Basic guide to confidentiality

The concept of confidentiality often arises when processing access applications under the Right to Information Act 20091 (Qld) (RTI Act). This guideline is an introduction to the concept of confidentiality and the requirements necessary to establish that information is confidential under the RTI Act.

Confidentiality – what kind of confidential?

There are two types of confidentiality relevant to access applications under the RTI Act:

  • Equitable confidentiality, which must meet a specific set of criteria; and
  • Contractual confidentiality.

Under schedule 3, section 8 of the RTI Act information will be exempt from release if it would found an action for breach of equitable or contractual confidence. For detailed information, decision makers should refer to the Breach of Confidence Guideline.

Equitable confidentiality

As set out above, information that is subject to equitable confidentiality is exempt from release in response to an RTI access application. For detailed information, decision makers should refer to the Breach of Confidence guideline.

In order to qualify as equitable confidentiality and be exempt from release, the information must fulfil four criteria. Every criterion must be met; if it misses out on even one, the information will not be subject to equitable confidentiality.

The criteria are:

1 The information must be specifically identified.

2 The information must have the 'quality of confidence'—this can be complex, but at its most basic, the information must not be trivial or useless, it must not be in the public domain, common knowledge, or something which the applicant already knows, and it cannot be evidence of a crime.

This requirement is about the substance of the information, about whether there is something about it that makes it the kind of information that would attract confidentiality. The Information Commissioner has previously said  information such as commercial secrets, private secrets, and Aboriginal and Torres Strait Islander cultural secrets satisfy this criteria.

When the person the information belonged to gave it to the agency, they must have meant for it to be kept confidential and when the agency received it, they must also have intended for it to be kept confidential.

This criteria requires a mutual understanding of confidentiality. If only one party believed that the information was to be kept confidential, and the other party did not, then the information cannot meet the test for equitable confidentiality and it cannot be exempt from release under the breach of confidence provision.

4 Giving the information to the applicant would be an unauthorised use of the information—if the other three criteria would be satisfied, and the applicant was not a party to the confidentiality, then this test will be met.

Complainants and confidentiality

The identity of people who make complaints to an agency is, except for extraordinary circumstances, contrary to the public interest to release. One of the reasons for this is because releasing it would prejudice the agency's ability to obtain confidential information.2

For more information, refer to: Applications for investigation and complaint documents.

Contractual confidentiality

Agency contracts for goods or services often contain an obligation of confidentiality in relation to certain information. If release of the information would be a breach of these clauses, it may be exempt from release under schedule 3, section 8 of the RTI Act.

Legislative confidentiality

Many Acts contain confidentiality clauses which may provide different levels of protection. For example, they may protect specific kinds of information, such as patient information or student information, prohibit the release of any information an officer becomes aware of due to their job, or prevent the release of information except in certain circumstances or to specified parties.

These confidentiality provisions are overridden by the RTI Act.3 Once someone makes an access application under the RTI Act, those provisions no longer apply.  However, the information protected by those confidentiality provisions may, in some circumstances, be exempt4 or contrary to the public interest to release.5

What confidentiality is not

In some circumstances, confidentiality is confused with other concepts such as privacy or commercial affairs. When considering documents under the RTI Act, or discussing matters with applicants or third parties, it is important to be clear about which concept is relevant.

Documents stamped 'confidential' or 'commercial in confidence'

Documents located in searches may be marked 'confidential' or 'commercial in confidence'. They may have been marked by business units of the agency or by people outside the agency who originally provided the documents. These kinds of notation have no bearing on whether the information contained in the documents is confidential.

It is necessary to carefully consider the contents of all documents within the scope of an application to decide if their contents:

  • satisfy the criteria for equitable confidentiality and as such are exempt under schedule 3 of the RTI Act; or
  • attract relevant public interest factors against release, such as those involving the commercial and business affairs of agencies, to determine if they are contrary to the public interest.

Email disclaimers

Many email systems automatically add a disclaimer to outgoing emails. These disclaimers generally include statements like: 'the contents of this email are confidential' and 'confidentiality is not waived if you receive it in error'.

Much like stamping a document 'confidential' or 'commercial in confidence', these disclaimers do not automatically make the email confidential. Its contents must still satisfy the relevant tests. If they do not, the type of information in the email must be categorised—is it personal information, or legally privileged, or does it relate to an investigation?—and any relevant public interests for and against disclosure identified.

Confidentiality and privacy

There are public interest factors against release which relate to personal information6 and privacy7. These can weigh heavily against refusal of access, particularly where the information is highly personal, such as information that relates to someone’s private life, details about their participation in an investigation, or medical information.

In some circumstances personal information will also satisfy the tests for equitable confidentiality, but privacy and confidentiality are not the same; when making decisions under the RTI Act it is important to understand the difference.

Legislative confidentiality and privacy

Agencies are subject to the privacy principles contained in the IP Act, including the principles8 which set out when personal information can be disclosed. Many legislative confidentiality provisions allow information to be disclosed where the disclosure is authorised by law. Generally law refers to another Act, but it is important to remember that, while they are contained in an Act, the disclosure privacy principles9 cannot be relied on to override a confidentiality provision10 because they are not an authority to disclose. Rather, they are an exception to the general rule11 that an agency is not permitted to disclose personal information.

  • 1 And access applications under the Information Privacy Act 2009 (Qld) (IP Act). This Guideline refers to access and refusal of access under the RTI Act, but those references include access and refusal of access under an IP Act application.
  • 2 Schedule 4, part 3, item 16 – this is a public interest factor favouring refusal of access.
  • 3 Section 6 of the RTI Act.
  • 4 Schedule 3, section 12 of the RTI Act creates an exempt information provisions for information that falls under specified confidentiality clauses in specific Acts. For more information refer to: Disclosure prohibited by an Act
  • 5 Schedule 4, part 3, item 22 of the RTI Act recognise that disclosure of information being prohibited by an Act can be a public interest factor against its release.
  • 6 Schedule 4, part 4, section 6 of the RTI Act.
  • 7 Schedule 4, part 3, item 3 of the RTI Act.
  • 8 Information Privacy Principle 11 for non-health agencies, contained in schedule 3 of the IP Act (IPP 11); National Privacy Principle 2 for health agencies, contained in schedule 4 of the IP Act (NPP 2).
  • 9 NPP 2(1) and IPP 11(1).
  • 10 Section 7(2)(b) of the IP Act provides that the IP Act is intended to operate subject to the provisions of other Acts relating to the disclosure of personal information.
  • 11 NPP 2 and IPP 11.

Current as at: July 18, 2019