We have seen significant child safety developments this year – from a historic $3.5 million awarded in damages for a historical child abuse case to the rise of child safety investigations due to the Reportable Conduct Scheme. As we move towards a new year, organisations should reflect on whether child safety is truly embedded in their operations. This article will cover some of the key developments to watch and tips for organisations to be prepared for 2020.

What will 2020 bring?

2020 will be another big year in the child safety sector. In particular, it is likely that we will see the following areas of focus.  

1. Legislative reform – as states continue to fulfil their commitments in response to the recommendations by the Royal Commission on Institutional Responses to Child Sexual Abuse (Royal Commission), we expect to see further legislative changes across Australia. 
2. Redress Scheme Deadline – the deadline of 30 June 2020 to join the National Redress Scheme is fast approaching.  While this may be extended, organisations will need to act quickly if they are considering joining the scheme.  This is particularly so as pressure from the Scheme Operator increases with several organisations receiving letters encouraging them to join. 
3. Focus on Investigations – we have seen increased scrutiny by regulatory bodies in states with reportable conduct schemes regarding investigations by organisations.  The interplay with employment obligations and other regimes will also be aspects for organisations to consider in the new year.
4. eSafety – the upwards trend in use of social media by young people will continue in 2020, prompting  an increase in  child safety considerations.  Already, we are seeing a sharp spike in use of apps such as Snapchat, Tik Tok and Instagram being used in cyberbullying, image based abuse and grooming.  Organisations will need to be prepared to address these issues in the coming year consistent with their duty of care.  

Upcoming legislative changes

There are significant legislative changes that have been introduced in various states and are expected to be passed in 2020.

A key area of change will be reporting requirements. In Victoria, school counsellors will become mandatory reporters on 31 January 2020. Victoria has also passed legislation that will require people in the religious ministry to be mandatory reporters with no exemption for religious confessions. There is no confirmed date for when this will take effect but it is anticipated to be early to mid-2020.

Similar changes have taken place in Tasmania where legislation was passed in September 2019 to require individuals in religious ministry to report child sexual abuse and also makes it a crime for any person to fail to report child abuse. It is expected that similar legislation will be considered or passed in other states in 2020, being a key recommendation of the Royal Commission.

Another expected area of legislative change is in regards to the National Principles for Child Safe Organisations. The National Principles were launched in this year and align with the Royal Commission’s recommendations. While these are currently considered best practice, it is likely they will become legally mandated soon, especially as the current National Framework for Protecting Australia’s Children reaches its end in 2020.

We may also see legislative change in other areas of the Royal Commission’s recommendation including WWCCs, liability for unincorporated institutions and associated trusts, image based abuse and reverse burden of proof regarding duty of care for organisations.

Redress scheme deadline

Due to the Redress Scheme deadline and significant payments for historical child abuse claims, we are likely to continue seeing historical claims being brought and settled in 2020.  Given the large amounts of damages being awarded in civil claims, the average Redress Scheme payment of $80,466 will be enticing for organisations expecting significant claims. With the deadline, organisations will need to move quickly in their decision making, particularly larger groups that may be joining as part of a representative model as these are time extensive to set up.  Furthermore, it is likely we will get a better sense of assessments under the scheme.  As of November 2019, the Scheme Operator had only processed 814 out of 5,290 applications.

Child safety investigations

In 2019, the reportable conduct schemes in Victoria and ACT entered their second year. This saw a change from regulatory bodies taking an educative approach to beginning to take increased compliance action. In Victoria, the Commission for Child and Young People (CCYP) became increasingly willing to question investigation findings. We are also beginning to see the first disputes under the scheme, demonstrating the need for a thorough investigation process in accordance with regulator’s requirements as well as your employment obligations.

This trend is likely to continue in 2020.  As regulators become more focused on compliance, there will be real risks for organisations that fail to properly investigate child safety concerns. There is also discussion in other states such as Queensland and Tasmania to introduce reportable conduct schemes.

eSafety

In 2019, the eSafety Commissioner produced an eye-opening report regarding the risk of image based abuse amongst children and the impact on child safety. This report as well as increasing litigation against organisations for failure to fulfil their duty of care demonstrates the need for organisations to consider child safety in the digital realm. Common concerns include inappropriate contact between employees / volunteers and children and the risk of grooming, child on child cyberbullying and inappropriately shared images or videos. With the reverse burden of proof in relation to an organisation’s duty of care in several states such as Victoria, NSW and Queensland, it is vital that organisations are adequately prepared to manage these concerns.

Get prepared now

Organisations need to be prepared for 2020 and the child safety landscape. Aside from the expected changes above, there is likely to be less tolerance for organisations that do not have proper compliance in place. We recommend that organisations take the steps below.

