Source: Privacy Commissioner
A debt management company mistakenly associated a man’s name with the debts of another person for more than two years.*
The error meant any organisation querying the man’s credit history would find records indicating he had unpaid debts.
In 2018, the man was alerted to the mistake after his request to have utilities connected at his property was declined by a provider due to a debt against his name.
The man contacted the debt management company to inform them it had the wrong person. He demonstrated that he had a different middle name to the debtor and had never lived at the address the company had associated him with.
Despite the man repeatedly contacting the debt management company asking them to correct its mistake, two years later it had still failed to rectify the issue.
During those two years, the man claimed to have lost his job, struggled to obtain housing, was chased for debts that weren’t his, was unable to access loans and experienced mental health issues resulting from the stress the situation had caused.
In mid-2020 he complained to our office.
Our investigation
The man’s complaint raised issues under principle 8 of the Privacy Act.
Principle 8 states that an organisation must check before using personal information that it is accurate, complete, relevant, up to date and not misleading.
During our investigation, the man provided OPC with evidence of the harm he had suffered due to the incorrect information being held on his file. That evidence included records of the medical specialists he had seen and letters showing he was declined access to services and credit.
The debt management company admitted it had associated the man’s details with the wrong record and withdrew the credit defaults for his file.
The company took responsibility for the mistake and agreed to provide a substantial confidential settlement to the man for the harm he had suffered.
This case is a reminder of how important it is for organisations to keep accurate records about their customers or clients. It also highlighted why organisations should have robust processes for investigating and actioning complaints.
As the complainant was satisfied with the outcome, we closed the file.
* This case was considered under Privacy Act 1993.