Proposal by Restaurant and Catering Australia to require those who don’t have the COVIDSafe tracking app to provide their personal details to staff at restaurants and cafes is silly, oppressive and down right dangerous.

May 4, 2020

In the 7 or so weeks of lock downs of varying degrees of intensity there has sprung up a strain of virtue signalling where intrepid souls have come up with more and more intrusive and frankly ridiculous ways of demonstrating how they are doing the right thing to beat the demon virus. That has commonly meant tormenting fellow Australians with petty displays of colonel blimpery. In its milder forms it is hyper compliance with social distancing. A particularly frantic employee at Haighs in Hawthorn nipping in between customers ensuring they do not move from x’s on the floor, scolding them when they took a foot wrong, and doing quick 1.5 m checks with out stretched arms is a favourite memory. It is a good time for those who harbour a petty beaurocrat in their soul.  In its more extreme forms it involves making up legislative prescriptions that just don’t exist.

But some proposals which try to be seen to do the right thing are not just petty and irritating they are down right dangerous and oppressive.  The proposal spruiked by Restaurant and Catering Australia CEO Wes Lambert to require Australian’s who don’t down load the COVIDSafe tracking app and who want to use a restaurant or cafe to give their personal information to the staff fits that description to a tee.  It may not constitute a technical breach of clause 8 of the Biosecurity (Human Biosecurity Emergency)(Human Coronavirus with Pandemix Potential) (Emergency Requirements – Public Health Contact Information Determination 2020 which prohibits coercising the use of COVIDSafe App but it is in breach of the spirit of that law. 

One can only hope that Wes Lambert was suffering temporary relevance deprivation syndrome which prompted him to advocate this breath takingly stupid, utterly unAustralian and pernicious proposal. 

The proposal is reported in the Australian article Coronavirus Australia: No app? Leave your name and number which Read the rest of this entry »

Victoria police suspends officer over leak of photographs of Laidley taken in police station. The response highlights the uneven and generally inadequate state of privacy protections even if the results head in the right direction.

It appears that occasionally the Victoria Police can respond quickly and appropriately to privacy breaches. The ABC reports that a senior constable who took the photographs of Dean Laidley while in custody and being processed has been suspended and is likely to be charged with an offence under the Victoria Police Act 2013.  Deputy Commissioner Patton did not identify what provision of the Act the senior constable might be charged under but it may be under one of section 226227 or 228.     

The ABC Report provides:

Victoria Police has suspended an officer over an “appalling” privacy breach after he allegedly shared unauthorised images of former AFL coach Dean Laidley in custody inside a police station. Read the rest of this entry »

Police photographs of Dean Laidley and photographs taken inside police station a significant data breach and invasion of his privacy.

The arrest and charging of Dean Laidley for what has been described as stalking is a matter of public record.  He appeared before the Melbourne Magistrates Court and was remanded.  As no suppression or pseudonomysation orders  were made those details can be reported. 

However photographs police take of those charged are not public documents.  They are taken for the purpose of properly recording the processing of a person into custody.  Their purpose does not extend to providing colour to a story.  Further, other photographs taken in a police station of a suspect or a person charged are not for public consumption. Frankly there is no good reason for taking other still photographs. 

It is then appalling to see that the Herald Sun has Read the rest of this entry »

Home affairs data breach exposes data of 700,000

Another depressingly familiar data breach involving the Federal Government’s handling of personal information.  This time the Guardian reports the breach involving access to personal details of 774,000 migrants and applicants.  In this case the breach involved the inadvertent display through the SkillsSelect platform of those who expressed an interest in migrating to Australia.  The defect in the platform’s operation permits someone accessing details of a persons age, qualifications and marital status as well as other information. 

What is interesting is that the information dates back to 2014.  According to the Guardian story expressions of interest are stored for 2 years.  Yet the database includes information stretching back 6 years.  That in itself is a concern. 

It will be interesting to see if Read the rest of this entry »

Group complaint lodged with the Information Commissioner against Optus for data breach involving 50,000 customers in October 2019

April 27, 2020

Lawyers weekly has just reported that Maurice Blackburn has made a representative complaint against  arising out of a data breach in October 2019. It is the first representative complaint made under the Privacy Act 1988.  It seems 2020 is proving to be an active year for use of the Privacy Act with the Commissioner commencing civil penalty proceedings, for the first time, and now this representative complaint.