1. Child safety strategy – in your strategic planning for 2020, ensure that child safety is a key consideration. Consider what your organisation’s stance will be on child safety going forward and what you could improve on this year in light of learnings from the previous years and upcoming changes.
2. Training – the start of the year is a good time to remind your staff and volunteers and their child safety obligations. There are often new starters as well who will need to undergo training. For schools, it is a good time to conduct training in accordance with your compliance obligations.
3. Policy and procedure review – Consider when you last reviewed your child safety policy and procedures and whether they are appropriate in light of recent or anticipated changes. In particular, most organisations fail to properly address the electronic aspect of child safety and find themselves ill-equipped to address these issues.  
4. Empower children – the National Principles place a significant emphasis on empowering children, as well as the child safe standards in states. This will become an important strategy for organisations to fulfil their duty of care, particularly in relation to child on child abuse and eSafety concerns.

How we can help

For more information or guidance on any of the above, please do not hesitate to contact us.

Introduction

Only last month I spoke at the Australia and New Zealand Education Law Conference and was able to report there had never been a successfully prosecuted case  in Australia of “failure to educate” – ie compensation for breach of contract or negligence by school in failing to educate a student.

It had been tried and had failed historically in a 2012 case in which an ex-student of an independent school sought to recover fees on the basis that she had not obtained a specific level of academic achievement.

Schools have in fact had success in court in enforcing payment terms, including the common one term’s fees for late notice of withdrawal of a student.

A recent matter in Victorian Courts has seen a mother of a 17-year-old boy named Jake allege that a Victorian government school has abandoned her son’s education and has failed to adequately teach him the required curriculum.

This poses the first real case of “failure to educate” in recent years. 

The case is made significantly more complex, because the student has a disability.

Certainly, the overseas cases which have been successful have often involved a student with a disability.

Current Case

The mother advocated that the failure on part of the school has left Jake unlettered and analphabetic, impacting his ability to find suitable employment or be accepted into some form of tertiary education.

Jake is set to graduate from year 12 this year, but his mother is claiming that Jake’s skills have not developed satisfactorily during the 13 and a half years of his time at the Southern Autistic School (the School).

The statement of claim filed raises allegations that both the School and the Victorian Department of Education and Training (the Department) are responsible for restricting Jake from actively participating in several school activities such as swimming and other sports. She also alleges that the School has been unsuccessful in teaching Jake a functional method of communication and this has had a detrimental effect on his already existing severe language impairment.

It was presented to the Court that Jake was made to spend most of his time at school in non-academic activities.

The allegations appear to argue that, in making reasonable adjustments as required by anti-discrimination law, the school has actually breached another obligation.

The case is listed for a three-week hearing in the Federal Court in 2020.

This case could serve as a ground-breaking precedent for all parents and carers who believe that their child has not been able to benefit from their schools education because of their disability.

What should you do?

This case should serve as a cautionary tale to all schools to ensure that its programs for students with disabilities meet minimum requirements under legislation.

A Reasonable Adjustments Assessment Rubric and Behaviour Management Policy should be implemented to assist in ensuring maximum compliance with legal obligations and reduce any exposure to potential claims, such as Jake’s.

We further recommend engaging with parents as much as possible about how the school may be able to assist students with disabilities, and discuss ways in which parents can also help from home.

Lastly – do not overlook the simple things.  Every enrolment contract should clearly set out that no promises of a particular level of academic achievement are made, and that schools work with students and their families on the education journey.

How we can help

If you’d like assistance or advice on improving your school’s policies and procedures in relation to managing students with disabilities, and meeting their needs, reasonable adjustments, or enrolment contracts, please do not hesitate to contact us.

The Family Court of Australia has recently examined whether assets held in a testamentary trust should be considered as matrimonial property and therefore available for distribution in the event of a relationship breakdown.  For those who are seeking to gain additional protection via a testamentary trust, it was a favourable result.

Testamentary Trusts

A testamentary trust is a trust created by a valid will, and is a common element of a modern estate plan.  Often a Willmaker wishes to incorporate a testamentary trust to provide their beneficiary with improved asset protection, either from a potential bankruptcy or a relationship breakdown. 

In considering the property division in a relationship breakdown, the Family Court will take a number of factors into account. Amongst other things, this typically includes what the matrimonial pool consists of and what financial resources the parties have access to.

The matrimonial pool generally consist of assets held in the parties’ individual or joint names, businesses, inheritances received in their personal names, superannuation and possibly assets held within certain trust structures. Financial resources typically include trust income or capital that the parties may have access to.

No testamentary trust is bullet proof against the powers of the Family Court and the Court has a wide degree of power afforded to it by the legislation including:

1. power to make orders against trustees of trusts;
2. power to make orders which direct or alter the rights, liabilities or property interests of a third party; and
3. power to attribute a trust as a financial resource of a party to the marriage and adjust the matrimonial pool available for distribution accordingly.

Previous case law suggests that assets held in a testamentary trust, or any other trust, are more likely to be considered as part of the matrimonial pool if the control and benefit of the trust lies with one of the parties to the relationship.  However, this was not considered to be the case in the recent decision of Bernard & Bernard [2019] FamCA 421 (5 July 2019 per Henderson J) (“Bernard”).

