Technology-Facilitated Domestic and Family Violence: Protecting the Privacy and Safety of Victim-Survivors

This paper themes—privacy, technology and DFV. While there is extensive literature covering each area, there is little exploration of the intersection, incorporating the effect of privacy-protective laws on TFDFV and the influence of privacy rights on those providing services to victim-survivors. 1 This exploratory study addresses two research questions: (1) How do existing laws and policies in Australia and New Zealand manage the privacy and safety of victim-survivors and alleged perpetrators of TFDFV? (2) What would bring about better outcomes for victim-survivors? Given the legal embeddedness of protections for privacy and against DFV, our research questions cannot be analysed both deeply and globally. Therefore, this exploratory study focuses on the laws, policies and practices of Australia and New Zealand, providing some ability to compare across jurisdictions without spreading the analysis too thinly. We nevertheless hope that our findings here will generate further research into how these issues are managed internationally.


Introduction
This paper brings together three themes-privacy, technology and DFV. While there is extensive literature covering each area, there is little exploration of the intersection, incorporating the effect of privacy-protective laws on TFDFV and the influence of privacy rights on those providing services to victim-survivors. 1 This exploratory study addresses two research questions: (1) How do existing laws and policies in Australia and New Zealand manage the privacy and safety of victim-survivors and alleged perpetrators of TFDFV? (2) What would bring about better outcomes for victim-survivors?
Given the legal embeddedness of protections for privacy and against DFV, our research questions cannot be analysed both deeply and globally. Therefore, this exploratory study focuses on the laws, policies and practices of Australia and New Zealand, providing some ability to compare across jurisdictions without spreading the analysis too thinly. We nevertheless hope that our findings here will generate further research into how these issues are managed internationally.
Volume 4 (1) 2022 Bennett Moses et al. 4 abusing victim-survivors on social media and sharing intimate photos without consent. 25 Similarly, the Victorian framework recognises that perpetrators can use technology to control, intimidate, stalk and harass victim-survivors. 26 The Tasmanian framework identifies technology-facilitated abuse as a new and emerging area requiring attention from policymakers. 27 Policy frameworks in New Zealand have also begun to recognise TFDFV, defining 'online abuse' as the use of technology to stalk, harass or intimidate someone. 28 This may include social media smear campaigns, using smart technology to track a person, sending unwanted explicit photos or messages to a person, or posting explicit pictures of a person online without their consent. Another New Zealand framework outlines key priority areas for responding to family violence and states that more work is needed to develop initiatives that address the effects of technology. 29 Legislation that directly refers to DFV (or that uses similar terminology) does not refer to TFDFV as such. For example, New Zealand does not refer to technology within its legislative definitions of DFV under the Family Violence Act 2018. However, many jurisdictions have legislative prohibitions on specific strands of TFDFV, prominently image-based abuse. 30 Despite the inconsistent use of terminology across jurisdictions, one constant is the lack of attention given to how dimensions of privacy are affected by TFDFV.

