In February 2014, a routine report released on the department's website. This unintentionally enabled access to some personal information about people who were in immigration detention in Australia on 31 January 2014. This information was accessible online for only a short period of time before it was removed from the website.
If you were not in immigration detention in Australia on 31 January 2014 you are not affected.
The information was never intended to be in the public domain. It was not visible as part of the report, and was not easily accessible.
The department has written to those affected by the incident to provide more detail on how the incident occurred, the information that was accessible and how any implications for them will be considered as part of the department's normal processes.
The department commissioned KPMG to independently review the circumstances of the breach and provide advice on ways to stop such a breach from happening again. The report was presented to the department on 21 May 2014, see
KPMG Abridged Report.
The department has taken action to implement the recommendations in that report and ensure that this sort of incident does not happen again. The department deeply regrets inadvertently allowing unauthorised access to personal information.
Update as of (publishing date) March 2024
This matter has now been finalised by the Administrative Appeals Tribunal (AAT).
On 13 September 2023, the AAT (Deputy President Perry) handed down its decision in the appeal determining that an independent Legal Firm be appointed as a scheme administrator to administer and manage any compensation claims arising from the breach as part of a broader Compensation Assessment Scheme.
The Commonwealth has appointed the law firm Norton Rose Fulbright to independently review and assess compensation claims from class members and make recommendations in relation to amounts of compensation for each individual who was affected by the breach, and who applies, where appropriate. As directed by the AAT, the Department has provided information, including class member’s details, relating to the 2014 data breach to Norton Rose Fulbright in their capacity as the Scheme Administrator. This disclosure to Norton Rose Fulbright is considered to be an authorised disclosure under Australian Privacy Principle 6.2(b) as it is authorised or required by an Australian court or tribunal.
Further information about the Compensation Assessment Scheme can be found on the Norton Rose Fulbright’s website www.immigrationdatabreach.com.au.
Norton Rose Fulbright has also distributed further information directly to individuals where contact details are available.
