The Federal Court, per Rolfe J, in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 made what has widely been described as a first occasion a corporation has been found to have breached its licence obligations in failing to have adequate risk management systems to manage its cyber security risks. The Court ordered declaratory relief requiring RI Advice to undertake work to improve its security under the supervision of an expert.  

The orders were made in terms agreed between the parties just before the trial was scheduled to commence.

I have followed this proceeding closely with posts ASIC commences action against RI Advice Group Pty Ltd for failing to have adequate cyber security in August 2020 and ASIC v RI Advice Group Pty Ltd cyber security civil penalty trial pushed off from a 29 November 2021 hearing date to a date in April 2022 in May 2021,

FACTS

The Court provided a factual background about stating that RI Advice :

• was:
  • a wholly-owned subsidiary of Australia and New Zealand Banking Group Limited (ANZ). RI Advice up to and including September 2018;
  • from 1 October 2018, along with two other ANZ financial licensees, part of the IOOF Holdings Limited (IOOF) group of companies [12]
• carries on a financial services business within the meaning of s 761A of the Corporations Act Act (“The Act”) under a third-party business owner model.
• authorises Under s 916A of the Act, RI Advice independently-owned corporate authorised representatives (“ARs”) and individual authorised representatives to provide financial services to retail clients on RI Advice’s behalf and pursuant to the Licence [13]

The AR Practices (practices of groups of one or more Authorised Representatives):

• electronically received, stored and accessed  confidential and sensitive personal information and documents in relation to their retail clients. The personal information included:

(a) personal details, including full names, addresses and dates of birth and in some instances health information;(b) contact information, including contact phone numbers and email addresses; and

(c) copies of documents such as driver’s licences, passports and other financial information [14].

• since 15 May 2018 provided financial services to at least 60,000 retail clients [15]
• had 9 cybersecurity incidents between June 2014 and May 2020, being:
  • in June 2014 an AR’s email account was hacked and five clients received a fraudulent email urging the transfer of funds, one of whommade transfers totalling some $50,000;
  • in June 2015 a third-party website provider engaged by an AR Practice was hacked, resulting in a fake home page being placed on the AR Practice’s website;
  • in September 2016 one client received a fraudulent email purporting to be an employee of an AR Practice asked for money. The AR Practice used an email platform where information was stored “in the Cloud”, with was no anti-virus software and only one password which everyone used.
  • in January 2017 an AR Practice’s main reception computer was subject to ransomware delivered by email, making certain files inaccessible;
  • in May 2017 an AR Practice’s server was hacked by brute force through a remote access port, resulting in file containing the personal information of some 220 clients being held for ransom and ultimately not recoverable;
  • between December 2017 and April 2018 (December 2017 Incident) an unknown malicious agent gained unauthorised access to an AR Practice’s server for several months  compromising the personal information of several thousand clients, some of whom reported unauthorised use of the personal information;
  • in May 2018 an unknown person gained unauthorised access to the email address of an AR and sent a fraudulent email to the AR’s bookkeeper requesting a bank transfer;
  • an unauthorised person used an AR Practice’s employee’s email address:
    • in August 2019 to send phishing emails to over 150 clients ; and
    • in April 2020 to send phishing emails to the AR Practice’s contacts [16].

Inquiries and reports following the cybersecurity incidents revealed thatthere were a variety of issues in the respective ARs’ management of cybersecurity risk, including:

• computer systems not having up-to-date antivirus software installed and operating;
• no filtering or quarantining of emails;
• no backup systems in place, or backups not being performed; and
• poor password practices including:
  • sharing of passwords between employees,
  • use of default passwords,
  • passwords and other security details being held in easily accessible places or being known by third parties [17].

Regarding the incidents Read the rest of this entry »

The Full Bench of the High Court heard argument in Google LLC v Defteros [2022].  It is a case of considerable interest to defamation practitioners.  The key issue is whether a search engine a publisher of defamatory material on a third party website to which that search engine provides a hyperlink when the search result on its own conveys no defamatory imputation.  Also Google seeks a ruling on what is required to notify the search engine of defamatory publication for the purposes of the common law doctrine of innocent dissemination and the statutory defence under section 32 of the Defamation Act 2005. 

