Acknowledging the various privacy regimes across Australia, the national and state and territory privacy commissioners have collaborated on 5 National COVID-19 Privacy Principles.

Below is our summary of these 5 National COVID-19 Privacy Principles and some tips for how to implement them in your organisation.

No.	Principle	Explanation
1	Data minimisation	Only collect and hold the minimum amount of vaccination information you need. Do you need to store copies of certificates? Can you sight certificates instead?
2	Purpose limitation	Only use and disclose vaccination information for the purpose for which it was collected. Your collection statement should describe the primary purpose of collection.
3	Security	Take reasonable steps to secure this information. Community expectations are that you do not store this overseas. Reflect on your cloud service providers, and other data protection measures such as password protections and access limitations.
4	Retention and deletion	Ensure information handling processes reflect on how long your organisation needs the vaccination information for, and when it can be deleted. Delete as soon as possible.
5	Regulation under privacy law	Individuals should have enforceable rights and a means to redress (despite the employee records exemption).

The national regulator, the Office of the Australian Information Commissioner, has also recently published privacy guidance for businesses collecting COVID-19 vaccination information that draws on these 5 key principles.

Privacy by design

Privacy by design is the concept that privacy protections should be built into systems from the beginning to ensure privacy is an automatic feature of information handling processes.

This is why a change in information handling practices – such as starting to collect vaccination information – is the perfect time to reflect on how your organisation meets its privacy compliance obligations and can better design privacy into technical systems and human processes.

How we can help

Moores has expertise in privacy, from technical data flow assessments and audits to better understand how you can manage your data assets, to privacy training and refreshers to staff, and helping you respond to data breaches.

Please contact us for further assistance.

The British privacy regulator, the Information Commissioner’s Office (ICO), has fined charity HIV Scotland £10,000 for a data breach. This data breach was notified to the British regulator under a similar scheme to the Australian Notifiable Data Breach scheme introduced in 2017.

The data breach was caused by an email sent to 105 people in February 2020 using the carbon copy (CC) function instead of blind carbon copy (BCC). This meant the email addresses were visible to all recipients.

Because email addresses often identify people’s names, this data breach identified 65 people by name. Due to the nature of the email and the charity – HIV Scotland – the breach could also have led to assumptions about people’s HIV status or risk. This is understandably very private information, and in Australia, would be classified as health and sensitive information under the Privacy Act 1988 (Cth).

Email risks for vaccination information

A similar risk in the current environment is around COVID-19 vaccination status. Organisations need to be particularly aware of the dangers of collecting sensitive information via email. For example:

• Email is not the most secure collection method. Instead, consider collecting vaccination information in another manner.
• Emails can be easily forwarded, leading to unauthorised disclosures and data breaches.
• You will likely be saving the vaccination information elsewhere in your records, but the information will remain in an inbox. Consider deleting emails once information is collected.

Also remember, when replying to emails, the personal information that could be disclosed below in the email chain.

Human error data breaches in Australia

The danger of the CC is present for Australian organisations too. Between January and June 2021, the Office of the Australian Information Commissioner (OAIC) reported:

• 30% of data breaches were caused by human error;
• 8% of human error breaches were from failing to use BCC; and
• 40 of human error breaches were caused by emailing personal information to the wrong recipient.

See the OAIC’s report for more information about Australian data breaches.

How to protect your organisation from email related data breaches

We recommend you:

• implement staff privacy and refresher training;
• establish set methods of sending bulk emails by BCC; and
• have a privacy policy that staff are familiar with, and preferably internal procedures and fact sheets to inspire best practice.

In response to this data breach, the ICO is encouraging all organisations to revisit their bulk email policies to ensure they have robust procedures in place. This is particularly relevant for charities and not-for-profit organisations for whom personal information (such as contact details) is central to the very nature of their work.

How we can help

We can help you prepare for data breaches through privacy training, privacy audits and designing custom privacy and data protection procedures and internal tools for staff.

We can help you respond to a data breach by assessing the breach under the Notifiable Data Breach Scheme, and helping you implement a Data Breach Response Plan.

Please contact us for further assistance.

The Victorian Registration and Qualifications Authority’s (VRQA) School intervention framework for risks relating to the care, safety and welfare of students complements the existing school review process by explaining how the VRQA will make decisions about intervention action to ensure the safety of children in Victorian schools.

By releasing the framework, the VRQA is empowering Victorian schools to predict and understand intervention action.

