You web browser may not be properly supported. To use this site and all its features we recommend using the latest versions of Chrome, Safari or Firefox

The Australian Government has been ordered to pay compensation to almost 1300 people seeking asylum after accidentally leaking their highly sensitive personal information in 2014.

In an Australian first, led by Slater and Gordon and the Refugee Advice and Casework Service (RACS) on a pro bono basis, the Australian Information Commissioner and Privacy Commissioner decided compensation should be paid for the mass privacy breach.

In February 2014, the Department of Home Affairs accidentally published on its website a report which provided access to a spreadsheet that included the personal information of thousands of people who were being held in immigration detention.

The data included names, dates of birth, citizenship status, location, boat arrival details and period of immigration detention.

A representative complaint was made to the Office of the Australian Information Commissioner (OAIC) in 2015.

Slater and Gordon Senior Associate Ebony Birchall said the ruling was an unprecedented decision which would assist almost 1300 vulnerable people whose privacy had been breached.

Dr Birchall said it was the first time in Australian history that compensation has been ordered for a mass privacy breach.

“This is the most significant use of the representative complaint powers in the Privacy Act to date, and appears likely to result in the largest compensation figure ever to be determined for a privacy claim in Australia,” Dr Birchall said.

“It is an important reflection of the fact that privacy breaches are not trivial or consequence-free mistakes, and that increasingly, individuals who suffer loss as a result of a breach should expect to be able to obtain redress.

“Organisations holding personal or sensitive data need to take their obligations seriously, and the presence of meaningful consequences and compensation rights following breaches is a significant development.”

RACS Centre Director and Principal Solicitor Sarah Dale said: “We are pleased to see it publicly recognised that the Department of Home Affairs breached the fundamental right to privacy of thousands of people seeking asylum in Australia.”

“We also acknowledge, however, that no decision or result such as this will alleviate the distress caused to people who have already experienced so much pain,” Ms Dale said.

“This breach meant that any person searching the internet could access the personal information surrounding thousands of people applying for protection in Australia. This includes authorities and indeed even the perpetrators of the persecution, in the countries from which they fled.

“For men, women and children already terrified of being returned to a country where they feared for their lives, this data breach caused huge anxiety, at a time when it was already at its peak.”

Slater and Gordon, RACS and other partners devoted hundreds of thousands of dollars' worth of time and money towards pursuing the data breach case over the past three years, completely pro bono.

“Pro bono legal assistance has been critical in a case such as this, where the majority of people affected by the breach have only limited experience of their rights under Australian law and limited access to legal representation, accompanied in many cases by cultural and language barriers as well,” Dr Birchall said.

People affected by the data breach can find further information on Slater and Gordon’s website:

Media Contact Therese Allaoui (03) 9602 6844 / 0428 994 937