Bernard & Bernard [2019] FamCA 421

In the case of Bernard, the Wife brought an Application under Section 79 of the Family Law Act for a property settlement and contended that the Husband’s interests in a testamentary trust formed a part of their matrimonial pool available for division. The Husband did not agree submitting that the testamentary trust should be excluded from the matrimonial pool and considered a financial resource as he had no control over the assets or income earnt as he was not a trustee.

The relevant facts of Bernard are as follows:

1. The parties’ married in 1998 and separated in September 2015. At the time of separation there were two adult children of the marriage.
2. The Husband’s Father made a will in 2012 and subsequently passed away that same year. The will provided, amongst other things for the creation of two testamentary trusts. The first trust was for the Husband and named the Mr Bernard Family Will Trust. The second trust was for his daughter, the Husband’s sister and named the Ms C Bernard Family Will Trust. The Husband’s late Father’s estate comprised of approximately $3,500,000 of assets.
3. The Husband was a primary beneficiary of his trust. His sister was the trustee. The sister’s trust mirrored the provisions of the Husband’s trust being the sister was the primary beneficiary however, the Husband was the trustee. It should be noted the sister was joined as a third party to the proceedings.
4. In 2012, the Husband and sister began to conduct business together in partnership through the Bernard Family Will Partnership (“the Q Partnership”). The Husband and sister generated income through the Q Partnership.

Primary Arguments

The Wife’s primary argument was that the two testamentary trusts were mirror trusts and that the assets of the Husband’s trust were effectively his and the assets of the sister’s trust were effectively hers despite this being contrary to the trust deeds.

The Husband submitted he had no control over the income or capital of the trust and that control and ownership was with the trustee, his sister, therefore excluding the assets from the matrimonial pool.

The Decision

Justice Henderson considered the Wife’s argument, however, ultimately found that the testamentary trust should be excluded from the property pool. In reaching her decision, Her Honour considered the following factors and relied heavily on the applicable trust deeds.

1. The Husband was not the settlor of the trust.
2. The Husband is entirely dependent on his sister, the trustee, to distribute income and accumulate income.
3. The trustee has complete discretion in determining any distributions.
4. The Husband has no power to apply any of the assets and income of the trust of which he is a beneficiary. The Husband had that power in his sister’s trust of which he was not a beneficiary;  
5. The Husband is a discretionary beneficiary and does not hold any other entitlement. There were many classes of beneficiaries including the Wife their children, grandchildren and great grandchildren of the Husband.
6. The assets in the Husband’s trust were never matrimonial property.

The Court ultimately held that the Wife must deal with the assets the Husband holds as they are. Importantly in this case, the Husband was only a primary beneficiary under a trust, not the controller or trustee, with that power being vested in his sister.

Of note, the Court considered that if the sister provided the Husband with all the assets of the trust of which she was trustee, it would be a significant breach of her obligations as trustee to the other beneficiaries.

Key Lessons

It is clear from Bernard, that from an estate planning perspective, one way to provide additional asset protection in the Family Court is to take away or limit the control of the beneficiary within the terms of the testamentary trust.  Having the flexibility for beneficiaries to self-impose these restrictions after the testator’s death is a major benefit, even if when they sign their will, the restrictions do not appear necessary.

It is also important to ensure that if you are separating, you are aware of your assets and the matrimonial pool available for division whether it is by virtue of a trust, property or inheritance and the way they may be treated by the Family Court.

If you would like to discuss a relationship breakdown or review your estate planning, please do not hesitate to contact us.

From 1 January 2020, some entities including companies limited by guarantee will be required to have a whistleblower policy that complies with the new section 1317AI of the Corporations Act 2001 (Cth).

The Australian Securities and Investments Commission (ASIC) has announced that public companies that are small not-for-profits (NFP) or registered charities with annual revenue of less than $1 million will be exempt from the new requirement.

ASIC Commissioner John Price said the exemption will provide relief to small NFPs or charitable companies who may face a compliance burden that outweighs the benefits a policy might otherwise offer.
 
Even if organisations are exempt from the Corporations Act requirement to adopt a whistleblower policy:

• all companies limited by guarantee must still comply with the whistleblower protections in the Corporations Act from 1 July 2019. ASIC Regulatory Guide 270 includes guidance on managing whistleblowing that may be helpful even for entities that are not required to have a policy.
• it may still be appropriate to adopt a whistleblower policy:
• for registered charities – as part of their implementation of the ACNC External Conduct Standards in respect of their overseas operations; and
• for all registered charities and not-for-profit organisations – as part of steps taken to protect vulnerable persons and ensure accountability in their general operations.

How we can help

If your organisation would like advice on how to comply with the new whistleblowing regime, please do not hesitate to contact us.

On 23 October 2019, the Queensland Government passed the Civil Liability and Other Legislation Amendment Act 2019 (the Act), with significant implications for child abuse claims against organisations. The reforms remove the limitation periods for survivors to commence civil action for all types of child abuse, reverse the onus of duty of care and set out the liability for unincorporated institutions and defunct institutions. The reforms are in response to the recommendations by the Royal Commission into Institutional Responses to Child Sexual Abuse (Royal Commission). We are likely to see further legislative changes as states continue to demonstrate their commitment to child safety.

