Peter A Clarke

Categories

  • Blogs

  • Civil Liberties & rights

  • Current Affairs

  • Data security

  • Legal blogs

  • Newspapers

  • Overseas legal sites

  • Oz Legal

  • Politics

  • Privacy sites

  • Technology

    • Federal Trade Commission writes letter to technology companies warning them against censoring or weakening data security of Americans at request of foreign powers. Meanwhile the UK government says it will not seek back doors for programs

    August 22, 2025

    The demand. by some governments to have a back door to end to end encryption is hugely controversial.  The National Security Agency in the United States had Yahoo install a backdoor for NSA’s use in 2014/5, although Yahoo says it challenged the NSA about this. In 2015 it built custom software to search client’s incoming emails. Since 2013 the NSA has been keen to get around or through encrypted messaging.In February this year the UK ordered Apple to let it have access to users’ encrypted accounts.  In 2015/2016 Apple was embroiled in a dispute with the FBI.  The FBI wanted Apple to unlock phones whose data was cytographically protected.  Apple refused and objected to at least 11 orders issued by the US District Courts.

    The issue of concern is that the US government is concerned that overseas governments are attempting to weaken the level of encryption and data security.  This directive, for want of a better word, poses real challenges for companies operating in other jurisdictions. Like Australia.  But the US policy has had an impact with the UK agreeing to drop its plan for encryption backdoor mandate for Apple.

    The chairman of the Federal Trade Commission (“FTC”) has written letters to the largest and well known cloud computing, data security, social media, computer and other technology companies warning them not to censor themselves or weaken data security of Americans if asked by foreign governments. The rationale is set out in its media release titled FTC Chairman Ferguson Warns Companies Against Censoring or Weakening the Data Security of Americans at the Behest of Foreign Powers.

    The media release provides:

    Federal Trade Commission Chairman Andrew N. Ferguson sent letters today to more than a dozen prominent technology companies reminding them of their obligations to protect the privacy and data security of American consumers despite pressure from foreign governments to weaken such protections. He also warned them that censoring Americans at the behest of foreign powers might violate the law.

    The letters were sent to companies that provide cloud computing, data security, social media, messaging apps and other services and include: Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack and X.

    The letters noted that companies might feel pressured to censor and weaken data security protections for Americans in response to the laws, demands, or expected demands of foreign powers. These laws include the European Union’s Digital Services Act and the United Kingdom’s Online Safety Act, which incentivize tech companies to censor worldwide speech, and the UK’s Investigatory Powers Act, which can require companies to weaken their encryption measures to enable UK law enforcement to access data stored by users.

    “I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Chairman Ferguson wrote.

    The letter noted that as companies consider how to comply with foreign laws and demands, they are still required to comply with the FTC Act’s prohibition against unfair and deceptive practices in the marketplace. For example, if a company promises consumers that it encrypts or secures online communications but then adopts weaker security in response to demands from a foreign government, such an action could be considered a deceptive practice under the FTC Act, the letter noted.

    The FTC has brought dozens of cases over the past two decades against companies that have failed to keep their promises to consumers to deploy reasonable safeguards to protect consumer data. 

    The model letter sent to the companies provides, without footnotes:

    Read the rest of this entry »

    Posted in Federal Trade Commission, Legal, Privacy | Post a comment »

    Class action looming from data breach at Genea

    August 11, 2025

    Given the scope and sensitivity of the personal information lost in the Genea data breach it is hardly surprising that a number of firms, 3 at last count, are considering class actions. This looming herd/charge of class actions is covered by Nine with ‘Reopened those wounds’: IVF patients to sue clinic over data breach and the Sydney Morning Herald with ‘Emotionally devastating’: Victims of IVF data breach seeking class action. It is always difficult to predict what will or won’t be pleaded in class actions but the issues that are clearly relevant revolve around obligation to keep confidential material safe and secure and what steps were taken to keep the personal information secure. There may be issues relating to misrepresentations and perhaps breach of contract.  

    The SMH article provide:

    One of Australia’s largest IVF providers has sought to suppress how sensitive medical and personal information for potentially thousands of its patients was published to the dark web by cybercriminals, as victims seek to launch a class action.

