The Fair Work Legislation Amendment (Secure Jobs, Better Pay) Bill 2022 (Cth) (Bill) passed both houses of Parliament in December 2022 and is now law. Among other changes to the Fair Work Act 2009 (Cth) (FW Act) (discussed previously here), the Bill introduced new limitations on fixed term contracts that are set to take effect on 7 December 2023 (discussed previously here).

The limitations apply broadly to employers covered by the FW Act. This article considers the specific implications of the new limitations on fixed term contracts for employers who are charities and not-for-profits given the prevalence of the use of fixed term and specific duration employment arrangements in the sector.

What limitations on fixed term contracts will apply?

New provisions in the FW Act will make it an offence, subject to some exceptions, for an employer to enter into a fixed term contract with an employee:

• for a period that exceeds two years;

• that allows the contract to be extended or renewed for a period that exceeds two years;

• that provides for an option or right to extend or renew the contract more than once; or

• where the contract continues the same, or substantially similar, employment relationship and work duties as a previous fixed term contract, and:

• the contract and previous fixed term contract exceed two years in length;

• the contract or previous fixed term contract contains a right of renewal or extension; or

• the employee has previously been engaged under two consecutive fixed term contracts.

There are a range of exceptions to the limitations on fixed term contracts (listed in full here) including two that are of particular relevance for charities and not-for-profits – governance positions and funded positions.

Exception: Governance Positions

The new limitations on fixed term contracts will not apply to any contract of employment that relates to a governance position where a time limit is imposed on the position by the governing rules of the corporation or association.

This exception may enable a charity or not-for-profit to enter into a fixed term contract with an employee that has a “governance position” in the organisation, if a time limit for that position is specified in the organisation’s Constitution or Rules. The term “governance position” is not defined in the legislation or explanatory memorandum. We expect that there will be judicial consideration of the term if and when there are challenges to an employer’s reliance on this exception, but that guidance is still some time away. It may be possible that the term means an individual that is a voting member of the Board or Committee noting that the legislation does not go as far as to define the term in that way. If that was the case, the exception may be capable of applying to employees that have an ex officio role on the Board or Committee such as executive Directors, some school principals (in the case of a school) and some religious ministers (in the case of a faith-based institution). However, given the complexities arising with applying this exception and consequences for breach, further legal advice should be obtained where it relates to a specific organisation and its employment arrangements.

New anti-avoidance provisions under the Bill will prohibit employers from “changing the nature of work” or “otherwise altering an employment relationship” in order to avoid the new limitations on fixed term contracts. Accordingly, employers should seek advice before:

• introducing fixed terms for governance positions where the Constitution or Rules did not previously provide for a fixed term for that position; or

• seeking to characterise a position as a “governance position” if the individual does not have a genuine governance role in the organisation.

Exception: Funded Positions

The new limitations on fixed term contracts will not apply to any contract of employment that relates to a position for the performance of work where:

• the position is funded in whole or in part by government funding or funding of a kind prescribed by the regulations (noting that no regulations have been prescribed for this purpose to date);

• the funding is payable for a period of more than 2 years; and

• there are no reasonable prospects that the funding will be renewed after the end of that period.

This exception may provide a basis for not-for-profit and charity employers that receive government funding for positions to lawfully appoint persons to those positions for fixed terms that exceed two years in duration (provided that all the criteria to be met for the exception to apply are satisfied). The legislation and explanatory memorandum does not include any guidance as to how the prospects of funding renewal should be assessed. This assessment will depend on the circumstances and it may be prudent to seek advice.

How we can help

Our For Purpose team helps charities from the ground up, from support to apply for registration to amending governing documents. If your charity has made appointments to positions for fixed terms, we can assist you to navigate the new limitations on fixed term contracts that will take effect on 7 December 2023 and the exceptions to those limitations discussed in this article.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

From 1 July 2023, all charities registered with the Australian Charities and Not-for-profits Commission (ACNC) will be required to report related party transactions in their Annual Information Statements. These changes are part of the Australian Government’s reforms that were initially announced in mid-2021 with an aim to provide greater accountability to donors, charity beneficiaries and members of the public.

What is a related party transaction?

The term ‘transaction’ is defined by the ACNC to be a “transfer of resources, services, or obligations between related parties. It does not have to include financial payment.” A charity engages in a transaction if it is either giving or receiving the resources. This can include actions such as: purchases/sales, donations, loans, leases, guarantees, delivery of goods, resources or services, and the provision of employees or volunteers.

