Optus is staring down the barrel of a class-action lawsuit from customers aggrieved that the telco published the names and addresses of 50,000 of its customers without their consent.
It’s one of the first and largest class-action suits against a telecommunication company for breaching privacy laws after publishing the details of its unwitting customers, stating that SingTel Optus is in violation of the 1988 Privacy Act.
Maurice Blackburn, the law firm filing the complaint, said that up “until now, no class action using the Act has been brought on behalf of customers seeking compensation.”
“Too often we see reports of data mismanagement and it’s time for companies to be held accountable for this." Elizabeth O’Shea
It marks “the first class action against a telco seeking compensation for a breach of privacy in what is an important test of Australia’s privacy laws, the class action is expected to seek compensation for affected customers,” the law firm added.
Last year, Optus embarrassed itself after conducting a routine audit that discovered as many as 50,000 of its customers had had their name, mobile and home phone numbers published in the White Pages without their consent. SingTel Optus said that a “system error” was responsible for the data leak.
Details listed online were removed by Sensis, operator of the White Pages, but physical copies were already published and handed over to households. Optus also took the unusual step to notify those impacted by the data breach via regular posted letters.
“As soon as this issue was discovered, we contacted Sensis to remove your details from their online website directory- directory assistance and any future printed editions of the directories. However, your personal details may still remain printed in older versions of the White Pages,” Optus told customers impacted by the error in a 2019 statement.
“Once again we’re very sorry for this mistake. We’re contacted all affected customers and we’ll continue to conduct audits to ensure that your personal information is treated with the greatest care,” it added.
Under the guidelines of the Privacy Act, any organisation that discloses the personal information for their clients without their outright consent is liable for large-scale fines, and the recent class-action suit is hoping to bring a large penalty against Optus.
Elizabeth O’Shea, Senior Associate at Maurice Blackburn said Optus’ privacy breach is a reminder of the responsibility in handling the public’s private details that some organisations have fallen short of in recent years.
“When people share personal information about themselves with companies, especially large ones, they expect that data to be held securely, and for it to be used only in lawful ways,” O’Shea said.
“Too often we see reports of data mismanagement and it’s time for companies to be held accountable for this. And to make companies understand that, we will need to start taking them to court,” she added.
O’Shea’s law firm is renowned for successful class action lawsuits against large organisations, including a $42.5 million suit against Cash Converters, as well as a $494 million payout to the victims and families of those impacted by the 2009 Black Saturday bushfires.
O’Shea has told the media that class action suits are a vital tool for holding companies accountable, and seeking damages for the customers impacted. “Indeed, a functioning class actions system is a deterrent to corporate malfeasance, and signals to both investors and consumers wrongdoing comes at a price, bolstering confidence in the market,” she said. Concluding that “it also counterbalances the power of large companies and allows wronged consumers to take them on.”