The Immigration department’s well publicised 2014 data security breach continues to cause difficulties for the Department.  In late January and mid February the courts have issued interlocutory injunctions preventing the removal from Australia of certain asylum seekers pending the outcome of administrative law challenges to decisions to refuse refugee status, based on the Department’s consideration of the impact of the 2014 data security breach. 

Details of the breach, and the Privacy Commissioner’s findings on an own-motion investigation, are in our earlier post.

On 23 January 2015 in SZWAJ v Minister for Immigration and Border Protection [2015] FCA 26, Justice Greenwood granted an interlocutory injunction restraining the Minister from “from removing the applicant from Australia pending the determination of final relief in these proceedings or earlier order”.  After the Department became aware of the data security breach, it wrote to all affected asylum seekers and said (amongst other things) that:

 “The department will assess any implications for you personally as part of its normal processes.  You may also raise any concerns you have during those processes”

In SZWAJ the Minister proposed to remove the applicant from Australia.  SZWAJ has claimed that the Minister (or the Department) has failed to consider properly the impact of the data security breach on a return by the applicant to India.  The precise nature of SZWAJ’s argument is not clear from the decision, but Justice Greenwood came to the conclusion that there was an arguable point and that the removal of the applicant from Australia would be highly prejudicial to the applicant’s ability to argue the case.  Accordingly, the court granted the interlocutory injunction.

Later, in mid February, the Federal Circuit Court followed Justice Greenwood’s lead and granted an interlocutory injunction in SZWCH v Minister for Immigration & Anor [2015] FCCA 325.

Whether or not these decisions have any material impact on the ultimate fate of the asylum seekers request to be recognised as refugees remains to be seen.  As reported earlier, the Privacy Commissioner is separately investigating complaints he received from a number of the affected asylum seekers, but the remedies available under the Privacy Act do not extend to granting refugee status.