The ACNC defines the term ‘related party’ differently according to a charity’s size.

For small charities (annual revenue under $500,000), a simpler definition is used by the ACNC whereby a related party is “a person or organisation that is connected to the charity and has significant influence over the charity.” This includes responsible persons (directors, board members), senior managers, family members of those persons and others who may have influence over a charity’s decision making.

For all other charities, the ACNC adopts the definition of ‘related party’ that is used in the Australian Accounting Standards (AASB 124). Under that definition, a related party can be:

• a person that is connected to the charity or has control of the charity (responsible persons and family members);
• an organisation that is connected to the charity and has control or significant influence over the charity (i.e. a parent or related entity);
• an organisation that the charity has control or significant influence over, such as a subsidiary;
• a member of the charity’s key management personnel or a close member of their family; or
• an associate or joint venturer of the charity.

What must charities now do?

The ACNC has recently released guidance to assist charities to understand their new obligations and to provide charities with certainty about what transactions should be reported.

All charities will need to report on related party transactions in their Annual Information Statements submitted to the ACNC from 1 July 2023 onwards. If a charity notes that they have reportable related party transactions then they will need to select the type of related party transactions that they have engaged in from the following list:

• Fees paid to a related party for providing goods or services to the charity.
• Loans from or to a related party.
• Salary or wages paid to a related party’s relative.
• Transfer of charity property or assets to a related party.
• Charity goods or services provided at a discount to a related party.
• Significant use of charity property by a related party.
• Investment in a related party.

There will also be an ‘other’ option if charities wish to report on other forms of related party transaction not provided for in the list.

Charities will also be able to provide additional relevant information about these related party transactions if desired. For example, charities may wish to include details about the value of these related party transactions and how they have been managed.

Small charities will only need to provide details about ‘reportable’ related party transactions (the ACNC has supplied some examples in its guidance notes about when a related party transaction will be ‘reportable’). All other charities will need to provide details about ‘material’ related party transactions. The materiality of a related party transaction will depend on the context of a charity’s specific circumstances – charities will need to determine what is and is not material. Medium and large charities also need to provide details of related party transactions in their annual financial statements in accordance with the requirements of Australian Accounting Standards (AASB 124 and AASB 1060).

How Moores can help

To comply with these ACNC reporting requirements, charities should now be recording details about their related party transactions, including the value of these transactions and how they are being managed.

Moores is here to help your charity to put appropriate policies and procedures into place to ensure that you are able to comply with your financial reporting and statutory obligations. We can assist you to review key arrangements and agreements to ensure that they are complaint and in the best interests of your charity.

Contact us

Please contact us for more information or guidance regarding any of the above.

Subscribe to our email updates and receive our articles directly in your inbox.

Victoria’s State Budget announcement yesterday left many schools surprised by unexpected news that their long standing payroll exemption was to be scrapped with effect from mid 2024.

Announcements referred to “high fee” schools, although the apparent threshold of annual fees of more than $7,500 (to be clarified exactly in its application) looks to capture many mid-tier and mid-fee schools, including some outer metro and regional independents and Catholic schools.

Many schools in this mid-tier have a tight surplus after meeting growing staff costs and will need to explore costs savings in upcoming School Board budget meetings in August and September. Tuition fee increases in circumstances where parents are already feeling cost of living pressures are unlikely to be welcomed.

This payroll tax decision follows the 2021 land tax amendments (see our land tax article here) and further erodes the tax concessions historically afforded to charitable organisations in Victoria. 

On the other hand, low fee schools will get a boost and the early childhood sector is celebrating the continuation and extension of free kindergarten, noting that 15 hours of fully funded three year old kinder has been on the sector wish list for a number of years. Combined with the Federal Government’s increase to the child care subsidy, families with younger children should have more access and lower costs, with long daycare operators apparently restricted from passing on some costs.

In a pleasing development, 150 new bush kinder programs will be funded.

The budget also allocates significant investment by the State in new schools and school programming including camps, which may alleviate the risk of camps being cancelled due to recent changes to time in lieu payments for teachers.

Lastly, although we understand teaching staff will be spared the public sector job cuts, with the budget announcement that up to 4,000 positions will be cut from the public service, the Department of Education and Training is very likely to be impacted, although it is currently unclear how this will flow on to schools.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

This article is part 3 of our charity article series. Click here to read Part 1: Before you Start. Click here to read Part 2: Charity Tax Concessions.

