The concept of confidentiality often arises when processing access applications under the Right to Information Act 20091 (Qld) (RTI Act). This guideline is an introduction to the concept of confidentiality and the requirements necessary to establish that information is confidential under the RTI Act.
There are two types of confidentiality relevant to access applications under the RTI Act:
Under schedule 3, section 8 of the RTI Act information will be exempt from release if it would found an action for breach of equitable or contractual confidence. For detailed information, decision makers should refer to the Breach of Confidence Guideline.
As set out above, information that is subject to equitable confidentiality is exempt from release in response to an RTI access application. For detailed information, decision makers should refer to the Breach of Confidence guideline.
In order to qualify as equitable confidentiality and be exempt from release, the information must fulfil four criteria. Every criterion must be met; if it misses out on even one, the information will not be subject to equitable confidentiality.
The criteria are:
1. The information must be specifically identified.
2. The information must have the 'quality of confidence'—this can be complex, but at its most basic, the information must not be trivial or useless, it must not be in the public domain, common knowledge, or something which the applicant already knows, and it cannot be evidence of a crime.
This requirement is about the substance of the information, about whether there is something about it that makes it the kind of information that would attract confidentiality. The Information Commissioner has previously said information such as commercial secrets, private secrets, and Aboriginal and Torres Strait Islander cultural secrets satisfy this criteria.
3. When the person the information belonged to gave it to the agency, they must have meant for it to be kept confidential and when the agency received it, they must also have intended for it to be kept confidential.
This criteria requires a mutual understanding of confidentiality. If only one party believed that the information was to be kept confidential, and the other party did not, then the information cannot meet the test for equitable confidentiality and it cannot be exempt from release under the breach of confidence provision.
4. Giving the information to the applicant would be an unauthorised use of the information—if the other three criteria would be satisfied, and the applicant was not a party to the confidentiality, then this test will be met.
The identity of people who make complaints to an agency is, except for extraordinary circumstances, contrary to the public interest to release. One of the reasons for this is because releasing it would prejudice the agency's ability to obtain confidential information.2
For more information, refer to: Applications for investigation and complaint documents.
5.Where the person the information belonged to was a government body, it will generally be necessary for disclosing it to cause them a detriment. This will not apply for non-government entities.
Agency contracts for goods or services often contain an obligation of confidentiality in relation to certain information. If release of the information would be a breach of these clauses, it may be exempt from release under schedule 3, section 8 of the RTI Act.
Many Acts contain confidentiality clauses which may provide different levels of protection for information. For example, they may protect specific kinds of information, such as patient information or student information, prohibit the release of any information an officer becomes aware of due to their job, or prevent the release of information except in certain circumstances or to specified parties.
These confidentiality provisions are overridden by the RTI Act.3 Once someone makes an access application under the RTI Act, those provisions no longer apply. However, the information protected by those confidentiality provisions may, in some circumstances, be exempt4 or contrary to the public interest to release.5
In some circumstances, confidentiality is confused with other concepts such as privacy or commercial affairs. When considering documents under the RTI Act, or discussing matters with applicants or third parties, it is important to be clear about which concept is relevant.
Documents located in searches may be marked 'confidential' or 'commercial in confidence'. They may have been marked by business units of the agency or by people outside the agency who originally provided the documents. These kinds of notations cannot determine whether the information contained in the documents is confidential.
It is necessary to carefully consider the contents of all documents within the scope of an application to decide if their contents:
Many email systems automatically add a disclaimer to outgoing emails. These disclaimers generally include statements like: 'the contents of this email are confidential' and 'confidentiality is not waived if you receive it in error'.
Much like stamping a document 'confidential' or 'commercial in confidence', these disclaimers do not automatically make the email confidential. Its contents must still satisfy the relevant tests. If they do not, the type of information in the email must be categorised—is it personal information, or legally privileged, or does it relate to an investigation?—and any relevant public interest factors for and against disclosure identified.
There are public interest factors against release which relate to personal information6 and privacy7. These can weigh heavily against refusal of access, particularly where the information is highly personal, such as information that relates to someone’s private life, details about their participation in an investigation, or medical information.
In some circumstances personal information will also satisfy the tests for equitable confidentiality, but privacy and confidentiality are not the same; when making decisions under the RTI Act it is important to understand the difference.
Agencies are subject to the privacy principles contained in the IP Act, including the principles8 which set out when personal information can be disclosed. Many legislative confidentiality provisions allow information to be disclosed where the disclosure is authorised by law. Generally, law refers to another Act, but it is important to remember that, while they are contained in an Act, the disclosure privacy principles9 cannot be relied on to override a confidentiality provision10 because they are not an authority to disclose. Rather, they are an exception to the general rule11 that an agency is not permitted to disclose personal information.
Current as at: February 19, 2021