For Domestic Violence Victim-Survivors, A Data Or Privacy Breach Can Be Extraordinarily Dangerous

(MENAFN- The Conversation) A suite of recent cybersecurity data breaches highlight an urgent need to overhaul how companies and government agencies handle our data. But these incidents pose particular risks to victim-survivors of domestic violence.

In fact, authorities across Australia and the United Kingdom are raising concerns about how privacy breaches have endangered these customers.

The onus is on service providers – such as utilities, telcos, internet companies and government agencies – to ensure they don't risk the safety of their most vulnerable customers by being careless with their data.

Read more: The $500 million ATO fraud highlights flaws in the myGov ID system. Here's how to keep your data safe

Earlier this year, the UK Information Commissioner reported it had reprimanded seven organisations since June 2022 for privacy breaches affecting victims of domestic abuse.

These included organisations revealing the safe addresses of the victims to their alleged abuser. In one case, a family had to be moved immediately to emergency accommodation.

In another case, an organisation disclosed the home address of two children to their birth father (who was in prison for raping their mother).

The UK Information Commissioner has called for better training and processes. This includes regular verification of contact information and securing data against unauthorised access.

In 2021, the Australian Information Commissioner and Privacy Commissioner took action against Services Australia for disclosing a victim-survivor's new address to her former partner.

The commissioner ordered a written apology and a A$19,980 compensation payment. It also ordered an independent audit of how Services Australia updates contact details for separating couples with shared records.

An earlier case involved a telecommunications company and the publisher of a public directory.

The commissioner ordered them each to pay $20,000 to a victim of domestic violence whose details were made public, which jeopardised her safety.

More recently, the Energy and Water Ombudsman Victoria reported a case where an electricity provider inadvertently provided a woman's new address to her ex-partner. The woman had to buy security cameras for protection. The company has since revised its procedures.

The Energy and Water Ombudsman Victoria has also reviewed complaints received in 2022-23 related to domestic violence. These include failing to flag accounts of victims who disclosed abuse, as well as potentially unsafe consumer automation and data governance processes.

The Victorian Essential Services Commission accepted a court-enforceable undertaking from a water company that it would improve processes after allegations its actions put customers affected by family violence at risk.

The commission found the company failed to adequately protect the personal information of two separate customers in 2021 and 2022, by sending correspondence with their personal information to the wrong addresses.

In both cases, the customer had not disclosed their experience of domestic violence. Nevertheless, the regulator noted these“erroneous information disclosures put these customers at risk of harm”.

Australia's Telecommunications Industry Ombudsman received about 300 complaints involving domestic violence in 2022-23, with almost two-thirds relating to mobile phones.

Complaints included instances of telcos disclosing the addresses of victim-survivors to perpetrators or of frontline staff not believing victim-survivors. There were also cases of telcos insisting a consumer experiencing family violence contact the perpetrator of family violence. The report noted:

The Australian Financial Complaints Authority resolved more than 500 complaints from people experiencing domestic and family violence in 2021-22, including those related to privacy breaches.

In May, new national rules came into force to provide better protection and support to energy customers experiencing domestic violence.

These rules mandate retailers prioritise customer safety and protect their personal information. This includes account security measures to prevent perpetrators from accessing victim-survivors' sensitive data.

They also prohibit the disclosure of information without consent. In issuing its rules, the Australian Energy Markets Commission noted the heightened risk of partner homicides following separations.

The Telecommunications Industry Ombudsman has called for mandatory, uniform and enforceable rules . The current voluntary industry code and guidelines fall short in protecting phone and internet customers experiencing domestic violence.

New rules should include training, policies and recognition of violence as a cause of payment difficulties. They should also factor in how service suspension or disconnection affects victim-survivors.

The Australian Information and Privacy Commissioner said last year:

In its response to a review of the Privacy Act , the government has agreed the Office of the Australian Information Commissioner should help develop guidance to reduce risk to customers.

We must work harder to ensure data and privacy breaches do not leave victim-survivors of domestic violence at greater risk from perpetrators.

The National Sexual Assault, Family and Domestic Violence Counselling Line – 1800 RESPECT (1800 737 732) – is available 24 hours a day, seven days a week for any Australian who has experienced, or is at risk of, family and domestic violence and/or sexual assault.

MENAFN03122023000199003603ID1107528589