Some of the 10,000 asylum seekers whose personal details including “a) full names; b) gender; c) citizenship; d) date of birth; e) period of immigration detention; f) location; g) boat arrival details; h) reasons why the individual was deemed to be unlawful” were accidentally published by the department of the immigration are now demanding that they be granted visas as the breach of privacy has exposed them to danger should they return home.

Privacy Commissioner Mr Timothy Pilgrim who is investigating the matter found that the Department of Immigration was in breach of important privacy principles under existing Australian legislation. He explained in his findings that he had received many complaints from individuals affected by the breach and said that it will be possible for him to award a financial remedy, provided that the affected individuals can establish that they have suffered loss of some kind. The Commissioner is continuing to investigate those complaints.

In the meantime, other asylum seekers are pursuing the matter through the courts claiming that they cannot return home due to the dangers they now face due to the privacy breach by the department of immigration.

Tasmanian Labor senator Lisa Singh, is currently seeking to revive laws, which were due to pass under the last government, that would enforce businesses and government to notify the public about data breaches, according to a report in The Australian.

“As people who were already in ¬vulnerable situations who could be ¬targeted, and have their families and friends targeted, by oppressive groups or governments, the leak of this -information over a period of eight and a half days on the department’s website and 16 days on the Internet Archive was especially worrying,” Senator Singh said. She said legislating mandatory disclosure requirements with penalties would have a much greater effect on creating a culture of protection and responsibility around personal data than otherwise would be the case.

“Currently there is no obligation on public and private sector organisations to notify people whose details they have leaked or accidentally made public on the net or elsewhere” said Senator Singh.

According to Patrick Gunning of King & Wood Mallesons, “The Commissioner found that the Department had contravened Information Privacy Principle 4(a) – the security principle – because the Department’s policies and practices failed to adequately address known security risks. The Department’s policies recognised the risk of inadvertent publication of personal information, but staff had not been made aware of why it was important to follow the policies, and how to do so.”

DIBP claims to have now reviewed its internal processes and put in place measures to prevent such a breach from occurring again while it awaits further decisions by the Courts and the Privacy Commissioner.