Treasurer outlines proposed changes to insolvency laws

September 24, 2020

Yesterday and first thing this morning the media was abuzz, with coverage from the Guardian,  the Sydney Morning Herald, the ABC and the Financial Review (amongst many other news outlets) with news of proposed changes to the insolvency laws as embargoed releases were provided to them last night.

The Treasurer revealed the proposed changes to the insolvency laws.  That will significantly affect  professionals who practice insolvency law such as myself.

The Treasurers’ media release relevantly provides:

The Morrison Government will undertake the most significant reforms to Australia’s insolvency framework in 30 years as part of our economic recovery plan to keep businesses in business and Australians in jobs.

The reforms, which draw on key features from Chapter 11 of the Bankruptcy Code in the United States, will help more small businesses restructure and survive the economic impact of COVID-19. As the economy continues to recover, it will be critical that distressed businesses have the necessary flexibility to either restructure or to wind down their operations in an orderly manner.

Key elements of the reforms include:

    • The introduction of a new debt restructuring process for incorporated businesses with liabilities of less than $1 million, drawing on some key features of the Chapter 11 bankruptcy model in the United States.
    • Moving from a rigid one-size-fits-all “creditor in possession” model to a more flexible “debtor in possession” model which will allow eligible small businesses to restructure their existing debts while remaining in control of their business.
    • A rapid twenty business day period for the development of a restructuring plan by a small business restructuring practitioner, followed by fifteen business days for creditors to vote on the plan.
    • A new, simplified liquidation pathway for small businesses to allow faster and lower cost liquidation.
    • Complementary measures to ensure the insolvency sector can respond effectively both in the short and long term to increased demand and to meet the needs of small business.

The reforms will cover around 76 per cent of businesses subject to insolvencies today, 98 per cent of whom who have less than 20 employees.

Together, these measures will reposition our insolvency system to reduce costs for small businesses, reduce the time they spend during the insolvency process, ensure greater economic dynamism, and ultimately help more small businesses get to the other side of the crisis.

On 22 March 2020, the Government announced temporary regulatory measures to help financially distressed businesses get to the other side of COVID-19. On 7 September 2020 the Government announced a further extension of this relief to 31 December 2020.  The new processes will be available for small businesses from 1 January 2021.

The 10 page fact sheet is found here and Read the rest of this entry »

Extension of temporary changes to continuous disclosure provisions for corporations and its officers

September 23, 2020

Today the Federal Treasurer announced an extension of the temporary amendments to the continuous disclosures obligations under the Corporations Act 2001 until 21 March 2021.

This announcement does not come as a particular surprise to insolvency practitioners.

The release Read the rest of this entry »

Major data breach at the University of Tasmania

September 22, 2020

After the major data breach at the Australian National University which was probably caused by interference by a state actors one would have thought universities in Australia would review their data security practices, do some stress testing and monitor access points to their databases.  Maybe some did, but it is certain that the University of Tasmania didn’t.  Or didn’t worth a damn.  The Australian, in Serious data breach hits 20,000 Uni of Tasmania students, prompting credit, privacy concerns, reports on a very serious data breach where the personal information of, 19,900, students including their ethnicity, any disabilities and results.  The information was available for accessing by other students between 27 February and 11 August, 2020.  Unlike the data breach at the Australian National University, (see my post here) which involved a sophisticated cyber attack by a foreign player, the source of the data breach was incorrect configuration of settings for the Sharepoint database.

It is interesting, and begs more than a few questions, as to why the University would wait from 11 August, when the data breach was discovered, until 21 September when it was made public and students were notified.  It is longer than the Read the rest of this entry »

The Commonwealth Government releases the exposure draft of the Data Availability and Transparency Bill 2020

September 17, 2020

Yesterday the Australian Government released a Consultation Paper with the exposure draft of the Data Availability and Transparency Bill 2020 (the “DAT Bill”).