Part 3: Choosing the Right Structure

An essential preliminary step when establishing a charity is to consider which legal structure is most appropriate. Structures commonly used include an unincorporated association, an incorporated association, a company limited by guarantee or a trust.

This article sets out some of the considerations that apply when selecting a legal structure.

What does it mean to incorporate?

A key decision is whether to establish an incorporated entity. An incorporated entity is a separate legal entity – most commonly an incorporated association or a company limited by guarantee. Unlike an unincorporated association (which is legally a group of people) or a trust, an incorporated entity is a separate ‘legal person’.

What are the benefits of incorporation?

Incorporation results in the establishment of a ‘legal entity’ that has a separate and distinct identity from the group of individuals who established, or are a part of the entity.

Separate legal identity

An incorporated entity can (among other things):

• open and operate a bank account;
• obtain insurance (although some insurers will offer cover to unincorporated bodies);
• enter into contracts (including employment contracts) and agreements and sign documents;
• buy, sell, own, lease and rent property and other assets;
• borrow and loan money; and
• sue and be sued in its own right.

‘Limited’ liability for members

A key benefit of incorporation is that the legal entity has ‘limited liability’. This protects members from being personally liable for the entity’s debts in the event that a legal claim is made against the entity and cannot satisfy debts out of its own assets. Depending on the type of legal structure chosen, liability is usually limited to $10 or to the assets of the legal entity.

Protection for committee members / directors

The committee members or directors of an incorporated entity also have protection from liability for claims made against the entity. This is known as the corporate veil. However, this protection may not be available if the entity trades while insolvent, or if a claim against the entity arises in connection with actions of a committee member or director which are fraudulent, criminal or dishonest.

Perpetual succession

Incorporation results in perpetual succession – the legal entity will continue to exist irrespective of changes to the entity’s membership and will only cease to exist if it is deregistered or wound up by the entity’s members. Among other things, this means that it is not necessary to change the name of the owner of assets (such as vehicles or shares) or to enter into new contracts (such as employment contracts) when the individuals involved in the entity change.

Unincorporated associations

A group of individuals that choose not to incorporate but operate under an agreed set of rules and have a common purpose will ordinarily be an unincorporated association. Unincorporated associations are simpler to establish than incorporated bodies and are not subject to ongoing reporting obligations to the incorporating regulator.

However, each of the ‘benefits’ of incorporation above has a corresponding disadvantage for an unincorporated association. For example:

• An unincorporated association (being a group of individuals) legally cannot enter into contracts, which makes employment arrangements problematic.
• If there is a claim against the unincorporated association that cannot be satisfied out of its assets and is not covered by insurance, each of its members could be separately and jointly liable.

Trusts

There are a variety of trusts (including ‘mere’ charitable trusts and ancillary funds) that can be established. They are usually used for specific purposes. A trust can be described as a “bucket of money” governed by a legal set of rules (a trust deed) prescribing the use of that money and administered by a group of people (or an organisation), who are bound by those rules (the trustee(s)). As a general rule, trusts are not designed for “doing” organisations that actively engage in the provision of services. A trust is used for more “passive” support and investment purposes.

Companies limited by guarantee

A company limited by guarantee is a federal structure designed to operate in each State and Territory and is incorporated under the Corporations Act 2001 (Cth) and regulated by ASIC. Companies that are registered charities have reporting obligations to both ASIC and the Australian Charities and Not-for-profits Commission (ACNC), although the ACNC is the primary regulator.

Incorporated associations

An incorporated association is a state-based entity which is designed to operate within its home State and is governed by the relevant legislation of the State in which incorporation takes place and the State regulator. For example, in Victoria this is the Associations Incorporation Reform Act 2012 (VIC) and Consumer Affairs Victoria.

Incorporated associations that are registered charities have reporting obligations to both the State regulator and the ACNC.

Similarities between incorporated associations and companies limited by guarantee

There are a number of similarities between incorporated associations and companies limited by guarantee, including the following:

• both structures are membership-based bodies which elect a governing body;
• both have purposes and rules set out in a governing document which dictate the way in which the structure is to operate and make decisions;
• in the case of charities, both structures are regulated by the ACNC and subject to the ACNC Governance Standards;
• both can apply for charity tax concessions and deductible gift recipient status based on their purposes and activities;
• both provide a corporate veil to protect members from liability; and
• both can be wound up in the event of insolvency.

