Comcare is abusing the Australian Privacy Principles and obtaining consent involuntary/illegally
In this article I am going to show you why it is clear that in Australia, the Privacy Act 1988 and the Australian Privacy Principles contained within, are optional legislation that can be safely ignored.
Introduction
Comcare
Comcare is a body corporate that exists by a definition established in the Safety, Rehabilitation and Compensation Act 1988. Even though it is a body corporate, Comcare operates like your typical government department and employs APS staff who are required to adhere to the APS values & APS Code of Conduct.
What I would arguably consider to be the primary purpose of Comcare is to act as an insurance company with regards to workers compensation for the Federal Government, and other businesses or state government departments that opt-in to become a self-licensee. Comcare has a secondary purpose where it provides education, compliance and enforcement activities as prescribed by the Work Health and Safety Act 2011.
The Privacy Act 1988
The Privacy Act 1988 is legislation which operates at a Federal/Commonwealth level to provide people in Australia with protections surrounding the collection, use and disclosure of our information. It informs us how certain companies or government bodies (collectively referred to in the Act as APP entities) can collect/use or disclose our information, and it instructs APP entities about their obligations when handling our information.
The Australian Privacy Principles (APPs)
The Australian Privacy Principles (APPs) are a set of instructions, or to use OAIC words “a privacy protection framework”, which is embedded within, and enforced by, the Privacy Act 1988. There are currently 13 APPs in total.
Personal Information vs Sensitive Information
The Privacy Act 1988 defines two types of information, and the requirements for collection/use and disclosure of these two information types differ, and are treated differently throughout the APPs.
Comcare handles both types of information, and as an APP entity is required to have the proper protocols in place to handle each type of information correctly.
Personal Information
Personal information is any information that can be linked back to you. The best way I could describe this is if you look at the information and you are able to ascertain who that information belongs to or is referring to.
Sensitive Information
Sensitive information could be thought of as information that describes certain traits or situations about us.
Comcare deals predominantly with our medical records, medical certificates, seeks out medical reports and information of this nature. Largely, Comcare is dealing with our sensitive information.
APP 3 Collection of solicited personal information
APP 3 describes how an APP entity must act when collecting our information. Don’t let the Office of the Australian Information Commissioner’s (OAIC) heading confuse you here, despite saying personal information, APP 3 applies to both personal information and sensitive information.
APP 3 is quite lengthy, so I’m going to skip straight to the most interesting part here:
In the image above it is shown that APP 3 requires that the APP entity obtains our consent, unless an exception applies. There are a number of exceptions described within the APPs, and there are also the general exceptions.
Comcare in the ordinary management of our claims does not have any exceptions, and so to collect our sensitive information, Comcare is required to obtain our consent.
Consent
Given that Comcare is required to obtain our consent when collecting our sensitive information, as per APP 3, it is prudent that we establish what consent is.
OAIC has a webpage dedicated to the definition of consent, as well as some information regarding consent in their key definitions document.
In the first image above, we can see that they are four key elements that are required for consent to be deemed valid/lawful.
- the individual gives consent voluntarily
I want you to pay particular attention to the key factor I have listed above. Comcare does not understand the definition of voluntary.
OAIC describes voluntary as you being free from duress, coercion or pressure that could overpower your will. I actually thought that this was relatively straight forward, in school we learn about consent, right? This is so we don’t grow up to become sex pests and such. Well apparently, Comcare didn’t get the memo…
Comcare is forcing involuntarily consent
To claim workers compensation for your workplace injury you lodge using this online form.
The form contains a bunch of acknowledgements that you are forced to accept.
You’ll notice that I have highlighted the acknowledgements that are relevant to this topic.
Note that these acknowledgements are not optional!!! If you want to submit a workers compensation claim with Comcare you are forced to provide consent whether you like it or not (involuntarily).
Let’s have another look at what OAIC says:
How can it be said that we have a genuine opportunity to withhold consent if we are forced to provide consent when making a submission?
