麻豆社madou

A suite of recent cybersecurity data breaches highlight an urgent need to overhaul how companies and government agencies handle our data. But these incidents pose particular risks to victim-survivors of domestic violence.

In fact, authorities across Australia and the United Kingdom are raising concerns about how privacy breaches have endangered these customers.

The onus is on service providers 鈥 such as utilities, telcos, internet companies and government agencies 鈥 to ensure they don鈥檛 risk the safety of their most vulnerable customers by being careless with their data.

A suite of incidents

Earlier this year, the UK Information Commissioner reported it had seven organisations since June 2022 for privacy breaches affecting victims of domestic abuse.

These included organisations revealing the safe addresses of the victims to their alleged abuser. In one case, a family had to be moved immediately to emergency accommodation.

In another case, an organisation disclosed the home address of two children to their birth father (who was in prison for raping their mother).

The UK Information Commissioner has called for better training and processes. This includes regular verification of contact information and securing data against unauthorised access.

In 2021, the Australian Information Commissioner and Privacy Commissioner for disclosing a victim-survivor鈥檚 new address to her former partner.

The commissioner ordered a written apology and a A$19,980 compensation payment. It also ordered an independent audit of how Services Australia updates contact details for separating couples with shared records.

An involved a telecommunications company and the publisher of a public directory.

The commissioner ordered them each to pay $20,000 to a victim of domestic violence whose details were made public, which jeopardised her safety.

More recently, the Energy and Water Ombudsman Victoria reported a where an electricity provider inadvertently provided a woman鈥檚 new address to her ex-partner. The woman had to buy security cameras for protection. The company has since revised its procedures.

The Energy and Water Ombudsman Victoria has also received in 2022-23 related to domestic violence. These include failing to flag accounts of victims who disclosed abuse, as well as potentially unsafe consumer automation and data governance processes.

The Victorian Essential Services Commission from a water company that it would improve processes after allegations its actions put customers affected by family violence at risk.

The commission found the company failed to adequately protect the personal information of two separate customers in 2021 and 2022, by sending correspondence with their personal information to the wrong addresses.

In both cases, the customer had not disclosed their experience of domestic violence. Nevertheless, the regulator noted these 鈥渆rroneous information disclosures put these customers at risk of harm鈥.

Australia鈥檚 Telecommunications Industry Ombudsman received about involving domestic violence in 2022-23, with almost two-thirds relating to mobile phones.

Complaints included instances of telcos disclosing the addresses of victim-survivors to perpetrators or of frontline staff not believing victim-survivors. There were also cases of telcos insisting a consumer experiencing family violence contact the perpetrator of family violence. The report noted:

For example, one person was asked by her telco to bring her abusive ex-partner into a store to change her number to her new account.

We鈥檝e also had complaints about telcos disconnecting the services of a consumer experiencing family violence 鈥 sometimes at the request of the account holder who is the perpetrator of the violence 鈥 despite access to those services being critical to the consumer staying safe.

The Australian Financial Complaints Authority from people experiencing domestic and family violence in 2021-22, including those related to privacy breaches.

Change is slowly under way

In May, came into force to provide better protection and support to energy customers experiencing domestic violence.

These rules mandate retailers prioritise customer safety and protect their personal information. This includes account security measures to prevent perpetrators from accessing victim-survivors鈥 sensitive data.

They also prohibit the disclosure of information without consent. In issuing its rules, the Australian Energy Markets Commission noted the heightened risk of partner homicides following separations.

The Telecommunications Industry Ombudsman has called for . The current voluntary industry code and guidelines fall short in protecting phone and internet customers experiencing domestic violence.

New rules should include training, policies and recognition of violence as a cause of payment difficulties. They should also factor in how service suspension or disconnection affects victim-survivors.

The Australian Information and Privacy Commissioner last year:

Sadly, we continue to receive cases of improper disclosure of personal information off line by businesses to ex partners who target women in family disputes and domestic violence. All of these issues reinforce the need for privacy by design.

In its response to a , the government has agreed the Office of the Australian Information Commissioner should help develop guidance to reduce risk to customers.

We must work harder to ensure data and privacy breaches do not leave victim-survivors of domestic violence at greater risk from perpetrators.

The National Sexual Assault, Family and Domestic Violence Counselling Line 鈥 1800 RESPECT (1800 737 732) 鈥 is available 24 hours a day, seven days a week for any Australian who has experienced, or is at risk of, family and domestic violence and/or sexual assault.

The Conversation

, Adjunct Associate Professor, School of Social Sciences,

This article is republished from under a Creative Commons license. Read the .