ACT News

A Canberra psychology clinic accidentally reveals clients' personal details in email

A Canberra psychology clinic has apologised after it accidentally shared personal details of hundreds of patients in a group email.

The incident has triggered an angry response from clients who say the email was a serious breach of privacy and eroded the trust of patients who sought confidential psychological help.

Northside Psychology, which has offices in Hawker, Gungahlin and Erindale, admitted a "serious administrative error" meant the email addresses of all recipients were included in a message about a mindfulness seminar sent to more than 200 people on Tuesday. 

One patient replied to the group email saying they were "absolutely horrified" the addresses had been distributed to everyone on the list and it was a "clear and unacceptable breach" of the privacy act. 

Another male client, who did not want to be identified, said the shared details constituted a "major breach of privacy" and an  apology did not make up for the hundreds of names and workplaces that were divulged.

"The list included all personal email addresses, and for persons employed in the Commonwealth or ACT public service it also included email addresses which pointed to whom they worked for," he said. 

Advertisement

The business offers counselling and assessment services for matters including anxiety, trauma, sexual abuse, eating disorders, relationship problems, bullying and harassment.

In a follow-up email sent on Thursday, director and principal psychologist Holly Kirwan said staff were liaising with the Office of the Australian Information Commissioner about the incident.

"We accept without question that the sending out of the material in the form that it was sent was a serious administrative error and breach of privacy," the email said.

"I can confirm that steps are being taken to avoid such an error in the future. We are reviewing all relevant policies and procedures and are providing additional training to our staff.   

"We will not send out information of programs or courses or other unsolicited material without your prior consent and none will be sent via email."

She said staff took clients' privacy very seriously and she was deeply sorry for the error and any distress it caused. 

"A number of you have contacted me directly and I will also respond to each of you individually," the email said.

Ms Kirwan was contacted for comment. 

Information on the clinic's website stated that confidentiality was paramount and staff adhered to a professional code of ethics and kept treatment and assessment records securely locked. 

The male client said his biggest concern was that patients who received the email could pass on the personal information to others. 

"In the case of those that work for ACT or Commonwealth departments this could have the ability to be used for corruption," he said. 

"I also have a business which people may not use if they knew I was attending."

He said protocols to prevent such a mishap should already have been in place given the strict ethical standards the business had to meet. 

"Visiting a psychologist comes with a lot of trust," the client said. 

"In this case that has been eroded and may affect the treatment people are receiving."

The Office of the Australian Information Commissioner would not confirm whether or not it had received any communication or complaints about the incident. However, the office welcomed a federal government proposal to introduce mandatory reporting.

A spokeswoman said organisations were not currently required to report on any privacy breaches under the privacy act.

"The OAIC believes that the timely notification of a data breach in the right circumstances can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach."

Clarification: The Canberra psychology clinic involved is Northside Psychology, not Canberra Psychology Clinic.

Advertisement