Complaints about cyberbullying to the eSafety Commission (Commission) are on the rise, particularly since the pandemic. This trend was highlighted in the Commission’s recent ‘Mind the Gap – parental awareness of children’s exposure to risks online’ report (the Report), which explores the ‘opportunities and risks that the internet presents for children in Australia’.1
With the pandemic forcing people to change the way they communicate, work and learn, society’s reliance on technology has increased and this has greatly impacted the amount of time that young children are spending in the digital world. Children now rely on technology in most parts of their daily lives, whether it is using technology to communicate with one another (e.g. through use of TikTok and Instagram), engage in recreational activities (e.g. playing internet games such as Fortnight) or to complete school or homework.
Perhaps unsurprisingly, rising levels of internet usage by children have increased the levels of cyberbullying seen by the Commission, with a 65% increase in the number of complaints about cyberbullying in 2021-22 compared to 2020-21.2
Research indicates that approximately one in five children experience some form of cyberbullying. Girls are bullied more than boys, and the average age of a target is 14.3
Concerningly, the Report found that despite the increased levels of cyberbullying, most children have ‘a positive view of the internet’,4 with an alarming 55% of children stating that they were communicating with someone they first met on the internet.5 Despite these figures, the Report did find that almost all children who were exposed to negative online experiences stated that when they were exposed, they did something in response (most commonly informing their parents about it).6
However, while approximately two thirds of children were confiding in their parents about negative online interactions, the Report paints a dire picture in the level of awareness that parents have about their children’s prevalence to negative online experiences.7 Although many parents have a strong awareness of children’s experiences of online harm,8 many were unaware of the extent to which their children are exposed to different types of harmful content.9 This disconnect shows there is more work to do to reach parents and strengthen their online safety skills.
While ‘parents are a key source of support for children navigating the digital world… more could be done to help support parents’ to help safeguard children and provide them with the knowledge to navigate the digital world.10 This includes support from organisations that work with children and parents to implement procedures that will support parents in protecting children from the risks of online usage, as it ‘takes a village’ to protect children from online harm.11
These trends highlight the importance of ensuring that families and communities are informed and involved in promoting child safety and wellbeing, including online safety, which is a requirement of the Victorian Child Safe Standards and National Principles for Child Safe Organisations.
There are some practical steps that organisations should take to support safety online and protect children from risk of harm.
Organisations working with children should consider specific risks to children facing harmful online exposure that are relevant to their organisation, and consider what measures they can put in place to mitigate these risks.
Organisations should consider providing training and information to staff, children and families on:
The Commission also recommends that schools:
The following resources may assist organisations to better understand online safety, and effectively engage with staff, children, families and communities:
For assistance with understanding safe online behaviours, and strategies to mitigate the risks of online harm, please get in touch with Moores’ Safeguarding team.
Please contact us for more detailed and tailored help.
Subscribe to our email updates and receive our articles directly in your inbox.
1 – eSafety Commission, Mind the Gap – Parental awareness of children’s exposure to risk online, February 2022.2 – Julie Inman Grant, eSafety Commission, Strength in numbers to stop cyberbullying, 3 November 2022.3 – Ibid.4 – Above 1, 6.5 – Above 1, 7.6 – Above 1, 8.7 – Above 1, 52.8 – Above 1, 68.9 – Above 1, 69 – 72.10 – Above 1, 96.11 – Above 3.
The Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability (Disability Royal Commission) has recently published a Research Report titled Complaint mechanisms: Reporting pathways for violence, abuse, neglect and exploitation (the Report).1 The Report provides guidance to the Disability Royal Commission on the design of effective, inclusive, and trauma-informed complaint mechanisms. As the Report concludes, care is required in designing complaints mechanisms as reporting pathways for violence, abuse, neglect and exploitation, to ensure that victim-survivors have access to fair and effective processes and outcomes.2
This article sets out some key findings of the Report for organisations to consider in designing their internal complaints mechanisms.
Note: This article uses person-first language (such as ‘person with disability’) in referring to people with disability where referencing or quoting from the Report. However, we acknowledge that many disabled people and advocates prefer the use of identity-first language (such as ‘disabled person’).
The Report, which surveyed over 80 complaint mechanisms nationally, concluded that “many complaint mechanisms are not necessarily equipped to provide justice in relation to violence, abuse, neglect and exploitation”.3 Generally, an organisation’s internal complaints mechanism regulates the service and helps to maintain and enforce the organisation’s staff code of conduct. This may mean that the complaints mechanism is not victim-centred, and is not equipped to manage reports of abuse.
