Heralded a “win for the little, the ordinary people” and a “lesson to all businesses”, Australia’s first privacy class action settlement has been approved by the NSW Supreme Court.

Professor George Newhouse, who led the class action against the NSW Government with client Tracy Evans, was reported saying the matter was “the first to go to court and the first to settle in this way”.

While viewed as “fair and reasonable” by some, the $275,000 settlement approved by Justice Julie Ward, has left others feeling as if the award did not reflect the impacts of the breach. Demand for a letter of apology is high among class action members who, some four years later, are still affected by the data breach.

what was the case about?

A NSW Government contractor, Mr Waqar Malik, unlawfully disclosed personal information of 130 current and former hospital employees. Specifically, Mr Malik sold workers compensation files of 130 ambulance workers to personal injury law firms with the files including medical records such as psychiatric assessments and details of injuries.

what has been learnt from this test of the privacy regime in australia?

First and foremost, this case serves as a frank reminder to all businesses that the law will intervene to penalise those who fail to properly protect the personal information they collect, use and disclose from misuse and theft.

While a great win in this regard, the award can only be seen by some as “adequate”. Lead applicant Tracy Evans has explained that the case was truly about “accountability rather than money”. In this respect, “other class members wish for a letter of apology and feel the compensation does not reflect the impact of the breach”.

As a result there have been calls to the Federal Government to act now to improve the data protection regime in Australia. The road to reaching this settlement was long and painful and unsatisfactory to those it affected.

Calls for regulatory reform to introduce higher accountability are circling the government. Compared to global counterparts, it has been said that the Australian data protection regime is one of the weakest.

this is not the first time there have been calls for the australian privacy regime to be strengthened.

In August 2019, the Australian Competition and Consumer Commission (ACCC) suggested amendments to the Privacy Act after publishing its Digital Platforms Inquiry Final Report.

The ACCC found an inequitable imbalance of power between digital platform organisations and consumers. It said that changes to the Privacy Act are necessary as current Australian privacy laws do not adequately protect consumers or act as an effective deterrent to those who could breach those laws.

Recommended changes would result in a more GDPR style regime and so address what has been highlighted in this case – that on a global scale the Australian privacy regime currently does not protect consumers and the general public as much as it should and importantly, as much as other countries do.