LSB April 2022 LR
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
THE<br />
BULLETIN<br />
THE LAW SOCIETY OF SA JOURNAL<br />
VOLUME 44 – ISSUE 3 – APRIL <strong>2022</strong><br />
CYBER SECURITY
The Legal Practice<br />
Productivity Solution<br />
Law firms using LEAP enjoy all the benefits of a state-of-the-art practice<br />
management system, as well as legal accounting, document assembly &<br />
management, and legal publishing assets all in one integrated solution.<br />
Document Assembly<br />
& Management<br />
Legal<br />
Accounting<br />
Practice<br />
Management<br />
Legal<br />
Publishing<br />
leap.com.au
This issue of The Law Society of South Australia: Bulletin is<br />
cited as (2020) 44 (3) <strong>LSB</strong>(SA). ISSN 1038-6777<br />
CONTENTS<br />
CYBERSECURITY FEATURES & NEWS REGULAR COLUMNS<br />
6 It’s time to get our heads out of the<br />
sand and into the cloud<br />
By Alexandra Douvartzidis & Alexandra<br />
Harris<br />
12 Facial recognition technology &<br />
the law: Are existing privacy &<br />
surveillance laws fit for purpose?<br />
By Caitlin Surman<br />
19 Legal implications of ransomware<br />
attacks for legal practitioners and their<br />
clients – By Brooke Hall-Carney, Amy<br />
Coper-Boast & Elizabeth Carroll-Shaw<br />
22 An Analysis of the Law Society’s<br />
Cloud Computing Guidelines<br />
By Mark Ferraretto<br />
30 Governing Cybersecurity: critical<br />
infrastructure, spies & consumers<br />
By Robert Chalmers<br />
18 Djokovic rallied to secure release<br />
before the ministerial discretions<br />
proved a winner<br />
By Chris Johnston & Rosa Torrefranca<br />
32 Tour de France 2021: Avoiding the<br />
Domino Effect in the Peloton<br />
By Annemarie Goodwin<br />
4 President’s Message<br />
5 From the Editor<br />
34 Tax Files: Trust Distribution Alerts<br />
By John Tucker<br />
37 Wellbeing & Resilience:<br />
Doomscrolling: What is it and how<br />
can we stop it? – By Amy Nikolovski<br />
38 Family Law Case Notes<br />
By Craig Nichol & Keleigh Robinson<br />
40 Risk Watch: Control Your Trolls:<br />
Protecting Your Practice on Social<br />
Media – By Kate Marcus<br />
41 Bookshelf<br />
Compiled by Lorna Hartwell<br />
42 Gazing in the Gazette<br />
Compiled by Master Elizabeth Olsson<br />
Executive Members<br />
President:<br />
J Stewart-Rattray<br />
President-Elect: J Marsh<br />
Vice President: A Lazarevich<br />
Vice President: M Tilmouth<br />
Treasurer:<br />
F Bell<br />
Immediate Past<br />
President:<br />
R Sandford<br />
Council Member: M Mackie<br />
Council Member: E Shaw<br />
Metropolitan Council Members<br />
T Dibden<br />
M Tilmouth<br />
A Lazarevich M Mackie<br />
E Shaw<br />
J Marsh<br />
C Charles<br />
R Piccolo<br />
M Jones<br />
D Colovic<br />
E Fah<br />
N Harb<br />
L MacNichol L Polson<br />
M Young<br />
Country Members<br />
S Minney<br />
(Northern and Western Region)<br />
P Ryan<br />
(Central Region)<br />
J Kyrimis<br />
(Southern Region)<br />
Junior Members<br />
A Douvartzidis<br />
A Kenny<br />
Ex Officio Members<br />
The Hon K Maher, Prof V Waye,<br />
Prof T Leiman<br />
Assoc Prof C Symes<br />
KEY LAW SOCIETY CONTACTS<br />
Chief Executive<br />
Stephen Hodder<br />
stephen.hodder@lawsocietysa.asn.au<br />
Executive Officer<br />
Rosemary Pridmore<br />
rosemary.pridmore@lawsocietysa.asn.au<br />
Chief Operations Officer<br />
Dale Weetman<br />
dale.weetman@lawsocietysa.asn.au<br />
Member Services Manager<br />
Michelle King<br />
michelle.king@lawsocietysa.asn.au<br />
Director (Ethics and Practice)<br />
Rosalind Burke<br />
rosalind.burke@lawsocietysa.asn.au<br />
Director (Law Claims)<br />
Kiley Rogers<br />
krogers@lawguard.com.au<br />
Manager (LAF)<br />
Annie MacRae<br />
annie.macrae@lawsocietysa.asn.au<br />
Programme Manager (CPD)<br />
Natalie Mackay<br />
Natalie.Mackay@lawsocietysa.asn.au<br />
Programme Manager (GDLP)<br />
Desiree Holland<br />
Desiree.Holland@lawsocietysa.asn.au<br />
THE BULLETIN<br />
Editor<br />
Michael Esposito<br />
bulletin@lawsocietysa.asn.au<br />
Editorial Committee<br />
A Bradshaw P Wilkinson<br />
S Errington D Sheldon<br />
J Arena D Weekley<br />
B Armstrong D Misell<br />
M Ford<br />
The Law Society Bulletin is published<br />
monthly (except January) by:<br />
The Law Society of South Australia,<br />
Level 10-11, 178 North Tce, Adelaide<br />
Ph: (08) 8229 0200<br />
Fax: (08) 8231 1929<br />
Email: bulletin@lawsocietysa.asn.au<br />
All contributions letters and enquiries<br />
should be directed to<br />
The Editor, The Law Society Bulletin,<br />
GPO Box 2066,<br />
Adelaide 5001.<br />
Views expressed in the Bulletin<br />
advertising material included are<br />
not necessarily endorsed by The<br />
Law Society of South Australia.<br />
No responsibility is accepted by the<br />
Society, Editor, Publisher or Printer<br />
for accuracy of information or errors<br />
or omissions.<br />
PUBLISHER/ADVERTISER<br />
Boylen<br />
GPO Box 1128 Adelaide 5001<br />
Ph: (08) 8233 9433<br />
Email: admin@boylen.com.au<br />
Studio Manager: Madelaine Raschella<br />
Elliott<br />
Layout: Henry Rivera<br />
Advertising<br />
Email: sales@boylen.com.au
FROM THE EDITOR<br />
IN THIS ISSUE<br />
User awareness vital<br />
in the fight against<br />
cyber crime<br />
MICHAEL ESPOSITO, EDITOR<br />
When a video emerged online of<br />
Ukrainian President Voldymyr<br />
Zelenskiy seemingly telling his soldiers<br />
to lay down their weapons and return<br />
home, it signalled a new frontier of<br />
the information war, or to put it more<br />
accurately, the disinformation war.<br />
For the video was in fact a “deep<br />
fake”. A deep fake is a video that replaces<br />
a person’s face with a computer-generated<br />
likeness of that face, for the purpose of<br />
making it look like the person said or did<br />
something that they didn’t actually do.<br />
Fortunately, the quality of the Zelenskyy<br />
deep fake was not convincing enough, and<br />
was swiftly debunked, but with the pace<br />
of technology, we may only be a few years<br />
away from not being able to tell a real video<br />
from a deep fake, the consequences of<br />
which cannot be fully fathomed.<br />
Anyone who has had any experience<br />
of social media, especially during<br />
the past two years, would have some<br />
awareness of the toxic effect the spread<br />
of disinformation can have on public<br />
discourse, personal relationships, and<br />
democracy.<br />
Disinformation is also a cybersecurity<br />
issue. Users are targeted via phishing scams<br />
– correspondence which looks authentic<br />
but designed to give hackers access to<br />
personal and valuable information.<br />
Like deep fakes, these scams are<br />
becoming more sophisticated and realistic.<br />
No doubt many of us have received<br />
emails from so-called clients, or text<br />
messages about delivery packages (no<br />
doubt preying on the covid-inspired<br />
online shopping boom) asking us<br />
to follow a link or provide personal<br />
information.<br />
It is more important than ever for<br />
businesses to ensure they have robust<br />
cybersecurity systems in place. Reviewing<br />
and upgrading cybersecurity infrastructure<br />
is worth the investment, as the costs of a<br />
cyber attack could be catastrophic.<br />
As important as cybersecurity<br />
technology is user awareness training, as<br />
cyber attacks, such as phishing, rely on<br />
human weakness to succeed.<br />
It is why I consider this cybersecurity<br />
edition of The Bulletin to be such an<br />
important one. It contains a number of<br />
articles with great practical advice about<br />
how to protect valuable data and minimise<br />
the risk of debilitating cyber attacks.<br />
As cyber attacks continue to become<br />
more prevalent and damaging, it is just not<br />
viable to think “it won’t happen to me”.<br />
It most likely will, and the extent of the<br />
impact on you and your firm will largely<br />
depend on how seriously you took your<br />
cybersecurity. B<br />
FACIAL RECOGNITION TECHNOLOGY<br />
Do our privacy laws measure up?<br />
RANSWOMWARE ATTACKS<br />
Legal implications for lawyers<br />
DJOKOVIC V AUSTRALIA<br />
Ministerial powers to cancel visas<br />
12<br />
19<br />
24<br />
4<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong>
PRESIDENT’S MESSAGE<br />
New conduct rules apply<br />
to all SA practitioners<br />
JUSTIN STEWART-RATTRAY<br />
The Society implemented new<br />
legal profession rules for SA legal<br />
practitioners on 1 January <strong>2022</strong>. The<br />
new South Australian Legal Practitioners<br />
Conduct Rules (SALPCR), which<br />
replace the SA version of the Australian<br />
Solicitors Conduct Rules, provide a<br />
comprehensive set of legal profession<br />
