Peter A Clarke

The civil penalty proceeding in the Federal Court of ASIC v RI Advice Group is a significant case regarding the effectiveness of the Corporations Act 2001 in dealing with cybersecurity issues. ASIC commenced proceedings against RI Advice alleging that authorised representatives of RI advice were subject to data breaches between 2016 and 2020,  ASIC alleges that RI Advice failed to implement adequate policies and systems and provide sufficient resources to manage cyber security and cyber resilience risk.  ASIC alleges that these failures constitute a breach of the general obligations of RI Advice’s financial licence under section 912A of the Corporations Act.  I provided a detailed analysis of the pleaded case in August last year. 

On 19 February 2021 Mr Justice O’Callaghan set down the timetable of the interlocutory steps before trial, being:

1. The Plaintiff has leave to file and serve an Amended Originating Process substantially in the form served on the Defendant on 26 October 2020.
2. By 4.00pm on 24 February 2021, the Plaintiff is to file and serve its Amended Originating Process.
3. By 4.00pm on 1 March 2021, the Plaintiff is to file and serve any Reply to the Defendant’s Defence to the Amended Statement of Claim.
4. By 4.00pm on 30 April 2021, the Plaintiff is to file and serve the lay witness statements and expert reports upon which it proposes to rely at trial, and a list of documents which it proposes to tender at trial.
5. The matter be listed for a further case management hearing at 9.30am on 14 May 2021.
6. The proceeding is tentatively listed for trial with an estimate of 2 to 3 weeks commencing on 29 November 2021.
7. Costs are reserved.
8. There is liberty to apply.

RI Advice’s defence was filed on 12 February 2021.  ASIC did not file a Reply.  ASIC’s expert report was filed on 30 April 2021.  So far so good. 

Last Friday RI Advice claimed Read the rest of this entry »

It is better to have Privacy Awareness Week than not.  It is just that it is  poorly promoted and the regulator has relatively little to say.  That is a major pity.

This year the Commonwealth Information Commissioner in addition to an anodyne joint statement by information commissioners did put out a glossy tips for home, tips for work, tips for parents and carers, what to do if individuals  receive a data breach notification  and  10 steps to undertaking a privacy impact assessment. OVIC had a modest program.  The media coverage was thin on the ground with the most notable coverage being ABC News Radio doing a 6.21 minute piece Does privacy still exist in 2021?  It is little wonder Governments feel not much in the way of pressure to bolster privacy rights in Australia.

What is interesting is the recounting of the 2020  Australian Community Attitudes to Privacy Survey.  It is something of a behemoth running to 121 pages. Some of the findings are:

• 70% of Australians see the protection of personal information as an important issue and a major concern in their life.
• 84% think identity theft and fraud, and data security and breaches, are the biggest privacy risks.
• Most Australians have a clear understanding of why they should protect their personal information (85% agree), but half (49%) say they don’t know how.
• 84% feel privacy of information and data is important when choosing a digital service.
• 87% want more control and choice over the collection and use of their personal information.

These figures are hardly surprising but always worth recounting because there remains a sub current of cynicism about privacy and unfounded statements that people have given up on their privacy and are prepared to sacrifice privacy for services or security, or both.  As if it is a binary choice.  Which it never has been.

The Information Commissioner delivered a speech on 7 May titled Fair, flexible, fundamental: the future of data protection in a digital world where she Read the rest of this entry »

It was hardly a shock that Dani Laidley sued Victoria Police over unauthorised photos taken when she was in the custody of the Victoria Police.  The question was when rather than if action would be taken.  And taken it has been, with a writ filed in the Victorian Supreme Court.   This follows on 6 police officers being ordered to pay Laidley compensation of up to $3,000 each by an internal disciplinary panel.  Those awards are ridiculously small and will be dwarfed by an award in the Supreme Court if the matter proceeds to trial and then judgment.  It is more likely that it will settle.  The then Deputy Victorian Police Commissioner, stated he was appalled by the conduct.  The career consequences for the officers have been severe with a senior constable and constable charged with the unauthorised disclosure of police information with the senior constable also charged with misconduct in public office. 

Once the images were leaked online they were shared by 224 Victorian Police.  Thirty nine police and public servants are or have faced internal disciplinary Read the rest of this entry »