What should you do when your confidential details have been fraudulently exposed? And are website privacy statements trustworthy?
In June 2015, the NSW Legislative Council called for an inquiry into serious invasions of privacy in NSW. This follows an increasing number of high-profile online privacy breaches, including the Ashley Maddison case in the USA.
In July 2015, online hackers released the membership details of over 39 million users of Ashley Maddison, an extra-marital affair website that encourages members to join to meet other users and “have an affair”.
A few weeks later, a class action claim was brought in the US totalling $US578 million after the leakage of the user information was confirmed. Client details that had been hacked included user names, fetishes and credit card information.
Tort of intimidation
Reports emerged shortly afterwards that users were allegedly receiving blackmail, emails and letters demanding payment in order to avoid publication of user data.
This form of blackmail is known as the tort of intimidation.
These reports share some factual similarities with the 2013 decision in AS v Murray (which was examined in further detail here), which illustrates the potential remedies available to a victim, which included, but are not limited to exemplary damages and costs.
In that particular scenario, the male victim, who had allegedly engaged in extra-marital affairs, received threats of blackmail from an anonymous person. The anonymous person sent the victim details of the allegations, which included details of credit card payments and the victim’s whereabouts. If the blackmailer did not receive the regular payments as directed, the blackmailer threatened to publish the allegations in explicit detail. After the anonymous blackmailer was found, a Supreme Court judge found in favour of the victim.
‘Despite having legislation that recognises an individual’s right to privacy, no Australian jurisdiction has enshrined in statute remedies for serious invasions’
In Australia, the only way to seek redress for a damaging privacy threat is through privately funded litigation or a class action to seek equitable compensation, an injunction and/or exemplary damages.
With regard to the Ashley Maddison case, it is interesting that no such class action claim has been filed at this stage in Australia.
NSW Privacy Commissioner calls for privacy law reform
The NSW Privacy Commissioner, Dr Elizabeth Coombes, is currently calling for reforms to privacy laws, stating in The Newcastle Herald last month:
“We as a society don’t condone acts by individuals or businesses using violence or threats to rob people of their property. So privacy deserves similar protections against theft and harm – whether actual or threatened. While media attention has been focused on the rise of ‘‘revenge porn’’, given its abhorrent and offensive nature, there are other forms of serious invasions of privacy.” (See her article in The Herald here.)
She said the Privacy and Personal Information Protection (PPIP) Act 1998 was introduced before smart phones were invented and doesn’t apply to non-government organisations or private sector businesses nor individuals in their private lives. “Despite having legislation that recognises an individual’s right to privacy, no Australian jurisdiction has enshrined in statute remedies for serious invasions,” Dr Coombes said. “That’s why I am supporting the creation of a statutory cause of action in instances of serious privacy invasions. This means there would be legislation, made by the Parliament, setting out the circumstances constituting a serious incursion of privacy and the actions individuals can take.”
Options for redress
Until the Federal and NSW position changes, victims who wish to obtain relief from the Court will have to do it alone through privately funded litigation to seek equitable compensation, an injunction and/or exemplary damages.
Preventative measures
We all should be very cautious when providing personal details online. “The obvious preventative measure is to avoid content sharing online and to be wary of providing your details via websites or apps. It is important not to trust smart phone applications that claim to limit the availability or use of content.