rules which bind all SA legal practitioners<br />
including those who choose to practise<br />
exclusively as barristers.<br />
The SALPCR are the product of a<br />
review carried out by the Society as to<br />
the content and application of the legal<br />
profession rules in SA. Consideration of<br />
content included participation in the Law<br />
Council of Australia’s (LCA) review and<br />
redrafting of the Australian Solicitors<br />
Conduct Rules. For that review, the<br />
Society contributed to some important<br />
changes to the rules especially those<br />
relating to conflict of interest and sexual<br />
harassment and discrimination.<br />
In reviewing the application of the<br />
old rules one of the main issues was to<br />
ensure that the rules are expressed in such<br />
a way to make it clear that they apply to,<br />
and have disciplinary ramifications for, all<br />
SA legal practitioners regardless of the<br />
context in which they practise.<br />
The changes to the structure and<br />
terminology used in the SALPCR ensure<br />
that they harmonise with the disciplinary<br />
provisions of the Legal Practitioners Act,<br />
especially with section 70 which provides<br />
that conduct consisting of a contravention<br />
of the legal profession rules is capable of<br />
constituting unsatisfactory professional<br />
conduct or professional misconduct. As<br />
section 70 does not exclude any class of<br />
practitioner from its ambit, and we have a<br />
fused profession in South Australia, it was<br />
decided necessary to amend the structure<br />
and terminology of the legal profession<br />
rules adopted by the Society (noting that<br />
the definition of “legal profession rules” is<br />
“the Society’s professional conduct rules”)<br />
to properly reflect those elements.<br />
The Society consulted closely with<br />
the SA Bar Association and the Legal<br />
Profession Conduct Commissioner in the<br />
development of the new rules.<br />
The SALPCR now consists of two<br />
sections, Part A and Part B.<br />
Part A consists of a new South<br />
Australian version of the Australian<br />
Solicitors Conduct Rules (ASCR) which<br />
replaces the word “solicitor” with “legal<br />
practitioner” and incorporates amendments<br />
which were the outcome of the LCA’s<br />
review such as the new rule 11A (which<br />
provides for specific conflict of interest<br />
requirements for practitioners providing<br />
short term legal assistance) and the<br />
revised rule 42 (which deals with sexual<br />
harassment and discrimination). The rules<br />
in Part A apply to all SA legal practitioners<br />
other than those to whom Part B applies.<br />
Although they do contain some SAexclusive<br />
content (see rule 16A), Part A<br />
uses the same numbering as the LCA’s<br />
Australian Solicitors Conduct Rules for<br />
consistency and ease of cross-referencing.<br />
Part B applies to South Australian<br />
legal practitioners who hold a Category<br />
BA practising certificate or who have<br />
otherwise elected to practise exclusively as<br />
a barrister by qualifying for the barrister<br />
contribution under the South Australian<br />
Professional Indemnity Insurance Scheme.<br />
It comprises an amended version of<br />
the South Australian Bar Association<br />
Rules which are constructed to provide<br />
a rule regime that specifically applies<br />
to practitioners who choose to wholly<br />
practise as barristers.<br />
Detailed information about new Rule<br />
11A and the amendments to Rule 42 will<br />
be published in the May edition of The<br />
Bulletin. B<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 5
CYBER ATTACKS<br />
IT’S TIME TO GET OUR HEADS OUT<br />
OF THE SAND AND INTO THE CLOUD<br />
ALEXANDRA DOUVARTZIDIS, ASSOCIATE AT HWL EBSWORTH LAWYERS AND MEMBER LEGAL TECHNOLOGY COMMITTEE, AND<br />
ALEXANDRA HARRIS, SENIOR ASSOCIATE AT TINDALL GASK BENTLEY LAWYERS AND MEMBER, LEGAL TECHNOLOGY COMMITTEE<br />
Data breaches and cyber-attacks<br />
are occurring on a more frequent<br />
basis in Australia. Recently, the South<br />
Australian Government was the victim of<br />
a ransomware cyber-attack in November,<br />
2021. The government first disclosed the<br />
extent of the data breach in November,<br />
when it said at least 38,000 employees had<br />
their records stolen and, in some cases,<br />
published on the dark web. It was later<br />
revealed that the breach impacted almost<br />
80,000 employees. 1<br />
The South Australian Government<br />
is not the only victim of large cyberattacks.<br />
From other State Governments<br />
attacks amassing hundreds of thousands,<br />
to CANVA’s breach in 2019 impacting<br />
approximately 139 million of its users, 2<br />
cyber-attacks are almost a part of<br />
everyday life. Even though the Australian<br />
Government is revising its cybersecurity<br />
frameworks and policies, businesses,<br />
including law firms, cannot exclusively<br />
rely on the government for protections<br />
against cyber-attacks. 3<br />
It has become increasingly essential<br />
for lawyers and law firms to understand,<br />
embrace and implement emerging legal<br />
technologies in their individual practice<br />
and overarching firm policies, not only<br />
to improve efficiencies and work flow<br />
generally, but also to protect clients’<br />
and their own sensitive information.<br />
6<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
It is somewhat obvious that law firms<br />
will competitively benefit from keeping up<br />
to date with technology and integrating it<br />
into their everyday practice. Every day we<br />
are seeing an increasing number of firms<br />
and courts around Australia move away<br />
from traditional paper storage to cloudbased<br />
storage and document management<br />
systems.<br />
What isn’t as obvious is the concept<br />
that being a ‘tech savvy’ lawyer, or at the<br />
very least keeping up to date with the latest<br />
technological advancements potentially<br />
falls under the overarching ethical<br />
obligations that lawyers must abide by.<br />
This article considers a common type<br />
of cyber-attack in detail, the risks and<br />
consequences for practitioners, and how<br />
practitioners can avoid cyber-attacks.<br />
We also consider what steps practitioners<br />
should take if an attack occurs, and what<br />
are the general benefits of increasing<br />
your overall knowledge of technology in<br />
everyday practice.<br />
WHAT IS A “CYBER-ATTACK” AND WHAT<br />
ARE THE COMMON TYPES?<br />
A cyber-attack is when cybercriminals<br />
through the use of a computer launches<br />
an attack to disable systems, steal and/<br />
or destroy data and information, or use<br />
a breached computer system to launch<br />
additional attacks. Cybercriminals use<br />
different methods to launch a cyberattack<br />
that includes malware, phishing,<br />
ransomware, or other methods. 4 Criminally<br />
motivated persons generally launch<br />
cyber-attacks in order to seek financial<br />
gain through the theft of actual monies<br />
and/or data information that they can<br />
hold ‘ransom’ and seek payment for the<br />
return or destruction of the information<br />
held. Occasionally, an attack is launched<br />
for the purposes of merely disrupting a<br />
company’s system, 5 or for a multitude of<br />
other reasons.<br />
From ransomware to malware, the<br />
types of cyber-attacks individuals and<br />
companies face today are endless. For the<br />
purposes of this article, we focus on the<br />
key cyber-attack method of ‘phishing’<br />
commonly faced by practitioners.<br />
Phishing is where cybercriminals send<br />
fraudulent messages in an attempt to steal<br />
confidential information, such as banking<br />
logins, credit card details, business login<br />
credentials or passwords/passphrases. 6<br />
Phishing, unlike hacking, relies on a person<br />
voluntarily providing information. 7<br />
‘Spear phishing’ for example, is when<br />
messages sent to target specific individuals<br />
and/or organisations. 8 It is not uncommon<br />
for more sophisticated messages to contain<br />
material that is true (or appears likely to be<br />
true) to make them seem more genuine. 9
CYBER ATTACKS<br />
Spear phishing often uses a method<br />
called ‘social engineering’ for its success.<br />
Social engineering is a way to manipulate<br />
people into taking action by fashioning<br />
very realistic ‘bait’ or messages. It usually<br />
involves a great deal of research by the<br />
cybercriminals to target its victims. 10<br />
The message itself will usually lead<br />
the unsuspecting recipient to a fake<br />
website full of malware, which is an<br />