For this acknowledgement to be voluntary I must be able to deny/unselect it. Never mind genuine opportunity to withhold consent, there is no opportunity to withhold consent whatsoever.
For this issue alone, it can only be said that all consent obtained by Comcare is involuntary and therefore unlawful/not valid consent.
But it doesn’t end here…
The first acknowledgement I have highlighted in the above image states:
“I authorise and consent to the collection, use and disclosure of my relevant personal and medical information by Comcare and any relevant parties, including those listed in the privacy statement, for purposes connected with the assessment and management of my compensation claim, and by Comcare to carry out its regulatory functions”.
This is what OAIC refers to as bundled consent
This type of consent is a GOD MODE consent. It entitles Comcare to all your medical information from any location, whenever they want it. Nobody should ever sign a GOD MODE consent like this, not if you want to have any control over your information. This consent nulls out any protections you are provided by the Privacy Act 1988, and Comcare delegates are engaging in predatory behaviours where they are going fishing for any medical information to try and reject, or reject in retrospect, your claim/s. Have you had your COVID-19 vaccination? Do you have genital warts? All this information Comcare is seeking from your doctors. I have had Comcare demand all notes about my health from my GP and other doctors, including completely unrelated illnesses, as they are fishing for anything they can use against me.
Comcare has asked one of my doctors to tell them every single time I visited him in my life, and every single injury/illness he has ever seen me for, even if they are completely unrelated. My doctor did not comply, and I put a stop to it thanks to being alerted by my doctor.
As we can see, Comcare does not allow any choices at all, Comcare forces you to accept this bundled consent and that is it, they will access your sensitive information willy nilly from now on. They will not notify you that they are accessing it, they will go behind your back in secret and demand information from your doctors, and they provide this signed acknowledgement with the request to coerce the doctor into releasing your information. Even years later when you forget that you signed this acknowledgement, they still do it, in secret, and using the same acknowledgement from years ago.
Let’s look at the second acknowledgement I've highlighted:
“I understand if I withdraw my consent then this may result in my claim being suspended or cancelled”.
This is entirely a lie. Do you know what happens if you revoke your consent? When Comcare wants to collect or disclose your information it must obtain consent from you first, on a per collection/disclosure basis. That is all. There is no cancellation of your claim, there is no suspension of your claim. Comcare simply needs to seek your consent as it does not already have it.
The question must then be asked, what is the purpose of this second acknowledgement if it is a lie? Fear! This acknowledgement is designed to coerce you into accepting that you must provide consent, and if you even dare to think about revoking it bad things will happen to your claim.
Does this seem like voluntary consent free from duress, pressure or coercion? No, of course not, it is entirely coercive.
All consent provided to Comcare to access medical information, from Comcare claimants, has been obtained illegally and is as good as Comcare having no consent at all. Comcare has been illegally collecting, using and disclosing medical information for years, using fear as a means of keeping you compliant and providing your consent.
The Impossible Ask
Just when you thought it couldn’t get any worse, Comcare has approached me for consent, and on first glance it all seems very reasonable. Here is the consent that Comcare is seeking:
But in the very same email Comcare proceeds to state this:
Can you see the issue here? This is coercion. And do you notice the Comcare delegate conveniently remaining anonymous? They don’t want to identify themselves when breaking the law, they just use “Comcare delegate” or their position number.
Comcare is asking me for my consent, something that it is well entitled to do, but then Comcare is threatening that it may suspend my claim if I do not provide consent!
It is literally and lawfully impossible for me to provide my consent! Whether I want to provide my consent or not is irrelevant here, because the threat of a claim suspension weighs on my mind, it is coercing me into providing consent. This means that any consent I provide cannot be considered voluntary.