    Genea, the country’s third-biggest fertility clinic operator, informed an undisclosed number of patients that their private information had been published on the dark web in February after its internal systems were breached.

    Stolen data included patients’ full names, dates of birth, addresses, mobile numbers, treating doctors, medical diagnoses, Medicare numbers and private health fund details, Genea revealed to patients in emails.

    Australian Federal Police are conducting a criminal investigation into the breach.

    Genea has sought suppression orders in the Federal Court to prevent disclosure of details regarding its containment and remediation measures and its negotiation strategy, and the identities of its cybersecurity experts.

    Class action law firm Phi Finney McDonald is investigating the circumstances of the data breach after being contacted by several distressed current and former patients.

    Principal lawyer Tania Noonan said: “Patients at Genea are entitled to the highest levels of privacy and safety to ensure their personal details and medical histories remain secure.”

    One Genea patient, Dean*, described the breach as “emotionally devastating”. He wishes to join a potential class action and wants punitive action taken against Genea.

    “If I could think about any part of my life that I would not want to be available to download on the dark web, it would be my medical information and more poignantly, my fertility information.”

    It’s made me feel really icky to know that … our entire medical and fertility history is available to purchase by anyone who wants it,” he said.

    In a statement, Genea said it sincerely apologised and deeply regretted that personal information was accessed and published.

    “We are committed to learning from this incident, and we have taken steps to further strengthen our networks to ensure that we can continue to provide the very best care to our patients,” it read.

    Genea obtained an injunction to prevent any access, use, dissemination or publication of the affected data, to protect the information of its patients, their partners, and staff.

    In a hearing last month, Genea’s counsel argued that if the company’s containment and remediation measures were made public, it would invite hackers to exploit its systems further.

    NSW Supreme Court Justice Michael Slattery agreed that it was important to suppress personal and medical information of affected patients.

    But, Slattery said: “There is a public interest in knowing about this kind of problem and … how it is dealt with.

    ”I’m not convinced that information [about] your clients, employees or your client’s internal operations should be suppressed,” the judge said. “I’m not convinced that the identity of the cybersecurity experts you have retained … [and] that your containment or remediation measures should be suppressed.”

    Read the rest of this entry »

    Posted in Privacy, Torts | 8 Comments »

    Litigation from data breach. Clorox suffers data breach caused by logins provided by staff at Cognizant, its IT services company. Clorox is suing Cognizant claiming $580 million in damages

    July 29, 2025

    Third party access by hackers is so widespread as to almost becoming ubiquitous.  Scattered Spider is so prolific these days in hacking high value companies that it is almost ubiquitous.  Both are present in the dispute in the USA between Clorox, a large manufacturer of disinfectant/bleach and Cognizant, a large IT service provider. 

    In August 2023 Clorox first disclosed to the SEC that it had suffered a data breach which would disrupt parts of its operations. The cyber attack damaged part of its IT infrastructure which led to disruption of signature products and forced it to manually process orders. A filing with the SEC a month later Clorox advised that the hack caused lower production rates and predicted that its sales would be 23 – 28% down as well as a loss of share price ranging from 35 – 75 cents, processing delays and product outages. As at November 2023 it estimated that it had suffered damages of $358 million. The cause of the data breach was access via its IT provider, Cognizant. Clorox alleges a hacker rang up staff at Cognizant and asked for Clorox’s system login and it was provided. It has issued proceedings in the California Superior Court.

    Bleeping Computer reports in Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit that Clorox alleged that Cognizant fell for social engineering by a hacker without verifying the callers actual identity.  The claim alleges that Cognizant didn’t follow the proper procedures and in fact reset credentials multiple times without identity verification.  What makes this case interesting is that Cognizant is defending the claim quite aggressively and alleged that Clorox had inept internal cybersecurity and failed to mitigate the attack.  It also alleges that the scope of the engagement between Clorox and Cognizant was narrow and confined to help desk services, which Cognizant reasonably performed. As such there will be issues of contract, tort and the issue of mitigation of damages.  

    While the proceeding will be conducted in California the principles that will be the subject of dispute are applicable in Australia under Australian law.  It is worth following this case closely.  

    The Bleeping Computer article provides:

    Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee’s password for a hacker without first verifying their identity.