intrusive software effectively designed<br />
to destroy computer systems. 11<br />
The technique of spear phishing<br />
is one of the key factors leading to<br />
successful cyber-attacks commonly<br />
known as a ‘business email compromise’<br />
(BEC). One example of a BEC is where<br />
cybercriminals will, using spear phishing<br />
techniques, target companies who use<br />
online invoicing methods. The sting<br />
involves gaining remote access to a<br />
business’ (or customer / client) email and<br />
lying in wait for the perfect opportunity<br />
to strike. 12<br />
They will usually ‘keep watch’ for a<br />
while (typically with the use of malicious<br />
software mentioned above) and get a feel<br />
for the type of emails and invoices being<br />
sent.<br />
When the opportunity arises, they<br />
intercept the invoice, manually change the<br />
bank account details and redirect it to the<br />
victim for payment.<br />
Common examples involve businesses<br />
sending an invoice for payment (that is<br />
shortly after intercepted) and there have<br />
also been reports of real estate agencies<br />
sending trust account details over email<br />
which have resulted in significant house<br />
deposits being lost to criminals in an<br />
instant.<br />
It is devastating, and all too easily<br />
avoided with the right knowledge and<br />
use of technology.<br />
Bank details should never be<br />
exchanged via email, as doing so leaves<br />
the sender vulnerable to a third party<br />
intercepting the email and editing the bank<br />
details so that monies are transferred to<br />
a third party account. Once this happens,<br />
it is very difficult and near impossible to<br />
retrieve the lost money.<br />
It is not uncommon to receive a<br />
scam email that is tailored to your firm.<br />
For example, you may receive an email<br />
from a prospective client. They may<br />
include a link which requires you to<br />
click to access their ‘documents’ (for<br />
example, they may include a link which<br />
appears to be Dropbox or a similar<br />
application). They may also appear to be<br />
a co-worker, such as a senior practitioner<br />
delegating tasks, using your co-workers<br />
name and the firms signature template<br />
to appear more realistic.<br />
Equally concerning, and often less<br />
easy to identify, is when a scammer sends<br />
an email or message which appears to be<br />
from your own firm’s IT department<br />
(or another department). They may send<br />
a message appearing to be from your own<br />
company’s IT helpdesk asking you to<br />
click on a link and change your password<br />
because of a ‘new policy’.<br />
According to Scamwatch, BEC scams<br />
caused the highest losses across all scam<br />
types in 2019 costing businesses $132<br />
million, according to the ACCC’s Targeting<br />
Scams report.<br />
Scamwatch alone received almost 6,000<br />
reports from businesses in 2019 with $5.3<br />
million in reported losses. False billing was<br />
the most commonly reported type of scam<br />
which includes BEC scams. 13<br />
WHAT ARE THE RISKS AND<br />
CONSEQUENCES FOR LAWYERS IF A<br />
CYBER-ATTACK OCCURS?<br />
Practitioners must realise the integral<br />
role played by technology in the legal<br />
profession and the consequences for<br />
practitioners when a cyber-attack occurs.<br />
Practitioners store and use personal<br />
and commercially sensitive information<br />
about their clients. If a law firm is the<br />
victim of a cyber-attack the consequences<br />
can be overwhelming for both the clients<br />
and the practice itself. Overall, failing to<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 7
CYBER ATTACKS<br />
be cautious of the risks and incorporating<br />
the use of technology into everyday<br />
practice could ultimately result in a<br />
breach of conduct and/or a practitioners’<br />
obligations.<br />
For example, a cyber-attack may<br />
amount to breach of the South Australian<br />
Legal Practitioners Conduct Rules (the Rules),<br />
which sets out, amongst other things, that<br />
one of the fundamental duties of legal<br />
practitioners is to deliver legal services<br />
competently, diligently and as promptly<br />
as reasonably possible, and to ensure they<br />
avoid any compromise to their integrity<br />
and professional independence. 14 The<br />
Rules also require practitioners to ensure<br />
that they do not disclose any information<br />
which is confidential to a client and is<br />
acquired during the client’s engagement. 15<br />
The bottom line: as a practitioner, you<br />
are responsible for keeping your client’s<br />
information safe.<br />
Even if sensitive information isn’t<br />
impacted during a cyber-attack, the<br />
consequences of an attack could affect<br />
the ongoing operations of the firm. For<br />
example, a major law firm was attacked<br />
by through a malware system, which<br />
compromised its operations for days.<br />
The firm had limited to no access to its<br />
computers or emails. It was recorded<br />
that the firm had to spend approximately<br />
15,000 hours in overtime for its IT<br />
employees to address the issues. 16<br />
SO, HOW CAN YOU AVOID A CYBER-<br />
ATTACK?<br />
Practitioners should always be vigilant<br />
with their communications and use of<br />
technology, including computers and<br />
mobiles. Here are some tips prepared by<br />
the Australian Cyber Security Centre 17 and<br />
8<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
the Law Society 18 on how to reduce the<br />
risk of a cyber-attack:<br />
• Do not open any attachments or click<br />
on any links arising from emails where<br />
the sender is unknown. These links<br />
may redirect to a file or a malicious<br />
login page which can control your<br />
computer or capture your login details.<br />
• Before you click a link (in an email<br />
or on social media, instant messages,<br />
other web pages, or other means),<br />
hover over that link to see the actual<br />
web address it will take you to (usually<br />
shown at the bottom of the browser<br />
window). If you do not recognise or<br />
trust the address, try searching for<br />
relevant key terms in a web browser.<br />
This way you can find the article, video<br />
or web page without directly clicking<br />
on the suspicious link.<br />
• Even if the sender appears to be/<br />
or is known, it is prudent to check<br />
with the sender confirming the<br />
email is genuine. Targeted attacks by<br />
professional computer hackers can<br />
easily masquerade and camouflage<br />
their emails to appear genuine. Emailed<br />
directions with respect to money and<br />
trust transactions should always be<br />
confirmed verbally.<br />
• If you’re not sure, talk through the<br />
suspicious message with a co-worker,<br />
or check its legitimacy by contacting<br />
the relevant business or organisation<br />
(using contact details sourced from the<br />
official company website).<br />
• Install anti-virus software on all<br />
devices and set it to automatically apply<br />
updates and conduct regular scans.<br />
• Account details for payment should<br />
always be provided verbally, or via<br />
a written document such as a bill<br />
or retainer letter, and should not be<br />
included in the body of an email. Such<br />
details can be easily modified through<br />
cyber-attack techniques. If the bill<br />
or retainer letter containing the bank<br />
details is sent via email, it should be<br />
done so using the proper encryption<br />
software to ensure that third parties<br />
cannot gain access.<br />
• Educate your clients about cyberattacks<br />
and advise them to contact<br />
you immediately if they receive any<br />
in-genuine, weird or fake emails.<br />
Such emails may take the form of a<br />
request to pay money, receive details,<br />
or upload/downloading files. If you<br />
become aware of such activity, you<br />
should advise the client to refrain from<br />
opening any further emails.<br />
• Have sufficient cyber-crime insurance<br />
schemes in place.<br />
• Implement a cyber-attack procedure<br />
and plan for typical and worst-case<br />
scenarios.<br />
The Australian Cyber Security Centre<br />
has also developed the ‘essential eight’<br />
mitigation strategies to help avoid cyber<br />
security incidents. 19 In summary, the<br />
mitigation strategies suggest:<br />
• Application Whitelisting: The<br />
practice of specifying a list of<br />
approved software applications or<br />
executable files that are permitted to<br />
be present and active on a computer<br />
system.<br />
• Patch Applications: Application<br />
patch management is the process<br />
of testing, acquiring, and installing<br />