What is Privacy
There is extensive scholarship on the meaning and value of privacy. Early on, privacy was viewed as an individual's 'right to be let alone'. 31 Later, Westin's Privacy and Freedom 32 offered a definition of privacy that remains at the core of contemporary privacy data protection laws: 'the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others'. 33 Privacy has been considered an essential part of our humanness, 34 as a 'foundational good' 35 that is important for maintaining relationships. Reflecting the breadth of this vision, it has also been described as a 'notoriously protean concept', 36 which makes it 'hard to capture'. 37 Substantively, privacy has been linked to many different benefits, including (but not limited to) independence of thought and judgment, 38 freedom, 39 consent, 40 equality, 41 personal liberty, 42 human dignity and identity formation, 43 democracy and safety. 44 In more recent times, privacy scholars have expressed concern about new features of the digital and technology landscape. 45 Cloud platforms, 46 data analytics and poor design, 47 the Internet of Things (IoT) 48 and smart homes 49 are identified as privacy threats. It is in this digital space that privacy intersects with TFDFV. Given that the relationship between privacy and TFDFV is newly emerging, it is important to consider how privacy has been considered in the context of DFV.
While steadily growing, there has been limited research regarding DFV and privacy and its benefits and harms in the specific context of TFDFV. 50 Early conceptions of privacy's intersection with gender was driven by feminist thought, which criticised privacy for protecting perpetrators who commit violence in private. As Bailey suggests, '[b]ecause privacy was historically used to shield batterers from state intervention, its benefits for domestic violence victims have been ignored'. 51 The ways in which privacy has reinforced gendered violence is what Schneider refers to as the 'dark and violent side of privacy' 52 While some feminist scholars are wary of privacy as a solution for victim-survivors, other scholars raise privacy's role in facilitating safety. 53 Given the many dimensions to privacy, there have been several typologies or taxonomies that aim to construct distinct categories of privacy, treating and unpacking privacy as pluralist 54 rather than unitary. 55 A recent model, 56 relied on here to discuss different interactions with TFDFV, is that offered by Koops. 57 Koops introduces eight basic types of privacy 58 (i.e., bodily, intellectual, spatial, decisional, communicational, associational, proprietary and behavioural privacy), with 'informational privacy' being the prevention of information being collected or used in non-legitimate circumstances, overlapping but not coinciding with the eight. 59 The eight are also divided into types of privacy that focus on freedom from (i.e., the right to be let alone) and those that focus on freedom to (i.e., to pursue one's own self-development). The typology is illustrated in Figure 1. 60 Figure 1. Typology of privacy 50 Bailey, "It's Complicated"; Suk, At Home in the Law; Kelly, Domestic Violence and the Politics of Privacy; Gotell, "When Privacy is Not Enough"; Arief, "Sensible Privacy"; Goldfarb, "Violence Against Women and the Persistence of Privacy"; Schneider, "The Violence of Privacy Symposium." 51 Bailey, "It's Complicated," 1780. See also Goldfarb, "Violence against Women and the Persistence of Privacy," 5. 52 Schneider, "The Violence of Privacy Symposium," 974. 53 Froomkin, "Privacy as Safety." 54 Solove,Understanding Privacy,[187][188][189][190][191][192][193][194][195]Finn, "Seven Types of Privacy." 55 Nissenbaum, Privacy in Context; Moore, Privacy Rights; Cohen, "What Privacy is For." 56 Koops, "A Typology of Privacy," 487. 57 Compare Cohen, "What Privacy is For"; Cohen, "Turning Privacy Inside Out"; Finn, "Seven Types of Privacy"; Solove, "A Taxonomy of Privacy"; Solove, "The Myth of the Privacy Paradox." 58 Koops, "A Typology of Privacy," 567-569. 59 Koops, "A Typology of Privacy," 568. 60 Koops, "A Typology of Privacy," 484.
In addition to the above categories, this article additionally includes and considers locational privacy 61 (i.e., knowledge about where an individual is or has been 62 ), a particularly important and relevant category to TFDFV.