The VRQA may intervene in the administration and running of a school to protect students when child safety risks are identified, for example, through media reports, referrals from other agencies such as the Commission for Children and Young People, or complaints.

Indicators of child safety risks

The framework identifies indicators of increased child safety risks, and an increased need for high-level intervention as:

• School leadership is not responding appropriately to allegations.
• The school does not have a culture of child safety.
• The school has a history of poor governance.
• Allegations indicate there is a current risk of harm to students.
• Allegations are of a serious nature and/or consequences to students are serious:
  • may or do constitute reportable conduct or a criminal offence;
  • multiple incidents or complaints;
  • involve a teacher, employee or volunteer;
  • failure by school to report allegations of reportable conduct or criminal conduct;
  • failure by mandatory reporter to report abuse;
  • imminent risk to students; students have suffered physical, sexual, emotional abuse or neglect etc.

This demonstrates the importance of strong reporting processes and procedures in schools, as well as regular refresher training for staff to empower them to meet child safety reporting obligations. For more information about identifying child safety blind spots, you can watch our 2nd September webinar here.

Scale of intervention

The VRQA framework also explains the scale of intervention it might take in a school when responding to child safety risks. The lower end of intervention involves contacting the Principal, or writing a letter to the school, while higher level intervention involves sending Authorised Officers to the school to investigate.

How we can help

Moores has extensive experience dealing with VRQA reviews of schools, handling intervention action such as enforceable undertakings, and helping you do the ground work to prevent intervention in the first place. We can help implement strong child safety measures and governance practices to best equip your school to provide a safe environment for all students.

Please contact us for further assistance.

Moores has summarised the key things not-for-profits need to know to make sure they’re ready to comply with the most recent Victorian Health Directions mandating vaccinations in the workplace, taking into account your burning questions and some tricky recurring issues.

The Acting Chief Health Officer has issued new written directions mandating staff working in certain workplaces, participating in specified activities and certain categories of workers to be vaccinated against COVID-19 in order to be permitted to work outside of their home. These directions include:*

• The COVID-19 Mandatory Vaccination (Specified Facilities) Directions (No 7) (Facilities Directions) which extend the obligations on operators of residential aged care facilities and construction sites to operators of education and healthcare facilities; and
• The COVID-19 Mandatory Vaccination (Workers) Directions (No 2) (Workers Directions) which impose obligations on employers in respect of vaccination of authorised workers.

(collectively, the Health Directions).

It’s common in the not-for-profit sector for one organisation to be caught by multiple directions, so beware of the trap of some workers being excluded by one direction but caught by another. One example is school bus drivers, who are not caught by the schools mandate in the Facilities Directions but are caught by other directions applying to the transport industry!

The Health Directions require employers to notify affected workers of the requirements as soon as is reasonably practicable. To help you navigate the different dates, here are key dates for the sectors we’ve been supporting in implementing the various Directions.

	Data Collection Date	First Dose Date	Second Dose Date
Residential aged care facilities	30 September 2021	1 October 2021	15 November 2021
Construction sites	30 September 2021	2 October 2021	13 November 2021
Authorised workers	15 October 2021	22 October 2021	26 November 2021
Healthcare facilities	15 October 2021	29 October 2021	15 December 2021
Education facilities (including childcare and early learning services)	18 October 2021	25 October 2021	29 November 2021

How do I know if the directions apply to my staff?

We recommend you step through the considerations as follows:

• Consider if your facilities are caught by the Facilities Directions – if so, all staff on site will need to be vaccinated by the deadlines that apply to that type of facility.
• If your facilities are not caught by the Facilities Directions, consider whether your staff are required to be vaccinated under the Workers Directions, noting:
  • You will need to categorise your workers by either facility or work type or both. Some types of workers are defined by reference to the type of facility that they work at (e.g. physical recreation workers), whereas the directions apply to other categories of worker working in any setting outside of their ordinary place of residence (e.g. social and community service workers); and
  • Workers may include employees, contractors and/or volunteers.

Restricted from work

If staff have not been vaccinated by the First Dose Date or have not provided the above information (with supporting evidence) by the Data Collection Date, employers must not permit staff to leave their home to perform work duties. However, if a worker has a booking for their first dose before the First Dose Date, they can continue to attend work until the First Dose Date.