patches (code changes) on computer<br />
systems to avoid vulnerabilities.<br />
• User Application Hardening:<br />
Disable any unnecessary applications
Calls to the Australian Cyber Security<br />
Hotline in 2021 increased by almost<br />
310% from the previous year.<br />
Professional services are among<br />
the top 3 sectors reporting cyber<br />
security incidents in 2021<br />
ACSC Annual Cyber Threat Report<br />
The legal profession is often targeted for the sensitive client data they hold.<br />
It is no longer a matter of if but when your organisation will be subject to a<br />
cyber intrusion attempt. With the onset of the Covid-19 global pandemic and<br />
the increasing shift to flexible workplace arrangements many organisations are<br />
inadvertently leaving themselves vulnerable to a cyber incident.<br />
Do you have the security in place to combat such a threat?<br />
Contact one of our security experts today for an obligation free discussion about<br />
your network security.<br />
Mention this ad and receive a complimentary dark web scan of your domain,<br />
usernames and passwords and an external vulnerability report of your primary site.<br />
since 1999<br />
empower | connect | protect<br />
Lettscom was established in Adelaide in 1999 and<br />
remains proudly South Australian owned and operated.<br />
Supporting businesses on a local, national, and global<br />
level for 23 years.<br />
Call: 08 8177 5600<br />
Email: security@lettscom.com.au<br />
Web: lettscom.com.au
CYBER ATTACKS<br />
and features that are likely to increase<br />
risks (Such as Java, Office Suite Macro<br />
Scripts, etc).<br />
• Restrict Administrative Privileges:<br />
Restrict access to administrative<br />
accounts and operating systems based<br />
on user duties. Re-validate access to<br />
systems regularly.<br />
• Multi-Factor Authentication: Multifactor<br />
authentication (MFA) is a security<br />
measure that requires two or more<br />
proofs of identity to grant you access.<br />
• Maintain Daily Backups: Undertaking<br />
daily backups of your system to ensure<br />
a copy of all of the data is saved in the<br />
event of a data breach.<br />
YOU’VE HAD A CYBER-ATTACK, WHAT DO<br />
YOU NEED TO DO?<br />
If your cyber-attack has potentially led<br />
to sensitive and confidential information<br />
being stolen, destroyed, and/or altered,<br />
it is important the breach is reported<br />
through the appropriate channels.<br />
Remember, even in circumstances<br />
where information may not have been<br />
impacted in some way, practitioners<br />
should report a cyber-attack, Practitioners<br />
should consider whether to report to the<br />
following entities:<br />
• South Australian Police<br />
• Australian Cybercrime Online<br />
Reporting Network<br />
• The South Australian Law Society<br />
• Scam Watch<br />
• Consumer & Business Services<br />
Further, if the cyber-attack has resulted<br />
in a data breach (meaning when personal<br />
information is accessed or disclosed<br />
without authorisation or alternatively<br />
is lost), then under the Notifiable Data<br />
Breaches scheme, an organisation or<br />
agency that must comply with Australian<br />
privacy law has to tell the affected party<br />
if a data breach is likely to cause them<br />
serious harm. 20<br />
An organisation or agency who has<br />
existing obligations under the Privacy Act<br />
must also report any serious data breach to<br />
the Office of the Australian Information<br />
Commissioner.<br />
This includes Australian Government<br />
10<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
agencies, businesses and not-for profit<br />
organisations that have an annual turnover<br />
of more than AU$3 million, private sector<br />
health service providers, credit reporting<br />
bodies, credit providers, entities that<br />
trade in personal information and tax file<br />
number (TFN) recipients. 21<br />
Generally, an organisation or agency<br />
(which has an obligation under the Privacy<br />
Act to report) has 30 days to assess<br />
whether a data breach is likely to result in<br />
serious harm. 22<br />
When a data breach occurs, an<br />
organisation or agency must endeavour<br />
to reduce the chance that an individual<br />
experiences harm. If they’re successful,<br />
and the data breach is not likely to result<br />
in serious harm, the organisation or agency<br />
is not obligated to advise the individual<br />
about the data breach.<br />
Should we apply this approach<br />
to the concept of maintaining client<br />
confidentiality – i.e., take it a step further<br />
and notify the party whose confidentiality<br />
has been breached as soon as practicable?<br />
Some would say yes, and indeed many law<br />
firms are erring on the side of caution and<br />
creating internal policies dealing with this<br />
very issue.<br />
For example, sending an email to the<br />
wrong recipient is all too easily done. It<br />
may be prudent to set up internal firm<br />
policy (as indicated above) providing some<br />
guidance around how individuals in the<br />
firm should respond to such an error. A<br />
simple step by step process may look like:<br />
• Contact the unintended recipient<br />
immediately and request that they<br />
destroy the email; and<br />
• Contact the affected individual whose<br />
confidentiality has been breached<br />
and explain the situation, including<br />
if applicable confirmation that the<br />
content has been destroyed by the<br />
unintended recipient.<br />
WHAT ARE SOME OTHER BENEFITS FOR<br />
BEING “TECH-SAVVY”?<br />
Being “tech-savvy” is not just important<br />
to avoid the risk of a cyber-attack.<br />
Practitioners ought to frequently turn their<br />
minds to the vast array of technology<br />
available to them and query how they can<br />
utilise it in their everyday practice for the<br />
ultimate benefit of their clients’.<br />
Embracing technology and the law<br />
can result in quicker more cost-effective<br />
communication, security and freedoms to<br />
work outside of the four walls of the office.<br />
For example, we have long embraced<br />
the use of email communications with<br />
clients (and others) as a main type of<br />
communication in practice. Emails enable<br />
effective and fast communications.<br />
Today, the majority of practitioners will<br />
often communicate through email more<br />
than utilise phone calls. Not only are we<br />
communicating through emails, we are<br />
creating a written record at the same time.<br />
Technology surrounding security<br />
measures (such as firewalls and other<br />
protection software) allow businesses<br />
such as law firms to protect and maintain<br />
client confidentiality as well as protect<br />
transactions surrounding trust monies<br />
and associated transactions.<br />
The use of cloud storage and<br />
document management systems (if used<br />
safely), can streamline significant tasks<br />
such as electronic discovery (eDiscovery).<br />
eDiscovery systems will often allow firms<br />
to create ‘shortcuts’ to streamline the review<br />
of documents. For example, eDiscovery<br />
systems provide tools to analyse documents<br />
to reduce the overall volume to be reviewed<br />
and/or discovered. Most systems, amongst<br />
other things, offer duplicate detection to<br />
group textually similar documents together<br />
to help the review process more efficient.<br />
Digital technology also enables us to<br />
practice the law outside of the traditional<br />
office environment which is increasingly<br />
relevant in our post COVID-19 world.<br />
Through virtual meetings and negotiations<br />
to video court appearances, being able to<br />
adopt to these modern practices can only<br />
serve to benefit a practitioner (and their<br />
clients). The flexibility to practice from any<br />
location is priceless, but we must ensure<br />
that appropriate measures are put in place<br />
to maintain cyber security. Having an<br />
understanding of the risks and identifying<br />
how to mitigate those is a good starting<br />
point. B
CYBER ATTACKS<br />
Endnotes<br />
1 ‘Personal details of up to 80,000 SA government<br />
employees accessed in cyber attack,’ Stacey<br />
Pestrin and Eugene Boisvert (10 December<br />
2021) https://www.abc.net.au/news/2021-12-<br />
10/thousands-of-sa-government-employeesaffected-by-cyber-attack/100690564<br />
2 Canva criticised after data breach exposed 139m<br />
user details, Paul Smith (26 May 2019) https://<br />
www.afr.com/technology/canva-criticised-<br />
after-data-breach-exposed-139m-user-details-<br />
20190526-p51r8i<br />
3 Australian Cyber Security Centre, Common cyber<br />
