Smart devices being used for domestic abuse

October 21, 2020

The weaknesses of the internet of things to hacking has long been known.  That doesn’t mean it has been dealt with adequately.  The common problem is access to those devices through inadequate security or weak passwords from third parties.  A recent BBC article How smart devices are exploited for domestic abuse demonstrates how the internet of things can be used track and terrorise.

A machine or application is in and of itself neither evil or good.  It has no value.  It provides a service or performs a function.  As the article makes clear features designed to assist, such as a doorbell camera, can be used by partners or ex partners to surveil.  Family apps, which I find creepy, are designed to monitor children’s safety.  But the data can be relayed to Read the rest of this entry »

Yuanda Vic Pty Ltd v Facade Designs International Pty Ltd [2020] VSCA 269 (16 October 2020): application for stay pending appeal, special or exceptional circumstances

October 20, 2020

In Yuanda Vic Pty Ltd v Facade Designs International Pty Ltd [2020] VSCA 269 the Court of Appeal granted a stay of payment pending hearing of an appeal.  It is an interesting and valuable decision because it is a comprehensive analysis of the principles associated with making a stay application.  It is also notable because the application was successful, a difficult result to achieve normally. 


Under a supply and installation agreement dated 13 April 2018 (‘the Contract’), the respondent, (“Facade Designs”) agreed to  instal  façade elements manufactured and supplied by the applicant (“Yuanda”) as part of the construction of commercial and residential towers at 447 Collins Street known as ‘the Arch on Collins’ (‘the Project’) for the price of $14.5 million [5]. Facade Designs provided works from September 2018 until November 2019 when the Contract was terminated [6]

On 30 September 2019, Facade Designs provided a payment claim under s 14 of the Building and Construction Industry Security of Payment Act 2002 (‘the Act’) for $4,584,820.68 (inclusive of GST) (‘the Payment Claim’) [7].  Yuanda paid Facade Designs paid  $1,115,455 (inclusive of GST) on 2 October 2019, reducing the amount claimed to $3,469,365.58 [8].

Yuanda failed to provide a payment schedule to the respondent within 10 business days of receiving the Payment Claim, as contemplated by s 15 of the Act [9]. Pursuant to s 15(4) Yuanda became liable to pay Facade Designs the amount claimed on 30 October 2019  [10].  The applicant failed to pay the amount claimed [11]. Facade Designs conceded some reductions and  sought judgment pursuant to s 16(2)(a) of the Act [12].

The Court rejected Yuanda’s  contention that:

(a) the Payment Claim was invalid because it did not sufficiently identify the construction work or related goods and services to which the progress payments related within the meaning of s 14(2)(c) of the Act and as a consequence it was not liable to pay the amount under s 15(4) of the Act (‘the Adequacy of the Payment Claim’); and

(b) the Payment Claim included excluded amounts within the meaning of s 14(3)(b) and pursuant to s 16(4)(a)(ii) of the Act .

In relation to the excluded amounts issue the court held that, in determining Read the rest of this entry »

UK Information Commissioner’s office fines British Airways 20 million pounds for data breach affecting 400,000 customers

October 17, 2020

The UK Information Commissioner’s Office (“ICO”)has fine British Airways (BA) £20 million for a data breach in 2018.  I did a post on it in September 2018. The ICO initially intended to fine BA nearly £184 million and made a statement in July 2019 to that effect in response to BA’s statement to the London Stock Exchange.  The Commissioner decided to reduce the sum in light of the impact COVID 19 has had on BA’s business and finances.

As often happens the investigation into the cyber attack by the regulator turned up multiple failings by BA in both protecting its network but also failing to detect the attack. And that attack was both wide and deep in its penetration. Through the attack addresses of 244,000 customers were accessed, the credit card details with CVV numbers of 77,000 customers and credit card numbers Read the rest of this entry »

Surveillance of workers at home… a new (actually old) privacy issue that has been a kick along

The cynical saying “don’t waste a good crisis” has found plenty of examples of unimpeded and inadequately scrutinised change by governments and businesses.  Here there has been  a solid level of support in governments doing the right thing.  And generally less fractious argument between workers and employers.  The feeling is, we are all in this right so the presumption is that commonweal trumps all, including individual rights.  A dangerous mindset and one that leads to abuse which can be difficult to undo when the crisis passes as the technology is embeded into the work place structure with little to no push back.

The phenomana of employee monitoring is not a unique by product of the COVID 19 lockdown and remote working.  It has been a growing trend for some time.  In 2018 Garnter produced a report, The Future of Employee Monitoring, where it found that in 2018 50% of companies surveyed used some form of non traditional monitoring techniques.  The figure was 30% in 2015.  Gartner predicted that number to be 80% this year. That prediction was done without factoring in the change in workplace arrangements with COVID 19.  There has been a discernible effort by employers to use the technology available to monitor their workers output while working remotely coupled.  A growing list of increasingly sophisticated surveillance tools has lead to an ineffectively regulated and comprehensive means to surveil employees in their home.  This is well described Read the rest of this entry »

Contact tracing data collected from pubs and restaurants in the UK being sold marketers,

October 12, 2020

When the history of the COVID 19 pandemic is written the chapter on how governments and organisations respected individuals privacy will be grim reading.  The way in which data was collected by businesses at venues was at best sloppy and often times almost criminally negligent. I gave up counting how many scraps of paper or, for some reason, children’s exercise books were left lying around with details of patrons in plain view.  Some of the information sought went beyond names and contact details. Governments went overboard on tracking, to the point where Israel halted police phone tracking because of the privacy intrusion was so great.  The contact tracing app in Australia was oversold as an aid and seriously under performed.  It rarely features in any discussions by, well pretty much anyone.

