In February, an immigration database containing the identities of almost 10,000 asylum seekers was mistakenly published on the department’s website.
An investigation by another government office found the immigration department “breached the Privacy Act by failing to put in place reasonable security safeguards to protect the personal information it held against loss, unauthorised access, use, modification or disclosure and against other misuse”.
The Asylum Seeker Resource Centre released the statement below on November 12 in response to the commissioner’s findings.
The Australian Privacy Commissioner has delivered a damning report into the Department of Immigration’s data breach, which saw the private details of nearly 10,000 asylum seekers made public on its website.
People’s names, gender, citizenship, date of birth, period of immigration detention, location and boat arrival details were displayed on the Department’s website for over a week — putting them at further risk of harm and persecution if they are returned to their home country.
ASRC’s Director of Advocacy Serina McDuff said: “The ASRC welcomes the Commissioner’s investigation into the data breach. However, we remain deeply concerned with the finding that he is satisfied with the remedial actions taken by the department.
“We have little faith in the capacity or will of the department to comply with privacy laws, particularly given there has been another serious privacy breach since, with hard drives containing highly personal information regarding asylum claims going missing on Nauru.
“We are also concerned that the impact of this breach on the people affected has not been adequately addressed by this report or in any other forum.
“Nine months on, they have received no redress for this potentially life-threatening error. This is appalling, particularly given the privacy breach, in itself, is grounds for people’s protection claims to be upheld.”
About 1600 people have submitted individual complaints which are still being investigated.
McDuff said there was evidence that the department was trying to interfere with this process.
She said: “Rather than acknowledge their heinous error and work to protect those people whose privacy they have breached, the government has actively tried to cover up their mistakes and prevent people from seeking remedy.
“They have tried to force people to sign waivers stating they won’t hold the department responsible for any harm they may come to if they are deported to their home country …
“The department’s continued ill-treatment of the 10,000 people affected by its dangerous incompetence is shameful.
“The Minister must guarantee that those affected will not be returned to harm or persecution in their home country.”