threats, (accessed: 25 February <strong>2022</strong>), https://<br />
www.cyber.gov.au/acsc/view-all-content/ism<br />
4 Ibid.<br />
5 ‘What is a cyber-attack?’, IBM https://www.ibm.<br />
com/au-en/topics/cyber-attack (accessed:<br />
25 February <strong>2022</strong>).<br />
6 Above n3.<br />
7 Ibid; ‘What is phishing? How this cyber attack<br />
works and how to prevent it’, Josh Fruhlinger<br />
(4 September 2020), https://www.csoonline.<br />
com/article/2117843/what-is-phishing-howthis-cyber-attack-works-and-how-to-prevent-it.<br />
html<br />
8 ‘What is Spear Phishing?’, Kasperksy, (Accessed:<br />
24 February <strong>2022</strong>), https://www.kaspersky.com.<br />
au/resource-center/definitions/spear-phishing<br />
9 Ibid.<br />
10 ‘How Spear Phishing Makes BEC Attacks So<br />
Effective’, The PhishLabs Team, (2 August 2019)<br />
https://www.phishlabs.com/blog/how-spearphishing-makes-bec-attacks-so-effective/<br />
11 ‘What is malware?’, Joseph Regan & Ivan Belcic,<br />
(15 February <strong>2022</strong>) https://www.avg.com/en/<br />
signal/what-is-malware<br />
12 Australian Cyber Security Centre, Business Email<br />
Compromise, https://www.cyber.gov.au/learn/<br />
threats/business-email-compromise<br />
13 ACCC Scamwatch, Business email compromise<br />
scams cost Australians $132 million, (23 June 2020),<br />
https://www.scamwatch.gov.au/news-alerts/<br />
business-email-compromise-scams-costaustralians-132-million<br />
14 South Australian Legal Practitioners Conduct Rules,<br />
rule 4.1.3.<br />
15 Ibid, rule 9.<br />
16 Law Protect, What are the main cyber risks for lawyers<br />
today? https://lawprotect.com.au/what-arecyber-risks-for-lawyers-today/<br />
17 Above n3.<br />
18 The Law Society of South Australia, Cyber<br />
Security, https://www.lawsocietysa.asn.au/Public/<br />
Publications/Resources/CyberSecurity.aspx<br />
19 Australian Cyber Security Centre, Essential<br />
Eight Maturity Model, (October 2021) https://<br />
www.cyber.gov.au/acsc/view-all-content/<br />
publications/essential-eight-maturity-model<br />
20 Australian Government Office of the Australian<br />
Information Commissioner, What is a notifiable<br />
data breach?, https://www.oaic.gov.au/privacy/<br />
data-breaches/what-is-a-notifiable-data-breach<br />
21 Australian Government Office of the Australian<br />
Information Commissioner, Notifiable Data Breach<br />
Scheme (February <strong>2022</strong>), https://www.oaic.gov.<br />
au/privacy/guidance-and-advice/data-breachpreparation-and-response/part-4-notifiabledata-breach-ndb-scheme#:~:text=The<br />
Privacy<br />
Act requires certain,or after 22 February 2018.or<br />
after 22 February 2018.”<br />
22 Ibid.<br />
TECHNOLOGY MANAGED<br />
Is your business cyber-secure?<br />
Your cyber-security posture needs to be strong if you want to remain protected and<br />
operational. We’re well versed in data protection and can support your business with<br />
cyber-security built into a technology solution that works for your business.<br />
Quickly minimize your cyber-risk<br />
One provider for all your technology needs<br />
Affordable and scalable solutions<br />
Abrahem El-Sayed - Technology Sales Manager<br />
0423 868 560 abrahem.elsayed@efex.com.au<br />
GET A<br />
FREE<br />
ASSESSMENT<br />
THINKEX HOLDINGS PTY LTD ABN 28 625 658 568
FEATURE<br />
FACIAL RECOGNITION TECHNOLOGY<br />
AND THE LAW: ARE EXISTING<br />
PRIVACY AND SURVEILLANCE<br />
LAWS FIT FOR PURPOSE?<br />
CAITLIN SURMAN, SENIOR ASSOCIATE, HWL EBSWORTH<br />
Over the past few years, the<br />
development and use of Facial<br />
Recognition Technology (FRT) throughout<br />
Australia has grown exponentially but has<br />
been accompanied by widespread concerns<br />
about the capacity of existing legislative<br />
frameworks to regulate it appropriately,<br />
as well as a lack of specific legislation<br />
regulating its use.<br />
While lawmakers grapple with what that<br />
new legislative framework might look like,<br />
this article considers how Australia’s existing<br />
privacy and surveillance laws deal with FRT,<br />
including whether those laws adequately<br />
safeguard the use of FRT, and options for<br />
future reforms to these frameworks.<br />
WHAT IS FRT AND HOW IS IT USED?<br />
FRT involves the automated<br />
extraction, digitisation and comparison<br />
of spatial and geometric distribution of<br />
facial features. Using an algorithm, FRT<br />
compares an image of a face with an<br />
image stored in a database, in order to<br />
identify a match. 1<br />
FRT is deployed in two main ways,<br />
being:<br />
1. ‘one-to-one’ FRT, which is used to<br />
verify the identity of an individual by<br />
checking one image against a single,<br />
respective image to determine if they<br />
are the same person. 2 It is often utilised<br />
in a controlled environment where the<br />
lighting is sufficient and the subject is<br />
in an optimal position to facilitate a<br />
successful comparison, 3 and its most<br />
common application is unlocking a<br />
smartphone;<br />
2. ‘one-to-many’, which is used to identify<br />
an unknown individual by comparing a<br />
select image against a large database; 4<br />
12<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
This article focuses on ‘one-to-many’<br />
FRT, which seeks to match a single facial<br />
image with a different facial image of<br />
the same individual that has been stored<br />
in a large database. It therefore relies<br />
on a much larger dataset to conduct a<br />
comparison, whilst the facial image being<br />
compared against the dataset is often taken<br />
from ‘the wild’ (eg CCTV surveillance) and<br />
is of lower quality. 5 As a result, identifying<br />
a person using ‘one-to-many’ FRT is more<br />
difficult and prone to false matches and<br />
misidentification. 6<br />
In Australia, FRT is often used by<br />
banks and telecommunications companies<br />
for identity verification purposes, 7 and is<br />
used extensively by immigration authorities<br />
to verify the identity of passport holders<br />
at international borders/airports, as well as<br />
by law enforcement agencies throughout<br />
Australia for crime prevention and suspect<br />
identification purposes. Locally, SAPOL<br />
fully implemented its own FRT system<br />
(called ‘NEC NeoFace system’) in the<br />
Adelaide CBD in 2019, which integrates<br />
FRT with CCTV, ATM, and some social<br />
media footage. 8 In November 2021, the<br />
Adelaide City Council announced plans<br />
to roll out an updated City Safe CCTV<br />
Network that will involve the introduction<br />
of facial and number plate recognition. 9<br />
EXISTING SURVEILLANCE LAWS<br />
Application to FRT<br />
There is no Commonwealth legislation<br />
that regulates the use of surveillance<br />
devices. 10 Instead, this is currently<br />
governed by state and territory legislation.<br />
The relevant piece of legislation in South<br />
Australia is the Surveillance Devices Act 2016<br />
(SA) (SDA).<br />
The SDA prohibits:<br />
1. the knowing installation, use<br />
or maintenance of an ‘optical<br />
surveillance device’ 11 by a person on<br />
a ‘premises’ 12 that visually records or<br />
observes a ‘private activity’ without<br />
the express or implied consent of all<br />
the key parties; 13 and<br />
2. the knowing use, communication or<br />
publication of information or material<br />
derived from the use of an optical<br />
surveillance device. 14<br />
The regulation of an optical surveillance<br />
device under the SDA is linked to the<br />
concept of a ‘private activity’, meaning an<br />
activity carried on in circumstances that may<br />
reasonably be taken to indicate that one or<br />
all of the parties do not want the activity to<br />
be observed by others. 15 Accordingly, the<br />
SDA might prohibit FRT in circumstances<br />
where it is used for covert optical<br />
surveillance (unless an exception applies).<br />
The definition of ‘private activity’<br />
excludes activities carried on in a public<br />
place. 16 Accordingly, public authorities<br />
can use devices with FRT to monitor the<br />
activities of the general public in public<br />
spaces, or semi-public spaces, without<br />
breaching the SDA.<br />
Even if a person or government<br />
authority is prohibited from using a device<br />
to monitor FRT by the SDA, section 5(4)<br />
of the SDA sets out several exceptions to<br />
the general rule. These exceptions include<br />
where the use of the optical surveillance<br />
device is reasonably necessary for the<br />
protection of the ‘lawful interests’ of<br />
that person, or if the use of the device<br />
is in connection with the execution<br />
of a ‘surveillance device warrant’ or<br />
‘surveillance device (emergency) authority’.