Maurie Blackburn describes the complaint as Read the rest of this entry »

Australian Information Commission v Facebook Inc [2020] FCA 531 (22 April 2020): application for service outside of Australia, the Commissioner’s prima facie case. The opening round in the first civil proceeding for breach of the Privacy Act by the Commissioner

April 26, 2020

On 23 April 2020 in  Australian Information Commission v Facebook Inc the Australian Information Commissioner successfully obtained interim suppression and non publication orders and orders to serve outside Australia and substituted service against Facebook Inc.

This is the first of what is likely Read the rest of this entry »

Another email bungle, privacy breach involving names, addresses and birthdates

April 23, 2020

The Guardian reports on another email bungle resulting in a significant privacy breach, this time by the Australian Traffic Network.   In an email an operator at the Australian Traffic Network sent out a document containing personal information of more than a 100 current and former staff as part of an internal email to existing staff.  An email was originally sent on Monday to staff asking about eligibility for the jobkeeper payment.  A follow up the next day was the data breach as it contained a table of staff names with their addresses and dates of birth.  It provoked concern within the organisation, little wonder given Read the rest of this entry »

Santin v Sfameni [2020] VSC 26 (7 February 2020); application to restrain solicitor, whether solicitor material witness, misuse of confidential information

April 5, 2020

The latest decision at the superior court level in Victoria dealing with restraint application is Santin v Sfameni [2020] VSC 26.  That judgement considers a case in which I appeared for the, unsuccessful, applicant, Pinnacle Living Pty Ltd v Elusive Image Pty Ltd [2006] VSC 202

FACTS

The dramatis personae are:

  • Emilio Santin (“Emilio”), who died on 2 March 2017 [1].
  • Rosanna Sfameni (“Rosanna”), Emilio’s daughter and executor of his estate [1].
  • Carlo Santin (“Carlo”) and Bruno Santin (“Bruno”), Emilio’s sons and residuary beneficiaries under his last will dated 23 September 2011 [1].
  • Carlo and Bruno are represented by a solicitor, John Whelan (“Whelan”) [3].
  • Whelan acted for Emilio between about September 2015 and January 2017 [3].

Carlo and Bruno commenced proceedings seeking order that Rosanna be removed as executor and trustee of their father’s estate [2].

Rosanna  applied to restrain Whelan from continuing to act for Carlo and Bruno on the bases that:

  • Whelan formerly acted for the deceased; and
  • is likely to be a material witness in relation to contested issues [3].

The loan

Rosanna and her husband, Salvatore (Sam) Sfameni lent Emilio $473,385. They were the mortgagees of a mortgage registered by Rosanna on 29 September 2011 as security for that loan [7].  The loan was used to Read the rest of this entry »

Significant data breach at the Federal Court of Australia revealing names of protection visa applicants

March 31, 2020

It was serendipitous that last Wednesday I presented a paper, via Zoom, at a Legalwise Seminar on Data Breaches: How to Respond, Notify and Remedy  given today’s report that there has been a significant data breach by the Federal Court, an agency for the purposes of the Privacy Act 1988.  The, to use the Federal Court’s spokesman’s description, “major systemic failure” involved the searchable database permitting the identity of 400 asylum seekers being disclosable. 

This breach would fall within Part IIIC of the Privacy Act 1988, the mandatory data breach notification regime. Going through the process would require an assessment of the breach, a determination as to whether the breach is likely to cause serious harm and, if so, the means of notifying the affected individuals.  Based on the ABC report of the breach there would be legal and practical issues to address with each step.  As to the assessment process it is concerning that Read the rest of this entry »

Commonwealth Parliament amends the Corporations Act with Part 9.11 and section 459E, F and G. The statutory period will extend from 21 days to 6 months for 6 months. The statutory minimum is raised from $2,000 to $20,000 for 6 months. Some protection for directors trading while insolvent for the next 6 months.

March 24, 2020

The Commonwealth Parliament passed the Coronavirus Economic Response Package Omnibus Act 2020 yesterday.  It introduced the Bill yesterday as well.

It is a wide ranging Act but to the extent that it relates to those practicing commercial law the relevant provisions are amendments to section 9 and 459E – G for the statutory demand and 588Eff. The statutory minimum has been raised from $2,000 to $20,000.  That is significant but what will have a bigger impact on the use of statutory demands is the statutory period being increased from 21 days to 6 months.  These amendments are to last for 6 months from date of proclamation unless otherwise modified by regulation.  Accordingly, from now until about 24/25 September 2020 at least the new regime regarding the use of statutory demands will be in place.  The statutory period of a statutory demand served tomorrow would not  expire until around 25 September.  As such applications to set aside the statutory demand can be filed any time up to that date.

Given this is a significant area of my practice it is important to be on top of these changes.

