As our population ages, individuals are more frequently losing decision-making capacity and unable to manage their own affairs for longer periods of time.

Where an individual who holds a controlling role in a trust loses decision-making capacity, there can be serious implications for the day-to-day management and succession of the trust, especially where the individual is the sole trustee or sole director of a Corporate Trustee.

The result can be a trust with no “driver at the wheel” and no option but to make an application to the Supreme Court to address the situation – an expensive solution that can often be avoided with proper planning for incapacity as part of a comprehensive estate plan.

Roles in a Trust

The persons holding controlling roles in trusts are important and have different duties. These roles can be filled by companies or individuals.

The controlling roles in a trust usually are:

1. The Trustee – who has day to day control.
2. The Appointor – who has the power to appoint and replace the trustee.
3. The Guardian – who has to consent to the trustee exercising certain powers.

Individual Trustees

Trust deeds – particularly older ones – usually say how control of the trust is passed when a sole trustee dies, but often do not consider what happens when a sole trustee loses decision-making capacity.

It is common in discretionary trusts for a sole trustee to also hold the power to appoint a new or additional trustee in a Trust Deed, or for the trustee and appointor to be the same person. As a trustee must act personally and cannot delegate their responsibilities to others, then depending on the trust deed, this may mean the incapacitated trustee’s attorney has no power to remove the incapacitated trustee and appoint a replacement one.

The Trustee Act

While section 28 of the Trustee Act 1958 (Vic) (Trustee Act) does permit the appointment of an agent “to transact any business or to do any act required to be transacted or done in the execution of a trust”, this is not generally regarded as extending to an attorney being able to exercise the power to appoint or remove a trustee and is often insufficient, on its own, to allow an attorney to make day-to-day decisions about the trust’s management.

Where a trustee is “unfit to act”, section 41 of the Trustee Act allows the appointor or any continuing trustees or the personal representative of the last surviving trustee to appoint a new trustee. However, the definition of “personal representative” does not extend to an attorney of a person who is alive but is incapacitated. Therefore, if the incapacitated person is the trustee and appointor, there may be nothing their attorney can do to appoint a new trustee until the incapacitated trustee dies and their executor can exercise the power.

When there is no other way to remove an incapacitated trustee (which is increasingly common), the only option may be to make an application to the Supreme Court of Victoria to appoint a new trustee.

Section 48 of the Trustee Act gives the Court the power to appoint a new trustee in substitution for, or in addition to, any existing trustee/s when it is “expedient to do so” and it is “inexpedient, difficult or impracticable” to do so without the assistance of the Court. If the situation has arisen where a trustee has lost capacity and there is no other mechanism to appoint a new one, the Supreme Court will usually agree it is not appropriate for a trust to be left without a trustee and will provide assistance.

Corporate Trustees

Where a company is the trustee, it is important to review its constitution and consider:

1. What are the voting rights of the directors?
2. Who are the shareholders and what proportion is required to alter the directorship? Can this result in a minority shareholder being effectively excluded from the decision-making process?
3. How many shares do each of the shareholders have? Many constitutions require that in the event of jointly held shares, only the first named person is entitled to have their vote count. This can be relevant where multiple executors or attorneys take up shares on behalf of the original shareholder.
4. Are there any other agreements that impact on the trust’s assets (e.g. – business succession agreements, shareholder’s agreements)?

If a trustee company with a sole director loses decision-making capacity, then, subject to the provision of the company’s constitution, section 201F of the Corporations Act 2001 (Cth) allows the director’s personal representative to appoint a new director. Personal Representative can mean the sole director’s attorney. As such, should an individual who is the sole director of a trustee company have a validly appointed attorney, this attorney may be able to appoint a replacement director.

How can you plan to avoid the need for an application to the Court appointing a new trustee?

For existing trusts – it is critical that legal assistance is sought to review the trust deed and, subject to tax and duty considerations, the trust deed and/or constitution amended to account for the situation where a person in a controlling role loses capacity.

It may also be appropriate to consider whether special conditions need to be included in a financial power of attorney, or whether a deed of succession is required to appoint alternate trustees upon incapacity.

For new trusts – it is critical that the trust deed provides a mechanism for what happens if a trustee loses decision making capacity.

Consideration of what will occur upon the loss of capacity of a trustee (or controller of a trustee) plays a vital role in a comprehensive estate plan. If care is not taken to address this issue, then even the best laid estate plans could be unravelled by the time the trustee dies.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Safeguarding risks are often identified too late, trapping organisations in a pattern of responding to risks rather than preventing harm from occurring.