Significant penalties apply if a person or organisation fails to comply with the Health Directions (including up to $21,808 for an individual and $109,044 for an organisation) or if they provide false or misleading information (including up to $10,904 for an individual and $54,522 for an organisation).

What if a staff member is unable to or refuses to be vaccinated?

Limited exceptions are permitted under the Health Directions on specific medical grounds only, or temporarily in the event of an emergency or in the event schools require staff to carry out oral or performance VCE examinations or work as a venue coordinator for those examinations. However, if an exception does not apply, there are many options that employers can consider in the event a staff member refuses to be vaccinated. Employers may consider:

• implementing alternative duties to enable the staff member to work from home;
• permitting the staff member to take leave (paid or unpaid);
• standing the staff member down (under the Fair Work Act 2009 (Cth), and subject to requirements in any applicable enterprise agreement and/or contract of employment); or
• taking disciplinary action against the staff member for failing to follow a direction, including termination of employment.

Employers can minimise the risk of an unfair dismissal, discrimination or general protections claim by putting in clear processes and documenting the decision making process.

Do I need to consult with staff about this change?

In short, the answer is yes! Even though employers are required to comply with the Health Directions, they are required to consult with staff about how those Health Directions are implemented in the workplace to meet their occupational health and safety requirements and consultation requirements under awards or enterprise agreements.

For example, how will you manage the process of assessing whether a staff member has an eligible exception? What will you do if a staff member does not meet the requirements for an exception but is still unable (or unwilling) to be vaccinated? These issues can be addressed in a written policy, and staff should have the opportunity to comment on that policy.

So I need to collect information about my staff. What are my privacy obligations?

Privacy obligations exist mainly under the Privacy Act 1988 (Cth), however, the employee records exemption means the Australian Privacy Principles do not apply to employees. They do continue to apply to contractors, volunteers, and other individuals.

If you are operating in Victoria, there are specific health privacy laws that apply to all health information in addition to the Privacy Act 1988 (Cth).

To better protect individuals’ privacy, and reduce the risks of serious data breaches by your organisation, you may choose to not collect copies of vaccination certificates and instead record that a certificate has been sighted. Consider principles of:

• data minimisation;
• autonomy and individual control over personal information;
• collection limitations; and
• the sensitivity of health information.

What do I need to do next?

Not-for-profit employers need to ensure that they have communicated the vaccination requirements to their staff and confirm the vaccination status of their staff members before the relevant date. The team at Moores can assist you with:

• developing a policy and relevant procedure for implementing the Health Directions;
• working through a consultation process with your staff to get feedback on implementing a major change to their workplace; and
• managing the process of responding to staff members who cannot or refuse to comply with the Health Directions.

How we can help

Both the Facilities Directions and Workers Directions were updated in the last 24 hours. The information above reflects the current directions. There have been changes to some aspects in the Health Directions, such as the list of medical providers who are permitted to provide evidence supporting a medical exception. If you have already acted upon the last versions of the respective Health Directions, we recommend that you review any written directions to staff, including any policies or procedures, to give effect to the revised Health Directions.

Please contact us if you need a helping hand to wade through the murky and contentious world of mandatory vaccinations.

* Specific requirements also apply to patrons and workers in theatres and personal training. See the COVID-19 Vaccinated Activities Directions (No 3) for more information.

Most states and territories have privacy laws that can apply in addition to the Privacy Act 1988 (Cth) (“Privacy Act“).

Health information

If you operate in Victoria or New South Wales, these states’ health privacy laws apply directly to your organisation regarding health information. If you are starting to collect vaccination information from workers or stakeholders in Victoria and New South Wales, you need to think about health privacy and the Privacy Act. Victoria and New South Wales both have information privacy principles and health privacy principles that apply specifically to health information.

If you operate in other states or territories across Australia, those states’ privacy laws many apply though a funding contract. More information about the various privacy principles is in our recent article: Health privacy: are you prepared to collect vaccination status and meet privacy obligations?

Contracts imposing privacy compliance

State contracts for funding, grants or the provision of goods and services to government organisations can include requirements that your organisation must comply with the privacy laws of that State or Territory.

Government departments often face a requirement that they impose the same standards on contractors.* This is to ensure that government information when disclosed from the government to your organisation for purposes under the contract, that information is handled according to the same standards applying to that government.

In addition to requiring your organisation to comply with certain privacy principles, the contract terms may also require training or breach reporting.

