The Office of the Australian Information Commissioner (OAIC) issued a significant ruling that highlights serious breaches of Australian privacy regulations by Master Wealth Control Pty Ltd (operating as DG Institute) and Property Lovers Pty Ltd. Unauthorised individuals gathered and exploited sensitive personal information, raising serious concerns about data privacy and security in Australia’s public sector.

Carly Kind, the Privacy Commissioner, found that the companies violated individuals’ privacy rights by extracting personal information from third-party databases without obtaining consent. Individuals in challenging situations, such as divorce, bankruptcy, or managing deceased estates, can access the organised weekly lead lists shared with program participants.  This information later enabled property transactions in a manner that raised ethical concerns.

“The respondent did not collect the personal information of individuals by fair means,” Commissioner Kind stated. “The data was acquired contrary to the terms and conditions of third-party databases, and in situations where individuals had no knowledge of such collection.”

Protecting public sector privacy

Master Wealth Control Pty Ltd (DG Institute) and Property Lovers Pty Ltd, companies linked to Dominique Grubisa, engaged in illegal data scraping activities, as determined by the OAIC. These companies collected personal information, including the names of individuals facing financial difficulties, from court lists and databases to create their targeted “leads lists” for potential property buyers. This conduct violated the Australian Privacy Principles (APPs) in several ways:

• Unfairly collected data: Someone extracted personal information without user consent or awareness, violating Australian Privacy Principle 3.
• Failed to notify individuals: The organisation failed to provide proper notifications about data collection, breaching its transparency obligations.
• Distributed sensitive data: Participants urged others to re-identify individuals from anonymised lists, undermining the integrity of anonymisation efforts.

“These practices disproportionately impacted individuals in vulnerable positions, amplifying risks of exploitation and harm,” Commissioner Kind stated.

Strengthening regulatory data standards

Commissioner Kind mandates that both companies immediately halt any unfair data collection practices, eliminate all improperly gathered leads lists within 30 days, and submit proof of compliance to the OAIC. Property Lovers must issue a formal apology in writing and revise their privacy policies to ensure compliance with regulatory standards. 

The OAIC promotes reforms to create a “fair and reasonable” standard for data usage, significantly enhancing safeguards against unethical practices. The OAIC’s important step highlights the urgent need for robust data privacy standards and the implementation of regulations to protect personal information in today’s digital landscape.

Securing trust in governance

The results highlight significant weaknesses in data governance structures and their implications for leaders in the public sector. Public sector activities frequently involve collecting and using data for various objectives. This example highlights how strong data governance policies play a crucial role in ensuring compliance with privacy principles and maximising the benefits of open data. Unjust data collection practices undermine public support for initiatives that enhance digital governance. 

Protecting personal information builds confidence and encourages public participation in digital government services. The event highlights the potential dangers of data breaches that result from collecting and storing information without proper security measures. Public sector organisations must establish strict security protocols to safeguard sensitive information.

“This decision reinforces the need for public sector leaders to proactively audit and update their data management practices,” Commissioner Kind stresseed. “As privacy reform discussions progress, adherence to principles of transparency and fairness will be key to avoiding reputational and regulatory risks.”

The OAIC firmly stresses the importance of upholding ethical standards in data management. Public entities must conduct a comprehensive review of their data-collection methods to ensure adherence to APP standards and prevent scraping activities. Data governance frameworks ensure that organisations collect, manage, and preserve information ethically and responsibly. Public sector organisations must clearly outline their data collection processes and enable individuals to understand their privacy rights.

Justin Lance Marcel Lavadia

+ posts

Justin Lavadia is a content producer and editor at Public Spectrum with a diverse writing background spanning various niches and formats. With a wealth of experience, he brings clarity and concise communication to digital content. His expertise lies in crafting engaging content and delivering impactful narratives that resonate with readers.

• Enhancing digital government data privacy standards
• Data privacy to shape ethical facial recognition
• Digital initiatives bolster data privacy
• AI framework to advance digital government