Conceiving of Victim-Survivors' and Perpetrators' Privacy
In this section, we use Koops' typology to focus on the categories of privacy (of both victim-survivors and perpetrators) that affect TFDFV. We demonstrate that, while 'ICT security and privacy are essential to domestic violence survivors', 63 privacy can also frustrate the efforts of victim-survivors and support agencies to capture or monitor violent or threatening behaviour. Privacy offers victim-survivors practical protection in certain circumstances. The clearest example of this is in relation to locational privacy. Locational privacy is particularly important for victim-survivors of TFDFV, where perpetrators actively deploy technology to cause psychological distress or create opportunities for physical violence. 64 Locational privacy can be lost through applications like Apple's Find My iPhone or Find My Friends, which can lead to unwanted physical encounters, fear of encounters and potential physical danger for victim-survivors. 65 Unauthorised access to locational information can lead to infringements against bodily privacy 66 and spatial privacy. When victim-survivors regain control over their personal information, 67 including locational data, their physical safety is likely to increase. 68 Informational privacy more broadly is also a key concern for victim-survivors, particularly due to the routine sharing that occurs in intimate relationships. If two people are joint account holders with a bank, the bank will, both regularly and on request, share information about transactions with both. Similarly, if a perpetrator has an account with a telecommunications provider and the victim-survivor's mobile phone number is part of that account, the perpetrator can not only access information about the use of that mobile phone, but they can also disrupt or commandeer services.
There are a variety of 'structural problems' 69 that lead to even well-informed individuals lacking the requisite knowledge for managing informational privacy, all of which can have more serious consequences for victim-survivors of TFDFV. Often, the security, integrity and protection of data is unclear, usually due to privacy policies being vague, complex or sometimes unread. 70 For example, some COVID-19 sign-in protocols, particularly early in the pandemic, used platforms that sold data or were not secure, and domestic violence survivors were warned to find other means to facilitate contact tracing. 71 Victim-survivors may also lose control of their data through data breaches, which are frequent. 72 When a breach occurs, information about a victimsurvivor, such as location, communications channels (including email addresses), habits, health, transactions and passwords, may become available to anyone, including perpetrators. Depending on the data that a perpetrator can access, this might compromise locational, spatial, communicational and/or informational privacy, as well as eventually bodily privacy.
Victim-survivors are also at risk where devices are compromised, which may affect spatial privacy given that compromised devices often exist physically in the home space. This is particularly the case in relation to the IoT, often through smart home appliances. Smart home technology is on the frontier as a new form of 'harassment, monitoring, revenge and control'. 73 As Froomkin and Colangelo note: [a]lready, domestic abuse victims have reported that former partners used remotely controlled devices to change electronic locks, ring the doorbell, change the behaviour of thermostats or lights, set smart speakers to blare music or spy on them via security cameras. 74 The coercive gaslighting of victim-survivors through digital control of devices from afar exacerbates the isolation and helplessness felt by victim-survivors within their homes, making them feel 'as if they were going crazy'. 75 This may infringe on an individual's behavioural privacy when this occurs to victim-survivors in public spaces. Alternatively, when IoT invasions occur in the home they may affect victim-survivor's spatial privacy by altering the way victim-survivors' might access, use, or function in such spaces. Thus, IoT control by perpetrators may compound pre-existing violence. Victim-survivors may have little recourse in these kinds of scenarios, as contractual rights and consumer protections are often linked to the person purchasing the device, not those living with it. From a practical perspective, few information security measures will be effective against a person with physical access to a device in additional to legal rights to control access.
While it is common to think about the invasion of a TFDFV victim-survivor's right to privacy, it is important to recognise that a victim-survivor may seek to protect themselves in ways that may compromise an offender's privacy. Examples include (1) the use of CCTV cameras as a deterrent, which may be used to document violence for protection orders or provide evidence of their breach, (2) surreptitiously recording an offender on a personal device to prove an act of violence and (3) seeking to track the location of an offender to avoid crossing paths. Government agencies that support DFV victim-survivors, including law enforcement and support agencies, may seek to share information to better protect victim-survivors and hold perpetrators to account. Further, as a report from the Council of Europe explains, 76 orders removing an alleged perpetrator from their home or preventing contact with children infringe on rights otherwise protected in international human rights law (such as the right to family life and the right to property).
Thus, it is not the case that enhancing privacy protections across the board would necessarily promote the safety and interests of DFV victim-survivors or be otherwise justifiable. Often there are challenges in balancing privacy rights against other competing rights. 77 Consider, for example, the right to erasure in Europe's General Data Protection Regulation (GDPR), also known as the 'right to be forgotten'. 78 This allows an individual to, for example, request Google to remove links to stories about them. While victim-survivors can use this (e.g., to make it harder to find information about them that might compromise their safety), perpetrators can also use it (e.g., to make it harder for future potential victim-survivors to find online warnings published by an ex-partner). Calls for adopting GDPR-style protections in Australia, which may offer broad benefits to the community at large, need to be weighed against potential harms in the specific context of DFV.