    The incident was first made public in September 2023, reportedly carried out by hackers associated with Scattered Spider, who utilized a social engineering attack to breach the company. Read the rest of this entry »

    Posted in Privacy, Torts | Post a comment »

    Kate Aston video intrusion and Nathalie Matthews’ videos of intimate nature and privacy breaches. Options. A claim under the statutory tort of serious invasion of privacy?

    July 21, 2025

    The case of Kate Aston being videoed walking out of a bathroom and Nathalie Matthews being concerned about intimate videos she filmed would be made public raises issues of privacy protections in each case and what each could do to protect their privacy. Particularly with the statutory tort of serious invasion of privacy coming into operation on 10 June 2025.

    While both factual situations are unique they are not, in broad strokes, all that unusual in privacy law.  The use of videos and cameras used in a setting which should be private and which clearly cause serious distress is not unknown. Many cases, almost invariably resulting in a prosecution, involve the use of a camera/video in a toilet. But there is no hard dividing line taking photos or videos of someone in a toilet and photographing or videoing someone with that same equipment who are leaving a toilet.  The question is whether there is a reasonable expectation of privacy.  In case of someone using the toiletry facilities the answer is clearly yes.  In terms of someone leaving a toilet it is most likely yes.  The distinction is slight.  One can have a reasonable expectation of privacy in a semi public or even public space. In 2008 the UK Court of Appeal in Murray v Big Pictures (UK) Ltd [2008] EWCA Civ 446 found that a child had a right to privacy in a public space. The Mrs Murray in that case writes under the nome de plume of JK Rowling. While the claim was brought on behalf of the Murray’s child the defendant’s interest was more about capturing an image of Mrs Murray with her family, child especially.  While that case focused on the rights of the child the subsequently developed principles apply to adults. It depends on the circumstances.  And those circumstances do not assist someone who intentionally waits outside a toilet and uses the video to catch another on film leaving the toilet.  And then posts that footage on line.  

    According to 7 News Ms Aston has commenced legal action. Whether that is a claim in privacy, equity, defamation or any other cause of action is unknown.  

    According to the Australian report of the Matthews case the concern is there are intimate videos would be made public and that motivated her to apply for a domestic violence order.  The abuse of intimate videos, previously made consensualy, have been the subject of two superior court decisions in Australia; the Victorian Court of Appeal decision in  Giller v Procopets [2008] 24 VR 1 and the Western Australian decision of Wilson v Ferguson [2015] WASC 15 which I posted on in 2015.  

    Either of these cases could be run without the statutory tort of serious invasion of privacy.  With that tort extant and these fact situations commencing after 10 June 2025 the tort is available to either.  The strength of the case depends on all of the facts, not just the media coverage. 

    It is interesting to read Read the rest of this entry »

    Posted in Defamation, Privacy, Torts, Victorian Court of Appeal, West Australian Supreme Court | Post a comment »

    The Chief Justice of the Supreme Court of Victoria publishes a practice note of procedural changes to applications to set aside statutory demands.

    July 13, 2025

    The Chief Justice of the Victorian Supreme Court has published a notice to the profession regarding the conduct of applications to set aside statutory demand. The Notice sets down a very specific timetable which must be followed.  There will be consequences for failing to comply.  The second feature of the Notice is a requirement to keep affidavits concise and exhibits “..limited to those documents which are critical to the grounds relied upon by the plaintiff and the real issues in dispute.”

    Some points that practitioners must consider:

