Privacy Law and Policy Reporter
Since this article was written, the NSW Court of Appeal has rejected Mrs Breen's appeal (Kirby P dissenting). A report of the appeal decision will appear in the next issue.
The Queensland Health Rights Commission has released a draft Health Rights Code, to be finalised by 30 June 1995, which gives patients full access to their health records. It applies to the private sector as well as the public sector (already covered by FOI laws). The Queensland branch of the Australian Medical Association says it generally supports patients having access to factual information in medical records but that doctors' opinions in case notes should remain their 'intellectual property'. Confusion between property rights and privacy seems to be spreading since the Breen decision.
In her account of the judgment in the NSW Supreme Court by Bryson J in Breen v Williams ( (1994) 1 PLPR 141), Julie Hamblin expresses disappointment at the effect of the decision and suggests that it seems to run counter to recent trends towards greater openness, particularly in relation to medical records. While sharing that disappointment and perception, I would argue that the case simply illustrates the limitations of the common law in protecting an individual's privacy interests.
Given the judge's starting point of dealing with the issue as a common law matter informed by principles of equity and fiduciary duty, it is not surprising that he found for the defendant. Where the task of the court is seen to be to balance a well -established property right against a nebulous interest in needing to know, the owner of the information is always likely to come out ahead. The balance of argument only swings towards the individual plaintiff if one acknowledges an additional and countervailing right to privacy, interpreted as including an interest in information about oneself irrespective of any use, harm or need to know.
The plaintiff's advocate cited the Canadian Supreme Court decision in McInerney v MacDonald (1992) 93 DLR (4th) 415 in which such a right was asserted. On a reading of the excerpts he quotes, I suggest that Bryson J rightly questions the basis for the assertion and its place in the established framework of equity jurisprudence.
One problem with the attempted reliance on equity/fiduciary duty seems to be that all the precedents appear to focus on the intended use of the information. On the one hand, the fiduciary cannot use the information for personal gain unrelated to the purpose of the original relationship, and on the other hand the person entrusting the information is only entitled to that which they need for purposes related to the original relationship. This will normally lead to the fiduciary being able to exercise their professional judgment as to what information the individual requires (for example, to seek a second opinion) although for some purposes (for example, to found an action in negligence) there would be a more adversarial relationship and the individual would have to make a case for the information required. The situation is clearer if the fiduciary relationship relates to information expressly entrusted to the supplier for safe-keeping.
Another problem with the approach taken by the plaintiff is that it is not easy to see where the limits of the claimed right would lie, raising the possibility of a result in which there was an unwarranted interference with the supplier's own privacy, intellectual property, and professional and commercial interests. A common sense 'lay' view would be that a customer cannot reasonably lay claim to detailed knowledge of a supplier's general policies, tactics, charging policy, professional knowledge, etc. At the other extreme, most people would be in no doubt that the individual has a right to any factual information about him or herself. There remains a grey area of the supplier's opinions and intentions in relation to the particular individual. Privacy and FOI laws grapple with this grey area with varying degrees of success, and it is by no means certain that all of the information sought by Ms Breen would have been available to her had they been held in a public hospital. Several of the exemptions in the Freedom of Information Act 1982 (Cth) could potentially have applied (see ss 36, 40, 41, 43 and 43A).
One conceptual distinction is between information which the customer has either given (entrusted) to the supplier, or which has been generated by a transaction (for example, records of purchases), and information added by the supplier (either from his or her own knowledge or expertise, or brought in from a third party). In practice, however, this distinction is not a reliable basis for attributing privacy rights - some of the information added by the supplier may be factual and some of that generated by the transaction may unavoidably include an element of professional knowledge.
One of the weaknesses in invoking the law of confidence to protect privacy rights is the traditional limitation of that law to particular types of relationship which are seen to have an inherent quality of confidentiality; for example, doctor-patient, lawyer-client, and priest-confessor. This limitation appears to carry over into the jurisprudence relating to fiduciary duty, although the relevant relationship categories seem to be considerably broader, embracing for instance commercial relationships and perhaps even government-citizen relationships (see the High Court's 1993 judgment in Johns v ASC (1994) 1 PLPR 10). The important limitation is that no duty of confidence, or fiduciary duty, appears to attach automatically to personal information generated as a result of any relationship. It may be that in relation to health records, leading cases such as Rogers v Whitaker  HCA 58; (1993) 175 CLR 479 could be more helpful in support of a right of access than the judgment in Breen suggests but such cases would be of limited application to other types of record. From the point of view of a general right of access, the common law only provides a patchy and arbitrary avenue of redress.
In arguing for an individual's privacy interests, there is an obvious temptation to take advantage of any traditional duty of confidence elements, and the common law can be supportive of privacy rights (as for instance in Johns v ASC). However, in light of the limitations discussed above, reliance on the common law can be counter productive, and even fatal to a claim for access to personal information, as appears to have been the case in Breen (subject to the results of any appeal).
What is needed is to establish a wholly separate and independent right to access to personal information, with clearly- defined parameters, as part of a general privacy right founded in principles of autonomy and basic human rights and freedoms. This right would apply equally to all supplier-customer relationships (including doctor-patient, government-citizen etc). Since the common law does not appear to recognise such a broad right, and in the absence (in Australia and the UK) of any constitutional guarantees, the only way of ensuring these rights is through statute law. Hence the importance of the current review of the Commonwealth FOI Act and its relationship with the Privacy Act (see (1994) 1 PLPR 154).