Legal Protection for Privacy and Intersection with TFDFV Scenarios: Australia and New Zealand
Law is an imperfect instrument in protecting the privacy of victim-survivors of TFDFV. Privacy laws govern the collection and use of personal information, which may affect informational and communicational conceptions of privacy. Civil and criminal laws prohibit certain interferences with communications and computers. Legislation may also prohibit particular conduct, from 'peeping' to non-consensual sharing of intimate images. All these privacy-protective laws protect the privacy of victimsurvivors of TFDFV as well as the rights of alleged perpetrators. Unlike the law around apprehended violence orders, these laws are not specifically directed to DFV and, thus, are not specifically focused on assisting victim-survivors. Stalking and intimidation laws, like DFV laws, operate in a single direction. Because privacy-protective laws are generally technologyagnostic and often context-agnostic, they are not directed specifically at the privacy harms associated with TFDFV. Given the rapid escalation of TFDFV, it is worth considering their applicability and effectiveness in that context.

Privacy
Australian law does not include a constitutional right to privacy. While privacy is recognised as a human right in Victoria, 79 the ACT 80 and Queensland, 81 these human rights charters are more applicable to state action that may infringe privacy rather than one person infringing on another's privacy. There is no well-recognised tort of privacy in Australia. 82 The primary statutory source for protection of informational privacy is the Privacy Act 1988 (Cth) and equivalent state and territory laws. The Commonwealth legislation applies to most government agencies and large private organisations while excluding small businesses. 83 While the Commonwealth legislation does not explicitly regulate the conduct of individuals, such as perpetrators of TFDFV, it will affect the ability of individuals to receive information about another person, such as a victim-survivor, from 75 Bowles, "Thermostats, Locks and Lights." 76  a third party. For example, data breach notification means victim-survivors will often know when their information has been compromised. 84 This is an example of where institutions recognise that informational-and communicational-privacy may be considered to protect victim-survivors.
In New Zealand, the Bill of Rights Act 1990 includes a right to be secure against unreasonable search and seizure 85 but no express general right to privacy. Thus, as is the case in Australia, protections are found in statute and common law. New Zealand's Privacy Act 2020 applies to New Zealand residents, most New Zealand public sector agencies, private sector bodies established or managed/controlled in New Zealand and, in some circumstances, overseas bodies and non-residents. Like the Australian equivalent, the focus is on informational privacy. Information privacy principles in the Act regulate the processes through which agencies can collect, use and disclose personal information. While individuals are technically subject to the Act, the Act is more relevant to organisations (except in the context of surveillance in a domestic context, addressed below). As discussed in relation to the Australian context, the main relevance of this law is the ability for victim-survivors to take protective measures where their data has been compromised due to data breach notification requirements. 86 Further, actions related to breaches of the Act can be brought by the Director of Human Rights Proceedings (or alternate) or, in some circumstances, by individuals. Unlike Australia, the common law of New Zealand does include a tort of invasion of privacy. However, this tort is focused on publicity or publication of material in which the plaintiff has a reasonable expectation of privacy. 87 This might include the non-consensual posting of private images, for example, but not cyberstalking or other conduct that is solely between the perpetrator and victim-survivor.

