The Office of the Australian Information Commissioner (OAIC) calls those who were affected by the Immigration Department’s 2014 data breach to contact the office.
On 10 February 2014 the Department of Immigration released a routine report in which the names and personal details of 9,258 asylum seekers were made available on their website. This incident has come to be known as “the Data Breach”.
The Department Of Immigration has advised that a routine report released on the Department’s site unintentionally enabled access to personal information about people who were in immigration detention on 31 January 2014. The information included the applicant’s name, date of birth, nationality, gender, boat arrival details, when they were detained (reason and where) and if the applicant has other family members in detention.
It appears that the information was accessible on the Immigration website “for 9 days, and cached on an archived search engine for around 2 weeks”.
Mr Timothy Pilgrim, the Privacy Commissioner, later that year considered that the Department of Immigration had breached its obligations under the nation’s Privacy Act.
As a result of this data breach the Department of Immigration has already spent $1 million in legal fees, but those costs are expected to rise.
On 15 August 2015 a group of affected persons made a complaint. As part of the investigation, the OAIC ask victims to contact the office and provide information about any damage or loss they had suffered as a result of the data breach. Please call the OAIC at 1300 363 992 or send an email at: repcomplaint@oaic.gov.au
In a Notice to all persons in Immigration Detention the Office of the Australian Information Commissioner (OAIC) is seeking information from individuals who were:
- in immigration detention (including Immigration Detention Centres, community placements, and alternative places of detention) on 31 January 2014, and
- suffered any loss or damage as result of the data breach.
In the same Notice the OAIC says that if an asylum seeker was in immigration detention on 31 January 2014 and suffered any loss or damage as a result of the Department’s Data Breach, he/she will need to provide the Commissioner with information.
“The commissioner is preparing to make a determination on this matter … in which he will consider whether a remedy, including any compensation, should be awarded to any individual group member who has suffered loss or damage as a result of the data breach,” the OAIC’s Notice says.
Information provided to the OAIC should include anything the individual considers to be “relevant to the loss or damage you suffered”. This could include a statutory declaration or signed statement.
“You may also include any evidence you have from the time of the data breach, or when you first found out about the data breach, (such as medical reports) that contain details about how you reacted to the data breach, and any treatment you received as a result of the data breach’s impact on you,” the OAIC said.
The closing date for submissions is 4.00 pm on 19 April 2018.