The Report indicates that in many cases, where a person with disability makes a complaint about violence, abuse, neglect and exploitation, the person experiences a failure of justice in both the process undertaken and the outcome received.4
Complaints processes may be unjust where they are inaccessible, where they do not provide the person making the report with adequate information on their options and how they can be supported, where they do not provide for an impartial investigation of an allegation, and where they do not set out possible outcomes of a complaints process. The Report also identifies that a negative prior experience with a complaints process may prevent a person from reporting abuse.5
Although the Report advocates for broad systemic changes, including a national independent complaints framework, it also provides some useful guiding principles for organisations in reviewing their own internal complaints mechanisms. We have summarised some key takeaways for organisations below.
Ultimately, the Report’s recommendations emphasise agency, accessibility, transparency and fairness for disabled people making reports of abuse, violence, neglect or exploitation.
For assistance with developing a comprehensive and trauma-informed complaints process within your organisation, please get in touch with the Moores Safeguarding team. For more information on the scope and progress of the Disability Royal Commission, see our article: Update on the Disability Royal Commission: Safeguarding vulnerable Australians.
1 – Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability, Research Report – Complaint mechanisms Reporting pathways for violence, abuse, neglect and exploitation, 8 November 2022.2 – Ibid, 3.3 – Ibid, 4.4 – Ibid, 190.5 – Ibid, 191.6 – Ibid, 192.7 – Ibid, 192.8 – Ibid, 192.9 – Ibid, 193.10 – Ibid, 193.11 – Ibid, 193.12 – Ibid, 191.13 – Ibid, 193-194.14 – Ibid, 194.
In recent months, a significant number of high-profile cybersecurity incidents have affected prominent Australian companies. While cyber-crime is by no means a new phenomenon, the size, effect and targeted nature of recent attacks is concerning.
Australian charities and not-for-profits are no less vulnerable to attack. Cyber-criminals do not hesitate to extort funds from charities or not-for-profits. Indeed, a number of recent media reports indicate that large Australian charities have also been victims of hacking.
Charities and not-for-profits are usually highly trusted and may hold sensitive information about vulnerable beneficiaries (including health information) and their members. Unfortunately, many charities and not-for-profits are susceptible to cybersecurity attacks due to low levels of cyber resilience. For a charity or not-for-profit, failing to take appropriate action to secure data could mean:
This article examines the legal obligations of the directors of charities (we will use the term ‘director’ in this article for committee member, board member, trustee or responsible person depending on the structure of the entity) registered with the Australian Charities and Not-for-profits Commission (ACNC) with a focus on data security. The article includes information about what a director can and should be doing to put appropriate cybersecurity protections in place, and the legal consequences if they fail to do so.
The Privacy Act 1988 (Cth) (Privacy Act) is the national law which regulates how private organisations in Australia must collect, use, disclose, secure and dispose of personal information. These information handling standards are set by the Australian Privacy Principles (APPs). In relation to data security, directors of charities should reflect on:
Some states also have privacy laws, which can be imposed on charities through state funding agreements. We wrote about these laws in Beyond the Privacy Act: Does your not-for-profit collect health information or receive state funding?
Charities involved in the supply or provision of critical infrastructure, which includes matters such as health, transport, energy, communications, food and water, are regulated by the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act). The SOCI Act includes significant cyber risk management and reporting obligations.
Among other matters, these organisations must annually attest to the Commonwealth Department of Home Affairs’ Cyber and Infrastructure Security Centre that their risk management practices and procedures are suitable and up to date with best practice standards. Government intervention is possible if an organisation’s responses are ineffective.
Directors of charities will know the ACNC Governance Standards – a set of core, minimum standards for how charities are to be governed. The Governance Standards are another form of “principle-based regulation”, like the APPs. Relevant to directors developing data security policies and procedures for a charity are:
The obligation to act with reasonable care and diligence requires that a charity takes steps to mitigate significant risks to its operations. In today’s climate, this includes ensuring appropriate systems and safeguards are in place to improve a charity’s cyber resilience and effectively respond to hacking and cyber incidents if they occur.
The required standard of care is not reduced if a director does not have specialised knowledge in IT or data security. Instead, directors without specialised knowledge should consider whether expert advice or assistance is required to effectively mitigate risk.
