A former NSW Ambulance staffer who was at the centre of a class action against her employer over the leaking of personal information has said that "no amount of money can take away the anguish and violation that has happened."
Tracy Evans took action against NSW Ambulance after a contractor was given access to the organisation's records and databases, which included workers compensation files, staff and medical records. The information was accessed by injury management coordinator Waqar Malik between 14 January and 1 February, 2013 who was subsequently found guilty of unlawfully disclosing the data in 2016.
Evans told CIO Australia that the settlement result was not about the money but about NSW Ambulance taking accountability for the illegal access of the personal data of 130 staff members.
On 9 December, the NSW Supreme Court accepted a $275,000 settlement for the class action brought against NSW Ambulance. Evans, the lead plaintiff in the case, told CIO Australia the case was about the situation being formally recognised and that anything else was a bonus.
"[The experience] has made me hyper vigilant and it's made me a lot more … careful with my details," Evans said.
She also explained that now she sees how easily things can happen and has started to question random callers that ask her for her personal information.
"I am very vigilant … and ask more questions than I did before now that I am more aware," she said.
Evans also believes that there needs to be changes applied to the Australian privacy laws and that she learned a lot from this incident. She said it has been a frustrating, challenging, empowering and a learning experience.
"Our information should be more private and hopefully [this case] will make companies more aware. We need to be sure this doesn’t happen again and to change the system to ensure that. Paramedics in the service are still being affected by all that has occurred and the atmosphere it created. Other class action members await a letter of apology and may feel that the compensation does not reflect the impacts of the breach," she said.
The class action had 108 participants with each person set to receive around $2400 each and Evans will receive about $10,000.
During the settlement hearing, Centennial Lawyers argued that Evans suffered acute distress due to the nature of the personal information disclosed and she is likely to be in “high distress”.
The Office of the Australian Information Commissioner was unable to comment at the time of writing.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.