[vc_row full_width=”stretch_row” css=”.vc_custom_1531049302498{background-color: #1b1b1b !important;}”][vc_column][vc_wp_custommenu title=”Hot topics” nav_menu=”13″][/vc_column][/vc_row]

The Optus customer data breach could lead to a class action lawsuit. What might that look like?

As the shockwaves from the massive Optus customer data breach ripple across Australia, there are already rumblings of a class action lawsuit.

In Melbourne, law firm Slater and Gordon said on Tuesday it was investigating whether a deficiency in Optus’s management of data had led to the personal information of nearly 10 million current and former customers being leaked.

“At this stage, we consider that affected customers may have claims against Optus for, among other things, failing to properly store and secure customer data and allowing it to be accessed by a bad actor,” the firm’s Ben Zocco said.

“Since announcing the investigation yesterday we’ve had many thousands of customers register their interest to participate in any proceedings.”

Here’s what experts say a class action could mean.

Sign on top of tall building. Slater and Gordon is investigating whether a deficiency in Optus’s management of data led to the information being leaked.(ABC News: Scott Jewell)

What’s a class action about?

Michael Duffy, an associate professor and director of a corporate law and litigation group at Monash University, said class actions are a way for groups of people to seek remedies to a problem that affects them all.

“If there is a large class action… then they have the right through a representative to sue someone or some entity that they believe has breached [the law],” he said.

a man with a beard and glasses. Michael Duffy says a class action against Optus could involve thousands of people.(ABC News)

“The representative party would represent the whole group to try and obtain a remedy, which is probably compensation, but possibly other remedies as well.”

Class actions can seek compensation for people with varying connections to the person or entity being sued, such as investors in this year’s class action against Star Entertainment Group, or protesters, who this month launched a class action against the Victorian government.

Who could join an Optus class action?

Dr Duffy said a class actions can involve “anything from seven people upwards”.

In Optus’s case, it could involve thousands of people.

“Class actions are opt out, so you are nominally covered by a class action if you fall within the group definition,” Dr Duffy said.

Dr Duffy said customers may need to come forward at a later stage in the class action to indicate their actual loss or damages incurred as a result of the data breach.

“Customers have something called an obligation to mitigate their loss,” he said.

“If you’re claiming loss or damage, you need to keep records of what you’ve lost in damages and how you might prove that.”

What’s the key issue in this case?

If Slater and Gordon decides to pursue the class action, it would be representing the people affected by the data loss.

The firm would be aiming to show that Optus’s data management led to the personal information about its customers being leaked.

Slater and Gordon would then likely try to claim compensation to remedy the losses that Optus’s customers have experienced.

Michael Douglas, a senior lecturer at the University of Western Australia Law School, said it’s hard to predict the specific claims of the class action.

“It will depend on what exactly the lawyers say is the legal basis of the claim,” he said.

a man with short hair wearing a suit and glasses. Michael Douglas says if the class action’s claim is based on Optus being negligent, customers would need to demonstrate what harm they suffered.(supplies)

How likely is it a class action would succeed?

Dr Duffy said there was not much precedent for class actions like this, making it difficult to say whether it was likely to succeed.

“It hasn’t been a big area for class actions, privacy law and privacy breaches,” he said.

Dr Duffy also said it was not yet clear if the law had been breached.

He said if breaches of federal privacy legislation and civil penalty orders had occurred, “there is provision for people who have suffered loss and damage as a result of such breaches to seek compensation”.

Dr Duffy said if it could be proven that Optus was negligent in a manner that caused loss and damage to customers, this could also be grounds for damages.

While a number of states have pledged to waive fees for replacement driving licenses, affected customers may have to take further steps to update and secure other personal data.

However Michael Douglas said demonstrating the harm Optus customers suffered as a result of the data breach could be challenging.

“Unless someone has used this information to take their stuff, to make money or use their identity in some fraudulently damaging way, it’s going to be really hard to succeed,” he said.

What laws would be used as the foundation of the class action?

Mr Douglas said it’s not entirely clear what legal principles a class action against Optus would rely on.

“In Australia, privacy is not protected to the same extent that it’s protected in other parts of the world,” he said.

“Although Australia does have privacy laws, which regulate how companies like Optus must deal with our personal information, those laws in my opinion don’t provide much teeth for persons who suffer an invasion of privacy to sue.”

He said recent inquiries into possible law reforms have focused on Australian privacy laws.

“The mere invasion of privacy is a wrong that should sound in a judicial response, but there’s a gap in our law and we’re still waiting for the Federal Government to act in this area,” he said.

Comments are closed.