Remember: even with expert advice, the directors are still ultimately responsible for the decisions made and steps taken to ensure cyber resilience.
Separately, to act in the best interests of the charity, directors are required to analyse and consider the impact their data protection decisions could have on the charity’s beneficiaries, members, stakeholders and employees.
Charities that operate overseas, including charities that just send money overseas, are required to take reasonable steps to comply with the ACNC’s External Conduct Standards (ECS). For charities operating overseas, cybersecurity risks particular to the local environment should be taken into account when assessing ECS risks.
There is no one-size fits all approach to cybersecurity. Each charity must develop and implement data security strategies that are appropriate to their particular context and operations. Helpful materials published by key institutions to assist with this process are summarised below.
The Australian Institute of Company Directors has recently released its Cyber Security Governance Principles. The Principles aim to provide a clear and practical framework for organisations to implement more resilient data security strategies with a focus on achieving better practices and procedures at the board level.
The Australian Cyber Security Centre (ACSC) has developed eight recommended cyber risk mitigation strategies. The suggested strategies are different and more complex depending on the ‘maturity level’ of the organisation. Further details on the suggested ACSC approach is here.
In addition to the potential harm to beneficiaries, members and donors, reputational damage and loss of funds, charities face regulatory and civil action in the event of a cybersecurity breach.
Regulators globally are increasingly taking action against organisations for failing to appropriately protect data and information. For example, in 2021 the UK Information Commissioner’s Office (the equivalent of the OAIC) imposed a significant penalty on a prominent Scottish health charity for failing to put in place appropriate internal measures to prevent the disclosure of sensitive beneficiary data. The OAIC is currently investigating Optus’ personal information handling practices.
In Australia, the OAIC has the regulatory power to investigate alleged breaches of the Privacy Act. If the OAIC finds non-compliance, enforcement action can include making determinations, issuing enforceable undertakings, seeking injunctions and seeking to impose penalty orders on organisations.
A Bill was introduced to Parliament on 26 October 2022 to significantly increase the penalties that can be imposed on organisations (including charities) for serious and repeated interferences with privacy. If the bill is passed the maximum penalty will increase from $2.2 million to the greater of:
Non-compliance may also lead to ACNC investigations which can be long, arduous and resource draining. The ACNC has the power to issue directions and enforceable undertakings and, in extreme cases, deregister charities if it is found their directors have not complied with the Governance Standards. The ACNC currently has a targeted focus on reviewing the activities of charities that deal with vulnerable beneficiaries overseas.
In addition to regulatory action, members of charities may also commence litigation against directors if the directors have failed to fulfil their duties and adhere to the ACNC Governance Standards. Similarly, beneficiaries of the charity’s services who are affected by data breaches or cyber-attacks may have grounds to either:
Directors can be personally liable if their breach of duty has caused the personal injury or harm (including if the breach of duty has been caused by an inaction or failure to take appropriate and reasonable steps).
Moores is here to help to guide you and your charity on the right path. Please contact our corporate advisory team if you would like assistance in preparing a data security policy or strategy, or if you would like to discuss your legal duties and obligations.
This morning, the Fair Work Legislation Amendment (Secure Jobs, Better Pay) Bill 2022 (Cth) passed both houses of Parliament. The Bill introduces a number of changes to the Fair Work Act 2009 (Cth) that are intended to lift wages, improve job security and close the gender pay gap. Our previous article on these changes can be found here.
The last week saw some further negotiation in the Senate to secure the passage of the reforms this side of Parliament’s last sitting week. Senator Pocock and the Greens were able to secure some changes to address various concerns, including about the impact of the reforms on bargaining and enterprise agreement outcomes for employees.
Those final changes include:
Stay tuned for further information from us on details of the changes and their commencement.
Oxford University Press has announced that the Oxford Australian Children’s Word of the Year for 2022 is PRIVACY. Privacy was chosen as the Children’s Word of the year because its use by children in Australia’s largest online story-writing event for students revealed a 300% increase in the use of the word from 2021. Australian children are increasingly aware of the importance of online privacy and how to protect themselves online.
Practising in this area, it is easy for us privacy lawyers to consider this as a normal and important consideration, but why does it matter for charities, and other not-for-profit organisations such as schools and community health providers?
