Australia’s privacy commissioner has ordered the Department of Home Affairs to pay compensation to nearly 1,300  immigration detention detainees whose personal information was mistakenly posted online in 2014.

The decision on one of Australia’s most serious privacy breaches represents the first time compensation will be paid for non-economic loss from a data breach in Australia.

“[The decision] recognises that a loss of privacy or disclosure of personal information may impact individuals and depending on the circumstances, cause loss or damage,” Australia’s Information and Privacy Commissioner Angelene Falk said today.

Falk said the compensation process will be completed over the next 12 months. Amounts will be based on a case by case basis and may range from $500 to more than $20,000 for extreme loss or damage resulting from the data breach.

The Department of Home Affairs has been ordered to work with claimants on the compensation but has avenues for reassessing claims which may drag the process out further. If parties can not agree, the Privacy Commissioner will be able to declare an amount.

Update: A spokesperson for the Department of Home Affairs said the agency had been working the privacy commissioner’s department to resolve the complaint and is “committed to working towards a final resolution”.

“The Department regrets that the unauthorised publication of personal information occurred,” the spokesperson told Which-50.

“The Department has taken a number of actions to improve procedures, quality assurance and training in relation to the publishing process, including strengthened policies and staff awareness.”

The case

In February 2014 the then Department of Immigration and Border Protection mistakenly released the personal information of 9,251 detainees online when it published a report which provided access to a spreadsheet that included the personal information.

The breach was first discovered by The Guardian.

The data included names, dates of birth, location, detainees’ citizenship status, boat arrival details and period of detention. The personal information was exposed to anyone online, sparking fears it would be accessed by persecutors of asylum seekers from the country they fled.

According to the Department of Home Affairs spokesperson, its then secretary wrote all individuals affected by the breach, “for whom an address was held”, advising them it would “assess any implications for those people as part of its normal processes”.

But a representative complaint was made to Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC) in 2015. Slater and Gordon and the Refugee Advice and Casework Service (RACS) led the complaint on a pro bono basis.

Today the OAIC said the Department of Home Affairs had interfered with the privacy of detainees in immigration at the time, ordering compensation to be paid for non-economic loss from the privacy and data breach.

Slater and Gordon Senior Associate Ebony Birchall said the ruling was unprecedented and would help nearly 1,300 vulnerable people whose privacy had been breached.

“This is the most significant use of the representative complaint powers in the Privacy Act to date, and appears likely to result in the largest compensation figure ever to be determined for a privacy claim in Australia,” Dr Birchall said.

“It is an important reflection of the fact that privacy breaches are not trivial or consequence-free mistakes, and that increasingly, individuals who suffer loss as a result of a breach should expect to be able to obtain redress.

RACS Centre Director and Principal Solicitor Sarah Dale said: “We are pleased to see it publicly recognised that the Department of Home Affairs breached the fundamental right to privacy of thousands of people seeking asylum in Australia.”

“We also acknowledge, however, that no decision or result such as this will alleviate the distress caused to people who have already experienced so much pain,” Dale said.

Dale said the breach had exposed the personal information of thousands of people applying for protection in Australia, including authorities and perpetrators of persecution from the countries from which they fled.

RACS says it, Slater and Gordon and other partners devoted hundreds of thousands of dollars’ worth of time and money towards pursuing the case over the past three years, completely pro bono.

This article has been updated to include comments from a Department of Home Affairs spokesperson.

Previous post

Sustainable Supply Chains Shift to the Centre of Business Strategy

Next post

Taboola goes public with merger deal valuing company at US$2.6 Billion