Ansvar, a leading insurance provider and trusted partner of Moores, is trying to change that. Stephen Ratcliffe, one of Ansvar’s Senior Enterprise Risk Consultants, recently published guidance on the key gaps in safeguarding practice. A link to this publication can be found here.

The seven key safeguarding gaps identified by Ansvar are summarised as follows.

1. Not defining what constitutes abuse. Defining what constitutes abuse (including the signs of abuse) is important as it assists staff and volunteers to accurately identify and report it.
2. Not considering “non-physical contact” abuse, which is distinct from “physical contact abuse” and may include:
   (a) sharing images or videos of sexual related content;
   (b) inappropriate or sexualised conversation;
   (c) capturing photos or videos of a person for sexual purposes without their consent.
3. Not defining grooming or providing guidance on how to spot grooming behaviours. Grooming behaviours may seek to persuade a vulnerable person that they have a special relationship with the perpetrator and lead to sexual abuse.
4. Not including notification of an allegation of abuse to your insurance broker or insurer in your incident management procedure. Typically, insurance brokers and insurers must be notified of an allegation of abuse as soon as an organisation becomes aware of it.
5. Incomplete record keeping on staff training, including upon induction and throughout employment.
6. Incomplete record keeping on staff screening, police checks and reference checking.
7. Conflicts of interest in investigating and escalating allegations of abuse or neglect, which may arise if a person responsible for safeguarding is related to a member of staff or has a material personal interest in the organisation. Conflicts of interest should be managed in accordance with the organisation’s conflict of interest policy and documented accordingly. Additionally, a secondary avenue should be available to report abuse in the event that it is inappropriate to report it to the person responsible for safeguarding within an organisation.

The good news is that these safeguarding gaps are preventable and easy to address.

Ansvar has published a range of helpful resources that may assist you to evaluate your safeguarding framework so that you understand your gaps in policy and practice and how to fix them. Those resources can be found using the following links.

• Safeguarding for Vulnerable People Risk Alert
• Safeguarding Checklist: Code of Conduct
• Safeguarding Checklist: Employees, Contractors and Volunteers
• Safeguarding Checklist: Policies and Procedures

Contact Ansvar

Ansvar is a trusted partner of Moores and one of the few insurers that provides coverage for physical injury and sexual abuse in care services. For information about their expertise in care services, please visit their website or email info@ansvarrisk.com.au.

How we can help

Organisations working with children should ensure that they have sufficient systems and processes in place to equip staff to identify, prevent and manage safeguarding risk and harm.

Our safeguarding team can assist you to review your current framework, identify gaps and take steps towards preparing and implementing systems and processes that are tailored to your organisation.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Complaints about cyberbullying to the eSafety Commission (Commission) are on the rise, particularly since the pandemic. This trend was highlighted in the Commission’s recent ‘Mind the Gap – parental awareness of children’s exposure to risks online’ report (the Report), which explores the ‘opportunities and risks that the internet presents for children in Australia’.¹

With the pandemic forcing people to change the way they communicate, work and learn, society’s reliance on technology has increased and this has greatly impacted the amount of time that young children are spending in the digital world. Children now rely on technology in most parts of their daily lives, whether it is using technology to communicate with one another (e.g. through use of TikTok and Instagram), engage in recreational activities (e.g. playing internet games such as Fortnight) or to complete school or homework.

Perhaps unsurprisingly, rising levels of internet usage by children have increased the levels of cyberbullying seen by the Commission, with a 65% increase in the number of complaints about cyberbullying in 2021-22 compared to 2020-21.²

Research indicates that approximately one in five children experience some form of cyberbullying. Girls are bullied more than boys, and the average age of a target is 14.³

Concerningly, the Report found that despite the increased levels of cyberbullying, most children have ‘a positive view of the internet’,⁴ with an alarming 55% of children stating that they were communicating with someone they first met on the internet.⁵ Despite these figures, the Report did find that almost all children who were exposed to negative online experiences stated that when they were exposed, they did something in response (most commonly informing their parents about it).⁶

However, while approximately two thirds of children were confiding in their parents about negative online interactions, the Report paints a dire picture in the level of awareness that parents have about their children’s prevalence to negative online experiences.⁷ Although many parents have a strong awareness of children’s experiences of online harm,⁸ many were unaware of the extent to which their children are exposed to different types of harmful content.⁹ This disconnect shows there is more work to do to reach parents and strengthen their online safety skills.

