The $180 billion superannuation fund has been ordered to audit certain procedures, after a member's complaint to a federal regulator found the fund interfered with their privacy.
The Office of the Australian Information Commissioner (OAIC) on December 16 delivered a judgement on a complaint that an AustralianSuper member filed over three and a half years ago.
The member, who is identified in court documents as WG, lodged a group insurance claim with AustralianSuper in November 2014 during which they engaged two law firms. However, by the time AustralianSuper paid out the claim in June 2016, WG had let go the law firms' services.
WG made four claims in their complaint to the OAIC: that AustralianSuper did not inform them their claim would be handled by an administrator instead of the insurer (which the OAIC did not agree with), and that the fund disclosed their personal information to lawyers and law firms for whom WG had revoked authority by that time.
"The complainant [WG] emailed notices to the respondent [AustralianSuper] advising that the complainant had revoked any authority for the law firms to act in respect of the insurance claim. Despite the revocations, the respondent made contact with the law firms regarding the insurance claim," the judgement said.
The OAIC found AustralianSuper disclosed WG's personal information in breach of Australian Privacy Principle 6 and failed to take reasonable steps to ensure that it used accurate and up-to-date personal information for WG.
AustralianSuper was ordered to issue a written apology to WG and pay $4500 for loss caused by it. WG had claimed $10,000 in losses.
The determination also asked AustralianSuper to engage an auditor to assess its procedures and training to staff and contractors (including all new staff and contractors) regarding updating changes to authorities to act.
The auditor is to file a report in three months, after which AustralianSuper must submit to the privacy commissioner a timeline for implementing the auditors' recommendations.
"AustralianSuper will fully comply with the directions of the Office of the Australian Information Commissioner in relation to the incident. An independent auditor has already been appointed and an apology made to the affected member," a spokesperson for the fund said.
It declined to comment on if the auditors' report will be made public, or if the fund was aware of other instances where it failed to update members' contact details.
The determination was made by acting Australian Information Commissioner and Privacy Commissioner Elizabeth Hampton.
The OAIC is the national regulator for privacy and freedom of information that sits in the Attorney General's portfolio.