Small charities with less than $3 million annual turnover

Charities with less than $3 million annual turnover are not bound by the Privacy Act, however, the same contractual obligations may be imposed by contracts with the Commonwealth government. This contracted service provider requirement overrides the small business exemption.**

This would mean the Australian Privacy Principles would apply, as well as the Notifiable Data Breach scheme.

How do I comply with multiple regimes?

While there are many different privacy principles across Australia, the foundational concepts have strong similarities.

• Data minimisation: minimising the amount of personal information you collect is a privacy protection that reduces intrusion into someone’s privacy and reduces an organisation’s risk of serious data breaches.
• Consent: it is common that sensitive and health information requires consent to collection, recognising that disclosing this information impacts more greatly on a person’s privacy.
• Autonomy and transparency: privacy laws are designed to empower people with rights to control their identity as it is known by companies. The requirements to have a policy, explain uses and disclosures and inform individuals of collection are common themes in the various privacy principles.

You should always endeavour to meet the higher standard. Often, health privacy principles will have tighter restrictions on the handling of health information, again reflecting the intrusiveness and personal nature of someone’s health information.

Health privacy – vaccination information

If your organisation is preparing to collect vaccination information from employees, clients or other stakeholders, we recommend reflecting on what privacy laws apply to your organisation – including health privacy principles. Now is the time to implement strong collection and security measures for health information such as vaccination status.

Vaccination status is considered health information and therefore sensitive information in most jurisdictions across Australia. This means stricter requirements on how you collect, use, disclose and store that information.

The below mind map contains some ideas and concepts relevant to protecting vaccination information.

How we can help

Our privacy team can help you identify gaps in your current information handling practices to ensure you are meeting all applicable requirements. We can help redesign information flows and storage through your organisation to ensure compliance and protection of your data assets at all times of the information lifecycle.

Please contact us.

* Information Privacy Act 2000 (Vic) s 17; Information Act 2002 (NT) s 149.
** Privacy Act 1988 (Cth) s 6D(4)(e).

When acting as executor it’s crucial that you fully appreciate the task ahead, and the risk of liability that comes with the role, before accepting it.

Proper planning is key to ensuring that it’s ultimately a rewarding role, and not a costly one. Crucial to this planning, is knowing what timeframes apply when administering an estate.

We’ve prepared a snapshot of some important timeframes to bear in mind. Download our Deceased Estate Key Time Frames fact sheet here.

If you would like any further information, have an enquiry relating to deceased estates or an estate dispute, please do not hesitate to contact us.

Welcome to the fourth in our series on Special Disability Trusts (SDTs), where we hope to demystify particular aspects of these trusts, and highlight the benefits, eligibility requirements and restrictions to look out for.

As discussed in our previous articles in this series, the two main benefits of establishing a SDT for a vulnerable person are:

1. Protecting the person from poor decision making and exploitation from others; and
2. Preserving the person’s receipt of the Disability Support Pension (DSP).

In this article we discuss additional benefits that may be available to immediate family members, where gifting to the SDT can improve their own eligibility for a Centrelink benefit.

Gifting Concessions

Generally, a person cannot reduce the value of their assets in order to obtain a social security advantage (we note that different rules apply in relation to “granny flat” arrangements).

Sections 1123 – 1127A of the Social Security Act 1991 (Social Security Act) limit the value of assets that can be disposed of to the lesser of $10,000 per year or $30,000 over a five year period.

If the value of disposals exceed these amounts, then for the purposes of means testing, the excess value will be deemed to still be part of the person’s assets for a period of five years after the disposal.

However, Div 4 of Part 3.18A of the Social Security Act provides that if certain conditions are met, an asset transferred to an SDT is not to be considered a disposal within the meaning of section 1123.

The main conditions are that:

1. the gift is made by an immediate family member of the principal beneficiary; and
2. the donor receives no consideration (ie nothing of monetary value in return) and is not entitled to any consideration for the transfer of the asset; and
3. the gift is unconditional; and
4. the total combined value of the gift and any previous gifts made where a concession was claimed (including by other immediate family members) does not exceed $500,000.
   To illustrate this last point by way of example, if an immediate family member had previously gifted $400,000 to the SDT and claimed a gifting concession, then there is only $100,000 remaining which can be gifted and a concession claimed. Any amount gifted in excess of the $500,000 total concession available would be treated as a disposal of assets.

