Breaches of people’s personal data have become an increasing problem over the past few years in Australia.
These breaches, which compromise people’s sensitive and personal information, have tended to happen on a large scale by companies and governments failing to safely secure personal data.
These breaches of personal privacy have the potential to impact the welfare, safety and well-being of those affected.
According to the Office of the Australian Information Commissioner (OAIC), millions of Australians have already been impacted by numerous data breaches in 2019. A recent example of this, in October 2019, was when Optus advised almost 50,000 customers that their personal information (including names, addresses and phone numbers) were mistakenly released to a third party, resulting in those personal details being published online.
Events such as this have led to an increasing interest in class action litigation being pursued in this space. The difficulty, however, remains that there is currently no privacy-based cause of action available, by which people can claim damages through the courts in Australia.
Despite this, individuals can still make complaints to the OAIC, under the Privacy Act. Further, the Privacy Act also allows numerous individuals to tie all their complaints into one complaint to the OAIC (known as a ‘representative complaint’). This can be done in circumstances where multiple people are making:
- complaints against the same person or entity; and
- these complaints relate to the similar or related circumstances (e.g. a company has committed the same data breach against many people in a single event).
A representative – or group – complaint under the Privacy Act to the OAIC is an alternative to running a class action in a court proceeding, allowing cases affecting large groups of people to be pursued together, rather than requiring hundreds or thousands of single complaints to be lodged individually.
Given this viable alternative, Slater and Gordon Lawyers’ class actions team are currently investigating the potential of running such a representative complaint on behalf of the Optus customers who have their data compromised.
The contents of this blog post are considered accurate as at the date of publication. However the applicable laws may be subject to change, thereby affecting the accuracy of the article. The information contained in this blog post is of a general nature only and is not specific to anyone’s personal circumstances. Please seek legal advice before acting on any of the information contained in this post.