The transcript of oral argument before their Honours can be found here.

It is an appeal from a decision from the Victorian Court of Appeal in Defteros v Google LLC [2021] VSCA 167 (17 June 2021).  Interestingly on that occasion the appellant, Defteros, was unsuccessful.  Google’;s cross application for leave to appeal was refused. 

Special leave was granted on 10 December 2021 conditional upon Google paying Defteros’s costs of the appeal and not disturbing the costs orders in the Court of Appeal and at trial.  The transcript of the Special Leave Application can be found here.  In short, there is a public interest in resolving the issue. 

The essence of Google’s submissions is that the trial judge and the Victorian Court of Appeal erroneously found that the provision of a hyperlink was participation in the communication of defamatory material for the purpose of publication.  

The submissions of both parties can be found Read the rest of this entry »

Justice Riordan considered an appeal against an order for security for costs in In the matter of Credit Clear Limited [2022] VSC 206.  The appellants were unsuccessful across the board. 

FACTS

By originating process filed 15 July 2020, the plaintiffs made an application under:

(a) sections 175, 232, 233, 461(1)(k), 1041H(1), 1324(1) and 1325 of the Corporations Act 2001 (Cth) (‘the Act’);

(b) sections 12DA and 12GM of the Australian Securities and Investments Commission Act 2001(Cth) (‘the ASIC Act’);

(c) Sections 237 and 243 of the Australian Consumer Law, being Schedule 2 of the Competition and Consumer Act 2020 (Cth) (‘ACL’); and

(d) the inherent jurisdiction of the Court [2].

The plaintiffs sought the following substantive relief in their points of claim [4]:

(a) The first plaintiff (‘Mr McKendrick’) sought to be reinstated as a director of the first respondent (‘Credit Clear’).

(b) The appellant sought the following relief:

B. Declarations and or orders under s 1325 of the Act, alternatively s 233(1)(c) and or (j) of the Act, s 12GM of the ASIC Act and or ss 237 and 243 of the ACL, that the Separation Agreement dated 11 November 2016 and Intellectual Property Assignment Agreement dated 11 November 2016 (by which the plaintiffs were forced to give up their interests in the first defendant together with the intellectual property rights owned by the first plaintiff) are void on the grounds they were procured under duress, undue influence, unconscionable conduct and or misleading and deceptive conduct in contravention of 1041H(1) of the Act, s 12DA of the ASIC Act and or s 18 of the ACL;

C. A declaration that the second plaintiff is entitled to hold 20% of the issued ordinary shares in the first defendant;

D. Rectification of the share register of the first defendant pursuant to s 175 of the Act to reinstate the second plaintiff as a member and to record that it holds a number of fully paid ordinary shares representing 20% of issued shares in the first defendant alternatively that it holds 6,805,555 fully paid ordinary shares in the first defendant;

E. A declaration that the affairs of the first defendant are being conducted contrary to the interests of the members as a whole and or are oppressive to, or unfairly prejudicial to, or unfairly discriminatory against the second plaintiff, or in the interests of and to the benefit of the second to third defendants and not the first defendant or its members;

F. An order that the second and or third defendants purchase the second plaintiff’s shareholding in the first defendant at fair value; Read the rest of this entry »

In Bioaction Pty Ltd v Ogborne, in the matter of Bioaction Pty Ltd [2022] FCA 436 the Federal Court considered, for the first time by the courts, the deeming provisions of sections 105A and 105B of the Corporations Act regarding service applications to set aside a statutory demand within the 21 day time limit,.  

FACTS

By originating process filed on 3 February 2022, the plaintiff, Bioaction Pty Ltd, sought an order setting aside a statutory demand pursuant to s 459G of the Corporations Act dated 12 January 2022 served by the defendant, Gordon Ogborne (“Ogborne”) [5].

