Liverpool City Council’s troubled history with data privacy has taken another turn after the NSW Supreme Court stepped in to block a report about one of its own councillors, following allegations that staff illegally accessed his confidential files.
The court order prevented the council from releasing its findings about Councillor Peter Ristevski at last months Council meeting, after allegations that four unauthorised staff members had rifled through his personal records 52 times over six months.
This latest scandal only confirms council has learned little since this publication exposed alarming data security failures over a year ago. In January 2025, we reported on the loss of an external hard drive containing personal information of nearly 3,900 residents. Our investigation also revealed that council employees could access some ratepayer information without leaving any trace of who had accessed the information.
“That is not an administrative slip. That is a systemic privacy breach,” Mr Ristevski said in a recent media statement after the court decision, echoing concerns he’d previously raised about the council’s privacy practices in our 2025 report.
The Supreme Court’s intervention, first reported by Thomas Sargeant in The Daily Telegraph, came after Mr Ristevski argued the council’s report was “fundamentally flawed” because it was allegedly compiled using illegally accessed information.
Despite actually knowing about the privacy breaches, the council had planned to go ahead and publish the report anyway.
For Mr Ristevski, who has had numerous run-ins with Mayor Ned Mannoun over the years, this is no longer just about politics.
“Privacy is not optional. Accountability is not negotiable,” adding that public officials shouldn’t “weaponise process while breaching the very laws they are sworn to uphold.”- said Peter Ristevski
The pattern or recklessness is hard to ignore. In January 2025, after the hard drive loss, a council spokesperson claimed ratepayer information was protected by policies and legislation. Yet here we are, more than a year later, with proof that council staff can and do access confidential files without authorisation.
Back then, the council promised to “Take immediate disciplinary action if a breach of its policies and Code of Conduct is proven after a proper investigation.” But with staff allegedly accessing Mr Ristevski’s files 52 times and the council still refusing to identify the alleged offenders, residents might wonder what exactly constitutes proof in Liverpool Council’s eyes.
The case returns to court this Friday, but for the thousands of Liverpool residents whose data the council holds, the question remains: if Liverpool councillors’ files aren’t safe from prying eyes, what hope is there for us ordinary ratepayers?