While ‘parents are a key source of support for children navigating the digital world… more could be done to help support parents’ to help safeguard children and provide them with the knowledge to navigate the digital world.¹⁰ This includes support from organisations that work with children and parents to implement procedures that will support parents in protecting children from the risks of online usage, as it ‘takes a village’ to protect children from online harm.¹¹

These trends highlight the importance of ensuring that families and communities are informed and involved in promoting child safety and wellbeing, including online safety, which is a requirement of the Victorian Child Safe Standards and National Principles for Child Safe Organisations.

There are some practical steps that organisations should take to support safety online and protect children from risk of harm.

Assess and manage risks in both the physical and online environments

Organisations working with children should consider specific risks to children facing harmful online exposure that are relevant to their organisation, and consider what measures they can put in place to mitigate these risks.

Provide staff, children and parents with training and / or information about online safety

Organisations should consider providing training and information to staff, children and families on:

• Rights and responsibilities in the digital age.
• Resilience and risk: positively framing the use of technology, while also building awareness of factors that decrease and increase the risk of harm.

The Commission also recommends that schools:

• implement effective whole-school approaches to online safety education; and
• adopt an integrated and specific curriculum for online safety: building knowledge and skills, both technical and relational.

Helpful resources

The following resources may assist organisations to better understand online safety, and effectively engage with staff, children, families and communities:

• Best Practice Framework for Online Safety Education
• eSafety Champions Network
• Youth Advisory Council

How we can help

For assistance with understanding safe online behaviours, and strategies to mitigate the risks of online harm, please get in touch with Moores’ Safeguarding team.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

---

1 – eSafety Commission, Mind the Gap – Parental awareness of children’s exposure to risk online, February 2022.2 – Julie Inman Grant, eSafety Commission, Strength in numbers to stop cyberbullying, 3 November 2022.3 – Ibid.4 – Above 1, 6.5 – Above 1, 7.6 – Above 1, 8.7 – Above 1, 52.8 – Above 1, 68.9 – Above 1, 69 – 72.10 – Above 1, 96.11 – Above 3.

A recent report of the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability has provided crucial guidance for developing accessible, trauma-informed and person-focused complaints handling processes.

The Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability (Disability Royal Commission) has recently published a Research Report titled Complaint mechanisms: Reporting pathways for violence, abuse, neglect and exploitation (the Report).¹ The Report provides guidance to the Disability Royal Commission on the design of effective, inclusive, and trauma-informed complaint mechanisms. As the Report concludes, care is required in designing complaints mechanisms as reporting pathways for violence, abuse, neglect and exploitation, to ensure that victim-survivors have access to fair and effective processes and outcomes.²

This article sets out some key findings of the Report for organisations to consider in designing their internal complaints mechanisms.

Note: This article uses person-first language (such as ‘person with disability’) in referring to people with disability where referencing or quoting from the Report. However, we acknowledge that many disabled people and advocates prefer the use of identity-first language (such as ‘disabled person’).

The Report, which surveyed over 80 complaint mechanisms nationally, concluded that “many complaint mechanisms are not necessarily equipped to provide justice in relation to violence, abuse, neglect and exploitation”.³ Generally, an organisation’s internal complaints mechanism regulates the service and helps to maintain and enforce the organisation’s staff code of conduct. This may mean that the complaints mechanism is not victim-centred, and is not equipped to manage reports of abuse.

The Report indicates that in many cases, where a person with disability makes a complaint about violence, abuse, neglect and exploitation, the person experiences a failure of justice in both the process undertaken and the outcome received.⁴

Complaints processes may be unjust where they are inaccessible, where they do not provide the person making the report with adequate information on their options and how they can be supported, where they do not provide for an impartial investigation of an allegation, and where they do not set out possible outcomes of a complaints process. The Report also identifies that a negative prior experience with a complaints process may prevent a person from reporting abuse.⁵

Although the Report advocates for broad systemic changes, including a national independent complaints framework, it also provides some useful guiding principles for organisations in reviewing their own internal complaints mechanisms. We have summarised some key takeaways for organisations below.

