Back to insights

Help your insurer help you: a guide to disclosing information when making a claim under your insurance policy

01 Apr 2024

Alerts
Insurance

When you make a claim under an insurance policy, the insurer may request you to provide documents to help them assess the claim. The documents might contain information about your employees.

When can you provide this information to your insurer and when do you have to be cautious about disclosing information?

Privacy issues

Not all organisations need to comply with the Privacy Act 1988 (Cth) (Privacy Act), but generally, all organisations with an annual turnover in excess of $3 million must comply. There are also some organisations who must comply regardless of annual turnover (eg. health services). If you are unsure about whether the Privacy Act applies to your organisation, the Office of the Australian Information Commissioner provides a helpful guide here.

If the Privacy Act applies to your organisation, then you need to be careful about the information that you disclose – even if it is to your insurer.

What type of information must be kept private?

The Privacy Act protects “personal information”. This is any information or an opinion about an individual who is identifiable. It includes a person’s name, signature, address, telephone number, date of birth, medical information, bank account details, employment details and even commentary or an opinion about a person.

Personal information is therefore commonly found in the documents that insurers want to see when investigating claims. For example, it will be contained in witness statements, incident reports or payslips.

Consent

An organisation may disclose personal information where the individual has consented to the use or disclosure, or when the personal information is used or disclosed for the primary purpose if was collected.

For example, a worker who makes a workers compensation claim will usually sign a consent authority in their claim form which enables you to provide the insurer with the worker’s personal and health information to assist with management of the claim.

You might also consider including a consent authority in your standard incident report forms so that you automatically obtain consent to disclose the statement to your insurer if a claim is made.

Other exceptions

There are some other exceptions to the Privacy Act which mean that there are certain circumstances in which you can provide information to your insurer without needing to obtain consent first.

Employee records

Under this exemption, the organisation is permitted to disclose:

  • a current or former employment relationship between the employer and the individual; and
  • an employee record held by the organisation and relating to the individual.

An example of this is providing employee records to your workers’ compensation insurer when that employee makes a claim.

Asserting or defending a legal claim

You are permitted to disclose personal information when it is reasonably necessary to assert your legal rights or to defend a claim.

This exception may not always apply prior to your insurer referring the claim to its lawyers, but if the information is released once a lawyer is involved, it is likely that disclosure of the information to the insurer and the lawyer is permitted under the Privacy Act.

You should be careful to make sure that you are providing information that is collected and held by the organisation seeking to assert a legal right or defend a legal claim. In large company groups it is easy to treat the information held by a subsidiary as information held by the group at large. That is not necessarily the case and you may breach the Privacy Act if one organisation provides personal information held by that organisation to another entity within the group to assist that entity with legal proceedings it is facing.

Compelled by law

You are also permitted to disclose that personal information if that disclosure is required or an authorised under an Australian law, or an order of an Australia court or tribunal. For example, if required by a subpoena, order to produce or because of disclosure obligations.

For more information, you may like to read our article here.

Practical tips

If your insurer has asked you to provide information that is likely to disclose personal or sensitive information, we recommend you:

  • consider whether a document could be provided with redactions.
  • ask the individual to consent to the release of the information, describing the purpose of the disclosure.
  • make a note of the disclosure of the personal or sensitive information to your insurer.
  • disclose only the minimum amount of personal information that is sufficient to assist the insurer.

If you are unsure about whether you are covered by the Privacy Act, or have a question about whether you can disclose any information that is covered by the Privacy Act, we recommend you reach out to our team to assist you in your enquiries.


By Tom Arndt, Solicitor and Ariel Bastian, Associate

Previous Next

Share Insight

Relevant Contacts

ELIZABETH TYLICH

Chairperson & Partner | Corporate Commercial

ERICA THUIJS

Partner | Insurance & Risk
Previous Next
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Stay up-to-date and subscribe to receive our latest news and insights