Increasing community expectations of high privacy standards mean stakeholders will become less and less forgiving of a privacy breach or poorly managed cyber event. This matters because charities and not-for-profits need to foster strong relationships with clients, donors, and their other stakeholders – such as children or students, in turn impacting their brand and reputation.
Legislative changes often respond to changes in our society. For example, following high profile data breaches, a bill was introduced to the Australian Parliament proposing to increase penalties for serious interferences with privacy from $2 million to $50 million, or more. This is a significant jump, and reflects changing community expectations, and global trends, particularly in the European Union.
Children can often outsmart us online already, but so can cyber criminals or malicious actors. Increased awareness of Australian students of privacy, and the need to protect themselves online means charities will need to put in the work to upskill and keep up to date. As vulnerable members of our society, grooming and other online threats are a serious concern, demonstrated by the rapidly expanding jurisdiction of the eSafety Commissioner.
Safer Internet Day 2023 is 7 February. Look out for more information coming next year.
We recommend you take ten minutes to reflect on your privacy and information security practices. Where is your information stored? What different programs or platforms do you use?
A good way to develop a clear understanding of how your organisation handles information is to map out information flows; where information comes in, where it goes, and how it is stored and destroyed.
If you’re not confident with this, it may be time for a more detailed privacy health check. Moores are specialists in privacy, safeguarding, education and not-for-profit law. Privacy is an overarching discipline, that is an increasing need for all organisations. We can help you identify your risks, how to improve your privacy compliance, and take stock of your information handling processes by conducting a privacy audit.
Moores’ delivers practical professional development sessions to staff to equip them with the skills and confidence to facilitate a safe, harmonious and impactful environment. Our sessions, delivered by our team of lawyers, are interactive, engaging and provide case studies to empower your people to navigate complex situations.
Download our flyer for 2022/23 professional development.
Available slots for 2023 are limited, so get in quick to avoid disappointment.
Our most in-demand sessions for all staff include:
We also offer professional development for your board and leadership on:
We will have a discussion on tailoring, pricing and scheduling based on your individual school’s requirements. To make an enquiry please call Caryn Fitzsimons on (03) 9843 0418 or email cfitzsimons@moores.com.au.
The Australian Taxation Office (ATO) has recently finalised and released its new tax ruling, Taxation Ruling TR 2022/2 Income tax: the games and sports exemption.
Following significant community consultation, the new tax ruling replaces the ATO’s longstanding previous taxation ruling TR 97/22 and aims to provide a clearer and more nuanced definition of when a society, association or club will be exempt from income tax under the games and sports exemption in section 50-45 of the Income Tax Assessment Act 1997.
An organisation will qualify for the income tax exemption if it:
An organisation need not be incorporated but must consist of a ‘voluntary organisation of people associated together for a common or shared purpose’.
A number of the key terms and requirements are unpacked in the Tax Ruling, including:
Organisations who self-assess under this income tax exempt category should carefully familiarise themselves with the wording of this new tax ruling, which includes lengthy and detailed examples. Particular focus should be placed on the ‘main purpose’ definition and how this is assessed based on the organisation’s purposes and activities over time.
The ATO has also published new material online via their website which is extremely helpful for organisations to be able to confirm eligibility. Importantly, legal advice should be sought about an organisation’s continued entitlement to the exemption should there be any major change to structure, activities or purposes.
This is a timely reminder as well of the new reporting requirements that will be in force from 1 July 2023 for not-for-profits that self-assess as eligible for income tax exemptions. Further details on these reforms can be found via our recent article.
Many not-for-profits and registered charities are established as companies limited by guarantee (CLG) and incorporated associations (IA). In these legal structures (as well as in indigenous corporations and co-operatives), members have specific rights. Maintaining the member register is important as it ensures the organisation is clear on who is entitled to exercise these member rights, which may include:
If there is uncertainty regarding who the organisation’s members are, decisions made by the members may be subject to challenge.
Both CLGs and IAs are required under legislation and its governing document to maintain a register of members. An organisation’s governing document may provide for some, or all of the following matters in respect of the member register (note: some of these are mandatory inclusions depending on the legal structure and state of incorporation):
A member can be an individual or another organisation that has met any eligibility criteria, followed an application process and has been formally admitted to membership in accordance with the process in the governing document. Typically, the members are:
Organisations should ensure that:
If an organisation’s member register has not been maintained or is missing, steps must be taken to restore the member register. This should be done prior to any significant member decision. This may include:
If the member register cannot be effectively restored through these steps, the organisation should seek legal advice. Uncertainty of membership is a significant contributing factor to internal disputes within organisations and can support a legal challenge to the decisions of both the ‘members’ and any board appointed by those members.