• Consider providing a dedicated reporting pathway for violence, abuse, neglect and exploitation.⁶ It may not be appropriate to receive, manage and determine such reports in accordance with your internal complaints or grievances framework, which is generally created to address breaches of a code of conduct. It is also important that complaints handling processes are proportionate to the seriousness of the complaint. As the Report concluded, “a clear dedicated pathway for reporting violence and abuse sends a strong signal that these complaints have a level of seriousness and require different processes that go beyond other grievances about breaches of organisational codes and practice”.⁷
• Ensure your reporting pathway interacts with and complements pathways for reporting to Police or otherwise responding to violence.⁸ This includes any obligatory reporting and whistle-blower pathways. A failure to clearly set out all of the options for making or responding to a report may hinder access to justice, and may inadvertently suggest that an organisation has discretion over whether a report should be escalated to Police. Providing information on a range of complaints and reporting pathways (internally and externally) will allow a person to make an informed decision.
• Ensure that accessibility standards are applied effectively to your complaints or reporting frameworks.⁹ This includes by providing access to interpreting services, translated information, and easy-read language.
• Provide support for decision making.¹⁰ If your organisation does not have the resources to support a person’s decision-making process, consider making a referral to a disability advocate.
• Ensure complaints or reporting mechanisms are designed to afford just processes and outcomes, even where a complaint is not substantiated.¹¹ This recognises the likelihood that a person making a complaint or report of violence, abuse, neglect or exploitation is making that complaint or report in good faith, even where there is insufficient evidence to substantiate allegations.
• Ensure responses to complaints consider broader structural issues and inequalities.¹² A person’s experience of abuse or reporting that abuse may be impacted by other factors, such as regional location, language, race, gender and sexuality.
• Complaints mechanisms should allow for reporting and responding to historical abuse.¹³ Delays between abuse occurring and being reported can be significant, due to factors such as trauma, fear of consequences, and fear of being disbelieved.
• Complaints mechanisms should set out potential outcomes of a complaint, where possible.¹⁴ This includes where a complaint or report is not substantiated. A lack of information regarding potential outcomes may be a barrier to a person making a report or complaint. Further, the Report recommends that a complaints framework set out the possible alternative outcomes if a person chooses makes a report to an external body (such as an Ombudsman or the Police).

Ultimately, the Report’s recommendations emphasise agency, accessibility, transparency and fairness for disabled people making reports of abuse, violence, neglect or exploitation.

How we can help

For assistance with developing a comprehensive and trauma-informed complaints process within your organisation, please get in touch with the Moores Safeguarding team. For more information on the scope and progress of the Disability Royal Commission, see our article: Update on the Disability Royal Commission: Safeguarding vulnerable Australians.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

---

1 – Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability, Research Report – Complaint mechanisms Reporting pathways for violence, abuse, neglect and exploitation, 8 November 2022.2 – Ibid, 3.3 – Ibid, 4.4 – Ibid, 190.5 – Ibid, 191.6 – Ibid, 192.7 – Ibid, 192.8 – Ibid, 192.9 – Ibid, 193.10 – Ibid, 193.11 – Ibid, 193.12 – Ibid, 191.13 – Ibid, 193-194.14 – Ibid, 194.

In recent months, a significant number of high-profile cybersecurity incidents have affected prominent Australian companies. While cyber-crime is by no means a new phenomenon, the size, effect and targeted nature of recent attacks is concerning.

Australian charities and not-for-profits are no less vulnerable to attack. Cyber-criminals do not hesitate to extort funds from charities or not-for-profits. Indeed, a number of recent media reports indicate that large Australian charities have also been victims of hacking.

Why do charities need to turn their mind to data security?

Charities and not-for-profits are usually highly trusted and may hold sensitive information about vulnerable beneficiaries (including health information) and their members. Unfortunately, many charities and not-for-profits are susceptible to cybersecurity attacks due to low levels of cyber resilience. For a charity or not-for-profit, failing to take appropriate action to secure data could mean:

• the exposure of sensitive information of beneficiaries, donors or members;
• the loss of charity funds and resources;
• reputational damage; and
• breach of legal obligations (including privacy laws and the ACNC Governance Standards).

This article examines the legal obligations of the directors of charities (we will use the term ‘director’ in this article for committee member, board member, trustee or responsible person depending on the structure of the entity) registered with the Australian Charities and Not-for-profits Commission (ACNC) with a focus on data security. The article includes information about what a director can and should be doing to put appropriate cybersecurity protections in place, and the legal consequences if they fail to do so.

What rules should you be aware of?