Differences between incorporated associations and companies limited by guarantee

While there are a number of similarities between an incorporated association and companies limited by guarantee, there are also number of key differences, including in relation to the following:

• the ability of a company limited by guarantee to have a sole member, which allows for the charity to be established as a subsidiary of another entity;
• charitable companies have better integration with the ACNC;
• statutory duties of committee members / directors – the committee members of incorporated associations are subject to two sets of duties (under the relevant associations legislation and the ACNC Governance Standards), whereas company directors are intended to be exempt from the Corporations Act duties and only subject to the ACNC Governance Standards duties;
• member registers and the circumstances in which entities may be required to provide the register to a member;
• public perception – there is a perception that companies are better governed than incorporated associations;
• the ability of a company limited by guarantee to operate in any jurisdiction of Australia (an incorporated association must obtain an Australia Registered Business Number to operate outside its home State); and
• better international recognition.

How can we help?

Moores can help if you have any questions about setting up your NFP or charity.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

This is part 3 of our ‘So you want to start a charity’ series. 

See Part 1 – Before you start here

See Part 2 – Charity Tax Concessions here

The tag line for Privacy Awareness Week (PAW) 2023 is “Back to Basics.” This encourages organisations to take stock of their current practices, existing data holdings, and any high-risk areas. Taking stock now will prepare you to respond to legislative change that is on the horizon for later in 2023.

For more information about potential reforms to the Privacy Act 1988 (Cth), see:

• Privacy Act Review: Schools, are you ready?
• Privacy Act Review: Key changes on the radar for NFPs
• Privacy Act Review: Children’s privacy in the spotlight

What are your current collection practices?

To improve your privacy compliance – as is increasingly expected by the regulators and the public – you need to know what data you hold and where your risks are. The first step in this process is to reflect on what data you are collecting and ask yourself:

• Do you need it?
• Should you be collecting it?
• Are you entitled to collect it?
• Do you need consent to collect it?
• Is the collection fair and not unreasonably intrusive?

While for many years data was considered an asset, Victorian Privacy Commissioner, Rachel Dixon, has recently observed that data should be viewed as neutral on the balance sheet due to the risks associated with non-compliance and data breaches.

Understanding the regulatory and reputational risks of data breaches, organisations are encouraged to consider practices of data minimisation. Data minimisation involves only collecting and storing the information you need, and that is relevant to your functions and activities.

What are your existing data holdings?

The next element is to map your existing data holdings. Yes, this can sound technical. It really means, make a list of all the locations where you store data, and what is stored where.

This means thinking about all the digital and physical locations where you store information relating to individuals. It is common that schools, early learning centres and other charities operate with many different programs and systems, including customer relationship management programs such as Compass and Consent2Go.

Reviewing your existing data holdings gives you the opportunity to consider what you don’t need anymore, and then what you can delete. This is another data minimisation strategy. Granted, deletion and destruction of information needs to be tempered with reporting and retention obligations. For example, charities often have reporting obligations or audit requirements in funding contracts, and Victorian independent schools are subject to retention requirements from the Public Records Office Victoria. To balance the data minimisation and retention conflicts, good data governance needs to be implemented, to empower staff to understand when information can be deleted, and automate this process going forward.

Where does your organisation face high privacy or data security risks?

Now you know what you are collecting, and what you hold. This should position you to identify your privacy high risks, and consequently some steps to mitigate risks to privacy. Some common risks to consider:

• contractors, and sharing information with third parties;
• human error breaches, such as wrong email addresses or lost devices; and
• cyber security, firewalls, phishing.

How we can help

We can guide you through this process, or take the burden off you with a privacy audit. We work on privacy policies, and so much more. Increasingly, privacy is about much more than your privacy policy. We can help implement practices and systems to build privacy into your organisation, and help you navigate the legislative changes on the horizon.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Hiring out school facilities to local sports clubs, other schools or business groups can be a great way for schools to give back to their local community and monetise their assets outside of school hours. Getting this right generates goodwill, positive reputation and revenue. Getting it wrong can generate frustration, administrative burden and regulatory questions.

This article highlights six key points for schools to consider when hiring out facilities.