Bioaction  specialises in the design, manufacturing and installation of systems to eliminate or mitigate odorous, hazardous and corrosive gases & Ogborne was its Chief Financial Officer / Chief Operating Officer from December 2019 until November 2021, when he was made redundant [7].

Ogborne and Bioaction were in dispute as to his entitlements where Ogborne claimed he was entitled to any additional sum [8].

On 13 January 2022, Ogborne served the statutory demand on Bioaction seeking payment of $240,688.31 being unpaid:

• salary,
• superannuation,
• salary in lieu of termination,
• annual leave and
• redundancy

pursuant to an employment contract [9].

The statutory demand was Read the rest of this entry »

It is something of a persistent myth that authors can hide behind pseudonyms and publish defamatory statements with impunity.  If, as demonstrated in Colagrande v Kim [2022] FCA 409 a plaintiff is determined enough there is high probability of obtaining sufficient information to identify the author and convince a court that that person is the correct defendant in a subsequent defamation proceeding. Jagot J ordered a very significant award against the respondents.

FACTS

Dr Colagrande (“Colagrande”) a Australian trained doctor who is highly qualified:

• in 1999 completing a training Fellowship with the Cambridge Private Hospital in Cambridge, United Kingdom i
• in 2002, becoming an Honorary Fellow in Aesthetic Plastic and Reconstructive Surgery at Addenbrooke’s Public Hospital in Cambridge, United Kingdom
• in 2005, gaining a Fellowship in Cosmetic Surgery from the European Academy of Cosmetic Surgery
• in 2005,  establishing a clinic at Mermaid Beach, Gold Coast, Queensland where he mainly performed cosmetic procedures, health assessments and well-being programs.

In February 2017 Dr Colagrande pleaded not guilty to a charge of  indecent assault of a patient, to which he was found not guilty [5]. On 5 June 2018 the Queensland Court of Appeal quashed that conviction and the prosecution entered a nolle prosequi (a formal abandonment of the charge) on 7 June 2018 [5].

Colagrande had an account with the RateMDs website, a Doctor rating site with over 40 million visits every year. Members of the public can post entries relating to doctors on the RateMDs website [6].

In early 2019 when Colagrande Read the rest of this entry »

In a 5 – 0 decision the High Court allowed an appeal from the Victorian Supreme Court in Stubbings v Jams 2 Pty Ltd [2022] HCA 6 and the operation of certificates of independent advice and unconscionable conduct.  The lead judgment is that of Kiefel CJ, Keane and Gleeson with separate opinions by Gordon and Steward.

FACTS

The facts

The appellant owned two houses in Narre Warren, both mortgaged to Commonwealth Bank with weekley repayments of between $260 and $280 per week. The appellant did not live in either house.  He lived at rental premises at Boneo, where he worked repairing boats for the owner of the property [7].

The Appellant fell out with the owner,  ceased work and, needing to move house, sought to purchase another property on the Mornington Peninsua [7].

At the relevant time the appellant:

• was unemployed
• had no regular income
• had not filed tax returns in several years and
• was in arrears on rates payments in respect of the two Narre Warren properties [8]

After a home loan application to ANZ was rejected for lack of financial records, the appellant was introduced to Mr Zourkas [8] who described himself as a “consultant”, in the business of introducing potential borrowers to Ajzensztat Jeruzalski & Co (“AJ Lawyers”) [9]. The service AJ Lawyers provided to clients was to facilitate the making of secured loans by those clients [9].

The primary judge found that Zourkas played an “important and essential” role in these transactions, in that his involvement ensured that AJ Lawyers never dealt directly with the borrower or guarantor, such as the appellant [9]

When the appellant and Zourkas met on a number of occasions in 2015:

• at the first meeting, the appellant said that he “wanted to buy a little house” to live in, to which Mr Zourkas responded that “there would not be a problem going bigger and getting something with land”  O which resulted in the appellant finding a five?acre property with two houses on it in Fingal, available for $900,000.
• at another meeting, Zourkas told the appellant that he could borrow a sum sufficient to pay out the existing mortgages over the Narre Warren properties, purchase the Fingal property, and have approximately $53,000 remaining to go towards the first three months’ interest on the loan [10] .
•  Zourkas advised the appellant that he could then sell the Narre Warren properties, reducing the loan to approximately $400,000, which the appellant could then refinance with a bank at a lower interest rate [10]

The calculation was that:

• two Narre Warren properties and the Fingal property would secure the appellant’s obligations as guarantor
• the existing debt to Commonwealth Bank secured on the Narre Warren properties totalled approximately $240,000.
• on the basis that the two properties had a market value of $770,000, the appellant’s equity was thus worth about $530,000 [11].

