In Karen May Hammond v Credit Union Baywide [2015] NZHRRT 6 the Human Rights Review Tribunal ("HRRT") recently found that the improper use of personal information of a former employee violated that employee's right to privacy.


The plaintiff, who had recently resigned from her position at Credit Union Baywide ("NZCUB"), uploaded a photograph of a cake made by her for a private dinner party attended by, amongst others, current and former NZCUB employees, to her Facebook page. The cake was iced with profanities about NZCUB. The plaintiff's Facebook privacy settings meant that only those who were the plaintiff's 'friends' could access and see the photograph. However, upon learning of the existence of the photo through the office, a representative of the respondent pressured a current employee who was 'friends' with the plaintiff on Facebook to access the photograph.

The respondent took a screenshot of the photograph and distributed it to multiple employment agencies in the local area accompanied by an e-mail and a phone call, warning against employing the plaintiff. Subsequently, the respondent circulated the photograph by e-mail internally to NZCUB staff, with further information about the circumstances surrounding the plaintiff's resignation. The respondent also pressured the plaintiff's new employer into terminating her employment due to the plaintiff's use of the photograph.

Unauthorised disclosure

The HRRT considered whether the disclosures by the respondent were unauthorised. In this context, NZCUB conceded that its disclosure of the Facebook photograph to the employment agencies in the local area and to NZCUB staff (accompanied with information about the plaintiff's resignation) constituted use of the information for a purpose other than for which it was intended. The HRRT concluded that the fact that the plaintiff's new employer was aware of the Facebook photograph before the respondent called the new employer did not preclude this instance from constituting a separate unauthorised disclosure. It held that there were various disclosures by the respondent of the plaintiff's information, and all of them were unauthorised.

Right to privacy

The HRRT then went on to consider whether the disclosures constituted an interference with the plaintiff's right to privacy. It found that the plaintiff had proven that the respondent had interfered with the plaintiff's right to privacy in numerous ways, including by causing the plaintiff loss and by affecting the plaintiff's rights.

Accordingly, the plaintiff was awarded NZD 168,070.88 (USD 110,623) in damages, and the HRRT made various orders and a declaration in respect of the respondent's breaches of the plaintiff's right to privacy.

Avoiding temptation

Although it can be tempting to seek redress against errant employees (past or present), employers must ensure that any action they take does not infringe the employee's rights, including the right to privacy. In this case, pressuring another employee to access the photograph, and in particular distributing it to third parties, stepped over the line of 2 reasonable conduct on the part of the employer and resulted in a costly remedy (not to mention that more people than originally intended actually saw the photograph!).

Nic Patmore