The Consultation Paper is a mere 33 pages.  The exposure draft of the DAT Bill comes in at 104 pages with the explanatory memorandum coming in at a relatively slender 74 pages.  The enactment of the DAT Bill will give rise to consequential amendments which are found in the Data Availability and Transparency (Consequential Amendments) Bill 2020 and accompanying explanatory memorandum.

The consultation period, for comments and submissions, closes at 5pm on 6 November 2020.  Given the breadth and depth of the DAT Bill that is quite a short time frame in the age of COVID.

The road has been smoothed for the introduction of this quite radical, on one view, and transformative, on another, change to the usage of data collected by public agencies.  The interim National Data Commissioner has framed the proposal, in her press release Modernising government data sharing, in terms of being Read the rest of this entry »

Zhenhua Data leak of the personal information of 35,000 Australians.

September 15, 2020

The collection and analysis of vast amounts of personal information is the hugely valuable for business, politics and public administration. It has been described as the twenty first century equivalent of what oil was to the twentieth century. It has revolutionised the way business is done and services are provided, for profit and otherwise.  The use of personal information has more dystopian uses, such as  surveillance by states as well as being able to used as part of a cyber campaign.

China is at the forefront of the cyber triaphilia; a keeness bordering on obsession with surveillance, a proficiency in cyber attacking and, finally a willingness and often desire to interfere with other states activities or at least individuals in those states.

Zhenhua Data is a company whose main clients are the Chinese Communist Party and the Peoples Liberation Army.  That is neither here nor there except that the ABC reports in Chinese database collects information on thousands of Australians, from PMs to pop stars it had built up a data base of 35,000 Australians according to a leak of 2.4 million entries in data leaked from Zhenhua Data.  The data base seems to have been built up with information publicly available but also sources which would normally keep that information private.

There has been much hand wringing as to why  a Chinese data firm collect information about a disparate group of people who seemingly have little to do with each other beyond them being public figures to a greater or lesser degree. The answer is quite straightforward.  Most governments Read the rest of this entry »

Australian Information Commissioner v Facebook Inc; Federal Court rejects application to set aside ruling granting the Commissioner leave to serve process on the US Based Facebook

September 14, 2020

The Federal Court today dismissed an application by Facebook against a previous ruling granting the Australian Information Commissioner leave to serve legal documents on Facebook USA.

The issue in the application was Facebook contending that it did not carry out business in Australia.

The terms of the application and the supporting affidavit are not publicly searchable, yet. The hearing took place on 6 May 2020.

The orders of Justice Thawley are:

  1. The interlocutory application dated 6 May 2020 be dismissed.
  2. The written reasons for judgment not be published beyond the parties until further order.
  3. The parties have until 12 pm on 16 September 2020 to advise the Court of any orders for redactions sought, together with a concise written explanation as to why those redactions ought be made.
  4. Unless any party applies within 7 days for a different order with respect to costs, the first respondent pay the applicant’s costs of the interlocutory application.

The Commissioner had a restrained Read the rest of this entry »

Attorney General refers issue of judicial impartiality and legislative framework for corporations and financial services regulation to the Australian Law Reform Commission

Last Friday, 11 September 2020, the Commonwealth Attorney General referred two matters to the Australian Law Reform Commission:

  1. a review into judicial impartiality with a final report due on 30 September 2021; and
  2. a review of the legal framework for corporations and financial services with a final report due on 30 November 2023.

The Media Release Read the rest of this entry »

Privacy breaches in the age of COVID

September 13, 2020

Cicero said “Laws are silent in time of war.”  The modern day equivalent is “laws are selectively ignored in times of pandemic.”  In the area of privacy laws that variation is very apposite.  In this pandemic the Victoria Police have been notably more assertive (read aggressive), paternalistic (read preachy, especially the Falstaffian Luke Cornelius’ intemperate verbal lashing of this or that civilian who attracts his ire) and selective about which laws they follow (as in don’t follow) than their interstate equivalents.  By a large margin and from the outset of the COVID.   The latter point is illustrated by Victoria Police reportedly using mobile surveillance units to remotely monitor citizens for breaches of the COVID laws. 

