The federal government will be forced to simultaneously fight dozens of court appeals later this month following a privacy breach, with about 40 asylum seekers preparing to launch appeals against their deportation in the Federal Circuit Court.
The asylum seekers are among the 10,000 who had their personal details revealed when the Department of Immigration and Border Protection (DIBP) inadvertently released their names and addresses in a mass data breach on its website.
By Monday, 36 asylum seekers will have lodged individual court applications from detention centres in Sydney, Western Australia and Darwin, claiming the data breach puts them at risk of persecution in their home countries and they should automatically be given permanent protection.
More than a dozen asylum seekers already have matters listed in Sydney on March 19. It is understood that number will quickly grow, and moves are under way to combine them into a class action.
Some asylum seekers have claimed that the department asked them to sign waivers stating that they would not hold the department responsible for any harm that came to them after they were deported to their home country.
The principle of non-refoulement, which stresses that asylum seekers should not be returned to known harm, is the cornerstone of the Refugee Convention, to which Australia is a signatory.
Edmund Rice Centre researcher John Sweeney – who has visited asylum seekers preparing to challenge their looming deportation, including some who claim to have been given the waiver – said deporting asylum seekers to suspected harm constituted refoulement.
He said some had been issued with deportation notices after their personal details had been leaked online.
"This is absolutely bizarre," Dr Sweeney said. "They have an absolute right not to be returned to danger ... They can't sign it away and Australia's asked them to do so."
Guardian Australia revealed last month that the personal details of 10,000 asylum seekers – including names, addresses, ages, home countries and boat arrival information – had been revealed on the DIBP website.
The department has regularly warned the media that publishing any personal or identifying details of asylum seekers could lead to their claim being successful because of any danger they could now face by returning to their home country.
In a letter, a group of asylum seekers in Villawood spoke of their fears of being pressured to return by the Department of Immigration.
"We are a group of weak people and our fate rests in the hands of immigration," they wrote. "We don't know in the face of so much pressure how long we can hold on."
A spokeswoman for Immigration Minister Scott Morrison said: "Individual claims are assessed on their merits, taking into account any factors considered relevant to their claim.
"I am advised that the department is putting in place arrangements to notify those who may have been affected by the data breach.
"All staff working in detention facilities are required to act with professionalism when dealing with asylum seekers."