    1. the court will fix a date for final hearing in the timetabling orders;
    2. first, the Notice to the Profession must be served on the defendant (Paragraph 4.1).  That is a new development;
    3. “as soon as practicable” after filing (Paragraph 5.2), the Court will make timetabling orders in the form of Annexure A to the Notice which requires:
      • seven days after filing of the Originating Process the plaintiff to file ,the plaintiff file an affidavit of service of the Originating Process, supporting affidavit, and a copy of the Notice to Profession
      • 14 days after filing of the Originating Process] the defendant file and serve:
        • an affidavit of service of the statutory demand; and
        • any affidavit on which it intends to rely in opposition to the application; and
      • 14 days after filing of the Originating Process] the defendant advise chambers that the defendant disputes jurisdiction
      • 21 days after filing the Originating Process] the plaintiff must:
        • file and serve any affidavit on which it intends to rely upon in reply;
        • file and serve an outline of submissions not exceeding 6 pages and a list of authorities identifying pin-point references; and
        • email the Chambers of the judicial officer a bundle of authorities that the plaintiff relies upon in pdf text-searchable format, with cases arranged in alphabetical order and with an electronic bookmark for each case
      • 28 days after filing of the Originating Process the defendant will:
        • file and serve an outline of submissions not exceeding 6 pages and a list of authorities identifying pin-point references; and
        • email the Chambers a bundle of authorities that the defendant relies upon which are not already included in the plaintiff’s bundle.
    4. submissions must identify why or why not there is a genuine dispute/offsetting claim/some other matter with reference to the affidavit material;
    5. in advance of any non compliance with the timetable/exercise of liberty the parties have to confer regarding the amendments and email the Court to “explain the reason that a variation is sought and provide consent or competing draft minutes of order addressing a revised timetable which maintain the final hearing date and ensures that the last document is filed no later than 72 hours before the final hearing;”
    6. evidence or submissions filed out of time will not be considered at the final hearing without a summons for leave supported by an affidavit explaining non-compliance (Paragraph 8.3).
    7. in the event of non-compliance the Court may, of its own motion, make a self-executing or ‘unless’ order disposing of the proceeding;
    8. the Court will aim to schedule the final hearing to be held within 6 weeks of filing, listed for half a day (Paragraph 8.1); and
    9. within 3 days of the hearing the practitioners briefed to appear at the final hearing are to confer with a view to resolving the dispute or narrowing the issues.  The plaintiff must email the Court on behalf of the parties a “joint statement” of  the remaining issues in dispute.

    The Notice Read the rest of this entry »

    Posted in Insolvency, Practice and Procedure, Supreme Court of Victoria, Victorian Civil Procedure Act 2010 | Post a comment »

    National Australia bank fined $751,200 for breaches of the Consumer Data Right Rules

    June 24, 2025

    The Australian Competition and Consumer Commission has fined the National Australia Bank (“NAB”) $751,200 for breaches of the Consumer Data Right Rules. The Rules are relatively recent legislative provisions which are designed to be a secure, safe and easy to use means of sharing data with an accredited provider via Consumer Data Right. Through the CDR Rules data should be securely transferred from an existing provider.

    The ACCC media release provides:

    National Australia Bank Limited (NAB) has paid penalties totalling $751,200 after the ACCC issued it with four infringement notices for alleged contraventions of the Consumer Data Right (CDR) Rules.

    The infringement notices relate to alleged failures by NAB to disclose, or accurately disclose, credit limit data in response to four separate requests made by different CDR accredited providers on behalf of consumers.

    The CDR is an economy-wide data sharing program that empowers Australians to leverage the data businesses hold about them for their own benefit. Read the rest of this entry »

    Posted in Legal, Privacy | Post a comment »

    ASIC commences action against FIIG Securities for cyber security failures

    March 14, 2025

    The Australian Securities and Investment Commission announced yesterday that it was suing FIIG Securities for “systemic and prolonged cyber security failures” from March 2019 until 8 June 2023. As a result hackers entered FIIG’s IT system and stole personal information which was released onto the dark web. ASIC specifically referred to the Federal Court decision of Australian Securities and Investments Commission v RI Advice Group Pty Ltd (No 3) [2022] FCA 84. This was the first case where the failure to manage cyber risk was found to be a breach of its financial services obligations. That case was settled with the proposed parties proposing consent orders containing declarations and consequential orders. Given the nature of the repeated breaches RI Advices legal representatives negotiated quite a favourable outcome notwithstanding orders were made against their client. In the United States or the UK the penalties would have been much more severe.

    Helpfully ASIC has provided a concise statement of facts and the Orginating Process.  From that ASIC alleges that between 13 March 2019 and 8 June 2023, FIIG did not comply with its AFSL obligations under sections 912A(1) of the Corporations Act 2001 (Cth) to:

    1. do all things necessary to ensure that financial services were provided efficiently, honestly and fairly (s 912A(1)(a)), by failing to have in place adequate measures to protect its clients from the risks and consequences of a cyber incident;
    2. have available adequate resources (including financial, technological, and human resources) to, amongst other things, ensure that it had in place adequate cyber security measures required by its licence (s 912A(1)(d)); and
    3. have in place a risk management system that adequately identified and evaluated the risks faced by FIIG and its clients; adopt controls adequate to manage or mitigate those risks to a reasonable level; and implement those controls (s 912A(1)(h)).

