Your data was breached. When should you be exploring compensation?

Data breaches are becoming increasingly common in Australia. From major healthcare providers to government agencies and retail companies, no sector is immune. But when your personal information is exposed, stolen, or mishandled, you may be entitled to more than apology.

Here’s what you need to know about your rights, and when it may be time to seek legal advice.

What is a privacy data breach?

A privacy breach occurs when your personal information is accessed, disclosed, or lost without your authorisation. This can include your name, address, financial details, medical records, or government identifiers such as your tax file number or Medicare details.

Since June 2025, under the Australian Privacy Act 1988, organisations that handle your personal information have a legal obligation to protect it. When they fail to do so, you may have grounds for a legal claim.

When should you consider legal action?

Not every privacy breach will give rise to a legal claim, but there are clear situations where seeking advice is worthwhile. 

Consider speaking to our team if an organisation has breached your privacy and any of the following apply:

• You have experienced identity theft, fraud, or direct financial loss as a result of the breach
• The breach has affected your employment, relationships, or reputation in a tangible way
• Sensitive information was exposed, including health records, financial details, sexual behaviour, or immigration status
• The information was shared widely, published online, or disclosed to your employer, colleagues, or a broader network
• The breach was ongoing or repeated, particularly after you raised it with the organisation
• You were in a vulnerable position at the time, such as experiencing family violence, a mental health crisis, or immigration uncertainty

The harm caused by a data breach is not always immediate or obvious. It can emerge weeks or months later, through unauthorised credit applications, compromised accounts, or the ongoing stress of knowing your private information is in the wrong hands.

What compensation could you receive?

If a legal claim is successful, compensation may cover financial losses directly caused by the breach, non-economic loss such as distress, anxiety, and damage to reputation, and in some cases, aggravated damages where the organisation’s conduct was particularly poor.

The Office of the Australian Information Commissioner (OAIC) can investigate complaints and make determinations, including ordering compensation. In more serious cases, legal proceedings through the courts may also be an option.

Steps to take after a data breach

If you believe your information has been compromised, acting quickly matters. The steps below can protect you and strengthen any future claim:

1. Document everything. Keep records of the breach notification, any communications with the organisation, and evidence of harm such as fraudulent transactions or distressing communications.
2. Report it. Lodge a complaint with the organisation first. If you are unsatisfied with their response, you can escalate to the OAIC.
3. Monitor your accounts. Check your bank accounts, credit report, and online accounts for any suspicious activity.
4. Get legal advice. If you have suffered real harm, a lawyer experienced in privacy law can assess whether you have a claim and advise on the best path forward.

You deserve more than an apology

When organisations fail to protect your personal information, the consequences can be serious and long-lasting. A data breach is not just an inconvenience, it can affect your finances, your mental health, and your sense of security.

At Maliganis Edwards Johnson, we help Canberra residents understand their rights following privacy breaches and data incidents. If you believe your personal information has been mishandled and you have suffered harm as a result, contact our team today for a free, confidential consultation.

Call us on 1800 570 778 or contact us online.