To test if consent could be considered voluntary consent, I ask myself this question: “Were it not for the threat of a claim suspension, would I provide my consent?”, and the answer is no. I have Comcare employees so fixated on me that I am considering calling the Fixated Persons Unit! You can probably see why right? When I am pointing out all their failures like this, I’m not making any friends at Comcare, but it is what it is. Do we remain silent and allow the Government to break its own laws simply because it is easy and convenient for us to pretend it isn’t happening? If the Government expects me to follow its laws, I expect the Government to follow its own laws. It is as simple as this.
Comcare is asking me for consent that I have no way I can provide due to the suspension threat.
I will describe the situation visually:
Does this seem sensible to you? Of course not.
Comcare is going to suspend my claim (again because it is already suspended, I will be double suspended I guess???) because it wants me to give it something with which I have no ability to provide it!
Clare O’Neil
This is somewhat irrelevant but I’m going to mention it because it really annoys me. When there is a cyber security breach or something like this in the private sector, Minister O’Neil goes on the attack. But she doesn’t have a leg to stand on because her own government is illegally forcing/coercing people into handing over their information. Forget information being stolen, Comcare are belting it out of people whether they like it or not…Comcare is then committing further offending by seeding our medical reports that it collects under duress to other doctors without our consent (or even telling us first), and behaviour of this nature.
Why can’t Minister O’Neil share the same level of enthusiasm that she has for attacking Optus and Medibank Private etc… and attack her own employees of the Commonwealth when they are clearly in breach of the Privacy Act 1988? Where are you Minister? You’re very loud and angry when it’s not your own folk aren’t you?… Even though it’s not a cyber security breach, it’s offending of a similar nature. Whether our information gets stolen by a cyber security breach, or stolen by Commonwealth employees who are acting beyond their jurisdiction, helping themselves to our information without our consent, it has the same result in the end. Our information ends up in the hands of some predatory perpetrator against our will. The predator is either a criminal, or a Comcare employee. There appears to be no difference between either at this point, both are obtaining our information illegally and without consent.
Missing Person: Australian Information Commissioner
Have you seen this person?
Name: Angelene Falk
Role: Australian Information Commissioner
Last Seen: Never
Where is OAIC? Comcare has clearly been doing this for a very long time under OAIC’s watch. OAIC is completely cooked. They are saying in 3 years maybe they can get around to looking at it……. WTF! 3 years!?!?!?!?!?! And so it is clear that if you want to breach the Privacy Act 1988 you can do so with impunity. The Government isn’t going to stop you, it is itself going against OAIC because it knows that OAIC can’t stop it. If you are an overseas company and you think the APPs are annoying and pesky? Just ignore them, because the Australian Government certainly is.
Recommendation for Comcare Claimants
If there is absolutely one thing you must do immediately, it is to email the following three email addresses:
And you must state the following phrase:
I revoke any previously supplied consent to collect or disclose any of my personal or sensitive information to/from any third-party. I would like to receive a request for consent on a per collection/disclosure basis. I would like to personally vet the information that you are collecting or disclosing about me, as it is an entitlement provided to me by the Privacy Act 1988. Thank you.
This will immediately offer you protection from the fishing expeditions that Comcare are known to go on, and provides a whole range of other benefits.
Comcare will write back, and they’re going to try and scare you into changing your mind, this is what they tried to do to me. Comcare is going to say something like “If you withhold your consent we are unable to perform our obligations as per the SRC Act and we may not be able to process your claim blah blah blah” and they’re going to make it sound really scary, and like they won’t be able to process your claim. This is completely false and safe to ignore. What it means is that anytime they wish to collect or disclose your sensitive information, they must seek your consent first. It may mean a bit more work for them sure, an overhead of maybe one or two emails each action involving information? But it offers so much more protection to you from these predators, and you’d be mad to continue to allow them unfettered access to your entire medical history. The Privacy Act 1988 gives you these protections, and you should use them, don’t let Comcare scare you out of your rights. We do not live in North Korea. The Government does not control us with fear.
Why do you think Comcare are so desperate to scare us into waiving away our rights? Think about it, I’ll leave you with that thought.