    ASIC alleges that FIIG failed to have the following cybersecurity measures:

    • Planning and training: here was no cyber incident plan communicated and accessible to employees which is tested at least annually, and mandatory cyber security training (at commencement of employment and annually);
    • Access restrictions:
      • there were no proper management of privileged access to accounts, including non required access being revoked, and greater protections for privileged accounts; and
      • configuration of group policies to disable legacy and insecure authentication protocols;
    • Technical monitoring, detection, patches and updates: there was a failure to have or inadequate
      • vulnerability scanning, involving tools deployed across networks and endpoints, and processes run at least quarterly with results reviewed and actions taken to address vulnerabilities;
      • next-generation firewalls (including rules preventing endpoints from accessing file transfer protocol services);
      • endpoint detection and response software on all endpoints and servers, with automatic updates and daily monitoring by a sufficiently skilled person;
      • patching and software update plans (with critical or high importance patches applied within 1 month of release, and 3 months for all others), and a practice of updating all operating systems, with compensating controls to systems incapable of patching or updates; and
      • security incident event management software configured to collect and consolidate security information across all of FIIG’s systems with appropriate analysis of the same (daily monitoring);
    • Testing: there was a lack of
      • processes to review and evaluate efficacy of technical controls at least quarterly; and
      • penetration and vulnerability tests from internal and external points.

    Read the rest of this entry »

    Posted in Corporations Law, Federal Court, Legal, Privacy | Post a comment »

    The EU Commission announces the publication of general purpose AI code of practice

    March 12, 2025

    The European Commission has released the third draft of the General-Purpose AI Code of Practice. It includes commitments by providers of general-purpose artificial intelligence (AI) models, including:

    • documentation: the signatories commit to drawing up and keeping up-to-date model documentation, including ensuring quality, security, and integrity of the documented information and providing it to providers of AI systems and to the AI Office upon request; and
    • copyright policy

    Providers of general-purpose AI models with systemic risk must commit to :

    • adopting and implementing a Safety and Security Framework that will apply to the AI models with systemic risk, as well as detail the systemic risk assessment;
    • conducting systemic risk assessment systematically at appropriate points along the entire model lifecycle;
    • selecting and further characterizing systemic risks;
    • determining the acceptability of the systemic risks;
    • implementing technical safety mitigations along the entire model lifecycle of the model, and ensuring they are proportionate and state-of-the-art;
    • mitigating systemic risks that could arise from unauthorized access to unreleased models;
    • reporting to the AI Office on the safety and security of the models;
    • carrying out adequacy assessments;
    • implementing systemic risk responsibility allocation;
    • obtaining independent external systemic risk assessments, including model evaluations;
    • keeping track of, documenting, and reporting serious incidents to the AI Office and, as appropriate, to national competent authorities;
    • ensuring protections on non-retaliation against any worker providing information about systemic risks;
    • notifying the AI Office of relevant information and the implementation of commitments;
    • carrying out documentation, as prescribed by the code of practice and the Artificial Intelligence Act (AI Act); and
    • implementing public transparency on systemic risks stemming from their AI models with systemic risk.

    The AI Office will:

    • report on the feedback received from stakeholders on the template for an adequate public summary of the training data under Article 53(1)d) of the AI Act and outline the next steps for adopting the template; and
    • publish guidance clarifying the scope of the AI Act rules for general-purpose AI, including information on:
      • the definitions of general-purpose AI models;
      • placement of models on the market and providers;
      • exemptions for models provided under free and open-source licenses; and
      • the effects of the AI Act on models placed on the market before August 2025.

    The press release Read the rest of this entry »

    Posted in Legal | Post a comment »

    An unsuprising criticism about the upcoming statutory tort of privacy which is generally wrong

    January 20, 2025

    Chris Merritt is a good journalist and has ably edited the Legal Affairs section of the Australian. But he has bug bears which defy logic and fact. One of them is a statutory tort of privacy. The Australian has always had a set against the tort, primarily because of fears that it would interfere with the practice of journalism. Given the exemption which precludes a claim from being brought against journalists this is no longer a thing for the Australian. That of course does not stop Merritt from having a major rant against the statutory tort in last week’s Business to pay the price for new privacy tort. It is quite surprising that the Australian has been so slow to start its complaint about the statutory tort.  In the past it campaigned a long time before any tort was even proposed.  Here the complaint is made after the fact.

