The Information Commissioner and Privacy Commissioner in Australia, Angelene Falk, has found the Department of Home Affairs interfered with the privacy of 9,251 asylum seekers by mistakenly releasing their personal information

The case arose from the department, formerly the Department of Immigration and Border Protection, publishing a detention report on its website in error seven years ago. The document contained embedded personal information which could identify everyone in immigration detention on 31 January 2014.

Falk’s finding follows a class action by 1,297 of the affected detainees. She ordered the department to compensate them for non-economic loss, provided they demonstrate they have suffered loss or damage as a result of the data breach. 

“This matter is the first representative action where we have found compensation for non-economic loss payable to individuals affected by a data breach,” she said. “It recognises that a loss of privacy or disclosure of personal information may impact individuals and, depending on the circumstances, cause loss or damage.”

Falk said she expects the compensation process, which is being dealt with on a case-by-case basis, to be concluded within 12 months.