1. Privacy Act

The Privacy Act 1988 (Cth) (Privacy Act) is the national law which regulates how private organisations in Australia must collect, use, disclose, secure and dispose of personal information. These information handling standards are set by the Australian Privacy Principles (APPs). In relation to data security, directors of charities should reflect on:

• APP 11 which requires an organisation to take active steps to protect and secure the personal information it holds; and
• the Notifiable Data Breach scheme which requires an organisation to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) following an eligible data breach.

Some states also have privacy laws, which can be imposed on charities through state funding agreements. We wrote about these laws in Beyond the Privacy Act: Does your not-for-profit collect health information or receive state funding?

2. Security of Critical Infrastructure Act

Charities involved in the supply or provision of critical infrastructure, which includes matters such as health, transport, energy, communications, food and water, are regulated by the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act). The SOCI Act includes significant cyber risk management and reporting obligations.

Among other matters, these organisations must annually attest to the Commonwealth Department of Home Affairs’ Cyber and Infrastructure Security Centre that their risk management practices and procedures are suitable and up to date with best practice standards. Government intervention is possible if an organisation’s responses are ineffective.

3. ACNC Governance Standards

Directors of charities will know the ACNC Governance Standards – a set of core, minimum standards for how charities are to be governed. The Governance Standards are another form of “principle-based regulation”, like the APPs. Relevant to directors developing data security policies and procedures for a charity are:

• Governance Standard 3, which requires a charity to comply with Australian laws; and
• Governance Standard 5, which outlines the duties of a charity’s directors, including the requirement to act:
  • with reasonable care and diligence; and
  • honestly and fairly in the best interests of the charity and for its charitable purposes.

The obligation to act with reasonable care and diligence requires that a charity takes steps to mitigate significant risks to its operations. In today’s climate, this includes ensuring appropriate systems and safeguards are in place to improve a charity’s cyber resilience and effectively respond to hacking and cyber incidents if they occur.

The required standard of care is not reduced if a director does not have specialised knowledge in IT or data security. Instead, directors without specialised knowledge should consider whether expert advice or assistance is required to effectively mitigate risk.

Remember: even with expert advice, the directors are still ultimately responsible for the decisions made and steps taken to ensure cyber resilience.

Separately, to act in the best interests of the charity, directors are required to analyse and consider the impact their data protection decisions could have on the charity’s beneficiaries, members, stakeholders and employees.

4. ACNC External Conduct Standards

Charities that operate overseas, including charities that just send money overseas, are required to take reasonable steps to comply with the ACNC’s External Conduct Standards (ECS). For charities operating overseas, cybersecurity risks particular to the local environment should be taken into account when assessing ECS risks.

What steps should you take?

There is no one-size fits all approach to cybersecurity. Each charity must develop and implement data security strategies that are appropriate to their particular context and operations. Helpful materials published by key institutions to assist with this process are summarised below.

AICD Cyber Security Governance Principles

The Australian Institute of Company Directors has recently released its Cyber Security Governance Principles. The Principles aim to provide a clear and practical framework for organisations to implement more resilient data security strategies with a focus on achieving better practices and procedures at the board level.

Set clear roles and responsibilities – the directors need to be at the forefront of the strategy with regular engagement with management and channels put in place to report development and updates to the directors. While external experts can be engaged to help where required, the directors need to retain a working knowledge of what data is being held by the charity, how and where it is being stored and who has access. directors should have oversight of all systems and processes, which should also be reviewed and audited regularly.

Develop, implement and evaluate a comprehensive cyber strategy – a robust strategy will consider the potential risks for charity beneficiaries and stakeholders as well as the sensitivity of data being held. The directors must implement regular internal and external evaluation of the strategy.

Embed cybersecurity in existing risk management practices – cyber risk should be considered as an operational risk and should be managed consistently with other charity risks. Controls should be analysed, implemented and regularly assessed in order to mitigate the effects of the risk. Directors should actively consider the benefits of obtaining insurance that provides coverage from losses due to cyber incidents.

Promote a culture of cyber resilience – training is a key tool, including specific training for directors, to promote a resilient culture. Strong practices should be incentivised and rewarded. All persons involved in the operation of the charity should be made aware of the importance of any data that they are using and storing, as well as the practices necessary to be implemented in order to protect these materials.

Plan for a significant cybersecurity incident – directors should actively prepare for and test strategies that respond to cyber incidents, including the development of a clear and transparent communications strategy with all key stakeholders if an incident occurs.

Australian Cyber Security Centre Essential Eight Mitigation Strategy

The Australian Cyber Security Centre (ACSC) has developed eight recommended cyber risk mitigation strategies. The suggested strategies are different and more complex depending on the ‘maturity level’ of the organisation. Further details on the suggested ACSC approach is here.