Transparent IT<br />
Support and<br />
Managed Services<br />
that deliver peace<br />
of mind.<br />
At Inter Intra, we are at war with business<br />
disruption. We act as your sentinel by providing<br />
transparent IT support through managed<br />
services, giving you peace of mind to focus on<br />
future-proofing and growing your business.<br />
Your business is only as good as the IT<br />
infrastructure that supports it. Set your business<br />
up with the right technology foundations to<br />
guarantee success and prosperity.<br />
• Years of experience supporting<br />
the legal sector with their IT<br />
infrastructure needs, and line of<br />
business applications.<br />
• Essential 8 Cyber benchmarking<br />
• IT Managed Services<br />
• Trusted local IT partner, for many<br />
SA based companies<br />
Are you ready to start your<br />
IT Support journey?<br />
Running your business is enough of a challenge these<br />
days. Don’t let managing your IT infrastructure become a<br />
burden. At Inter Intra, we set your business up with the right<br />
technology foundations to guarantee success in the future.<br />
Give us a call today for a free consultation.<br />
Phone<br />
1300 080 000<br />
(+61) 1300 080 000 (International inquires)<br />
Address<br />
Level 17 45 Grenfell Street,<br />
Adelaide 5000<br />
www.interintra.com.au<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 13
FEATURE<br />
The term ‘lawful interest’ is not<br />
defined by the SDA but the concept was<br />
given judicial consideration in Nanosecond<br />
Corporation Pty Ltd v Glen Carron Pty Ltd<br />
(2018) 132 SASR 63 (Nanosecond) where<br />
Doyle J held that the recording of a private<br />
conversation ‘just in case’ it might prove<br />
advantageous in future civil litigation is not<br />
enough for the purpose of establishing a<br />
lawful interest. The Court is more likely<br />
to find that a recording has been made<br />
in the protection of a person’s lawful<br />
interests where the conversation relates to<br />
an allegation of a serious crime or resisting<br />
such an allegation, or where a dispute has<br />
‘crystallised into a real and identifiable<br />
concern about the imminent potential for<br />
significant harm to the commercial or legal<br />
interests of a person. 17 Whilst Nanosecond<br />
concerned the use of a listening device,<br />
the same principles arguably apply to<br />
the recording of a private activity via an<br />
optical surveillance device with FRT.<br />
A further exception is contained in<br />
section 6(2) of the SDA, which provides<br />
that the prohibition on the use of an<br />
optical surveillance device does not apply<br />
if the use of the device is in the ‘public<br />
interest’. The term ‘public interest’ is not<br />
defined by the SDA. 18<br />
EXISTING PRIVACY LAWS<br />
Application to FRT<br />
Although the thirteen Australian<br />
Privacy Principles (APPs) in Schedule<br />
1 to the Privacy Act 1988 (Cth) (Privacy<br />
Act) are intended to be technology neutral<br />
14<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
so as to preserve their relevance and<br />
applicability to changing technologies, 19<br />
questions remain as to whether the APPs<br />
and Privacy Act sufficiently protect privacy<br />
where FRT is deployed.<br />
Australian privacy law treats biometric<br />
information as personal information. 20 In<br />
particular, ‘Biometric information’ that is<br />
to be used for the purpose of ‘automated<br />
biometric verification’ or ‘biometric<br />
identification’, or ‘biometric templates’,<br />
is a type of ‘sensitive information’ for the<br />
purposes of the Privacy Act 1988 (Cth) and<br />
Australian Privacy Principles. 21<br />
‘Biometric information’ is not defined<br />
by the Privacy Act or APPs, but it is<br />
generally regarded as being information<br />
that relates to a person’s physiological<br />
or biological characteristics that are<br />
persistent and unique to the individual<br />
(including their facial features, iris or hand<br />
geometry), 22 and which can therefore be<br />
used to validate their identity. 23<br />
The terms ‘automated biometric<br />
verification’ or ‘biometric identification’<br />
are not defined by the Privacy Act or the<br />
APPs either. However, the Biometrics<br />
Institute defines ‘biometrics’ as<br />
encompassing a variety of technologies in<br />
which unique attributes of people are used<br />
for identification and authentication, 24<br />
while the OAIC (Office of the Australian<br />
Information Commissioner) has indicated<br />
(in effect) that a technology will be<br />
‘automated’ if it is based on an algorithm<br />
developed through machine learning<br />
technology. 25<br />
A ‘biometric template’ is a<br />
mathematical or digital representation of<br />
an individual’s biometric information. 26<br />
Machine learning algorithms then use the<br />
biometric template to match it with other<br />
biometric information for verification or<br />
identification purposes. 27<br />
Given the breadth of the definitions<br />
of ‘biometric information’, ‘automatic<br />
biometric verification’, ‘biometric<br />
identification’ and ‘biometric template’,<br />
the majority of biometric information<br />
captured by FRT is likely to fall within the<br />
protections of the Privacy Act and APPs,<br />
and the safeguards contained in Privacy<br />
Act and APPs will therefore apply to any<br />
biometric information collected by any<br />
FRT deployed by an ‘APP entity’. 28<br />
Current Safeguards<br />
As a form of ‘sensitive information’,<br />
biometric information is afforded a<br />
higher level of privacy protection under<br />
the Privacy Act and APPs than other<br />
personal information in recognition<br />
that its mishandling can have adverse<br />
consequences for an individual, 29 meaning<br />
that an APP entity that collects and uses<br />
a person’s biometric information via FRT<br />
must adhere to stricter requirements.<br />
Consent<br />
The key requirements are contained<br />
in APP 3, which (in effect) provides that<br />
an APP entity may only solicit and collect<br />
a person’s biometric information if the<br />
information is reasonably necessary for<br />
one or more of the APP entity’s functions
Boost your bottom-line<br />
Collaborative cloud matter management with Microsoft Office and<br />
Outlook integration, automate workflow and documents, manage<br />
emails, tasks, and calendars in one place.<br />
Book a demonstration at www.cabenet.com.au
FEATURE<br />
or activities, 30 the biometric information<br />
has been collected by ‘lawful and fair<br />
means’, 31 and the person consents to the<br />
collection of their biometric information<br />
(unless an exception applies). 32<br />
Consent for the purpose of the<br />
Privacy Act and APPs can be either<br />
‘express consent’ or ‘implied consent’. 33<br />
As a general rule, an APP entity should<br />
seek express consent to the collection of<br />
sensitive information (including biometric<br />
information) as the potential privacy<br />
impact is greater. 34 In either case, however,<br />
an individual must be adequately informed<br />
before giving consent. 35<br />
The Privacy Act and APPs contain five<br />
exceptions to the requirement for an APP<br />
entity to obtain a person’s consent prior to<br />
collecting sensitive information (including<br />
biometric information). 36 The exceptions<br />
are broad and include:<br />
1. where it is unreasonable or<br />
impracticable to obtain a person’s<br />
consent to the collection, and the APP<br />
entity reasonably believes the collection<br />
is necessary to lessen or prevent a<br />
serious threat to the life, health or<br />
safety of any individual, or to public<br />
health or safety; 37<br />
2. where the APP entity has reason<br />
to suspect that unlawful activity, or<br />
misconduct of a serious nature, that<br />
relates to the APP entity’s functions or<br />
activities has been, is being, or may be<br />
engaged in and reasonably believes that<br />
the collection is necessary in order for<br />
the entity to take appropriate action in<br />
relation to the matter; and 38<br />
3. where an ‘enforcement body’ 39<br />
reasonably believes that collecting the<br />
information is reasonably necessary<br />
for, or directly related to, one or more<br />
of the body’s functions or activities. 40<br />
Use & Disclosure of Biometric information<br />
As a type of sensitive information,<br />
special requirements also apply to the use<br />
and disclosure of biometric information<br />
after it has been collected via FRT. APP6<br />
provides that an APP entity can only<br />
use or disclose biometric information<br />
for the original/primary purpose for<br />
which it was collected. For example, if a<br />
company collects the image of a person’s<br />
face for the purpose of unlocking their<br />
smartphone, the company would not<br />
(without consent) be permitted to use the<br />
individual’s face for an unrelated purpose,<br />
such as to build a database of people<br />
16<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
whose information could then be sold to<br />