If the conditions are met, this could mean that a person (eg a parent of someone who qualifies for an SDT) could reduce their own means tested assets by gifting up to $500,000 into an SDT, thereby immediately increasing their own eligibility for a Centrelink benefit (eg the age pension).

How we can help

If you (or someone you know) are in a position where your Centrelink eligibility for a benefit could be increased if you were able to reduce your assets and an immediate family member has a disability that would qualify them for a SDT, then this could be something to explore further. You should first seek advice from a licenced financial planner who has expertise in this area, to see if this would be suitable for your particular circumstances.

Look out for the next article in our series, when we discuss the State Duty concessions and exemptions that are available when transferring dutiable assets to a Special Disability Trust. For more information or guidance, please do not hesitate to contact us.

From an estate planning and structuring perspective, we know an important objective of many of our clients is to maximise asset protection and preserve intergenerational wealth. This often results in assets being held in a variety of structures, including trusts.

From a family law perspective, upon the breakdown of a relationship, the Family Law Act 1975 (Cth) (“the Family Law Act”) has far reaching powers in determining what is and is not property of a party to a relationship and how property should be divided to ensure a just and equitable outcome.

It is well established that the Federal Circuit and Family Court of Australia has the ability to determine assets held in discretionary trusts to be property of the relationship.

The recent case of Rigby & Kingston (No.4) (2021) has emphasised how the careful structure and administration of trusts can provide protection in the event of a relationship breakdown.

1. The Wife’s Father died and was survived by his three adult children, being the Wife, Ms Kingston and her two brothers. The Wife’s Father created the Kingston Group in his lifetime consisting of various trusts and companies.
2. Under the Wife’s Father’s Will, a testamentary trust was created. The following facts were crucial in the later determination of the Husband and Wife’s family law property settlement:
   (a) the trust would vest and the assets transferred to the adult children, upon the youngest child turning 30;
   (b) the trustees, the three adult children, were to make any decision by majority;
   (c) the trustees had discretion to make interim capital distributions to any beneficiaries prior to the vesting date, meaning that there was no guarantee the three adult children would receive anything on vesting of the trust;
   (d) the Wife’s Father expressly stated that he desired, “that the benefit of my estate should pass to my children and/or grandchildren and that it is my express desire that no entitlement should accrue to any present or future spouse of my children or grandchildren particularly if such entitlement were to disadvantage my children or grandchildren or the continuity of any of the businesses which are conducted by the group of companies controlled by me”.
3. The Wife and Husband separated after the Wife’s Father’s death. The Husband issued proceedings in the Family Court of Australia seeking, amongst other things, that the Wife’s entitlement to the assets held in the Kingston Group was property of the marriage. The Husband unsuccessfully attempted to join the Kingston Group to the proceedings.
4. It was ultimately held by the Family Court, after protracted ligation, that the Wife did not control the assets held in the Testamentary Trust. The control rested with her brothers, and she could not make decisions alone about distributing funds to herself. Further, the assets of the Testamentary Trust had not yet vested and the source of funds in the Testamentary Trust was not from the efforts of the Husband and Wife.
5. Importantly, the Court gave consideration to the following factual circumstances of the case:
   (a) the Husband and Wife had signed a pre-nuptial agreement in 1991, turning their minds to what rights each would have to the property individually owned by them prior to and acquired after marriage including inheritances. The pre-nuptial agreement was not enforceable at the time the Husband issued proceedings due to a change in the relevant legislation, however was relevant to the parties’ intentions;
   (b) the Husband and Wife recorded their individual expenses to ensure their contributions were equal;
   (c) throughout the marriage, the Wife provided the accommodation for the family at no cost to the Husband. She alone obtained finance where finance was required and paid off the loans; and
   (d) At no time did the Husband and Wife acquire any property in joint names nor did they hold any joint bank accounts.

Rigby & Kingston provides an example of how it is important to consider how your estate plan is structured and who you are passing control of a trust to upon death. It further emphasises that your estate plan cannot be considered as sufficient asset protection in a vacuum and the Federal Circuit and Family Court will still consider the individual circumstances of each relationship and how their finances were managed.

How we can help

For expert advice regarding Estate Planning & Structuring, or advice in relation to the commencement or breakdown in a relationship, please do not hesitate to contact us.

It is not unusual for couples to re-consider the ownership of real property they own, whether as part of their estate planning arrangements or in considering the protection of their assets.

