Australia

My former employer leaked my personal data to a new employer without consent. What's my remedy?

Privacy Act
Governing law
OAIC complaint
First step
$20,000 cap
Compensation limit
6 months
Time limit for complaint
The Short Answer

You may complain to the Office of the Australian Information Commissioner (OAIC) and seek compensation if the leak breached the Privacy Act 1988 (Cth), as your former employer likely mishandled your personal information without consent.

What the Law Says

The Privacy Act 1988 (Cth) and its Australian Privacy Principles (APPs) regulate how organisations handle personal information. Your former employer’s unauthorised disclosure likely breaches APP 6, which restricts use and disclosure of personal information to purposes for which it was collected — unless an exception applies or you consented.

Under APP 6.1, an organisation must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection, unless one of the exceptions in APP 6.2 applies — such as your consent, or where required or authorised by law.

The Privacy Act defines 'personal information' broadly as 'information or an opinion about an identified individual, or an individual who is reasonably identifiable'. This includes your name, contact details, employment history, and performance records.

If your former employer disclosed your personal information to your new employer without your knowledge or consent — and no exception applied — this is likely an interference with your privacy under section 13(1) of the Privacy Act.

Statutory Text

An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the purpose (the primary purpose) for which it was collected.

Privacy Act 1988 (Cth), s. 6.1 — Australian Privacy Principle 6
Statutory Text

An act or practice that breaches an Australian Privacy Principle is an interference with the privacy of an individual.

Privacy Act 1988 (Cth), s. 13(1) — Interference with privacy

What to Do

1

Contact your former employer in writing to request confirmation of what information was disclosed, to whom, and on what basis.

2

Lodge a formal privacy complaint with the Office of the Australian Information Commissioner (OAIC) within 6 months of becoming aware of the breach.

3

If OAIC finds an interference occurred, they may require your former employer to apologise, correct the breach, or pay compensation — up to $20,000 for serious or repeated interferences.

4

If OAIC cannot resolve the matter, you may apply to the Federal Court or Federal Circuit and Family Court of Australia for review or compensation.

Sources

statutePrivacy Act 1988 (Cth), s. 6.1 — Australian Privacy Principle 6statutePrivacy Act 1988 (Cth), s. 13(1) — Interference with privacy

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.