The Act provides:

Part 2—Amendments relating to businesses in financial distress

Corporations Act 2001

21  Section 9

Insert:

statutory period means:

                     (a)  if a period longer than 21 days is prescribed—the prescribed period; or

                     (b)  otherwise—21 days.

22  Paragraphs 459E(2)(c) and 459F(2)(b)

Omit “21 days”, substitute “the statutory period”.

23  Subsection 459G(2)

Omit “21 days”, substitute “the statutory period”.

24  Subsection 459G(3)

Omit “those 21 days”, substitute “that period”.

25  In the appropriate position in Chapter 10

Insert:

Part 10.42—Transitional provisions relating to the Coronavirus Economic Response Package Omnibus Act 2020

  

1669  Application of amendments made by Schedule 12 to the Coronavirus Economic Response Package Omnibus Act 2020

 The amendments made by Part 2 of Schedule 12 to the Coronavirus Economic Response Package Omnibus Act 2020 apply to statutory demands that are served on or after the commencement of that Schedule.

Corporations Regulations 2001

26  Before regulation 5.4.01

Insert:

5.4.01AA  Temporary increase to the statutory minimum and statutory period

 (1)  For the purposes of paragraph (a) of the definition of statutory minimum in section 9 of the Act, the amount prescribed is $20,000.

 (2)  For the purposes of paragraph (a) of the definition of statutory period in section 9 of the Act, the period prescribed is 6 months.

 (3)  This regulation is repealed at the end of the period of 6 months starting on the day this regulation commences.

27  Paragraphs 3 and 5 of Form 509H of Schedule 2

Omit “21 days”, substitute “the statutory period”.

28  Form 509H (note 2) of Schedule 2

Omit “minimum of $2,000.”, substitute “minimum. The statutory minimum is $2,000 or a greater amount prescribed by the regulations. For a 6?month period in 2020, a greater amount of $20,000 is prescribed (see the Coronavirus Economic Response Package Omnibus Act 2020).”.

29  Form 509H (note 5) of Schedule 2

Repeal the note, substitute:

    1. The statutory period is 21 days or a longer period prescribed by the regulations. For a 6?month period in 2020, a longer period of 6 months is prescribed (see the Coronavirus Economic Response Package Omnibus Act 2020).

The second amendment to the Corporations Act is to provide temporary relief for directors who may engage in insolvent trading for the next 6 months or any longer time prescribed by regulations.  The amendments are to sections 588E and 588GA and the insertion of 588GAAA.

Part 3—Temporary relief for directors from duty to prevent insolvent trading

Corporations Act 2001

30  Paragraph 588E(8A)(a)

After “subsection 588GA(1)”, insert “or 588GAAA(1)”.

31  After section 588GA

Insert:

588GAAA  Safe harbour—temporary relief in response to the coronavirus

Safe harbour

(1)  Subsection 588G(2) does not apply in relation to a person and a debt incurred by a company if the debt is incurred:

            (a)  in the ordinary course of the company’s business; and

            (b)  during:

                         (i)  the 6?month period starting on the day this section commences; or

                        (ii)  any longer period that starts on the day this section commences and that is prescribed by the regulations for the purposes of this subparagraph; and

 (c)  before any appointment during that period of an administrator, or liquidator, of the company.

  (2)  A person who wishes to rely on subsection (1) in a proceeding for, or relating to, a contravention of subsection 588G(2) bears an evidential burden in relation to that matter.

When the safe harbour does not apply

 (3)  Subsection (1) is taken never to have applied in relation to a person and a debt in the circumstances prescribed by the regulations for the purposes of this subsection.

Definitions

 (4)  In this section:

evidential burden, in relation to a matter, means the burden of adducing or pointing to evidence that suggests a reasonable possibility that the matter exists or does not exist.

32  Subsection 588GB(7) (paragraph (b) of the definition of relevant proceeding)

After “subsection 588GA(1)”, insert “or 588GAAA(1)”.

33  Paragraph 588HA(1)(a)

After “safe harbour”, insert “described in subsection 588GA(1)”.

34  Subsection 588WA(1)

Repeal the subsection, substitute:

 (1)  Subsection 588V(1) does not apply in relation to a corporation that is the holding company of a company, and to a debt, if:

        (a)  the corporation takes reasonable steps to ensure that either subsection 588GA(1) or 588GAAA(1) (the safe harbour provision) applies in relation to:

                    (i)  each of the directors of the company; and

                    (ii)  the debt; and

       (b)  the safe harbour provision does so apply in relation to each of those directors and to the debt.

The Explanatory Memorandum relevantly Read the rest of this entry »