    Now Merritt’s complaint is that businesses will be bankrupted for being vicariously liable for the breaches of privacy

    The focus of the article is on the possible impact on businesses.  The reliance is on the submissions by the Business Council of Australia and the Australian Industry Group to the Senate Committee reviewing the Bill.  The BCA and the AIG have always been hostile to any form of actionable right to privacy.  Their submissions to this heavily circumscribed statutory right have followed that line.  They were not particularly analytical submissions and had a heavy dose of Henny Penny “the sky is falling” hypotheticals.  One hypothetical is how this tort will impact insurance premiums in the future.  Merritt draws a very long bow in drawing a comparison of the impact of the tort with the insurance disruption following the collapse of HIH.  That a similar result is in the offing.  Given the general damages award is capped this is quite a stretch.  It is quite an illogical analysis because given the tort requires an intentional or reckless act it is not proper to compare those claims, in the future, with claims of a sort and awards of the quantum associated with personal injury and medical negligence. The statutory tort provisions makes no comment on vicarious liability so the principle applies.  But so what?  The situations where that happens will be quite limited.  But if a person uses company resources to interfere with someone’s privacy then a company may be called to account if it is done in the course of company business and not inconsistent with its activities.

    It is a quite a poor article but does highlight the continuing, largely ideological, fighting retreat by some areas of the media to a statutory tort.

    The article provides:

    Right now, companies are failing at a record rate. So can anyone think of a worse time to create a new way of suing business?

    Unfortunately, that’s exactly what federal parliament did on November 29 when it approved a new statutory tort for serious invasions of privacy.

    Despite warnings from peak industry groups, parliament did nothing to stop innocent employers being held vicariously liable for invasions of privacy committed by employees who break corporate rules.

    Everyone should be accountable for their misdeeds – but not the wrongs committed by others. ?Yet that is a key feature of the new privacy tort sitting on the federal statute book, just waiting for enterprising lawyers to give it a run when it comes into force in June.

    In October, the Business Council of Australia warned about the potential unfairness of holding employers vicariously liable for the wrongful actions of their employees – particularly if companies have taken all reasonable steps to prevent staff from invading anyone’s privacy. Read the rest of this entry »

    Posted in Legal, Privacy | Post a comment »

    Attorney gives insight into Privacy at Law Council of Australia Gala Dinner

    December 3, 2024

    At a Law Council Dinner on Sunday 1 December 2024 the Attorney General waxed lyrical about matters pertaining to his portfolio. In the the course of his speechifying discussed the statutory tort and the anti doxxing provisions.  His defence of the journalist exception is wrong headed.  He claims it is necessary to protect freedom of the press.  That is nonsense.  There is no such exemption in any jurisdiction where there is a tort of privacy and somehow the press thrives in those places.  It was a political not policy decision. It is a terrible mistake.  That said having a tort even if in a weakened form is better than no tort.

    His speech provides:

    Acknowledgements

    Thank you to the Law Council of Australia for hosting yet another wonderful dinner, a dinner I’m delighted to be attending for my third consecutive year since returning as Attorney-General in 2022.

    I acknowledge the traditional owners of the land on which we meet, the Ngunnawal people, and pay my respects to their Elders, past and present. I extend that respect to all Aboriginal and Torres Strait Islander people here today. 

    I thank the President of the Law Council, Greg McIntyre SC, for inviting me to speak tonight. I congratulate and welcome the incoming President, Ms Juliana Warner.

    I also acknowledge

      • Her Excellency the Honourable Sam Mostyn AC, Governor-General of the Commonwealth of Australia, and His Excellency Simeon Beckett SC;
      • My parliamentary colleagues;
      • Current and former members of the judiciary; and
      • Members of the legal profession.

    Legal assistance services

    On 6 September this year First Ministers reached a landmark agreement for a new five year National Access to Justice Partnership.

