Four male staff have been fired from an Apple store in Carindale, Queensland after it was discovered that they were stealing and then sharing personal photographs of customers.

It was reported that staff had stolen over one hundred explicit and up-close photographs from female customers’ phones without their knowledge or consent and shared them with other stores.

The victims’ photographs were then ranked out of 10 on a scale of attractiveness. Four men involved have since been sacked.

As well as being morally abhorrent, the use of the photographs for this purpose was also likely a breach of the Australian Privacy Principles (‘the APPs’), for which their employers ought to vehemently distance themselves.

What are the Australia Privacy Principles?

The APPS are contained within Schedule 1 of the Privacy Act 1988 (Cth).

The APPs essentially protect any information about an individual collected by businesses that may lead to that person being identified by the public.

This can include information that is reasonably ascertained through cross-referencing with other information. Therefore, the scope of what constitutes ‘personal information’ is broad.

What Principles could have been breached?

The employees arguably collected personal information (here, personal photographs) that was not reasonably necessary for Apple’s functions or activities.

That is, it wasn’t necessary for male staff to collect personal photographs of female customers for the purposes of providing their services.

The conduct also raises concerns with respect to dealing with unsolicited personal information pursuant to APP 4 and use and disclosure of personal information pursuant to APP 6.

Chiefly, an entity must not use or disclose personal information for another purpose unless the consent of the individual has been obtained or an exception applies. For example, an exception could include being compelled to disclose the information to a court of law.

Clearly none of the customers involved had consented to their photographs being distributed amongst employees and ‘ranked’.

What can other businesses learn from this debacle?

It’s important for businesses to adequately educate employees about the importance of privacy and confidentiality of personal information. This can be achieved through training seminars or simply the distribution of easy-to-read educational material.

Importantly, any material provided to employees must be tailored for each unique business model and the flow of personal information within it.

Finally, privacy should be of the utmost importance to both owners and staff alike to avoid a media circus or the scrutiny of the Australian Privacy Commissioner.

With respect to Apple, Privacy Commissioner Timothy Pilgrim has confirmed that his office is investigating the matter and is seeking further information from the technology giant.

Only time will tell the outcome of those investigations but suffice to say, this debacle must serve as a lesson to other business owners on the importance of maintaining and protecting customer privacy.