Background

The Royal Commission made several recommendations regarding the civil liability of organisations. In particular, it noted that it was often difficult for individuals to commence and be successful in claims against organisations.  This was for several reasons, including that the burden was on the individual to prove that the organisation breached its duty of care, the fact that unincorporated institutions could escape liability despite having assets in a separate trust (as noted in the important case by John Ellis), and limitation periods failing to align with the average time it took for child survivors to commence claims.  

In response, several states introduced legislative reform. Victoria and New South Wales both passed legislation to reverse the burden of proof in relation to duty of care, meaning that if a person associated with an organisation abused a child, the organisation would be presumed to have breached its duty of care unless it could prove it took all reasonable steps to prevent the abuse. Both states have also removed the “Ellis defence” and required unincorporated institutions to nominate an entity capable of being sued and with assets to take its place in child abuse claims. Western Australia and the ACT have also passed similar legislation. Most states have also removed the limitation period for child sexual abuse claims. 

Changes under the Act

The Act amends several existing acts including the Civil Liability Act 2003 (Qld), Civil Proceedings Act 2011 (Qld) and Personal Injuries Proceeding Act 2002 (Qld).  The key changes under the Act include:

1. Duty of care – the Act sets out a clear duty of care that applies to organisations to take all reasonable steps to prevent the abuse of a child by a person associated with the institution while the child is under the care, supervision, control or authority of the institution.  The burden of proof is also reversed where an institution will be taken to have breached its duty of care unless it can prove it took all reasonable steps to prevent the abuse.
2. Unincorporated institutions – a person who experienced child abuse by a person associated with an unincorporated institution while under their care, supervision, control or authority will be able to start or continue a claim, notwithstanding that the institution is unincorporated.  The Act also states that courts can make orders to require unincorporated institutions to identify any associated trusts and make orders that the trustee of the trust is nominated as the appropriate defendant where appropriate.
3. Defunct institutions – the Act specifically states that liability for claims against defunct institutions will be transferred to the relevant successor of the institution. Relevant factors when considering if any institution is the relevant successor include if any merger or acquisition occurred, the new institution is a part of the old institution or there is some other relevant connection.
4. Statute of limitations – for personal injury claims, the statute of limitation was removed for personal injury claims resulting from sexual abuse when the claimant was a child. The Act now extends this to claims resulting from sexual abuse, serious physical abuse or psychological abuse of a child perpetrated in connection with sexual abuse or serious physical abuse.

Implications of the Act

The Act has significant implications for institutions based in Queensland or with operations in Queensland.  In relation to claims for historical abuse, institutions need to be aware that the Act will make it more likely that they will need to take responsibility for any liability of defunct institution that it may be associated with.  Furthermore, unincorporated institutions will no longer be able to rely on the so called ‘Ellis defence’ that they cannot be sued as they are unincorporated or do not have assets.  Trustees of trusts which hold assets for unincorporated institutions should be aware that courts can nominate them as defendants in child abuse claims.  These will also be important considerations for any institutions considering mergers or acquisitions or even taking assets from defunct institutions, noting that it may mean they also take on any liability for historical claims.

Looking forward, the duty of care set out in the Act creates an expectation that institutions must be proactive in preventing child abuse by individuals associated with the institution.  Institutions should be looking carefully at their recruitment strategies, policies and procedures and training.  

Next steps for organisations

While the Act and its changes apply to institutions in Queensland, all organisations should note that similar changes have occurred in other states or are being considered. We recommend that organisations take the following next steps to align with their legal obligations and best practice.

1. Ensure child safe recruitment – given the legally imposed duty of care and reversed burden of proof, ensuring the right people are in your organisation is critical.  Organisations should be reviewing their recruitment practices and their monitoring of checks such as Working with Children Checks.  We have set out some tips on child safe recruitment in our HR child safety checklist.
2. Prioritise record keeping – record keeping will be fundamentally important if institutions intend to defend themselves against claims by demonstrating that they have taken all reasonable steps to prevent the abuse. This includes keeping records of training that you run and attendees, induction processes, policies and procedures and how the organisation responds to any child safety concerns.
3. Embed child safety into your strategy – given the implications of the new Act, organisations should be thinking about their child safety in broader strategic discussions including when considering mergers and acquisitions. Consideration should be given to any liability that the organisation may be accepting if it becomes connected with another institution or defunct institution.  Organisations may also wish to consider joining the National Redress Scheme.

For more information or assistance in aligning with your legal obligations, please do not hesitate to contact us.

A recent Fair Work Commission (Commission) decision has highlighted the importance of following a procedurally fair process when terminating an employee’s employment for misconduct, the failure of which can result in an employee’s reinstatement.

The case

In Susan Edwards v Litchfield Council [2019] FWC 6660 the Commission ordered reinstatement after an employee was dismissed from her role as gatekeeper at a waste transfer station following allegations of theft, fraud and corruption.

The employer commenced an investigation into Ms Edwards’ conduct after receiving a complaint by a co-worker that a customer’s waste was not properly deposited and was potentially unpaid for during Ms Edwards’ shift.

