As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.
According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.
Following a class action in which 1,297 participating members provided submissions to the OAIC, the OAIC undertook an assessment and concluded there was no reason to dispute the findings from the Commissioner’s initiated investigation and own motion investigation report that:
- the Department had failed to put in place reasonable security safeguards to protect the personal information that it held against loss, unauthorised access, use, modifications or disclosure and against other misuse; and
- the publication of personal information of the listed individuals was an unauthorised disclosure, in contravention of the then Information Privacy Principles.
Compensation will be payable to participating members who have demonstrated that they have suffered loss or damage as a result of the data breach, and range from $500 to more than $20,000 based on severity of the impact. Commissioner Falk has raised the importance of the impact of this case in being “the first representative action where the OAIC has found compensation for non-economic loss suffered by individuals affected by the data breach”.
As yet there has been no guidance provided as to how these sums are assessed which leaves a lot of uncertainty in these situations.