In 2018, a Melbourne high school mistakenly released the personal digital records of hundreds of students.
Among the records were details of students’ “mental health conditions, medications, learning and behavioural difficulties”. This was bad enough but globally breaches of privacy like this can be much worse.
Last year, in Finland the counselling records of around 30,000 people were hacked. The hacker(s) attempted to extort victims with the threat that the records would be publicly released. The records included details of family abuse, sexuality that was hidden from others, and suicide attempts.
‘Accidents’ like leaking and hacking aren’t the only issues.
Data concerning mental health is being increasingly monetised. Privacy International recently analysed 136 popular mental health websites and apps (all of which are accessible to young people) and found that 76 per cent of them included trackers or third-party code that enable data to be sold to advertisers.
These ‘data harms’ require urgent attention to ensure young people and their families can access high-quality crisis support online in a safe and secure way.
One key to creating trustworthy online support is robust legal regulation to govern data use and privacy. Australia is often positioned as a global leader in mental health service provision, particularly for young people.
This expertise could be leveraged as part of the Privacy Act review, and an upcoming Bill on ‘Enhancing Online Privacy’, to ensure that Australia has fit-for-purpose privacy and data protection regulations to safeguard children and young people’s lives online.
Likewise, the mental health sector could benefit by being better equipped to address its own emerging issues of data governance.
Getting Protection Right for the Next Generations
Children have the right to privacy and adequate data protection. The newly minted UN Gener