MO1359 and child safety

The school environment is the school campus, used during and outside school hours. This means the Greek school using your school’s facilities on Saturdays is in your school environment, as is the local sporting club using your oval and changerooms. Further, MO1359 does not limit a school governing authority’s obligations to students enrolled in the school. MO1359 also applies to children in the school environment.

VRQA Guidelines

The Victorian Registration & Qualification Authority (VRQA) Guidelines to the Minimum Standards and Requirements for School Registration require arrangements for the external hire of school facilities to be recorded in writing and subject to commercial terms.

Hire fees

It goes without saying that both the hire fee and the payment terms must be clearly stated in any hire agreement. For compliance with the Guidelines, it is important that hire fees are set at market rates.

Other related points which should be considered include:

• Do hirers need to pay a deposit to secure their booking?
• Do you require hirers to pay a security deposit? And if so, in what circumstances can the security deposit be withheld by the school?

Facility area

It is essential that everyone know specifically what facilities the hirer will be entitled to use and when.

• Does hiring the school lecture theatre include use of the school’s sound and lighting equipment?
• Does hire of the gymnasium include basketball equipment?

These issues should be explicitly addressed in the hire agreement.

Our experience suggests another minor detail can prove very important – clarify where cars attending the event should (and should not) be parked. Headaches of this kind can be easily avoided by making expectations clear in the hire agreement.

Risk management

External hire of school facilities attracts a level of risk. Public liability matters are at the forefront – who is responsible for personal injury occurring during the hire period? What about property damage? Hire agreements should include provisions allocating risk and responsibility for these matters, as well as provisions requiring hirers to comply with school policies and directions as to use of the facility.

Schools should also ensure that every hirer provides evidence of appropriate insurance prior to the hire event.

Use of the school’s name

Consider whether the school is happy for its name to be used by the hirer organisation (think “ABC College Basketball Club”) and what conditions you wish to impose on such use. Reputational factors are key, and you want to be sure that you have appropriate control over how the school name is used. Ensuring your agreement deals with the topic of naming rights will minimise the potential for issues to arise in this regard.

What is the right balance?

We don’t advocate for hire agreements that are longer than a Microsoft software licence. The answer is not in a longer document, but a smarter system. We believe in good process, clear terms and flexibility. The best set up will deliver a template document(s) for your school, including a policy, which can be used to streamline how you manage external hiring arrangements.

How we can help

The team at Moores is experienced in helping our school clients design processes and documents that manage external hiring arrangements, including compliance with current VRQA Guidelines. Get in touch with us and we’ll help you to get your facility hire arrangements right first time.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

It is common for schools to enter into agreements and arrangements with third party hirers to lease or manage certain parts of the school campus (e.g. performing arts centres, sports grounds next to school campus, swimming pools).

The difficulty schools face is when that third party uses the campus space during or before / after school hours. It may be difficult to know when the school’s child safety obligations are enlivened and what due diligence needs to be taken.

Child Safety in the school environment

All Victorian primary and secondary schools must comply with Ministerial Order 1359 – Implementing the Child Safe Standards – Managing the risk of child abuse in schools and school boarding premises (MO1359) to be registered and remain registered as a school with the VRQA.

To comply with MO1359, the school’s governing authority (Principal, Board of Directors, School Council etc.) must ensure the school meets all the elements of MO1359 in all school environments.

MO1359 defines ‘school environment’ broadly as:

Any of the following physical, online or virtual places, used during or outside school hours:

• a campus of the school;
• Online or virtual school environments made available or authorised by the school governing authority for use by a child or student (including email, intranet systems, software applications, collaboration tools, and online services); and
• Other locations provided by the school or through a third-party provider for a child or student to use including, but not limited to, locations used for:
  • camps;
  • approved homestay accommodation;
  • delivery of education and training such as registered training organisations, TAFEs, non-school senior secondary providers or another school; or
  • sporting events, excursions, competitions or other events.

Compliance can be difficult when third party hirers have staff who engage directly with students during or outside of school hours (i.e. sports or instrumental lessons) in circumstances where the service is provided on campus, or in a separate / isolated facility on the school campus, but which may not be directly authorised by the school (i.e. the student’s caregiver pays for sports lessons directly to the provider).

As the contractor – or contractor’s staff – are interacting with students in the school environment with the authorisation of the school – MO1359 applies. This means the recruitment, screening, equity, and all other obligations apply.

Why is this important?

This is important because the school now needs to ensure compliance:

• strategies, which are needed to embed an organisational culture of child safety and identify, reduce or remove risks of child abuse within the school environment;
• child safety materials (policies, procedures and codes of conduct); and
• screening, supervision, training and other human resources practices.