Computer Crimes and Surveillance Devices
Australian criminal legislation also regulates other behaviour regarding informational privacy. This includes the unauthorised access of 'restricted data' 88 and the more serious offence of unauthorised access to data with the intention to commit or facilitate the commission of a serious offence. 89 In the context of TFDFV, individuals who hack locational information about others may commit the more serious offence. Those who impair electronic communications, cutting off access to friends or family, may also be in violation of the law. 90 While challenges remain with shared telephone accounts, as outlined above, there are provisions that reduce the ability of a perpetrator to 'port' a victim-survivor's telephone number. 91 This is in addition to a general prohibition on telecommunications interception. 92 Legislation guiding the behaviour of surveillance devices applies across Australia but is jurisdiction specific. 93 An expanded outline of the situation of surveillance in each state and territory (analysed in the context of DFV) can be found on WESNET's legal guide to surveillance legislation. 94 These laws are used in deciding whether a recording is admissible as evidence, including in proceedings where DFV is alleged. However, evidence can be admitted in some circumstances despite having been obtained in breach of these laws. 95 As in Australia, there are criminal consequences for crimes involving inappropriate access to computers in New Zealand. 96 For example, it is an offence to access a computer system without authorisation, although it is not an offence if a person who is otherwise authorised accesses a system for a purpose other than the one for which that person was given access. 97 This suggests that an individual who is generally authorised to use a shared computer does not commit the offence if they access files on that computer (e.g., emails) that are not within the authorisation given. A more serious offence applies if a system is accessed without authorisation and, dishonestly or by deception and without claim of right, an individual either obtains a benefit or causes loss to another person 98 or intends to do so. 99 As in Australia, the main difficulty with such offences in the context of TFDFV is the question of the scope of 'authorisation' in the context of shared devices. Such laws recognise the real harms that could be caused by inappropriate access to such information, inherently protecting informational and communicational privacy, which may inevitably protect bodily privacy. New Zealand law also regulates communications privacy. 100 Separate legislation further prohibits devices used to intercept private communications. 101 New Zealand does not have separate surveillance device legislation (except with respect to police and private investigators). Instead, this is regulated under the Privacy Act 2020 (NZ) and through the prohibition on intimate visual recordings. 102 Because the Privacy Act 2020 (NZ) applies to individuals, there is a specific exception for individuals collecting or holding information 'solely or principally for the purposes of, or in connection with, that individual's personal, family or household affairs', provided that this would not be 'highly offensive to an ordinary reasonable person'. A perpetrator using devices to record the actions or location of a victim would generally be collecting information contrary to the terms of the Act, which, because it is 'highly offensive' would not fall within the exception. Conversely, a victim-survivor using devices to record the violent actions of the perpetrator for evidence purposes would likely be able to rely on the exception. However, much will be left to interpretation in the context of particular facts.

Institutions Regulating Online Behaviour
Australia has an e-Safety Commissioner equipped with the legislative responsibility of promoting online safety. 103 Recent legislation introduces a cyber abuse scheme for all Australians, providing authority for the Commission to require adult cyber abuse material be taken down from social media if the material is posted with the likely intention of causing serious harm. 104 It also provides strengthened provisions to respond to image-based abuse, 105 including in the context of DFV. 106 In New Zealand, the Harmful Digital Communications Act 2015 (NZ) sets out specific communication principles that apply in relation to communications. Netsafe, a private organisation, is an 'approved agency' under the law, 107 which provides it with the authority to assess and investigate complaints 108 of individuals who have suffered, or will suffer, harm because of digital communication. 109 Netsafe can also request take-down or advise, negotiate, mediate and persuade others. After the process of engaging with Netsafe, there is an option to apply to the District Court. 110 The Act also creates an offence of causing harm by posting a digital communication with intention to cause harm. 111 Prohibitions on making and the publication of intimate visual recordings is regulated by the criminal law. 112