Putting aside the concerning willingness of Victoria Police officers to adopt such a dystopian method of performing their duties, as they see it.  I would be very interested to see the legal advice which regarded those actions as consistent with the Privacy and Data Protection Act 2014.  It is particularly concerning given the units are being deployed where there have been no complaints to police or even evidence of a breach.  That is just blanket surveillance pure and Read the rest of this entry »

Commonwealth extends trading while insolvent protections

September 9, 2020

The Attorney General announced yesterday that the Commonwealth Government will extend the insolvency and bankruptcy protections previously enacted in relation to:

  • trading while insolvent
  • increasing the threshold at which creditors can issue a statutory demand and the time for responding to a statutory demand.

The protections will extend until 31 December 2020.

The Attorney General’s media release provides:

The Morrison Government will continue to provide regulatory relief for businesses that have been impacted by the Coronavirus crisis by extending temporary insolvency and bankruptcy protections until 31 December 2020.

Regulations will be made to extend the temporary increase in the threshold at which creditors can issue a statutory demand on a company and the time companies have to respond to statutory demands they receive.

The changes will also extend the temporary relief for directors from any personal liability for trading while insolvent.

These measures were part of more than 80 temporary regulatory changes the Government made designed to provide greater flexibility for businesses and individuals to operate during the coronavirus crisis.

The extension of these measures will lessen the threat of actions that could unnecessarily push businesses into insolvency and external administration at a time when they continue to be impacted by health restrictions.

These changes will help to prevent a further wave of failures before businesses have had the opportunity to recover.

In addition, the Government is providing an unprecedented level of support totalling $314 billion to cushion the blow for workers, households and businesses during the coronavirus crisis.

As the economy starts to recover, it will be critical that distressed businesses have the necessary flexibility to restructure or to wind down their operations in an orderly manner.

The Government will continue to help businesses successfully adapt and restructure so that they can bounce back on the other side of this crisis.

As the Age reports in ‘More harm than good’: Businesses get reprieve but thousands still set to fail on the the changes, importantly that the extensions may actually harm rather than benefit Read the rest of this entry »

ASIC commences action against RI Advice Group Pty Ltd for failing to have adequate cyber security

August 22, 2020

Today the Australian Securities and Investments Commission (“ASIC”) commenced proceedings against RI Advice Group Pty Ltd (“RI”).   It has been filed in the Federal Court Victorian Registry.  

RI holds an Australian Financial services licence and at all relevant times was a wholly owned subsidiary of the Australia and New Zealand Banking Group Limited (the ANZ).

According to the Concise Statement :

  • on 3 January or 3 March 2017 RI became aware of a ransomware attack on the computer systems of one of RI’s authorised representatives in 2016 which made files inaccessible [5];
  • on 30 May 2017 RI became aware another authorised representative’s files were hacked which affected 226 client groups [6]. 

ASIC alleges that in relation to each of those incidents RI should have but failed to:

 (a) properly review the effectiveness of cybersecurity controls relevant to these incidents across its AR network, including account lockout policies for failed log-ins, password complexity, multi-factor authentication, port security, log monitoring of cybersecurity events, cyber training and awareness, email filtering, application whitelisting, privilege management and incident response controls; and (b) ensure that those controls were remediated across its AR network where necessary in a timely manner, in order to adequately manage risk with respect to cybersecurity and cyber resilience.

  • between 30 December 2017 and 15 April 2018 an unknown malicious agent obtained and retained remote access to an authorised representative’s remote access to its file server and spent 155 hours accessing sensitive client information.  That resulted in 27 clients reporting unauthorised use of their personal information with that there were 3 attempts to redirect mail and multiple bank accounts being opened upon without consent.  There was a notification to the Australian Information Commissioner.  An investigation revealed that 8,104 individuals were exposed to the breach.

ASIC alleges that the risk management systems and resourcing relating to cybersecurity and cyber resilience were inadequate Read the rest of this entry »