How to make a privacy complaint: Optus Case Study
Published on September 29, 2022 by Patricia Monemvasitis and Yue Lucy Han
You’ve received a notification from Optus that your details were stolen in the recent data breach.
You’ve changed your passwords, requested a credit report, started the process of changing your driver’s licence or passport, and now you are at a loss over what else you can do to protect your rights.
Privacy Complaints to the OAIC
The Office of the Australian Information Commissioner (OAIC) is the federal privacy and freedom of information regulator. It is their job to protect privacy rights in Australia. The OAIC also investigates and resolves your privacy complaints in applicable circumstances.
If the OAIC takes up the privacy complaint, then the potential outcomes can include:
- Financial compensation for non-financial and financial losses
- Apology
- Policy changes in the agency or organisation
- Other remedial actions
An essential step before making a complaint to the OAIC is to first make a complaint to the applicable organisation or agency which in this case is Optus. It is recommended to wait 30 days for a response before taking it further with the OAIC.
Click here for the latest information from the OAIC on the Optus breach.
Optus Case Study
Depending on your personal circumstances, you may also consider taking steps to protect your privacy by making a privacy complaint to Optus.
(i) Where to direct your complaint at Optus?
According to the Optus Complaint Handling Policy, it states:
| Extract from the Optus Complaint Handling Policy (accessed 27 September 2022) link to the policy |
Generally, making a complaint in writing is preferable for the written record.
(ii) What to write in your complaint to Optus?
The OAIC has a complaint template that you may wish to use in formulating your complaint to any organisation or agency (in this case, Optus), which can include:
- Who?: the impacted individual and their details
- What?: the nature of personal information mishandling and consequences that you’ve suffered
- When?: having a chronology of your experience can be helpful to include
You may want to retain records of any losses or issues you’ve experienced because of the data breach.
(iii) Put in a 30 day reminder in your calendar
You should give Optus at least 30 days to respond to your complaint before you can commence a privacy complaint with the OAIC.
IMPORTANT DISCLAIMER: This article is general legal information and is not intended as legal advice. Please consider your personal circumstances and talk with a lawyer before taking any of the steps mentioned in this article.