Our For Purpose team helps charities from the ground up, from support when applying for registration to other more complex matters. If you have not updated your member register for a while and need some tailored advice, we can assist.
Most not-for-profit (NFP) directors volunteer their time and expertise without the expectation of payment. However, as the risks and required level of knowledge and skill expected of directors continues to increase, more NFPs are choosing to remunerate their directors for a variety of reasons, including to incentivise engagement and participation and to attract more skilled directors.
While there is no blanket prohibition on director’s fees, NFPs that are (or are considering) paying Director’s fees should consider the following matters.
It is important to check your organisation’s governing document. Many governing documents contain a clause that expressly prohibits the payment of directors’ fees or requires member approval to do so. If a NFP proposes to remunerate directors and its governing document prohibits payments to directors, the NFP will need to amend the governing document.
In accordance with s 150 of the Corporations Act 2001 (Cth), companies limited by guarantee that are registered with the Australian Charities and Not-for-profits Commission (ACNC) are not required to use the word “Ltd” or “Limited” in their name provided the constitution prohibits the payment of directors’ fees and requires the board to approve all other payments the company makes to directors.
A company that proposes to remunerate directors will need to both amend its governing document and begin using the term “Ltd” or “Limited” in its name.
It is common for philanthropic and government grants and/or contracts to impose conditions, which may include a condition that directors not be remunerated. All funding agreements should be reviewed to ensure they do not prohibit director remuneration.
Organisations that are authorised to fundraise in New South Wales must not remunerate their directors unless: the individual serves on the board by virtue of being a minister of religion or a member of a religious order or prior ministerial approval is obtained (section 48 of the Charitable Fundraising Act 1991 (NSW)).
Registered charities must comply with the ACNC Governance Standards. Governance Standard 5 requires a charity to act in the best interests of the charity and to manage the charity’s finances responsibly. In order to comply with this standard, a charity must ensure that any director’s fees are not unreasonable, unauthorised or unjustifiable.
Governance Standard 2 requires a charity to be accountable to its members. In order to comply with this standard, a charity should present opportunities for members to raise any concerns about the payment of directors’ fees.
NFPs may wish to consider the potential impact on public perception – that is, how the payment of directors’ fees may be viewed by the members of the public, supporters and donors. Some supporters and donors may view director remuneration as inappropriate in the context of the organisation’s financial position, mission, values or some other relevant consideration.
Volunteer directors enjoy slightly greater protection from personal liability than paid directors under work health and safety laws and civil liability laws, including industrial manslaughter.
Moores’ For Purpose team can advise your NFP or charity in relation to the implications of paying directors’ fees.
Changes made to the Victorian land tax laws in December last year potentially have significant implications for non-profit entities and should be on the radar of charities as we vote in the State election this week.
Prior to December 2021, the charitable land tax exemption simply required land to be used by (or held for future use by) a charitable institution exclusively for charitable purposes.
In December 2021, the Land Tax Act was amended to add a requirement for the land to be used and occupied by a charitable institution for charitable purposes in order to qualify for the exemption.
The addition of the “occupation requirement” has significant consequences for churches and other charitable organisations who allow community groups and other members of their communities to use the charity’s facilities on an informal or casual basis.
On the strict wording of the legislation, unless the user is themselves a charitable organisation, hiring activities may trigger a liability for land tax on part or all of a charity’s property.
We are seeing some concerning results for our clients:
Most charities want to benefit their local community, but some are understandably nervous about hiring their facilities to others – an undesirable outcome both socially and economically.
Moores has been actively involved in advocating for change in this area of the law. We have made submissions to both the current Government and the Opposition.
Current Labor Treasurer, The Hon Tim Pallas MP, has advised that the Department of Treasury and Finance is undertaking a review into the application of the charitable land tax exemption. The Treasurer is willing to accept submissions in that regard.
The Liberal Opposition has announced they intend to revisit the charitable land tax exemption should they win this weekend’s election. Subsequent Liberal press releases have stated an intention to do away with land tax on charities who hire out their facilities for community use.
Regardless of which party is successful this weekend, Moores is hopeful that the matter of land tax on charities will be on the agenda for change when Parliament recommences.