What are the consequences if you don’t comply?

In addition to the potential harm to beneficiaries, members and donors, reputational damage and loss of funds, charities face regulatory and civil action in the event of a cybersecurity breach.

Regulatory action

Regulators globally are increasingly taking action against organisations for failing to appropriately protect data and information. For example, in 2021 the UK Information Commissioner’s Office (the equivalent of the OAIC) imposed a significant penalty on a prominent Scottish health charity for failing to put in place appropriate internal measures to prevent the disclosure of sensitive beneficiary data. The OAIC is currently investigating Optus’ personal information handling practices.

In Australia, the OAIC has the regulatory power to investigate alleged breaches of the Privacy Act. If the OAIC finds non-compliance, enforcement action can include making determinations, issuing enforceable undertakings, seeking injunctions and seeking to impose penalty orders on organisations.

A Bill was introduced to Parliament on 26 October 2022 to significantly increase the penalties that can be imposed on organisations (including charities) for serious and repeated interferences with privacy. If the bill is passed the maximum penalty will increase from $2.2 million to the greater of:

• $50 million;
• three times the value of the benefit obtained attributable to the breach; or
• if the Court cannot determine the value of the benefit, 30% of the adjusted turnover of the organisation during the breach turnover period for the contravention.

Non-compliance may also lead to ACNC investigations which can be long, arduous and resource draining. The ACNC has the power to issue directions and enforceable undertakings and, in extreme cases, deregister charities if it is found their directors have not complied with the Governance Standards. The ACNC currently has a targeted focus on reviewing the activities of charities that deal with vulnerable beneficiaries overseas.

Civil action and complaints

In addition to regulatory action, members of charities may also commence litigation against directors if the directors have failed to fulfil their duties and adhere to the ACNC Governance Standards. Similarly, beneficiaries of the charity’s services who are affected by data breaches or cyber-attacks may have grounds to either:

• sue the directors for breach of their duties, including by commencing class actions if appropriate; or
• make complaints to the OAIC alleging the charity has not complied with the APPs.

Directors can be personally liable if their breach of duty has caused the personal injury or harm (including if the breach of duty has been caused by an inaction or failure to take appropriate and reasonable steps).

What should you do

Moores is here to help to guide you and your charity on the right path. Please contact our corporate advisory team if you would like assistance in preparing a data security policy or strategy, or if you would like to discuss your legal duties and obligations.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

This morning, the Fair Work Legislation Amendment (Secure Jobs, Better Pay) Bill 2022 (Cth) passed both houses of Parliament. The Bill introduces a number of changes to the Fair Work Act 2009 (Cth) that are intended to lift wages, improve job security and close the gender pay gap. Our previous article on these changes can be found here.

The last week saw some further negotiation in the Senate to secure the passage of the reforms this side of Parliament’s last sitting week. Senator Pocock and the Greens were able to secure some changes to address various concerns, including about the impact of the reforms on bargaining and enterprise agreement outcomes for employees.

Those final changes include:

• increasing the small business threshold for multi-employer bargaining to 20 (single-interest enterprise bargaining stream);
• extending the “grace period” during which a single-interest multi-enterprise bargaining authorisation can be granted to 9 months;
• removing the “right” to veto an agreement by allowing the Fair Work Commission to compel a multi-enterprise agreement to be put to a vote; and
• winding back changes to the “Better Off Overall Test” initially proposed to alleviate some of the pain points experienced by employers trying to get an agreement approved.

Stay tuned for further information from us on details of the changes and their commencement.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Oxford University Press has announced that the Oxford Australian Children’s Word of the Year for 2022 is PRIVACY. Privacy was chosen as the Children’s Word of the year because its use by children in Australia’s largest online story-writing event for students revealed a 300% increase in the use of the word from 2021. Australian children are increasingly aware of the importance of online privacy and how to protect themselves online.

Practising in this area, it is easy for us privacy lawyers to consider this as a normal and important consideration, but why does it matter for charities, and other not-for-profit organisations such as schools and community health providers?

Why does privacy matter?

Reputation and relationships

Increasing community expectations of high privacy standards mean stakeholders will become less and less forgiving of a privacy breach or poorly managed cyber event. This matters because charities and not-for-profits need to foster strong relationships with clients, donors, and their other stakeholders – such as children or students, in turn impacting their brand and reputation.