On 30 June 2015, the appellant signed a contract to Read the rest of this entry »

The postscript to Re Slodyczka & Farren Pty Ltd [2022] VSC 102 is a decision by Associate Justice Hetyey regarding costs of the application. 

FACTS

in the substantive judgment  the plaintiff’s application to wind up the defendant in insolvency was dismissed.

The relevant facts for the purpose of considering a costs order were:

• whilst the matter was commenced by originating process filed on 11 April 2021, there were delays and adjournments [2] resulted in two previous costs orders being made being:
  • on 7 July 2021, consent orders were made which, among other things, required the plaintiff to pay the defendant’s costs thrown away by reason of an adjournment of the hearing originally scheduled that day (‘the first costs order’).
  • at the next hearing date, on 27 July 2021, it was adjourned at the request of the defendant to enable it to put on supplementary material on the question of solvency, including audited accounts for the 2019/2020 and 2020/2021 financial years. The plaintiff’s costs of the hearing be reserved (‘the second costs order’).

The defendant opposed the winding up application on the following alternative bases [4]:

(a) service of the plaintiff’s statutory demand dated 3 February 2021 (‘the statutory demand’ or ‘the demand’) was defective;

(b) the defendant was solvent and could displace the statutory presumption of insolvency;

(c) the defendant should be given leave pursuant to s 459S of the Corporations Act2001 (Cth) (‘theCorporations Act’) to oppose the winding up application on a ground or grounds it could have relied on for the purpose of an application to set the demand aside. The grounds sought to be raised were: (i) there was a genuine dispute about the amount of the debt claimed in the statutory demand in accordance with s 459H(1)(a); (ii) the defendant had an offsetting claim for the purpose of s 459H(1)(b) of the Corporations Act; and (iii) the demand was defective and a substantial injustice would be caused to the defendant if the demand was not set aside pursuant to s 459J(1)(a) of the Corporations Act; and

(d) pursuant to s 467(1)(a) of the Corporations Act, the Court should dismiss the plaintiff’s application as a matter of discretion.

In the substantive judgment the court held that, [5]:

• the defendant failed to rebut the presumption of service of the statutory demand under s 29(1) of the Acts Interpretation Act 1901 (Cth).
• the defendant succeeded in displacing the statutory presumption of insolvency on the basis that it was cash flow positive and balance sheet solvent. The proceeding was dismissed on this basis.
• the defendant’s application under s 459S of the Corporations Act was not granted because the grounds sought to be raised in respect of the plaintiff’s debt were not material to proving solvency however  had the defendant failed to establish solvency the corut would haveultimately have granted it leave
• the defendant could not to pursue its argument that the Court should dismiss the plaintiff’s application in accordance with the Court’s discretion under s 467(1)(a) of the Corporations Act because of a lack of proper notice to the plaintiff Read the rest of this entry »

Associate Justice Heytey has had a busy start to the year with 2 decisions regarding applications under the Corporations Act 2001; Re Slodyczka & Farren Pty Ltd [2022] VSC 19 and Re Amville Constructions Pty Ltd [2022] VSC 65.  Associate Justice Gardiner considered an application to set aside a statutory demand in Re Wynyard Victoria Pty Ltd [2022] VSC 81.

Re Slodyczka & Farren Pty Ltd [2022] VSC 19

The key issue in this application was whether there was proper service of a statutory demand and whether the presumption of insolvency was rebutted. 