Before 1 July 2017, there was no stamp duty payable if any property was transferred between spouses or domestic partners.

After 1 July 2017, there was a change to the Duties Act 2000 (Vic) (“the Act“) which restricted the availability of stamp duty exemption to the transfer of the principal place of residence (being the ‘home’) between spouses or domestic partners, provided the transfer is a gift – meaning, the recipient does not pay to acquire it.

The Act did not change the availability of a stamp duty exemption for property transfers arising from the breakdown of a marriage or a domestic relationship.

Exemption Criteria

Following the changes to the Act, the current eligibility criteria for the duty exemption are:

1. the parties involved in the property transfer are spouses or domestic partners (including those in a registered domestic relationship or two persons who are living together as a couple on a genuine domestic basis); and
2. no person outside the relationship is entitled to take an interest in the property being transferred; and
3. the property is a residential property that at least one person in the relationship will live in for a continuous period of at least 12 months from the date of the transfer (“residency requirement“); and
4. the recipient of the property is not paying any consideration to receive the property (“no consideration requirement“).

Typically, proving eligibility under the first two criteria is quite straightforward. However, when it comes to the residency requirement and the no consideration requirement, there are some important issues to be aware of.

Residency Requirement

Not only must the property being transferred be the principal place of residence, it is a requirement for duty exemption that the property will remain the principal place of residence of at least one person in the relationship for the next year after the property transfer takes place.

There is a positive obligation on couples who use this duty exemption to ensure they advise the State Revenue Office (“SRO“) of any changes to their circumstances in this 12-month period, if they will not be using the property as their home for the full year.

Our experience is that the SRO is vigilant in determining whether a property being transferred is genuinely a principal place of residence and ensuring compliance with the ongoing residency obligation.

No Consideration Requirement

If the property being transferred is unencumbered, provided the recipient does not pay to receive the property, the no consideration criteria can be quite simple to satisfy.

Where there are loans secured against the home, the no consideration requirement comes sharply into focus.

If there is a mortgage on the property, and at the time of the transfer, the recipient gives a mortgage which either:

1. secures the same or a greater amount than the amount owing immediately before the transfer; or
2. assumes the liabilities under the existing mortgage;

then the no consideration requirement will be satisfied, provided the SRO is satisfied the couple has not entered into the transfer simply to access the duty exemption (meaning, there would need to be another reason for the transfer to take place). This typically covers a genuine refinance, or mortgages created at or before the time of the transfer, or those created to secure borrowings used for the improvement of the property.

A recent example where the SRO was not satisfied that the ‘no consideration requirement’ was met, is as follows:

1. the home was owned by one party to the relationship, who was also the sole borrower in relation to a number of loans secured against the home;
2. the intended property transfer would have resulted in the second party to the relationship becoming the sole owner of the home; and
3. in relation to the borrowings, it was intended the second party would become the sole borrower, with the first party remaining involved as guarantor.

In these circumstances, the SRO took the view that consideration had passed between the parties resulting in the transfer being dutiable.

Key takeaway

Transferring property between spouses or domestic partners is not as straightforward as it once was.

Before proceeding with a property transfer between spouses or domestic partners, there is value in seeking advice about whether or not, in the specific situation, the duty exemption criteria are satisfied. In some circumstances, requesting the SRO make a private ruling may provide comfort and certainty about the eligibility for this duty exemption.

How we can help

Please contact us for more detailed and tailored help.

The Victorian government recently announced that COVID-19 vaccination is mandatory for school staff once in-person teaching resumes in term 4.

In this update, you will find information about the most recent government directions and key dates to ensure compliance in time for the resumption of teaching in term 4.

Key features of the government direction

The relevant government direction is the “Directions from Acting Chief Health Officer in accordance with emergency powers arising from declared state of emergency COVID-19 Mandatory Vaccination Directions (No 5)” issued on 2 October 2021. The direction applies to education providers who are:

• registered schools as defined under the Education and Training Reform Act 2006 (Vic); and
• onsite early childhood education and care services or children’s services provided under the Education and Care Services National Law, the Education and Care Services National Regulations, and the Children’s Services Act 1996 (Vic).

Under the direction, school staff must have had:

• their first vaccination by 25 October 2021; and
• their second vaccination by 29 November 2021.