Privacy and Information Sharing
As with the rise of data and technology, an increasingly important area of concern is the use, misuse and sharing of data. The inevitable fear of this information in violent hands may lead to the most severe infringements of bodily privacy of victimsurvivors. Victim-survivors of DFV may benefit from integrated service provision. Most jurisdictions have, thus, introduced integrated service meetings of organisations and workers to share information about clients assessed to be at high risk of serious physical violence or potential lethality, which is located within relevant domestic violence legislation. 113 Risk assessments may also be shared between organisations for medium to low-risks clients. Information sharing has been recognised as important in the context of DFV by Australian Law Reform Commission, 114  In some jurisdictions, there are specific rules for the ways in which information is to be shared in the context of family violence, often overriding privacy laws. These are generally framed in terms of confidentiality and confidential information as well as in terms of privacy. New Zealand law encourages family violence agencies and social services practitioners to request, use or disclose personal information for purposes related to family violence. 115 Agencies and practitioners are authorised to disclose information where they believe on reasonable grounds that the disclosure will help the recipient agency make a family violence risk or need assessment or ensure that a victim-survivor is protected. 116 The Privacy Act 2020 (NZ) also has provision for approved information sharing agreements between or within agencies that can authorise activities such as collecting, storing, checking, using, disclosing and exchanging information including personal information. There are similar provisions in Australian states and territories. 117 These laws are recognised by the Office of the Australian Information Commissioner as a reason for not needing to notify an individual (perpetrator) that information is being collected about them. 118

The Complexity of Practice
Despite laws that purport to protect victim-survivor's privacy and safety, lack of training, mistakes and poor risk management can undermine the privacy of victim-survivors in ways that compromise their safety. In this section, we explore the challenges of law in action and the reasons why the system can fail to protect the privacy (and hence the safety) of victim-survivors. This section draws on published decisions of privacy commissioners in response to complaints involving disclosure of personal information about a victim-survivor to a perpetrator. While case outcomes published by privacy commissioners represent a small fraction of actual privacy infringements, it is noticeable that many relate to situations where personal information about a victim-survivor is made available to the perpetrator, or in other words, where informational and communicational privacy was breached.
The cases illustrate the ways in which poorly designed systems, insufficient staff training and inadequate security create hazards for victim-survivors. In one case, the records of the complainant and her former partner were not immediately delinked, despite the complainant's attempts to do so, because forms were not correctly completed and insufficient evidence was provided. 119 The continued linking meant that the former partner was automatically notified of the complainant's change of address. Failure of business rules to factor in risks associated with DFV can be corrected once discovered, although greater awareness of DFV by those creating the rules in the first place would be a significant step forward. Many cases involve human error, for example, not redacting locational information, 120 disclosure outside business rules 121 and sending correspondence to an old email address. 122 In these situations, the rules (legal and/or operational) were not followed, suggesting a need for employee training that focuses on the importance of following procedures and the potentially deadly consequences of compromising an individual's communicational and informational privacy by not doing so.
Employees not following procedures is risky when combined with an active attacker seeking to compromise socio-technical information systems to obtain personal information about their victim-survivor. In one case, personal information was provided without asking for a password (despite the woman concerned having set this procedure up to protect herself); 123 in another, a man asked a female friend to represent herself as his former wife, which she did to obtain the wife's credit card statements (again, no password check was conducted). 124 In such contexts, perpetrators are active security threats to the system; to protect victim-survivor privacy in such scenarios requires an approach to security (likely involving strong passwords) that factors in an attacker profile of someone with access to substantial general personal information about a victim-survivor. Better processes, training and security would have prevented all the above cases, each of which posed a threat to the victim-survivor's life, safety or health (including mental health).

Paths Forward
There are both synergies and tensions in looking at the issue of DFV through the lenses of technology, safety and privacy. In some circumstances, privacy can be imperative to ensure victim-survivors safety by protecting their information from those who would use it to cause them harm. Conversely, keeping information about victim-survivors and perpetrators secure can undermine efforts of integrated service provision and collaboration between workers that might support safety for victimsurvivors and monitor perpetrator risk. Technology such as mobile phones and computers can be a lifeline for victim-survivors, reducing isolation and allowing further support options but can also lead to loss of privacy and safety by allowing perpetrators to follow their movements.
The opportunity to explore the intersections of these threads in the context of TFDFV suggests some possible ways forward. In this section, we explain some preliminary recommendations in the Australian and New Zealand context, with the hope that they may lead further research to consider whether similar measures would be effective elsewhere.