a third party for marketing purposes. 41<br />
Biometric information can only be<br />
used or disclosed for a secondary purpose<br />
if an exception contained in APP 6.1<br />
applies. Those exceptions include where<br />
the individual has consented to that<br />
secondary use or disclosure, 42 or where an<br />
individual would ‘reasonably expect’ 43 the<br />
entity to use or disclose the information<br />
for that secondary purpose and the<br />
secondary purpose is directly related 44 to<br />
the primary purpose of collection. There<br />
are also specific exceptions which enable<br />
an APP entity to share a person’s personal<br />
information (including their biometric<br />
information) with enforcement bodies. 45<br />
CONCERNS WITH EXISTING LAWS<br />
Concerns with surveillance laws<br />
Given how broad the legislated<br />
exceptions are, concerns have arisen that<br />
relying on these exceptions to justify<br />
the use of devices integrating FRT<br />
disproportionately affects a person’s<br />
privacy. The decision in Nanosecond curtails<br />
any such invasion to a limited extent by<br />
ensuring that the ‘lawful interest’ exception<br />
cannot be relied on to use FRT to visually<br />
monitor a person in anticipation that they<br />
might do something that might impinge<br />
upon a person’s lawful interest. However,<br />
more clear statutory limits as to what<br />
constitutes a ‘lawful interest’ would be<br />
helpful while the case law evolves.<br />
Similarly, a key concern raised in respect<br />
of FRT and the public interest exception<br />
is that its widespread use in public places<br />
is not necessary or proportionate to a goal<br />
of crime prevention or public safety, and<br />
that the use of FRT therefore improperly<br />
invades a person’s privacy. 46 Options to<br />
prevent any unnecessary incursions on a<br />
person’s privacy could include to require<br />
that the optical surveillance be ‘reasonably<br />
necessary’ to protect the public interest, and<br />
to introduce a list of non-exclusive statutory<br />
considerations that must be taken into<br />
account when undertaking that assessment.<br />
Concerns with privacy laws<br />
Scope<br />
The Privacy Act and APPs are federal<br />
laws that only apply to organisations and<br />
agencies deploying FRT that fall within<br />
the definition of an ‘APP entity’. The<br />
definition of an ‘APP entity’ does not<br />
include state and territory authorities or<br />
agencies, or organisations with an annual<br />
turnover of less than $3 million. 47 Whilst<br />
some jurisdictions have their own specific<br />
privacy legislation that steps in to help<br />
safeguard a person’s privacy where FRT is<br />
used, there are other jurisdictions where<br />
no specific privacy legislation exists at all<br />
(including South Australia).<br />
In South Australia, the State public<br />
sector is required to comply with South<br />
Australian Information Privacy Principles<br />
(IPPs). 48 However, the IPPs do not extend<br />
to biometric information, and there is no<br />
other legal framework which holds those<br />
agencies, authorities and organisations that<br />
fall outside the scope of the Privacy Act<br />
and APPs to account in SA.<br />
No true consent<br />
In the past year, the OAIC has issued<br />
two rulings in which it determined that<br />
the collection of biometric information by<br />
two separate companies (Clearview AI 49<br />
and 7Eleven 50 ) contravened the consent<br />
requirements of the Privacy Act and<br />
APPs, demonstrating that whilst the OAIC<br />
is conscious of the privacy issues posed by<br />
FRT, the consent model under the current<br />
privacy regime is ill-equipped for FRT.<br />
The Privacy Act and APPs strictly<br />
require that APP entities collecting<br />
biometric information via FRT should<br />
obtain express consent, but the nature<br />
of FRT means that it is not practical (or<br />
often possible) to obtain true, express<br />
consent from individuals whose biometric<br />
information might be captured by FRT.<br />
Whilst obtaining express consent is<br />
arguably more realistic where ‘one-toone’<br />
FRT is being utilised for a specific<br />
purpose in a controlled environment, it<br />
is hard to imagine a scenario where an<br />
APP entity deploying ‘one-to-many’ FRT<br />
would (or could) take steps to obtain<br />
express consent from every person<br />
whose biometric information they might<br />
capture. Accordingly, an APP entity that<br />
deploys FRT will usually need to infer a<br />
person’s consent to the collection of their<br />
biometric information by FRT.<br />
Even though inferred consent is an<br />
option, it is difficult for APP entities<br />
deploying FRT to provide people<br />
with enough information about how<br />
FRT collects and uses their biometric<br />
information before FRT captures their<br />
image. This means that most people<br />
captured by FRT will not have been<br />
properly informed about what they were
FEATURE<br />
consenting to. Further, an individual will<br />
not often have the ability to refuse to<br />
provide their consent to the use of FRT,<br />
and may feel compelled to provide it due<br />
to the inconvenience of not doing so, or<br />
due to their lack of bargaining power. For<br />
example, although 7Eleven displayed a<br />
notice at the entrance to its stores to alert<br />
customers that they would be subject to<br />
FRT when they entered the store, 51 and<br />
sought to a infer that any customer who<br />
then chose to enter the store has provided<br />
consent, it is arguable that the customer<br />
had no choice (particularly if there were no<br />
convenient alternatives available to them).<br />
Breadth of exceptions<br />
Another criticism levelled at the Privacy<br />
Act and APPs is that the exemptions to the<br />
consent requirements of APP 3, and the<br />
single purpose requirement of APP6, are<br />
too broad and do not sufficiently protect<br />
people against invasions of privacy. The<br />
exemptions provided for in the Privacy<br />
Act which allow for the collection and<br />
use/disclosure of sensitive information<br />
(including biometric information) without<br />
consent have been made on the basis of<br />
balancing individual interests against those<br />
of collective security. 52 However, this<br />
balancing approach has arguably resulted<br />
in individual privacy being ‘traded off ’<br />
against the wider community interests<br />
of preventing, detecting and prosecuting<br />
crime’. 53<br />
WHERE TO FROM HERE?<br />
The issues identified in this article<br />
suggest a review and assessment of<br />
existing privacy and surveillance laws is<br />
needed to address the unique challenges<br />
posed by biometric technologies. It is clear<br />
that while existing privacy and surveillance<br />
laws place a number of safeguards on the<br />
use of FRT in private enterprise, there is<br />
a gap in the regulation of the use of FRT<br />
by government authorities (particularly<br />
in South Australia). This is particularly<br />
concerning when FRT is used by<br />
government authorities to make decisions<br />
that might infringe on an individual’s<br />
human rights in the context of policing<br />
and law enforcement.<br />
In March, 2021, the Australian<br />
Humans Rights Commission released<br />
the Human Rights and Technology Final<br />
Report 2021, which made a number of<br />
recommendations for the regulation of<br />
FRT, including the introduction of tailored<br />
legislation that regulates the use of FRT,<br />
and the introduction of a statutory cause<br />
of action for serious invasions of privacy. 54<br />
These recommendations have been<br />
made at the same time that the privacy<br />
law regime in Australia is undergoing a<br />
comprehensive review. Accordingly, it is<br />
hoped that those reviews can result in the<br />
incorporation of additional, more tailored<br />
safeguards to help balance the benefits<br />
flowing from the use of FRT against its<br />
risks to personal privacy. B<br />
Auctioneers & Valuers<br />
MGS (SA) is South Australia’s most experienced industrial auctioneers and valuers with<br />
over 40 years in the industry. Our expertise is second to none. Servicing Corporate<br />
Australia, Insolvency Practitioners, Legal Professionals, Accountants and Government.<br />
Jack Ruby’s Bar<br />
Providing an unparalleled solution Basement, 89 for King asset William Street, management, Adelaide SA valuations or disposal.<br />
Auctioneers & Valuers of Plant & Equipment for:<br />
• Business Restructuring<br />
• Succession Planning<br />
• Acquisition & Disposal<br />
• Insolvency & Legal Disputes<br />
www.mgs.net.au<br />
Mason Gray Strange Auctions (SA) Pty Ltd |<br />
P 8444 9111 | 370-378 Torrens Road, Kilkenny, SA 5009
FEATURE<br />
Endnotes<br />
1 Monique Mann* And Marcus Smith, ‘Automated<br />
Facial Recognition Technology: Recent<br />
Developments And Approaches To Oversight’<br />
(2017) 40(1) UNSW Law Journal 121, 122.<br />
2 This involves a computer checking whether a<br />
single facial image matches a different facial<br />
image of the same person: Australian Human<br />