Rather than seeking a response from Ms Edwards to the allegations, the employer reviewed CCTV footage and prepared a report in relation to her conduct, which included that Ms Edwards’ son regularly visited her at the waste station.

The employer issued Ms Edwards with a first and final warning, which stated that any further instances of unacceptable behaviour could lead to her dismissal.

Ms Edwards was subsequently dismissed following further allegations of making illegal transactions at work, including failing to take payments from customers and recording transaction, amounting to potential theft, fraud and corruption.

Erroneous allegations and a series of procedural flaws

The Commission held that the employer’s targeted action to capture information relevant to other breaches was significant and procedurally unfair.

Notably, Ms Edwards was not offered a support person during the meeting where she was issued the first and final warning, nor was she shown the CCTV footage or provided with a log of transactions.

Before the Commission, Ms Edwards was able to provide a series of reasonable explanations in response to the allegations against her.

No valid reason for dismissal

The Commission found Ms Edwards had some discretion in her role with respect to the application of fees and charges depending on the nature of the load, and whether it involved residents or non-residents. This, coupled with a lack of documented guidelines establishing codes of conduct, led the Commission to find there was no valid reason for dismissal.

Key takeaways

Ordering reinstatement of the employee, the Commission noted that issuing a first and final warning was surprising and was not supported by the evidence.

The decision highlights that employers need to consider form and substance before moving to dismiss an employee. An employer’s decision to dismiss an employee for misconduct should be based on substantiated allegations which are supported by evidence. The process which leads to the dismissal is equally important – employees must be provided with sufficient particulars of the allegations, and provided with a reasonable opportunity to respond.

How we can help

Moores assists employers with navigating disciplinary matters and responding to misconduct, including dismissal. For assistance with workplace relations matters, please do not hesitate to contact us.

Land tax rules in Victoria are providing a disincentive to good management of property by charities. And it seems that some charities may be slugged with land tax for trying to be good stewards of their real estate.

Charities are under a legal obligation to ensure their property is applied for charitable purposes. They are also under a governance (and moral) obligation to use their assets to maximum benefit for the charity.

But Victorian law is currently proving a barrier for charities who want to take opportunities to maximise the benefit of any spare capacity or ‘downtime’ of their properties that trying to generate revenue from property from leasing, co-working and ‘external hire’ arrangements could result in a land tax assessment.

The problem in the law

The Land Tax Act 2005 (Vic) gives land tax exemptions for certain property or property uses.  For general charitable use, the Act allows property in Victoria to be exempt from land tax if it is “used by a charitable institution exclusively for charitable purposes” (our emphasis). 

Not “primarily” for charitable purposes, or “mostly” for charitable purposes – the words of the legislation recite a test of exclusivity.

The problem with this “all or nothing” approach is that it discourages use of spare capacity.  No-one is levying income tax on charities when they invest spare money into the stock market.  So why does the State of Victoria levy land tax on charities who redirect spare capacity of their properties into revenue-generating use to fund the organisation’s charitable activities?

The problem illustrated – the school theatre

Let’s say a school has a fantastic performing arts theatre. It cost a lot to build, so the business manager has the good sense to make it available for hire.

If the theatre is hired by another school for an event, there is no problem. The theatre is still being used for an educational purpose and the land tax exemption can still apply. Education is a charitable purpose.

When a local dance group wants to hold their annual concert in the theatre, it appears to be another good opportunity to earn some revenue from the facility’s spare capacity. The problem is that the local dance group is not a “charitable” activity and is not a charity itself.

The mere act of hiring out the facility for a non-charitable use has the potential of exposing the school to an assessment for land tax. A one-off hiring event might be long regretted if it were to result in a land tax assessment for a charity trying to do the right thing and put its spare capacity to good use.

A ‘commercial’ hire doesn’t even have to be one that makes money. If it is not a ‘charitable use’, then a literal reading of the current law puts the land tax exemption at risk.

The problem is everywhere

The requirement of exclusive charitable use does not embrace the reality that modern charities are creative and entrepreneurial in generating revenue. They should not be discouraged from doing so – it helps our donation dollars go further.

It is largely a nonsense to think that charities want to use their properties for “exclusive charitable use”. A literal reading of the legislation will exclude taking advantage of things like:

• Renting out a spare office;
• Hiring out the church hall for functions;
• Renting car parking space to a neighbour;
• Allowing sports coaching groups or fitness classes to hire the sports field; and
• Private functions at campsites.

These are things that should be encouraged, not penalised.  It would be undesirable to see charities “locking up” their facilities or limiting their use for fear of getting a land tax assessment.  That just causes communities to miss out and makes charities look selfish.

Potential solutions

We don’t necessarily advocate for land tax exemption just because a property is owned by a charity (although that is the situation in NSW).  But we do believe in allowing room for charities to spread their entrepreneurial wings without being shot down by the tax man.

Here are alternatives that we think would work:

1. Apply a “primarily or substantially” test
   If a property were used primarily or substantially for charitable purposes, the exemption would still apply.This test is applied to properties which are exempted from land tax as non-profit sporting or outdoor recreational facilities.If they are allowed to use a small amount of spare capacity for commercial hire arrangements, why can’t other charities?
    
