No, You Can’t Redact That!

The Privacy Act gives people a broad right to access their personal information to provide transparency, accountability, and fairness. The act sets the rules for what you can redact when someone makes a privacy request. You can redact information on a number of grounds including that it would breach another person’s privacy, compromise an investigation, endanger someone’s safety, or reveal privileged legal advice.

However, when a person asks to see what’s been written about them, there’s no magical exemption for the mortifying little notes that sneak into customer records, the ones that read, for instance, “The customer is nuts.” This is the quietly humbling part of the Privacy Act; it doesn’t protect organisations from embarrassment. The Act assumes a level of professionalism that staff notes will be factual, necessary, and neutral.  The Privacy Act doesn’t make an exception that the comment was typed in a moment of caffeine-fuelled despair. Under the Privacy Act, that note is information about the individual, and therefore theirs to see.

What emerges from all this is a valuable, if slightly painful, lesson: when you write notes about a person, you are, in effect, writing to that person, even if they never read it. Every “difficult,” “unreasonable,” or “deranged” remark is a potential exhibit in a future privacy request. The black marker of redaction will not come galloping to the rescue; the law believes in sunlight, not cover-ups.

So, when the next customer interaction tests a staff member’s patience to its outer limits, get them to pause before letting their fingers type something colourful.