)
More than a year since announcing it would launch a class-action lawsuit against Latitude (ASX: LFS) for a data breach that exposed 14 million personal documents, Melbourne-based law firm Gordon Legal says it has been left in the dark as to whether its complaint will be investigated by the nation’s privacy watchdog.
Gordon Legal, which initiated the legal proceedings in partnership with Hayden Stephens and Associates (HSA), said it has contacted the OAIC (Office of the Australian Information Commissioner) on at least six occasions to request an update on the progress of its representative complaint.
In the latest correspondence received about a month ago, the OAIC said it was still taking time to consider whether it would accept the complaint.
“This isn't even a year to investigate the complaint - it's just to tell us it's going to be accepted for investigation. It is excessive, and it is really difficult for everyone to sit in limbo for a year while you wait for the organisation that was designed to deal with these complaints,” Gordon Legal associate Aimee Dartnell told Business News Australia.
“Registrants have been telling us that they still experiencing attempts to hack their accounts. Some of them have told us that there were attacks on their bank accounts, and that caused a lot of financial stress. They really want answers.
“They want us to be able to tell them what their rights are and what's going to happen and it's been very difficult for us to do that.”
When the law firm requested a timeline as to how long the process would take, they were left unanswered by the privacy watchdog. The firm is representing approximately 75,000 people in the lawsuit.
Personal data stolen in the breach included almost 8 million Australian and New Zealand drivers licence numbers, 53,000 passport numbers, less than 100 customer financial statements and 6.1 million records containing personal information including names, addresses, telephone numbers and dates of birth.
“To date, the Commissioner has refused to confirm whether the complaint has been accepted, and ignored our requests for a timeline for considering the complaint that was filed more than a year ago,” a spokesperson for the law firm said.
“The OAIC was created to make the process for dealing with privacy claims more efficient.
“But the system is broken. The Latitude data breach had a significant impact on people, and they deserve to have their complaints heard. This is incredibly frustrating process and is making it difficult for us to give meaningful updates to our registrants who are waiting for answers.”
Exactly a year ago, the OAIC announced it would enter a joint investigation with the New Zealand Office of the Privacy Commissioner (OPC) to scrutinise the Latitude (ASX: LFS) cyberattack that resulted in 14 million personal documents being stolen.
While both agencies have joined forces to improve the efficiency of the investigation, they are free to make different findings.
If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $50 million for each contravention.
Since the initial announcement, few updates on the investigation have been provided by the privacy watchdog.
Based on the OAIC website, the most recent mention of the Latitude data breach was in a media release published in late 2023, which acknowledged that between April 2023 and December 2023, the OAIC’s “consideration of the representative complaints and engagement with the representative complainants continues.”
Business News Australia has requested comment from the OAIC.
)
)
)
)
)