Law Reform
While New Zealand has recently updated its privacy laws, a variety of law reform processes are currently underway in Australia, including in the contexts of privacy law and cyber security. 125 Therefore, there is the possibility that Australian privacy laws will be strengthened and security standards mandated, particularly in relation to IoT devices. We focus here on reforms in Australia and New Zealand that would be of specific benefit to victim-survivors. The three main areas for reform are surveillance device legislation, information sharing rules and data breach notification laws.
Surveillance device legislation needs to balance the different interests of those who may be sharing a home, particularly where their needs and interests are not uniform. While some Australian jurisdictions already prohibit installation of surveillance devices in a home without the informed and voluntary consent of all adults whose private activities may be filmed, this is not consistent. 126 The Australian Law Reform Commission has recommended national uniformity through Commonwealth legislation. 127 Douglas and Burdon argue for the importance of recognising differences between the use of surveillance devices by perpetrators and victim-survivors. 128 They suggest this might be done through judicial interpretation of the existing 'lawful interests' exception that allows for recording where this is necessary to protect the lawful interests of the recording party. 129 In particular, they propose that judicial interpretation proceed on the basis of an understanding of 'a broader jurisprudential understanding of privacy as protector and facilitator of individual autonomy'. 130 In our view, legislative reform is a firmer path to distinguish between the use of surveillance devices by perpetrators for purposes such as coercive control and victim-survivors for the purposes of safety and evidence. As explained above, New Zealand draws a distinction in the context of domestic surveillance based on whether the collection of information, including through recording, is 'highly offensive' to a reasonable person. However, this requires similar judicial nuance in interpretation as the Australian concept of 'lawful interests'. It would be preferable in both jurisdictions for relevant statutes to provide clearer rules that can be easily interpreted by non-lawyers to provide guidance on the circumstances in which domestic surveillance is permitted. The suggestion of the Law Commission in New Zealand provides a useful way forward. They propose permitting surveillance by a person who believes on reasonable grounds that it is necessary 'for the protection for the health or safety of any person' or 'to provide evidence that an offence has been or was being committed or planned', provided the surveillance is no more than reasonably necessary for such purposes. 131 One narrowing we would propose is to limit the offences that would justify surveillance.
Integrated service provision requires information sharing to coordinate practice and ensure safety. However, information sharing protocols and rules are often different in the domains of DFV and child protection, despite the practical overlap between the two scenarios. These rules should be harmonised, using similar language and concepts, with any differences in the two clearly explained in legislation and justified in related explanatory memoranda. Greater alignment between the two sets of rules will simplify compliance and training for staff in the field and reduce confusion in the many cases that cut across both contexts. Greater consideration is also required to develop policies about sharing information collected from victim-survivors of DFV with agencies with power to remove children from parental care. There is a risk that oversharing (or belief in oversharing) will reduce reporting rates of DFV, particularly in Indigenous communities. 132 At the same time, it is important to identify and protect children at risk of harm. Our research does not provide answers to this delicate balance, but it does identify its importance.
One aspect of broader privacy reforms that is particularly relevant in the context of DFV is mandatory data breach notification requirements. There remain some jurisdictions that have yet to enact such laws. The drafting of such laws should also recognise that most organisations will not know whether those affected by a data breach are at increased risk of violence as a result. For example, the current standard in the Privacy Act 1988 (Cth) is that a data breach is 'eligible' where 'a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates'. 133 Similar language appears in the definition of notifiable privacy breach in New Zealand's legislation. 134 However, given the general lack of knowledge of organisations of the circumstances of those about whom they hold data, this should be rewritten to require disclosure except in cases where a reasonable person would conclude that the access or disclosure is unlikely to result in serious harm. The difference between the current law and the proposed reform relates to whether an individual is notified when the organisation does not know the personal circumstances of that individual. In most of the situations discussed in Complexity of Practice, the organisation was unaware that the individual affected by their conduct was a victim of DFV. Indeed, this will be the most common scenario. In that context, the default should be to ensure that individuals are notified and, thus, can manage any increased risks of serious harm themselves. The only circumstance in which notification would not be required is where, perhaps because of the nature of the data involved in the breach, a reasonable person would conclude that the access or disclosure is unlikely to result in serious harm. Guidance from the regulator to organisations should specifically reference the possibility of information being used by perpetrators of DFV violence as a factor for organisations to consider in the assessment.