The Times reports in Contact-tracing data harvested from pubs and restaurants being sold on that data collected to assist contact tracing has been sold on by the establishments that collected that data.  That is a blatant breach of Read the rest of this entry »

The US Internal Revenue Service being investigated for using location data without warrant..the great temptation for government agencies

October 8, 2020

Governments love data. All governments and for as long as there have been governments.  The Assyrian empire as long ago as 2025BC developed a buerocracy and kept records about their subjects. The Romans took it to a new level with the census.  And with every new age and development the collection has become more sophisticated.  But there were always costs and inefficiencies in collecting, managing and using data. The East German authorities essentially drowned under the flood of information from informants and the obsessive surveillance of the Stasi.  In the digital age collection, aggregation and use of masses of data has been simplified.  And data can be used more effectively with enhanced computer power and algorithms. And the temptation to interfere with privacy while using data is a constant one for government agencies, especially those chasing revenue. As can be seen in the report  The IRS Is Being Investigated for Using Location Data Without a Warrant which reports Read the rest of this entry »

US Senate Committee on Commerce, Science, and Transportation conduct hearings about the need for federal level privacy law

October 6, 2020

The United States does not have a comprehensive Data Privacy Legislation.  Most states in the United States have some form of data protection legislation, including mandatory data breach notification laws.  At the Federal level business, in particular those engaged in collecting and selling data, have resisted any attempt to provide some form of regulation on the collection, storage and use of personal information.  The dynamics have changed somewhat in the last two years with the outrageous abuse of personal information by Facebook with Cambridge Analytica, Google’s continuous data avarice and significant data breaches involving millions of individuals personal information.

The US Senate Committee on Commerce, Science, and Transportation held hearings on 23 September 2020 in Washington DC.   The hearing was titled Revisiting the Need for Federal Data Privacy Legislation.  The purpose was described as Read the rest of this entry »

Treasurer outlines proposed changes to insolvency laws

September 24, 2020

Yesterday and first thing this morning the media was abuzz, with coverage from the Guardian,  the Sydney Morning Herald, the ABC and the Financial Review (amongst many other news outlets) with news of proposed changes to the insolvency laws as embargoed releases were provided to them last night.

The Treasurer revealed the proposed changes to the insolvency laws.  That will significantly affect  professionals who practice insolvency law such as myself.

The Treasurers’ media release relevantly provides:

The Morrison Government will undertake the most significant reforms to Australia’s insolvency framework in 30 years as part of our economic recovery plan to keep businesses in business and Australians in jobs.

The reforms, which draw on key features from Chapter 11 of the Bankruptcy Code in the United States, will help more small businesses restructure and survive the economic impact of COVID-19. As the economy continues to recover, it will be critical that distressed businesses have the necessary flexibility to either restructure or to wind down their operations in an orderly manner.

Key elements of the reforms include:

    • The introduction of a new debt restructuring process for incorporated businesses with liabilities of less than $1 million, drawing on some key features of the Chapter 11 bankruptcy model in the United States.
    • Moving from a rigid one-size-fits-all “creditor in possession” model to a more flexible “debtor in possession” model which will allow eligible small businesses to restructure their existing debts while remaining in control of their business.
    • A rapid twenty business day period for the development of a restructuring plan by a small business restructuring practitioner, followed by fifteen business days for creditors to vote on the plan.
    • A new, simplified liquidation pathway for small businesses to allow faster and lower cost liquidation.
    • Complementary measures to ensure the insolvency sector can respond effectively both in the short and long term to increased demand and to meet the needs of small business.

The reforms will cover around 76 per cent of businesses subject to insolvencies today, 98 per cent of whom who have less than 20 employees.

Together, these measures will reposition our insolvency system to reduce costs for small businesses, reduce the time they spend during the insolvency process, ensure greater economic dynamism, and ultimately help more small businesses get to the other side of the crisis.

On 22 March 2020, the Government announced temporary regulatory measures to help financially distressed businesses get to the other side of COVID-19. On 7 September 2020 the Government announced a further extension of this relief to 31 December 2020.  The new processes will be available for small businesses from 1 January 2021.

The 10 page fact sheet is found here and Read the rest of this entry »

Extension of temporary changes to continuous disclosure provisions for corporations and its officers

September 23, 2020

Today the Federal Treasurer announced an extension of the temporary amendments to the continuous disclosures obligations under the Corporations Act 2001 until 21 March 2021.

This announcement does not come as a particular surprise to insolvency practitioners.

The release Read the rest of this entry »

Major data breach at the University of Tasmania

September 22, 2020

After the major data breach at the Australian National University which was probably caused by interference by a state actors one would have thought universities in Australia would review their data security practices, do some stress testing and monitor access points to their databases.  Maybe some did, but it is certain that the University of Tasmania didn’t.  Or didn’t worth a damn.  The Australian, in Serious data breach hits 20,000 Uni of Tasmania students, prompting credit, privacy concerns, reports on a very serious data breach where the personal information of, 19,900, students including their ethnicity, any disabilities and results.  The information was available for accessing by other students between 27 February and 11 August, 2020.  Unlike the data breach at the Australian National University, (see my post here) which involved a sophisticated cyber attack by a foreign player, the source of the data breach was incorrect configuration of settings for the Sharepoint database.

It is interesting, and begs more than a few questions, as to why the University would wait from 11 August, when the data breach was discovered, until 21 September when it was made public and students were notified.  It is longer than the Read the rest of this entry »