Children will soon become voters, and the law reflects society.

Legislative changes often respond to changes in our society. For example, following high profile data breaches, a bill was introduced to the Australian Parliament proposing to increase penalties for serious interferences with privacy from $2 million to $50 million, or more. This is a significant jump, and reflects changing community expectations, and global trends, particularly in the European Union.

eSafety

Children can often outsmart us online already, but so can cyber criminals or malicious actors. Increased awareness of Australian students of privacy, and the need to protect themselves online means charities will need to put in the work to upskill and keep up to date. As vulnerable members of our society, grooming and other online threats are a serious concern, demonstrated by the rapidly expanding jurisdiction of the eSafety Commissioner.

Safer Internet Day 2023 is 7 February. Look out for more information coming next year.

How we can help

We recommend you take ten minutes to reflect on your privacy and information security practices. Where is your information stored? What different programs or platforms do you use?

A good way to develop a clear understanding of how your organisation handles information is to map out information flows; where information comes in, where it goes, and how it is stored and destroyed.

If you’re not confident with this, it may be time for a more detailed privacy health check. Moores are specialists in privacy, safeguarding, education and not-for-profit law. Privacy is an overarching discipline, that is an increasing need for all organisations. We can help you identify your risks, how to improve your privacy compliance, and take stock of your information handling processes by conducting a privacy audit.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Moores is currently taking bookings for December 2022 and January 2023 School Professional Development days.

Moores’ delivers practical professional development sessions to staff to equip them with the skills and confidence to facilitate a safe, harmonious and impactful environment. Our sessions, delivered by our team of lawyers, are interactive, engaging and provide case studies to empower your people to navigate complex situations.

Download our flyer for 2022/23 professional development.

Topics

Available slots for 2023 are limited, so get in quick to avoid disappointment.

Our most in-demand sessions for all staff include:

• Safeguarding & child safety. This session covers the new Ministerial Order 1359, and meets the requirements of the Minimum Standards.
• Privacy and avoiding data breaches in the age of hacking and ransomware. This includes a discussion of the new privacy bill introduced 8 November 2022.
• Respect at Work. This session focuses on discrimination, sexual harassment, bullying and victimization, and covers what the Respect at Work Reforms mean in practice.

We also offer professional development for your board and leadership on:

• Safeguarding and Child Safety for Child Safety Officers. This interactive workshop builds on the all staff session above, with a focus on interactive case studies.
• Safeguarding for your School Board, and requirements of the new Ministerial Order 1359.
• Effective governance.
• Supporting international students and navigating CRICOS.
• Managing ill and injured workers.
• Effective performance management.
• Managing challenging parents and students, including the new Safety Order legislation.
• Supporting staff and students with disabilities, and navigating reasonable adjustments.
• Managing separated families – managing information, pick-ups, court orders and personal safety orders.
• Mental health in focus – supporting students and staff, including best practice support and return-to-school plans.
• Managing COVID-19 without vaccination mandates.
• Diversity and inclusion, with a focus on obligations in relation to LGBTQIA+ students and staff, and the prohibitions on change and suppression practices in Victoria.
• Discrimination in a faith-based school, including new laws on change and suppression practices.

How to book

We will have a discussion on tailoring, pricing and scheduling based on your individual school’s requirements. To make an enquiry please call Caryn Fitzsimons on (03) 9843 0418 or email cfitzsimons@moores.com.au.

The Australian Taxation Office (ATO) has recently finalised and released its new tax ruling, Taxation Ruling TR 2022/2 Income tax: the games and sports exemption.

Following significant community consultation, the new tax ruling replaces the ATO’s longstanding previous taxation ruling TR 97/22 and aims to provide a clearer and more nuanced definition of when a society, association or club will be exempt from income tax under the games and sports exemption in section 50-45 of the Income Tax Assessment Act 1997.

Who qualifies for the exemption?

An organisation will qualify for the income tax exemption if it:

• is established for the main purpose of the encouragement of a game or sport;
• is not carried on for the purposes of its individual members’ profit or gain; and
• meets other special conditions referred to in the legislation.

An organisation need not be incorporated but must consist of a ‘voluntary organisation of people associated together for a common or shared purpose’.

