Hundreds of email addresses shared by Victorian Victims of Crime Assistance Tribunal email error
October 1, 2024
The ABC reports in Hundreds of email addresses shared in Victims of Crime Assistance Tribunal administrative error that there was an accidental share of email addresses of victims of crime in an email advising of changes to the compensation application process. It appears that the email was a sent to multiple addressees, 480 the ABC has seen, however the addressees were not blind copied so the recipient could read the email address of other recipients. The addresses included first and last names. VOCAT sent 2 recall emails, which means very little.
The damage is done. Given the addressees are victims of crime, some of which may involve stalking, the presumed damage would be greater than might otherwise be the case. Damages in privacy cases have not been significant in Australian cases. That is primarily because there have been relatively few reported cases where damages have been considered. In the United Kingdom the courts also took a restrained approach to damages however with increased litigation and the bench’s greater understanding of how privacy breaches can impact a person the awards have risen. And egregious privacy breaches have increased the ceiling over time. In Victoria a complaint can be made under the Privacy and Data Protection Act 2014 with VCAT hearing a complaint. Under Section 77(1)(a)(iv) it has jurisdiction to award damages of up to $100,000. There has been only one instance where an award of damages has been made, Zeqaj v Victoria Police (Human Rights) [2018] VCAT 1733. In that case the breach was proved and an award in the sum of $1,000 was made. That is derisory. The analysis was also very disappointing. The jurisprudence in VCAT should not make a complainant optimistic. It is very difficult to succeed, hence the award provision in the Act is virtually dead letter. The analysis by VCAT is very disappointing and not consistent with privacy litigation in the UK or the USA, let alone Europe. The Office of the Victorian Information Commissioner has a page titled Assessing compensation claims for loss in privacy complaints where it provides an overview of the law. It is fairly basic and not particularly sophisticated given the development of privacy in common law jurisdictions. It is useful given all complaints must proceed through the Victorian Information Commissioner. Many complaints are mediated and resolved there. Better that than taking one’s chances in VCAT.
This type of error is all too common and especially prevalent in the public service. It is entirely preventable. Proper training and Read the rest of this entry »