Editorial: Cake ruling a strong signal on privacy

NZCU Baywide's ex-HR manager sent a copy of the photo to at least four recruitment agencies, warning them against employing Karen Hammond. Photo / HBT

Opinion

Cautionary tale shows it pays to pause before publishing anything inflammatory on social media

The microscope that is social media was some time away when the Privacy Act was passed in 1993. It might have envisaged situations when, say, two people shared information between themselves.

But it could not foresee circumstances prompted by the likes of Facebook, where information supposedly shared just with "friends" could be widely disseminated.

A ruling this week by the Human Rights Review Tribunal has, however, provided a strong message that while much has changed, expectations of privacy cannot be trampled underfoot.

When a breach of privacy is so blatantly intentional, as was the case with NZ Credit Union Baywide's malicious treatment of a former employee, a substantial award for humiliation, loss of dignity and injury to feelings can be the only outcome.

The tribunal has ordered it to pay more than $168,000 to Karen Hammond, who baked a cake with an abusive message to the NZCU on top in icing. It was taken to a party, where an image was uploaded to her Facebook page. Privacy settings ensured that only those who had been accepted as "friends" had access to the photos.

But NZCU executives became aware of the cake and compelled one of their employees, a friend of Ms Hammond, to breach her privacy by taking a screenshot of the cake. NZCU Baywide's human resources manager then sent a copy of the photo to at least four recruitment agencies, warning them against employing her.

As a consequence, Ms Hammond said, she had to endure several "humiliating" job applications and believed her career was in "tatters".

In the first instance, the NZCU's behaviour was, obviously, utterly untenable. Senior management's personal animosity towards Ms Hammond prompted it to use the Facebook photo to, in the words of the tribunal, "exact revenge".

What the NZCU did in distributing the information was reprehensible, sufficiently so for the tribunal to conclude that Ms Hammond's suffering was at the serious end of the spectrum. "Unrestrained use of personal information can cause devastating, if not irreparable, harm to an individual," it noted.

For that good reason, cases such as this should soon fall under the Harmful Digital Communications Bill.

In the meantime, the tribunal's award must suffice. The NZCU sought, effectively, to destroy Ms Hammond with what was private information, even though it was on Facebook.

Equally, however, she should have been wary about putting the photo of the abusive cake on her page.

Retaining any element of privacy in the world of social media is fraught with difficulty. Items of interest or criticism about, say, an employer have a habit of being distributed very quickly and very widely. Reputations can be destroyed in an instant.

The tribunal concluded that the NZCU should have paused to consider its obligations under the Privacy Act. If so, it would have been deflected from its "high-handed and impulsive" reaction, which led to serious harm to Ms Hammond and the image and reputation of both itself and its staff, not least the human resources manager who subsequently vacated her desk.

It would also have been wise, however, for Ms Hammond to pause before embarking on her own revenge by uploading an inflammatory image to her Facebook page.

Such caution is advisable for all parties in coming to terms with expectations of privacy in the wide open world of social media.