Changes in Process
There are some standard business processes (in the context of both government and the private sector) that should be modified to take account of the needs of victim-survivors. These relate to disaggregation of joint accounts, processes around information sharing, transparency about information sharing and taking account of DFV scenarios in relevant security policies.
There are a variety of contexts in which domestic partners or families share an account or have linked accounts, either with business service providers (such as utilities and financial institutions) or with government (e.g., for certain welfare payments). All organisations that allow for this need to also allow for rapid account disaggregation or delinking on request and, if necessary, temporarily suspending communications containing sensitive personal information until forms and identity verification processes can be completed. This is particularly crucial for accounts that include location or address information, such as telecommunications services accounts.
Processes for information sharing (where legally permitted) should be designed to ensure that security is paramount, both in the course of information access or transfer and through general information management. Ensuring that information sharing does not undermine the privacy of those whose information is being shared is critical in protecting their personal security and safety.
Where information sharing does occur, it is important to maintain trust with those whose information is shared, particularly where they are at risk. Everyone, but particularly victim-survivors, should be kept informed about how and with whom their data may be shared (e.g., electronically, in case conferences or in high-risk inter-agency meetings). Information should also be made available about whether such sharing is secure and, at a high level, the kinds of arrangements in place to protect their privacy.
Cyber security and information security need to be designed with the needs of victim-survivors in mind. Agencies should specifically analyse the threat that perpetrators pose, particularly given they often have intimate knowledge of victim-survivors personal information and circumstances.
It will be important to include information sharing and privacy within the context of DFV in future government policies related to DFV.

Improvements in Training
Expertise in DFV and privacy rarely overlap, yet it is crucial that those providing services to victim-survivors are aware of both sets of issues and how these relate to the role they are performing. Training on information sharing legal frameworks and related security arrangements is essential. Frontline staff should be given specific training to reduce the risk of accidental disclosure to perpetrators, particularly in the context of domestic relationships where a perpetrator will know enough to answer standard 'security questions'. Training is also required specifically on safety and privacy issues associated with technology-both in contexts where perpetrators exploit technology (e.g., spyware) and where it claims to protect victim-survivors.

Further Research
Our final recommendations relate to future research. As explained at the outset, this was a preliminary study considering TFDFV through a pluralist privacy approach, limited primarily to doctrinal and legislative analysis. Given the importance of the issue, we believe that further research is required to confirm our findings in the jurisdictions analysed and to identify similar issues in other jurisdictions. Further evidence is required on the effectiveness of technology tools that claim to protect victimsurvivors and to establish best practice in the delivery and implementation of technological tools that increase the safety of victim-survivors or monitor perpetrators as part of an ongoing research and policy agenda on TFDFV. This research should address specific important empirical questions, such as whether it is better to notify perpetrators that their partner is using a duress alarm or CCTV camera or whether such notifications antagonise perpetrators and increase the likelihood of violence. It would also be worth exploring the possibility of partnerships between technology companies and DFV service providers to explore ways to improve the design of applications and platforms in ways that reduce the risks of TFDFV and related loss of privacy.