, simply stating that in this case it was “more than minimal”, which was sufficient to establish an interference with Mr Taylor’s privacy. The decision is clear that the consequences on Mr Taylor were significant – specifically, the loss of a good credit rating and the fact that Mr Taylor and his family were caused “considerable anxiety and stress”.

While not every disputed debt would be in breach of principle 8, the Tribunal’s decision makes it clear agencies must take adequate steps to check the accuracy of the information before referring it to a debt collection agency.

The Tribunal is also clearly focused on ensuring adequate protection of an individual’s privacy by setting the causation standard at an attainable level.

Future implications

From now on, we will be applying the law in the way interpreted by the Tribunal. This means we will be getting tougher on respondents who have breached one of the principles.

Looking at the case from a slightly different point, it also has implications for credit reporting agencies that continue holding information about disputed debts, contrary to the Credit Reporting Privacy Code. We intend to take this up with credit reporting agencies and to focus on it in our 2016 annual review of those agencies’ reports on compliance with the Code.

IPP8 – accuracy, Human Rights Review Tribunal, Credit reporting, complaints

Back

Source:

In an earlier post, we discussed the Human Rights Review Tribunal decision in the case of Andrews v Commissioner of Police. The Police had successfully defended a Privacy Act case that Mr Andrews brought against them. They applied for $7,500 to $10,000 costs, but the Tribunal declined to award any costs at all.

The Police appealed this ‘zero costs’ decision to the High Court, on the basis that the Tribunal’s approach was wrong on several counts. For instance, they argued:

• that this Tribunal, under its current Chairperson, was taking a different approach to costs from previous Tribunal decisions, and was not entitled to change its mind in the way it had
• that the Tribunal’s approach was inconsistent with existing High Court authority and the Tribunal was bound by that authority
• that while preserving access to justice was important, the starting point should be the usual presumption that a successful litigant will get a reasonable contribution to their costs
• Mr Andrews’ ability to pay costs should not have been treated as significant.

In a carefully considered decision, Justice Mallon has dismissed the Police appeal.

She agreed the existing High Court authorities had tended to accept the earlier Tribunal’s approach that costs are generally available for a successful litigant. However, those High Court cases were different from Mr Andrews’ case in many respects. In particular, none of them involved an individual (especially a vulnerable individual) taking a claim against the State. None had been claims involving an important and novel point of law. None had involved a prisoner whose ability to pay and rehabilitation needs should be considered.

Justice Mallon found that the Tribunal was entitled to revisit its previous approach to costs. The Tribunal was not behaving unreasonably or unpredictably. It had clearly signalled its intention to reconsider the issue of costs (Heather v IDEA Services Ltd and Holmes v Ministry of Social Development) and had also clearly stated the reasons why it wanted to do so.

Even more than that, Justice Mallon expressed support for the different approach the Tribunal had taken. To summarise some of the main points:

• statutory tribunals are meant to be quick, cheap and accessible, and large awards of costs could undermine their ability to do that job
• section 105 of the Human Rights Act makes it plain that the Human Rights Review Tribunal’s jurisdiction is different from that of the ordinary civil courts because Parliament has given the Tribunal a great deal of latitude and flexibility
• Public or constitutional issues arise when, for example, individuals who are potentially vulnerable can challenge the exercise of State power over them in the Tribunal. The discretion to award costs must promote the protection of human rights, not negate it, particularly when claims against the State are involved
• Many things affect costs and one size does not fit all. A range of factors may be relevant. The  motivations and behaviour of the parties are particularly important – indeed, “… in the case of an individual asserting a breach of important rights by a state agency, a possible starting point might be that no costs are to be ordered unless the claim (or the conduct of it) is frivolous or vexatious, or was activated by improper motives”.

Mr Andrews had brought a claim that was important to him and about which he was genuine. Unlike litigants in the previous High Court authorities, the proceedings were not hopeless, he was not vexatious, and he had not unnecessarily prolonged proceedings or unreasonably rejected a settlement offer

The Tribunal was correct to have regard to Mr Andrews’ situation, his ability to pay, and the impact on his rehabilitation that a costs award would have

The claim also involved a novel and important point of law (how the Criminal Disclosure Act interacts with the Privacy Act).

It was always going to be difficult for the Police to persuade the Court to reverse a highly discretionary Tribunal decision. But the High Court’s decision is especially welcome because it provides real support for the new way in which the Tribunal approaches the question of costs in human rights cases, particularly for cases involving individuals and State agencies that are exercising power over them.

It will be interesting to see how questions of costs play out in cases brought against private sector agencies, where the ‘constitutional’ element is less obvious. I suggest that the motivations of the parties, and the way in which they conduct the proceedings will be particularly important in those cases.

Human Rights Review Tribunal, law enforcement

Back