By 18 October 2021, schools need to have collected the following information from staff:

• whether staff have received both doses of a COVID-19 vaccination; or
• whether they have received one dose of a COVID-19 vaccine and the date they have booked in to receive their second dose (which needs to be before 29 November 2021); or
• whether they have made a booking to receive their first COVID-19 vaccination, noting that this must be on or before 25 October 2021; or
• whether they cannot receive a COVID-19 vaccination because an exception applies to them and they have evidence from an approved medical practitioner certifying an exception applies to them.

If staff have not provided the above information by 18 October 2021, they will not be permitted on school grounds, and will need to be treated as though they are unvaccinated.

Additionally, if staff have not received their first dose by 18 October 2021 but have made a booking to receive their first dose by 25 October 2021, they will be permitted on site. If the person has not received their first dose by 25 October 2021, they will not be permitted on school grounds after that date.

Exceptions

The direction permits an exception to the vaccination requirement if a staff member has a medical contraindication, as determined by the clinical guidance issued by Australian Technical Advisory Group on Immunisation.1

If a staff member seeks to apply for an exception, the school must sight and record evidence from a specified list of medical practitioners:

• general practice registrars on an approved 3GA training placement;
• public health physicians;
• GPs;
• infectious disease physicians;
• clinical immunologists;
• gynaecologist;
• obstetrician;
• GPs who are vocationally registered;
• GPs who are a fellow of the Royal Australian College of General Practitioners; or
• GPs who are a fellow of the Australian College of Rural and Remote Medicine.

If a staff member refuses to be vaccinated and cannot provide the required evidence of a medical contraindication, they will not be permitted on school grounds from 18 October 2021.

The direction does not provide scope for an individual staff member to be granted an exception on any other grounds (including religious grounds). However, engaging in a proper and lawful process with any staff who raise a religious objection is important, so that the school can avoid later claims of discrimination and/or unfair dismissal.

There is scope for a temporary exception to be granted on the basis of an emergency for the limited duration of that emergency, if the staff member wears PPE including a surgical mask and a face shield (as a minimum).

Collecting vaccination information and privacy obligations

Schools are required to collect, record and hold information regarding each staff member’s vaccination status if they will or may be on school grounds from 18 October 2021.

An authorised officer may request a school to provide its vaccination records. The school will be required to comply.

Schools are required to communicate the vaccination requirements to affected staff members as soon as reasonably practicable. The information to be collected includes:

• whether each staff member is fully vaccinated; or
• if they are not fully vaccinated:
  • (i) the date they have booked to receive their first or second dose;
  • (ii) whether they intend to apply for an exception on the grounds of a medical contraindication; or
  • (iii) whether they do not intend to receive a COVID-19 vaccine.

Schools may accept the following information as evidence of vaccination status:

• Immunisation History Statement;
• digital certificate; or
• letter from a general physician.

Privacy considerations which apply to health information apply here. Including regarding storage, use, disclosure, security, access and archiving. The use or disclosure of staff vaccination information for an unauthorised purpose would attract serious penalties.

Responding to non-compliance

In the event a staff member does not comply with the government direction and does not have a medical contraindication, a school will be required to consider its options with respect to that staff member, including whether stand down, leave arrangements or other disciplinary consequences are available in the circumstances.

Considerations include:

• whether the school can reasonably accommodate alternate duties that can be completed off-site;
• whether the stand-down mechanism under the Fair Work Act 2009 (Cth) is available to stand the employee down without pay for a temporary period; or
• whether the termination of the staff member’s employment is a valid option and how the school may seek to minimse risks associated with termination.

This assessment will need to be conducted on a case-by-case basis with a careful examination of the duties of the staff member and the operational requirements of the school. Should you require assistance, Moores can help you through the process of making this assessment.

Penalties

Significant penalties apply if a school or staff member does not comply with the direction. An individual can face a fine of up to $21,808 (120 penalty units) and the school could face a fine of up to $109,044 (600 penalty units) for a single breach.

Additionally, if a person is found to have provided or recorded false or misleading information, an individual can face a fine of up to $10,904 (60 penalty units) and a body corporate may face a fine of up to $54,522 (300 penalty units).

How we can help

Moores can assist your school, including to:

• prepare a staff policy about COVID-19 vaccination requirements;
• understand its privacy obligation with respect to collection, use and storage of vaccination information;
• develop its procedures for dealing with medical exceptions and other grounds for exceptions made by staff; and
• prepare for dealing with staff non-compliance with the vaccination requirements.

Please contact us for more detailed and tailored help.