How we can help

Moores has experience working with schools to create child safe practices including within leases, facility hire and services agreements. If you would like to discuss this article with us further, or learn more about our services, please do not hesitate to contact us.

The Notifiable Data Breach (NDB) Scheme requires organisations subject to the Privacy Act 1988 (Cth) (Privacy Act) to report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) within 30 days.

Note: There is a current proposal to shorten this reporting period to 72 hours, bringing it in line with Europe’s requirement under the General Data Protection Regulation, and most reportable conduct schemes in Australia.

The OAIC biannually publishes statistics about the reporting it receives under the NDB Scheme, the trends and themes from which we have summarised here for you.

In 2022, there were 890 notifications to the OAIC. Of these, 503 were malicious and criminal attacks, 320 were human error and 33 were a system fault.

Malicious or criminal attacks are increasing.

Malicious and criminal attacks are consistently the largest cause of eligible data breaches. Due to high profile data breaches in the latter half of 2022, reporting significantly increased (41%) from the January to June reporting period to July to December.

Increase in malicious or criminal attacks:

There are different types of malicious and criminal attacks, including phishing and ransomware. By far the most common type of malicious and criminal attack is a cyber security incident (76%). This shows the increasing connection between privacy and data security. The Australian Cyber Security Centre (ACSC) has guidance on improving cyber security to prevent these incidents.

It is worth noting that, ultimately, even cyber security incidents are caused by human error, whether this is system design or more direct action, such as clicking on a suspicious link. The prevalence of these cyber security incidents (ransomware, compromised passwords, hacking, malware) shows an area for improvement in employee cyber literacy. While many organisations run phishing training and require passwords to be regularly changed, this can in fact create a sense of false security that a software system will intercept all threats, whereas human reasoning is in fact increasingly required to ward off the sophisticated types of cyber threats which are currently prevalent.

Human error is steady at one third of breaches

It has been a steady statistic that around one third of eligible data breaches under the NDB Scheme (since 2017) have been caused directly by human error. This can be the “low hanging fruit” organisations can address quickly, while working in parallel on more complicated technological solutions to cyber threats.

The most common human error eligible data breach is emailing personal information (PI) to the wrong recipient. The second largest type is unintended release or publication. The graph below contains more information.

There are different ways organisations can seek to address human error breaches, including human methods such as training, and technological methods such as automatic delays on external emails, so staff can pull back emails sent in error, or requiring publications to be tested in a protected, such as offline, environment.

How we can help

We can help by working with you to identify areas of risk and exposure for your organisation regarding data security and the NDB scheme. We do this by conducting tailored privacy audits of your organisation’s operations, and working with you to design solutions to reduce any identified risks, and then conducting staff training.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Privacy-by-design, sometimes written as PbD, can be an intimidating term, but we are here to de-mystify it.

Privacy-by-design is the idea of building privacy protections into processes to make good privacy practices a part of normal, everyday practice – making them the “default setting”. This includes building privacy into human and technological processes, and making privacy an automatic consideration in business operations.

The key principles of Privacy-by-design

1. Proactive and preventative, not reactive and remedial	Take a proactive approach to protecting privacy. Anticipate risks to prevent privacy-invasive events before they occur.
2. Privacy as a default setting	Automatically protect personal information in IT systems and business practices as the default.
3. Privacy embedded into design	Embed privacy into the design of any systems, services, products and business practices. Privacy should be one of the core functions of any system or service.
4. End-to-end security – full lifecycle protection	Implement strong security measures throughout the information ‘lifecycle’. Process personal information securely and destroy it securely when you no longer need it.
5. Visibility and transparency – keep it open	Ensure whatever business practice or technology you use operates according to the stated promises and objectives (in your privacy policy). Make people fully aware of the personal information you collect, and for what purpose(s).
6. Respect user privacy – keep it user centric	Keep the interest of individuals paramount in the design and implementation of any system or service. Offer strong privacy defaults and user-friendly options, and ensure appropriate notice is given.

Practical tips to implement Privacy-by-design

1. Minimise the information you collect, and minimise aggregation of personal information or data that could be identifiable.
2. Involve IT and compliance team members in projects, to contribute to the design of new systems and check any possible impacts on privacy.
3. Conduct PIAs when starting a new project or changing how you handle personal information.