2. Pro-rata exemption
   Charities could have their exemption reduced (rather than removed) to the extent of the days of non-charitable use.This could be on a self-assessed basis and subject to audits for compliance.This would be an improvement on the current “all or nothing” position and would allow charities to manage the tax cost of commercial hiring.

What can you do for now?

Until our parliamentary representatives see fit to address this issue, there are some things you can do:

• Find out whether you’re paying land tax, whether you’re exempt and why. Maybe you should be paying land tax. Maybe you shouldn’t. Maybe you should be exempt from land tax, but for a different reason.
• Consider ways to preserve your exemption and still do commercial hire. This can come down to documenting the purpose of your hiring arrangements and creating some policies or guidelines around who you hire to and why.

And when the board asks you to look at ways to earn revenue from the spare capacity in your real estate assets and building facilities, send them a copy of this article.

How we can help

For further assistance, please do not hesitate to contact us.

A recent Supreme Court decision highlights the risk of organisations assuming that if a claim of child sexual abuse is successful, Courts will award damages in line with the amounts payable under the National Redress Scheme for Institutional Child Sexual Abuse.

In MC v Morris [2019] NSWSC 1326, the New South Wales Supreme Court found that the applicant has suffered a post-traumatic stress disorder, major depression, medication-related obesity and other related health issues following historic child sexual abuse.

The Court assessed damages of more than $3.5 million dollars at common law.

The case

In the mid 1990’s, the plaintiff performed lawn-mowing and maintenance work for his neighbours, including the defendant. At the time, the plaintiff was between 13 and 15 years old.

The defendant groomed and sexually abused the plaintiff during this period. After the plaintiff reported the abuse to the police in 2017, the defendant was charged with, and pled guilty to, criminal offences resulting in his imprisonment.

Following this, the plaintiff commenced civil proceedings against the defendant for assault and battery relating to the sexual abuse. The defendant was represented at the hearing, however did not file a defence or serve any expert evidence. The plaintiff led evidence in relation to the effect of the abuse on his life, including his expulsion from school, breakdown of his subsequent marriage and inability to maintain consistent employment.

The plaintiff tendered expert evidence of psychological injury, including post-traumatic stress disorder and major depression requiring medication, leading to extreme weight gain.

Assessment of Quantum

While damages will vary depending on the individual circumstances of the case, this decision highlights a willingness by courts to recognise the significant impact of child sexual abuse on the survivor – physically, psychologically, financially and interpersonally.

With respect to the quantum, the Court noted that it:

“Reflects the reality that the defendant’s predatory pursuit of his depraved sexual interest in a boy of early teenage years has all but destroyed what might have been a contented and useful life.”

The quantum was calculated as follows:

• General and aggravated damages – $400,000
• Interest on general damages – $115,000
• Past loss of earnings – $840,000
• Past loss of superannuation – $92,400
• Interest on past loss of earnings – $676,363
• Future loss of earnings – $1,079,483
• Future loss of superannuation – $152,963
• Future medical expenses – $20,000
• Future care – $134,304

Key take-away points

The case serves as a reminder that organisations should not rely on the National Redress Scheme for Institutional Child Sexual Abuse Assessment Framework to assess potential quantum of damages relating to historical child sexual abuse matters, as survivors still have the ability to pursue a common law claim.

Contact us

For more information on managing child safety concerns, please do not hesitate to contact us.

Memorandums of Understanding (MOUs) seem to be the weapon of choice in the for purpose sector. Commonly used to formalise joint projects and other collaborations between organisations, MOUs are popular because they are perceived to be a quick, informal and simple way to sketch out the terms of a relationship. Organisations need to be aware, however, that these seemingly innocuous documents can lead to confusing situations that might require legal advice to untangle, or leave one party exposed to risk.

This article looks at the top four things not-for-profit organisations should consider when entering into MOUs.

1. Is non-enforceability appropriate?

Before considering the content of the agreement, organisations should first consider whether a MOU is appropriate for what they are trying to achieve. Although MOUs do not have a set definition in law, they are generally understood to be a non-enforceable written understanding between two or more organisations.

This expectation of non-enforceability is the key characteristic of a MOU. It allows organisations to record their understanding and expectations without the deliberation required for a formal contract. This means that a MOU can be simple and cost-effective to prepare.

However, the strengths of a MOU – non-enforceability and easy preparation – are also its weaknesses:

• A MOU can be very difficult to enforce if one party does not live up to their side of the bargain. This can leave organisations exposed, particularly if a project or collaboration involves significant risk or potential liability.
  
  For example, MOUs are commonly used between parties collaborating to provide government funded services. The lead contractor may be unable to meet their obligations under the government funding agreement if they can’t enforce an MOU against their partner organisation.
   
• The perceived informality of an MOU means that they are often prepared without legal assistance. This can mean that the document lacks clarity or is silent on important matters. This creates uncertainty, which increases both the likelihood of dispute between the parties and the difficulty of resolving any dispute.