FACTS

Slodyczka & Farren Pty Ltd (‘the defendant’) was first registered on 14 December 2015. In response to the COVID-19 pandemic, it commenced a business in March 2020 for the manufacture and sale of face masks.  Between April 2020 and August 2020, Lion & Horn Pty Ltd (‘the plaintiff’) providing it with marketing services to sell of its masks [1].

In early February 2021, the plaintiff purportedly served the defendant with a statutory demand dated 3 February 2021, which claimed the sum of $36,091.77 in relation to an outstanding invoice dated 28 August 2020 for its marketing services . The defendant did not comply with the demand within the 21-day statutory period.

By originating process filed on 11 April 2021, the plaintiff sought to wind up of the defendant pursuant to ss 459A and 459P of the Corporations Act 2001 (Cth) relying upon the statutory presumption of insolvency contained within s 459C(2)(a) of the Corporations Act.

The Court framed the questions for consideration as being, at [9]:

(a) was service of the statutory demand effective?

(b) is the defendant solvent?

(c) should the Court grant the defendant leave pursuant to s 459S(2) of the Corporations Act to oppose the winding up application on one or more grounds that the defendant could have relied upon in seeking to set aside the demand, but did not so rely? Further, is such a ground material to proving the Company is solvent?; and

(d) should the Court dismiss the plaintiff’s application under s 467(1)(a) of the Corporations Act as a matter of discretion?

DECISION

Service

In reviewing the legislation and legal principles the court Read the rest of this entry »

The Prime Minister today foreshadowed legislation to unmask online trolls and amend the law of defamation in response to the High Court decision in Fairfax Media Publications Pty Ltd v Voller; Nationwide News Pty Limited v Voller; Australian News Channel Pty Ltd v Voller [2021] HCA 27.  The necessary bills will be released in the next week.  A mid morning media release on a Sunday, usually a slow news day where editors fret on what will fill the front page the next day, guarantees big coverage on Monday.

Extracting the reforms from the media release the changes will involve:

• legislating a requirement that social media platforms to set up a complaints system so as to remove defamatory remarks;
• establishing a new Federal Court order to require social media giants to identify details of trolls to victims without consent.
• Australians and Australian media organisations will not be considered publishers. 
• social media platforms will be considered publishers though liability may be avoided if they provide information which permits victims to commence defamation proceedings against a troll.

The curious thing is that there is already a process for applying to the Federal Court for an order to a social media platform, search engine or internet service provider to identify an author who is using a pseudonym to defame someone.  I make these applications regularly enough as part of my defamation practice.  The principles are well established and the process is not overly onerous.  What new order is required will be interesting to see. There is also concern raised about social media platforms being required to collect personal information which would be provided if the mooted application is made.  That is not as dramatic as has been reported.  Google and Yahoo and other platforms require email addresses and sometimes phone numbers.  They can provide the isp number. It is relatively easy to identify the author from those details.  Similarly if the social media is put on notice about defamatory posts they may currently lose their protection from suit in the Broadcasting Services Act. 

If the Government were serious about Read the rest of this entry »

The Security Legislation Amendment (Critical Infrastructure) Bill passed both houses of the Commonwealth Parliament on Monday 22 November 2021. 

Key elements of the legislation are:

• Section 8D defines the critical infrastructure sector as being:

Each of the following sectors of the Australian economy is a critical infrastructure sector:

                     (a)  the communications sector;

                     (b)  the data storage or processing sector;

                     (c)  the financial services and markets sector;

                     (d)  the water and sewerage sector;

                     (e)  the energy sector;

                      (f)  the health care and medical sector;

                     (g)  the higher education and research sector;

                     (h)  the food and grocery sector;

                      (i)  the transport sector;

                      (j)  the space technology sector;

                     (k)  the defence industry sector.

• section section 8E defines a critical infrastructure asset as being an asset that relates to a critical infrastructure sector. There are definitions of specific types of critical infrastructure assets
• there are very broad definitions of when assets relate to a sector
• the definition of a relevant impact is broad and general
• Part 2B sets out the obligations of mandatory reporting.  Section 30BC, regarding a critical cyber security incident, provides, in part:

Read the rest of this entry »