    And I am very pleased to say that yesterday, 28 November, the final signature from an Attorney-General was obtained, and it has been published today.

    This agreement provides $3.9 billion in support for legal assistance services over five years – the largest Commonwealth funding contribution to the legal assistance sector ever.

    It is a vast improvement on the previous agreement, which expires on 30 June next year.

    Every single part of the legal assistance sector will get more funding.

    The agreement contains nearly $800 million in additional funding, including $500 million to support frontline legal assistance services delivered by Community Legal Centres, Women’s Legal Services, Aboriginal and Torres Strait Islander Legal Services, Legal Aid Commissions and Family Violence Prevention and Legal Services.

    Critically, funding will be ongoing. This means an end to a rolling five-year funding cliff. Instead of fighting for its very existence, the sector will be able to plan for the future. It will be able to more easily attract and retain employees because there is job security. This change may be an underreported element of the new agreement but its significance cannot be underestimated.

    The new agreement also addresses long-standing pay parity issues in the sector. For the first time, the Commonwealth is acting to lift rates of pay for the community legal assistance sector, bringing them closer to Legal Aid Commissions – again increasing the ability of services to attract and retain good lawyers.

    Unlike the previous agreement, with its inadequate fixed rate of indexation, funding will be increased in line with the Wage Cost Index – meaning Commonwealth funding will not go backwards in real terms over the life of the agreement.

    The previous agreement did not provide funding security for individual parts of the sector. States and territories could, if they wished, move money from one part to another, reducing the effective value of the Commonwealth contribution. The new agreement requires jurisdictions to maintain their investment for each part of the sector over the life of the agreement.

    This both maintains the value of the Commonwealth contribution and provides funding certainty to each part of the legal assistance sector.

    As some in this room may remember, the new agreement was announced at a meeting of First Ministers focused on gender-based violence, and appropriately so.

    Access to justice is vital for women and children trying to escape gender-based violence. It can be the difference between leaving and staying in a violent situation. It can be the difference between life and death.

    I’m proud that the largest relative funding increase for legal assistance in the new agreement was for Family Violence Prevention and Legal Services – a 112 per cent increase in Commonwealth funding compared to the preceding five years.

    We know that First Nations women experience disproportionate rates of family violence.

    Nationally, First Nations women are seven times more likely to be homicide victims than non-Indigenous women, and of those women, 75 per cent are killed by a current or former partner.

    First Nations women are 33 times more likely to be hospitalised due to family and domestic violence than non-Indigenous women.

    As my colleague Senator Malarndirri McCarthy, the Minister for Indigenous Australians, has said, this is a national shame.

    Doubling the funding for legal assistance services which help First Nations women escape domestic violence will not solve this problem on its own, but it is an important step forward.

    Let me be clear – I know there will always be unmet need in the sector.

    But I believe the new National Access to Justice Partnership is a momentous step forward.

    That’s why I have been disappointed to see some misrepresentation of what the new Agreement delivers.

    I expect demands from the legal profession for government to do more for the legal assistance sector.

    But misrepresenting facts helps no one, least of all those in the sector.

    Further, it makes little sense to make demands of the Commonwealth only.

    Legal assistance is a shared responsibility, and demands on government should not focus on the national government alone.

    For those in the audience who work in the community legal sector, I would like to say thank you.

    You are among the most talented, committed and hardworking lawyers in the country. The Australian Government values your work. I value your work.

    Privacy

    You may have noticed we passed a few bills last night and early this morning.

    I will go to just two of those tonight.

    The first enacts tranche one of our privacy reform agenda.

    The legislation does a great deal. It:

      • Creates a new statutory tort for serious invasions of privacy;
      • Creates a new criminal offence for the malicious release of personal data online, known as doxxing; and
      • Establishes provisions to enable the development of a new Children’s Online Privacy Code.

    A privacy tort is not a new idea. In fact, that is something of an understatement.

    In his 1969 Boyer Lectures Sir Zelman Cowen endorsed legislation to create an actionable right to seek redress for breaches of privacy.

    The bill provides for a new statutory cause of action for individuals who have suffered a serious invasion of their privacy, and applies it to both physical privacy and information privacy. Read the rest of this entry »

    Posted in Legal, Privacy | Post a comment »

    « Previous Entries