What is a PIA?

The OAIC says:

“A privacy impact assessment (PIA) is a systematic assessment of a project that identifies potential privacy impacts and recommendations to manage, minimise or eliminate them.”

A PIA helps to identify and minimise the privacy risks of changes to services or policies and new projects. A PIA is an important privacy by design process that assists compliance with privacy obligations and delivers benefits to organisations.

The OAIC has published guidance on PIAs, including 10 steps to undertaking a privacy impact assessment.

How we can help

We can help by making the ideas of Privacy-by design and PIAs tangible and specific to your organisation’s operations and regulatory needs. We can support you to implement Privacy-by design with a privacy compliance audit, or training to empower your staff. More information about our privacy work is here.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

What effect does a statement of reasons (or wishes) have in defending a challenge to an estate? In the case of Plummer & Anor v Montgomery [2023] NSWSC 175 (Plummer), which involved an unsuccessful family provision claim by two adult stepchildren, the Court placed weight on the deceased’s written reasons for not making any provision.

But what are the risks for will-makers when preparing such a statement?

Plummer case

The deceased left a Will dividing her estate equally between her two biological children and her granddaughter. The deceased’s husband had predeceased her and the deceased had made no provision in her Will for two of her husband’s daughters (the Plaintiffs).

The Plaintiffs therefore made an application for a family provision order pursuant to the Succession Act 2006 (NSW) (the NSW Act). Given that the NSW Act does not have a separate category for step-children claimants (unlike Victoria), they were required to claim under the ‘member of the household’ category.

Ultimately, whilst the court was satisfied that the Plaintiffs were eligible applicants and that there were factors warranting the making of an application, the Court declined to make an order for provision, essentially finding that:

• There was no close personal relationship between the deceased and the Plaintiffs, and they were not brought up as a permanent member of the deceased’s family;
• The deceased did not provide either of the Plaintiffs with any financial support during her lifetime; and
• There was no evidence of a close familial bond and the deceased did not assume a close maternal role. As adults, the Plaintiffs and the deceased rarely saw each other.

The deceased’s intentions

Similar to Victoria, the NSW Act permits any evidence of the testamentary intentions of the deceased person, including evidence of statements made by the deceased, to be considered by the Court.

In Plummer, the deceased also left a document with her Will headed “Testamentary Document to be Incorporated in the Will”.

In this document, the deceased declared her wish that the Plaintiffs were not to benefit from her estate and set out her reasons why. Such wishes reflected the manner in which the Plaintiffs had caused the deceased great anxiety, stress and how they had displayed “intolerable behaviour” particularly at a time when her late husband was unwell. The deceased’s document concluded with her belief that her decision was “just and reasonable” when all matters were considered.

In declining to make an order for provision for each of the Plaintiffs, the Court “also remembered the deceased’s testamentary wishes, as expressed not only by the terms of [her] Will, but also by her written statement.”

Should you prepare a Statement of Wishes?

As evidenced by Plummer, the Court can consider a written statement by the deceased in an application for family provision, and considerable weight may be placed on it. However, the Court also pointed out that care must be taken when considering such statements. In some instances, a statement may unintentionally bolster a plaintiff’s claim for further provision.

Therefore, whilst a statement of reasons can be beneficial, there are also inherent risks associated with preparing and seeking to rely on such document. For instance:

• It is only a snapshot of the relationship or behaviour at a particular point in time. Such statements may be shown to be untrue or inaccurate at the time of death, and could be easily rebutted, which could strengthen a family provision claim. Accordingly, as with the Will itself, a statement of reasons should be regularly reviewed to ensure it remains accurate;
• The statement of reasons should not contradict the Will. Ideally, the statement should be prepared in conjunction with the Will, in consultation with the will-maker’s lawyer and signed contemporaneously with the Will;
• The statement should be prepared in a manner that allows the executor/s to exercise their discretion as to whether it is used to defend a claim or not, given in some instances, it can do more harm than good (however, an executor may be compelled to produce it regardless);
• A statement of reasons should ideally be stored in a safe place with the Will or amongst the will-maker’s personal papers, so that it may be easily found by their executor/s; and
• A statement of wishes will not make a Will ‘watertight’ and should never replace consideration of potential strategies to reduce the impact of a claim, such as by minimising the pool of assets subject to an estate challenge.

How we can help

For expert guidance on Estate Planning and Estate Litigation, please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.