The nature of a MOU means that it is better suited for informal or good-will based collaborations of low value or low risk, such as:

• setting out a relationship in writing – for example referral pathways, information sharing or shared resources;
• working on a project or delivering services together;
• an agreement to agree – a loose understanding before formal negotiations on merging, contracting or working together; or
• confirming an advocacy position.

A more formal, enforceable agreement is more appropriate for:

• delivery of significant services;
• sub-contracting significant government or philanthropic funded projects;
• projects involving use of valuable intellectual property;
• risky agreements or projects that could result in significant liability; and
• relationships that require strict confidentiality, or where breaches of confidentiality will be harmful to beneficiaries.

The key questions for organisations considering entering into a MOU is – how severe could the consequences be for our organisation if the other party does not meet their obligations and we cannot enforce this agreement? If you need to be able to enforce an agreement, it is best to use a properly drafted contract.

2. Should at least part of the MOU be enforceable?

Even in the most informal relationships, it may be appropriate to have some terms that will be enforceable and can even survive the termination of the relationship. These need to be clearly distinguished from the rest of the MOU and may deal with matters such as confidentiality and non-disparagement.

3. A contract by any other name….would still be enforceable

Some organisations prefer a MOU precisely because it is non-enforceable – they don’t want the agreement to be able to “come back to bite them”. Organisations should be aware that simply describing a document as a “Memorandum of Understanding” or “Heads of Agreement” does not automatically make it legally unenforceable. It is not uncommon to see “MOUs” that are actually legally binding contracts.

The question is whether the parties intended to create a legally binding relationship. This will depend partly on the circumstances surrounding the MOU, and partly on the wording of the document itself. A clause stating “nothing in this MOU is intended to create legally binding obligations” is a great start. On the other hand, a MOU that is silent on intention but includes a large amount of detail (like specifics of the services one party will deliver, how they will be remunerated and consequences if the parties don’t meet their obligations) could in fact be a contract.

A key risk with a MOU that is a “contract in disguise” is that it will often not have been prepared with the care and deliberation that should go into an enforceable contract. It may also not have been through any requisite Board approval process.

4. Does the MOU cover off on the essentials?

There are essential matters MOUs should address. These help to ensure that the document is practical, comprehensive and captures matters that otherwise may be merely recorded in meeting notes and through chains of emails. A well drafted MOU will give clarity to all parties and help them to confirm that they are on the same page before they get started.

At a minimum, MOUs should address the following:

• details of the organisations, including a contact person (or people) for each party;
• the purpose or objective of the MOU;
• the agreed role and actions from each party;
• information about payment stages, triggers and amounts;
• a start and finish date;
• protection for privacy and confidentiality;
• a dispute resolution process; and
• a statement confirming that it is not intended to be legally binding – and excluding any provisions that should be binding and/or survive termination.

Depending on the scope of the MOU, it may also be useful to cover details like definitions, interpretation, relationship to other agreements and use of intellectual property.

Next steps

Organisations should give careful consideration to whether an MOU is the appropriate way to set out the terms of a collaboration or joint project. Any MOU must be carefully prepared to ensure that it does not leave your organisation exposed. 

Our For Purpose team regularly helps clients to appropriately document the terms of their relationships with project partners. If you have a query, please do not hesitate to contact us.

Recent cases and the latest statistics from the regulator demonstrate that human error continues to be a key issue in data breaches, including where these human errors open up opportunity for hacking and other types of cyber-breaches.

Those in Not-for-Profits often suffer some financial impact, but also the issue of damaged reputations.

Victorian hospitals, Commonwealth Superannuation Corporation, online gaming company Zynga, online ticket company Get, PayID and food delivery company DoorDash – there has been no shortage of recent data breaches which have recently affected a wide range of organisations.  

These high profile data breaches demonstrate the variety of different types of data breaches, from malicious activity to human error.  They also demonstrate that data breaches can be operationally, reputationally and financially damaging.

The recent data breaches provide a key lesson for all organisations that data breaches are a very real risk for which many organisations still remain under-prepared.

Recent data breaches

Hospital data breach

In late September 2019, several hospitals in western Victoria suffered a data breach.  This included Gippsland Hospital, Barwon Hospital, Geelong’s University Hospital and hospitals in Warrnambool, Colac, Warragul, Sale and Bairnsdale. 

The attack was a malicious criminal attack that forced several hospitals to quarantine and disconnect a number of their systems including the internet, patient records and booking and management systems. 

This meant some medical procedures had to be delayed and Premier Daniel Andrews stated that it would take weeks to secure the affected networks and clear out the virus.  Currently, there is no evidence to suggest any personal information was released.

The attack comes after a warning from Victoria’s Auditor-General who stated in May that Victoria’s health databases had serious weaknesses which put patient data at risk.  This aligns with the Office of the Australian Information Commissioner (OAIC), which consistently reports health service providers as the sector that suffers the most notifiable data breaches.

So, whilst the breaches were caused by malicious activity, the suggestion is the human-created environment enabled the attacks.

