Carroll & O'Dea Facebook

When it matters,
the community
looks to us.

Contact Us


How to make a privacy complaint: Optus Case Study

How to make a privacy complaint: Optus Case Study

Published on September 29, 2022 by Patricia Monemvasitis and Yue Lucy HanPatricia Monemvasitis and Yue Lucy Han

You’ve received a notification from Optus that your details were stolen in the recent data breach.

You’ve changed your passwords, requested a credit report, started the process of changing your driver’s licence or passport, and now you are at a loss over what else you can do to protect your rights.

Privacy Complaints to the OAIC

The Office of the Australian Information Commissioner (OAIC) is the federal privacy and freedom of information regulator. It is their job to protect privacy rights in Australia. The OAIC also investigates and resolves your privacy complaints in applicable circumstances.

If the OAIC takes up the privacy complaint, then the potential outcomes can include:

  • Financial compensation for non-financial and financial losses
  • Apology
  • Policy changes in the agency or organisation
  • Other remedial actions

An essential step before making a complaint to the OAIC is to first make a complaint to the applicable organisation or agency which in this case is Optus. It is recommended to wait 30 days for a response before taking it further with the OAIC.

Click here for the latest information from the OAIC on the Optus breach.

Optus Case Study

Depending on your personal circumstances, you may also consider taking steps to protect your privacy by making a privacy complaint to Optus.

(i) Where to direct your complaint at Optus?

According to the Optus Complaint Handling Policy, it states:

Extract from the Optus Complaint Handling Policy (accessed 27 September 2022) link to the policy

Generally, making a complaint in writing is preferable for the written record.

(ii) What to write in your complaint to Optus?

The OAIC has a complaint template that you may wish to use in formulating your complaint to any organisation or agency (in this case, Optus), which can include:

  • Who?: the impacted individual and their details
  • What?: the nature of personal information mishandling and consequences that you’ve suffered
  • When?: having a chronology of your experience can be helpful to include

You may want to retain records of any losses or issues you’ve experienced because of the data breach.

(iii) Put in a 30 day reminder in your calendar

You should give Optus at least 30 days to respond to your complaint before you can commence a privacy complaint with the OAIC.

IMPORTANT DISCLAIMER: This article is general legal information and is not intended as legal advice. Please consider your personal circumstances and talk with a lawyer before taking any of the steps mentioned in this article.

Need help? Contact us now.

We're here to help. For general enquiries email or call 1800 059 278.
For Business lawyers call +61 (02) 9291 7100.

Contact Us