Optus faces a multi-million dollar payout after publishing the addresses of 50,000 customers in one of Australia’s biggest-ever breaches of privacy.
Maurice Blackburn Lawyers has made a ground-breaking class action complaint against the telecommunications company – and are asking those who believed they may have been affected to contact them.
If successful, the action could see Optus forced to pay at least $40 million – or potentially even more.
Maurice Blackburn Lawyers has launched a massive class action against Optus, which allegedly breached the privacy of its customers last year
Optus faces a multi-million dollar payout to customers who have launched a class action against it over allegations their privacy was breached
The legal action is understood to be the first of its kind against a telco for a breach of privacy.
The data breach was discovered by Optus during a routine audit of 10 million customers in October last year.
Optus told nearly 50,000 customers via a letter that their name, address, mobile and home phone numbers had been wrongly published in the White Pages, run by Sensis, against their wishes.
About 40,000 of those people were new customers whose details were already breached, according to Optus.
‘The majority of the affected customers’ details were already listed with Sensis prior to joining Optus,’ an Optus spokeswoman said at the time.
How Optus allegedly failed in its duties to protect privacy
It disclosed personal information of customers within the meaning of the Privacy Act 1988 (Cth) (the Act).
Disclosing private information originally collected for another purpose, namely the provision of Optus services
The disclosure of personal information in phone directories was a secondary purpose and was not consented to by customers
Failing to take steps to protect the privacy of its customers
But Sensis insisted it was strictly an ‘Optus issue’.
While the personal details were subsequently removed from the White Pages online directory, they remained published in printed copies of the phone directory.
Under the Privacy Act, corporations which disclose personal details of clients face penalties including fines.
The class action is expected to seek compensation for affected customers.
Maurice Blackburn Senior Associate Elizabeth O’Shea said privacy breaches were an increasing problem as companies became increasingly entrusted with personal information.
‘When people share personal information about themselves with companies, especially large ones, they expect that data to be held securely, and for it to be used only in lawful ways,’ she said.
‘Too often we see reports of data mismanagement and it’s time for companies to be held accountable for this.’
Optus customers who jump on a class action could be in for a generous payout should it succeed in court
The Supreme Court of Victoria will be the likely venue for the expected class action trial over allegations Optus breached the privacy of its customers
Ms O’Shea said bad practices in data management can result in real world consequences for people.
‘And to make companies understand that, we will need to start taking them to court,’ she said.
The law firm is renowned for its previous successful class actions against major companies.
Last October, it secured Queensland Cash Converters clients $42.5 million in compensation over allegations the payday lender breached Queensland credit laws.
In 2014, Victoria’s Supreme Court approved a $494 million payout to victims it represented of the deadly 2009 Black Saturday bushfires, in what is considered to be the biggest class action in Australia’s legal history.
Ms O’Shea said class actions were an essential legal mechanism which allowed consumers to seek damages for corporate wrong-doing.
‘Indeed, a functioning class actions system is a deterrent to corporate malfeasance, and signals to both investors and consumers wrongdoing comes at a price, bolstering confidence in the market,’ she said.
‘It also counterbalances the power of large companies and allows wronged consumers to take them on.’
An Optus spokesperson said the company takes privacy obligations seriously, and regularly audits its processes to makes sure customer information is safe.
‘When undertaking a review of our records against Sensis listings last year, we identified inconsistencies.
‘We requested that Sensis remove the information from their online directory and we notified all customers who may have been affected.’
The spokesperson said Optus was ‘working co-operatively with the Privacy Commissioner on this investigation’.
The matter is likely to proceed before the Supreme Court of Victoria.