Australia: Fortrend Securities fined for mishandling ex-employee’s health details

The privacy watchdog has fined Fortrend Securities $13,500 after the company unlawfully shared a former employee’s medical information with clients.

The Office of the Australian Information Commissioner (OAIC) announced the ruling on 18 September 2025, following a complaint from the ex-staffer.

What happened?
The employee had provided medical certificates to Fortrend Securities while on notice, stating they were unfit for work. After the employee left, the company’s managing director allegedly told clients the staff member had suffered a “nervous breakdown” and even shared one of their medical certificates.

What the OAIC found
The OAIC found this disclosure breached the Privacy Act, as sensitive health information was shared without consent and no legal exception applied.

The penalty
Fortrend Securities must pay the former employee $13,500 in compensation for distress and aggravated damages. The company was also ordered to:

• Issue a written apology within a week.

• Hire an independent privacy expert within three months to review policies, staff training, and procedures.

• Share the expert’s findings with the OAIC and show proof within six months that improvements have been made.

Why it matters
The case highlights how seriously the OAIC treats the mishandling of private health information, particularly when it’s shared without permission.

Full detail of information is officially available here