PayID

PayID allows account holders across all major financial institutions to make instantaneous payments using mobile phone numbers or emails.  It was launched in 2018 by the New Payments Platform, an alliance of 13 banks and has been used to process 90 million transactions totalling more than $75 billion.  However, since its release, PayID has been plagued with privacy concerns and data breaches.  In particular, it was criticised that when a phone number is typed in, the name associated with the phone number automatically pops up (to confirm the identity).  Therefore, anyone typing in a string of numbers will automatically know the name of the person holding that phone number.

In June 2019, 98,000 PayID details were obtained by hackers who were able to access the personal information of 600,000 PayID users.  In August 2019, a further 92,000 PayIDs were exposed, leading to the reveal of users’ full name and mobile phone numbers.  This was then used to send phishing messages to clients claiming to be from banks.

In this case, some of the user-friendly functions wanted for human interaction inadvertently led to technical vulnerabilities.

Commonwealth Superannuation Corporation

On 24 September 2019, an ABC staff member was sent a document containing the full names and addresses of customers and the amounts they had transferred into their superfunds.  The ABC staff member was sent her own information as well as the additional documents with the personal information of other customers.

CSC has admitted that 18 customers were affected and they are investigating urgently.  It is expected that the incident was due to human error. 

We again see here the factor of human error laying the groundwork for a data breach which later occurs electronically.

Impact of data breaches on organisations

The significant media coverage regarding recent data breaches demonstrates the broad impact data breaches can have on organisations. 

For not-for-profits, this can also impact their reputation as a trusted organisation.  In 2017, the accidental release of personal information from 550,000 blood donors impacted Australian Red Cross Blood Service’s reputation as a trusted organisation.  In the two weeks that followed, they received 3,700 calls and emails regarding the breach.  Luckily, Red Cross’ rapid response and honesty helped preserve their reputation.  They were however required to enter enforceable undertakings with the OAIC.

Data breaches for organisations can also cause significant financial loss.  In 2018, Save the Children lost $1 million when a cyber-attack gained access to an employee’s email account and then used that to create fake invoices.  Furthermore, we are seeing increased amounts of law suits against organisations that fail to protect the privacy of individuals.  For example, Yahoo recently settled a data breach class action for $117 million.

Not-for-profits that are bound by the Privacy Act 1988 (Cth) should also be aware of the penalties under the Act, especially in light of announcements in March 2019 that the Government intends to increase penalties to $10 million, three times the value of the benefit obtained through the misuse of information or 10% of an organisation’s annual domestic turnover.

Key lessons and next steps for your organisation

It is important that organisations are doing what they can to both prevent data breaches and also ensure that they are equipped to respond efficiently to any breaches that do occur.

We recommend that organisations prioritise the following:

1. Put in place / review your data breach response plan – then educate your staff and follow it: if your organisation does not currently have a data breach response plan (DBRP) in place, it should ensure it does so urgently.  This should help step you through how to respond to breaches in accordance with your legal obligations.  If you already have one, consider if it needs to be reviewed in light of recent developments in law and best practice.  As stated by the OAIC in its report regarding the Red Cross data breach, “data breaches can still happen in the best organisations” and it is how an organisation responds that can be defining.
2. Review your third party contracts – outsource the job, not the privacy compliance: the Red Cross breach demonstrates the importance of ensuring organisations that store data with third parties must make sure that privacy compliance is embedded in these agreements.  The OAIC has consistently stated that organisations cannot outsource compliance with their legal obligations and ultimately will be responsible for the data that they collect and use.  
3. Train your staff: it is a consistent theme in many data breaches that they are either a result of or caused by human error, such as in the Commonwealth Superannuation Corporation example.  While some mistakes are inevitable, often human error occurs due to a lack of understanding regarding suspicious emails, proper protocols and safeguards.  Furthermore, your staff should be trained on how to respond to data breaches quickly to mitigate any harm or further disclosure such as recalling emails and assessing the impact of breaches.  
4. Understand your vulnerabilities and prepare accordingly: the recent data breaches demonstrate that different sectors and different types of data will have different vulnerabilities and risks.  It is important that organisations understand these so that they can prioritise preventive action and resources.  For example, the PayID data breach might have seemed like a breach where no harm would eventuate but the use of the clients’ contact details to send phishing emails allegedly from a bank could have led to significant financial loss.  Similarly, health organisations should be considering their vulnerabilities.  An organisation’s policies and procedures should be tailored accordingly to ensure that they are as effective as they can be to both prevent data breaches and rapidly respond.

Privacy Training Sessions

Moores is currently taking bookings for privacy training sessions. Contact us below if you’d like to hear more about out engaging and entertaining privacy training sessions for staff, and our in depth sessions for boards.

About Moores’ Privacy Practice

Our privacy team has worked with a large number of corporates and Not-For-Profits regarding their privacy compliance including:

• Policy and compliance;
• Assisting with responding to privacy breaches or suspected breaches;
• Privacy audits and compliance reports;
• Developing data breach response plans;
• Privacy framework design; and
• Training boards and staff

If you need any assistance with Privacy practices for your organization, please do not hesitate to contact us.