A number of the key terms and requirements are unpacked in the Tax Ruling, including:

• Not-for-profit requirement: The organisation must not be carried on for the purposes of individual members’ profit or gain, either while the club is operating or on its winding up. This does not prevent members from receiving some benefits (such as the right to use facilities) as well as reasonable remuneration for services provided, however suitable protections must be put in place. This is best achieved by including robust not-for-profit clauses in the organisation’s governing document.
• ‘Game’ and ‘sport’ are each given their ordinary meanings and are specifically noted as being extended to activities whose characterisation ‘can be demonstrated by evidence of a competitive element and by participants’ compliance with the conventions and rules of the activity’. Non-athletic activities (such as chess or bridge), activities requiring the use of machines (such as motor racing) and non-competitive activities (like mountaineering) are expressly noted as being included in the definition as well.
• ‘Main purpose’ requirement: the organisation must be established ‘for the main purpose of the encouragement of a game or sport’. There is no set formula prescribed for determining how something can be a ‘main’ purpose, rather an organisation must assess all of its relevant materials and circumstances including its activities, resources, history, stated purposes and intentions, and how it uses any surplus funds. The purpose can change over time and the organisation must assess its ‘main’ purpose throughout the relevant tax year. This objective analysis must be carried out on an ongoing basis.

What your organisation should do

Organisations who self-assess under this income tax exempt category should carefully familiarise themselves with the wording of this new tax ruling, which includes lengthy and detailed examples. Particular focus should be placed on the ‘main purpose’ definition and how this is assessed based on the organisation’s purposes and activities over time.

The ATO has also published new material online via their website which is extremely helpful for organisations to be able to confirm eligibility. Importantly, legal advice should be sought about an organisation’s continued entitlement to the exemption should there be any major change to structure, activities or purposes.

This is a timely reminder as well of the new reporting requirements that will be in force from 1 July 2023 for not-for-profits that self-assess as eligible for income tax exemptions. Further details on these reforms can be found via our recent article.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Many not-for-profits and registered charities are established as companies limited by guarantee (CLG) and incorporated associations (IA). In these legal structures (as well as in indigenous corporations and co-operatives), members have specific rights. Maintaining the member register is important as it ensures the organisation is clear on who is entitled to exercise these member rights, which may include:

• right to remove (and potentially appoint) board or committee members;
• right to call general meetings, receive notice(s) of general meetings and attend general meetings;
• right to access certain documents, including the member register;
• right to nominate to be a board member;
• right to vote to change or adopt a new governing document for the organisation or wind up the organisation; and
• in some cases, the right to access certain benefits (such as the right to use the facilities of a sporting club).

If there is uncertainty regarding who the organisation’s members are, decisions made by the members may be subject to challenge.

Both CLGs and IAs are required under legislation and its governing document to maintain a register of members. An organisation’s governing document may provide for some, or all of the following matters in respect of the member register (note: some of these are mandatory inclusions depending on the legal structure and state of incorporation):

• who is responsible for maintaining the register (typically the Secretary);
• the types of information that the register must contain – name, address or date of admission to membership and (in the case of former members) date membership ceased;
• what information must be removed from the register if membership ceases;
• when a person becomes a member; and
• that notices may be served on a member at their address in the register.

A member can be an individual or another organisation that has met any eligibility criteria, followed an application process and has been formally admitted to membership in accordance with the process in the governing document. Typically, the members are:

• all the individuals who were members at the time of incorporation of the organisation (and who have not subsequently resigned); and
• any individuals subsequently admitted to membership.

Maintaining the member register

Organisations should ensure that:

• they comply with the provisions in their governing document regarding eligibility for membership, admission to membership and cessation of membership;
• there are reliable processes in place to ensure that the register is in fact updated when new members are admitted, the details of a member change or membership ceases; and
• the governing document includes appropriate provisions to allow for the removal of members who become untraceable.

If an organisation’s member register has not been maintained or is missing, steps must be taken to restore the member register. This should be done prior to any significant member decision. This may include:

• accessing regulator records to ascertain the details of the founding members;
• reviewing the organisation’s records (including board and general meeting minutes) for details of any admission to membership or cessation of membership;
• contacting the members listed on the last available version of the register (this may include an invitation to formally resign if the member does not wish to maintain membership);
• an announcement through the organisation’s network inviting members to contact the board.

If the member register cannot be effectively restored through these steps, the organisation should seek legal advice. Uncertainty of membership is a significant contributing factor to internal disputes within organisations and can support a legal challenge to the decisions of both the ‘members’ and any board appointed by those members.

How we can help?

Our For Purpose team helps charities from the ground up, from support when applying for registration to other more complex matters. If you have not updated your member register for a while and need some tailored advice, we can assist.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.