In February this year, the Australian Department of Immigration and Border Protection (DBIP) was found to have leaked the personal details of approximately 10,000 asylum seekers, who ranged from new-borns to octogenarians, and came from countries including Sri Lanka, Afghanistan, Iran and Syria. The leaked data included their full names, nationalities, arrival dates and boat arrival information. As the Guardian reported at the time:
“The breach raises serious questions about whether those identified could be placed at risk of retribution if they are returned to their countries of origin.”
An investigation into the leak by Timothy Pilgrim, Australia’s privacy commissioner, has now concluded. The commissioner’s report found that the DBIP acted unlawfully by “failing to put in place reasonable security safeguards to protect the personal information that it held against loss, unauthorised access, use, modification or disclosure and against other misuse, and the publication of the personal information of the listed individuals was an unauthorised disclosure, in contravention of IPP [Information Privacy Principle] 11.”
“This incident was particularly concerning due to the vulnerability of the people involved,” Mr Pilgrim said. The commissioner has now closed the investigation.