Workplace Law

Workplace Law News and Articles

Aug 062018
 

Just when you thought discovering a data breach within your organisation was already a headache – such as a lost company computer or an employee disclosing unauthorised information – from 22 February 2018 this could become a migraine as you are now obliged to notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals. Failure to do this can result in civil penalties.

Want to know more about the structure of this new legislation? Please read on.

The Privacy Amendment (Notifiable Data Breaches) Act 2017 amends the Privacy Act 1988, to include a new mandatory data breach notification scheme in Part IIIC of the Act. These new laws take effect from 22 February 2018.

New obligations

The mandatory Notifiable Data Breaches (NDB) scheme requires organisations and federal agencies subject to the Privacy Act, to report an “eligible data breach” to the OAIC and individuals potentially affected.

The notification involves at least two-steps. First, you must give a statement with prescribed information to the OAIC. Second you must notify the affected individuals. Whilst the actual steps will differ depending on the circumstances, this will usually entail a statement to the individual via normal means of communication.

You must, within 30 days, carry out a prompt and reasonable assessment if you have reasonable grounds to suspect an eligible data breach.

What is an eligible data breach?

An eligible data breach will occur where there has been unauthorised access to or disclosure of personal information, or where a loss of information has occurred where unauthorised access or disclosure is likely. An objective test is applied to determine if a reasonable person would conclude that there is a probable risk of serious harm to any of the individuals affected by the unauthorised access to, or disclosure of personal information. 

What is serious harm?

The definition of serious harm is broadly construed, but will include any serious physical, psychological, emotional, economic or financial harm as well as reputational damage. Serious harm will be considered likely if the harm is determined to be “more probable than not”.

Whilst harm is not defined, the new legislation does provide a non-exhaustive list of factors that should be considered when determining if the breach is likely to result in serious harm. These include but are not limited to:

  • The type and sensitivity of the information;
  • Any security measures that have been taken, and the likelihood that such measures could be overcome;
  • The people who have access to or could obtain the information, and;
  • The nature of the harm.

The first Quarterly Report released

The OAIC have published the first quarterly report of data breach notifications for 2018, receiving 63 data breach notifications in the first six weeks of the NBD programme while only receiving 114 voluntary notifications in the 2016-17 financial year. This increase in reporting will help OAIC better identify areas of improvement in information security. To read more interesting statistics from the first quarterly report or to access the full report, click here.

What should you do?

You should continue to comply with your data security obligations under the Australian Privacy Principles and also follow the recommended steps in the OAIC’s guide to handling personal information security breaches.

You should also review your current security processes and procedures to incorporate your scheme assessment and notification obligations and consider any other systems or processes that may need to be developed to comply with the scheme.

A data response plan should also be developed, including responses to cyber and broader data security breaches. This plan should enable you to respond efficiently and lawfully to an actual or suspected data breach. This plan should be communicated to all staff with training on what to do if they suspect or become aware of a data breach.

For more information on mandatory data breach notification laws contact Peter McNamara today.

Jun 202018
 

In this interesting case an oppressor shareholder was ordered to buy out the oppressed shareholder. Equal shareholders were deadlocked. One Shareholder, the plaintiff, asked the court that the other be required to sell its interest or buy the plaintiff’s interest. The defendant had the daily management of the company. The court found oppression and ordered […]

Jun 202018
 

Munstermann v Rayward; Rayward v Munstermann [2017] NSWSC 133 In this case, the Supreme Court of NSW exercised its broad powers to make any orders it considers appropriate where a shareholder suffers oppressive and unfairly prejudicial conduct. The Court ordered that Mr Rayward, a director that caused a deadlock, should sell his shares to the […]

Jun 202018
 

Deadlocks commonly arise in companies with equal shareholders who are also directors. An aggrieved shareholder can ask the Supreme Court to resolve the deadlock if the shareholder suffers oppressive and unfairly prejudicial conduct. When can the Court Intervene? The Court may intervene if: The conduct of a company’s affairs; or An actual or proposed act […]

Apr 092018
 

The Fair Work Commission recently held that an Uber Driver was an independent contractor and not an employee for the purposes of an unfair dismissal claim. This decision will affect all those involved in the emerging “gig economy”, where workers engage in job for-hire tasks through forums such as apps.   Kaseris v Rasier Pacific […]

Jun 302017
 

Employers should be alert to changes to worker entitlements effective 1 July 2017:  Unfair Dismissal High Income Threshold Compensation Cap for Unfair Dismissal Redundancy Tax Free Amount Employment Termination Payments (ETP) Lower Tax Rate Cap Superannuation Maximum Contribution Base Increases in Civil Penalties for Breaches of the Fair Work Act Unfair Dismissal High Income Threshold […]

May 182017
 

Franchisors and Parent Companies Feeling Vulnerable to Super Fines The Fair Work Amendment (Protecting Vulnerable Workers) Bill 2017, is designed to protect vulnerable workers from exploitation by employers.  The Bill is expected to pass through the Senate without much trouble. It is the Coalition’s response to the systematic underpayment of workers by franchisees in the […]