Rights Commission, Human Rights and Technology<br />
(Final Report, March 2021) 113.<br />
3 Eifeh Strom, ‘Facing challenges in face<br />
recognition: one-to-one vs. one-to-many’, Asmag<br />
(Web page, 19 September 2016) <br />
4 Philip Brey, ‘Ethical Aspects of Facial Recognition<br />
Systems in Public Places’ (2004) 2 Journal of<br />
Information, Communication and Ethics in Society 97, 98<br />
5 Seth Lazar, Clair Benn and Mario Gunther,<br />
‘Large-scale facial recognition is incompatible<br />
with a free society’, The Conversation (Web page, 10<br />
July 2020)< https://theconversation.com/largescale-facial-recognition-is-incompatible-with-afree-society-126282<br />
6 Australian Human Rights Commission,<br />
Human Rights and Technology (Final Report,<br />
March 2021) 113.<br />
7 Liz Campbell, ‘Why regulating facial recognition<br />
technology is so problematic - and necessary,<br />
The Conversation (Web Page, 26 November 2018)<br />
<br />
8 ‘South Australia Police tap NEC for facial recognition<br />
edge over criminals’, NEC Organisation (Web page,<br />
1 August 2016) .<br />
9 Malcolm Sutton, ‘Facial recognition technology<br />
put on hold in Adelaide amidst privacy concerns’,<br />
ABC News (Web page, 10 November 2021)<br />
<br />
10 Note that the Commonwealth Government<br />
has committed to reforming Australia’s laws<br />
governing electronic surveillance, and recently<br />
released a Discussion Paper “Reform of<br />
Australia’s electronic surveillance framework”<br />
which seeks input in respect of its proposal to<br />
repeal the Telecommunications (Interception and<br />
Access) Act 1979 (TIA Act), Surveillance Devices<br />
Act 2004 and relevant parts of the Australian<br />
Security Intelligence Organisation Act 1979<br />
(ASIO Act), and replace the current patchwork<br />
of laws with a single, streamlined and technology<br />
neutral Act.<br />
11 An “optical surveillance device” means a device<br />
capable of being used to observe or record<br />
visually (whether for still or moving pictures) a<br />
person, place or activity: SDA, s 3. This definition<br />
is arguably wide enough to capture any devices<br />
that integrate FRT for the purpose of capturing<br />
facial images (such as CCTV).<br />
12 “premises” includes land, a building, a part of a<br />
building, and any place (whether built or not).<br />
13 SDA, s 5(1).<br />
14 SDA, s 12(1)<br />
15 SDA, s 3.<br />
16 SDA, s 3. The definition of “private activity” also<br />
excludes activities that can be readily observed<br />
from a public place, and/or an activities carried<br />
on in circumstances where the person ought to<br />
reasonably expect that they may be observed by<br />
another person.<br />
17 Nanosecond, [103] to [105]<br />
18 Queensland Law Reform Commission,<br />
Review of Queensland’s laws relating to civil<br />
surveillance and the protection of privacy<br />
in the context of current and emerging<br />
technologies (Report No. 77, February 2020)<br />
.<br />
23 Types of Biometrics, Biometrics Institute (Web page)<br />
<br />
24 Above n 25.<br />
25 Commissioner initiated investigation into<br />
Clearview AI, Inc. (Privacy) [2021] AICmr<br />
54,[138] (Clearview).<br />
26 International Organization for Standardisation,<br />
Standard ISO/IEC 2382-37: 2017(en), Standard<br />
3.3.22 (Web page, 12 March 2021) < https://<br />
www.iso.org/obp/ui/#iso:std:iso-iec:2382:-37:ed-<br />
2:v1:en>.<br />
27 Clearview, [127]<br />
28 APP Guidelines, Chapter B: Key Concepts [B.2]<br />
to [B.9]; Privacy Act, s 6(1). APP entities generally<br />
include include Australian Government agencies<br />
and any organisation with an annual turnover of<br />
more than $3 million: [<br />
29 APP Guidelines, Chapter B: Key Concepts,<br />
[B.141]<br />
30 APP 3.1 and APP 3.2<br />
31 APP 3.5.<br />
32 APP 3.3.<br />
33 Privacy Act, s 6(1).<br />
34 APP Guidelines, Chapter B: Key Concepts,<br />
[B.41].<br />
35 APP Guidelines Chapter B: Key Concepts, [B.35]<br />
36 The five exceptions are contained at APP 3.4<br />
37 Privacy Act, s 16A(1), Item 1. This is one of the<br />
seven “permitted general situations” provided for<br />
by s 16A.<br />
38 Privacy Act, s 16A(1), Item 2. This is one of the<br />
seven “permitted general situations” provided for<br />
by s 16A.<br />
39 ‘Enforcement body’ is defined in s 6(1) of the<br />
Privacy. It lists of series of specific bodies. The<br />
list includes Commonwealth, State and Territory<br />
bodies that are responsible for policing, criminal<br />
investigations, and administering laws to protect<br />
the public revenue or to impose penalties<br />
or sanctions. Examples of Commonwealth<br />
enforcement bodies are the Australian Federal<br />
Police, Australian Crime Commission, the<br />
Integrity Commissioner, the Immigration<br />
Department, Australian Prudential Regulation<br />
Authority, Australian Securities and Investments<br />
Commission and AUSTRAC.<br />
40 APP 3.4(d)(ii).<br />
41 Australian Human Rights Commission, Human<br />
Rights and Technology (Final Report, March 2021),<br />
112.<br />
42 APP 6.1(a)<br />
43 The ‘reasonably expects’ test is an objective one<br />
that has regard to what a reasonable person,<br />
who is properly informed, would expect in the<br />
circumstances. This is a question of fact in each<br />
individual case. It is the responsibility of the APP<br />
entity to be able to justify its conduct. Examples<br />
of where an individual may reasonably expect<br />
their personal information to be used or disclosed<br />
for a secondary purpose include where the entity<br />
has notified the individual of the particular<br />
secondary purpose under APP 5.1 (see Chapter<br />
5 (APP 5) or the secondary purpose is a normal<br />
internal business practice: APP Guidelines,<br />
Chapter 6:APP6, [6.20].<br />
44 A directly related secondary purpose is one which<br />
is closely associated with the primary purpose,<br />
even if it is not strictly necessary to achieve<br />
that primary purpose: APP Guidelines, Chapter<br />
6:APP6, [6.26].<br />
45 APP 6.2(c), APP 6.2(e) and APP 6.3<br />
46 Australian Human Rights Commission, Human<br />
Rights and Technology (Final Report, March 2021)<br />
114.<br />
47 APP Guidelines, Chapter B: Key Concepts, [B.8];<br />
Privacy Act, s 6(1).<br />
48 Government of South Australia, Department of<br />
the Premier and Cabinet Circular, Information<br />
Privacy Principles Instruction PC012 (Webpage,<br />
16 September 2013) .<br />
49 Commissioner initiated investigation into<br />
Clearview AI, Inc. (Privacy) [2021] AICmr 54<br />
50 Commissioner initiated investigation into<br />
7-Eleven Stores Pty Ltd (Privacy) (Corrigendum<br />
dated 12 October 2021) [2021] AICmr 50<br />
(7Eleven)<br />
51 7Eleven, [89]<br />
52 Above n1, 132.<br />
53 Ibid.<br />
54 in South Australia, the draft Civil Liability (Serious<br />
Invasions of Privacy) Bill 2021 (Privacy Bill) has<br />
been tabled for consideration in Parliament to<br />
establish a new statutory cause of action for<br />
serious invasions of privacy in South Australia,<br />
which is separate and distinct from the Privacy<br />
Act and APPs. The Privacy Bill will enable an<br />
individual to bring civil proceedings against a<br />
person who has invaded their privacy where<br />
there was a reasonable expectation of privacy, the<br />
invasion of privacy was serious and the conduct<br />
was undertaken intentionally. Consultation in<br />
respect of the Privacy Bill is still underway, but<br />
that consultation process will hopefully assist<br />
in identifying how the proposed statutory tort<br />
can be best utilised to address the gaps in the<br />
safeguards provided for in the current privacy<br />
and surveillance laws.<br />
18<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong>
FEATURE<br />
When held to ransom: Legal<br />
implications of ransomware attacks<br />
for legal practitioners and their clients<br />
BROOKE HALL-CARNEY, AMY COOPER-BOAST AND ELIZABETH CARROLL-SHAW, LK LAW<br />
As ransomware attacks accelerate in<br />
scale, frequency and sophistication,<br />
they pose a risk both to legal practitioners<br />
and their clients. It is not only government,<br />
critical infrastructure and large corporates<br />
falling victim: over 60% of Australia’s<br />
small to medium businesses have now<br />
experienced a cybersecurity incident. 1<br />
The professional services sector is emerging<br />
as a ransomware target 2 – perceived as<br />
data-rich and motivated to protect client<br />
confidentiality or privilege. In a quickly<br />
evolving regulatory and threat landscape, it<br />
is critical for practitioners to understand the<br />
legal implications of ransomware incidents<br />
for their practices and for their clients.<br />
THE NATURE OF THE THREAT<br />
Ransomware involves the use of<br />
malicious software to infiltrate and lock<br />
data or systems and demand payment for<br />
their release. Simpler models of attack<br />
involve cybercriminals encrypting files<br />
and demanding payment (typically in<br />
cryptocurrency) for a decryption key.<br />
The past year saw a rise in ‘double’<br />
and ‘triple’ extortions. 3 With ransomware<br />
victims choosing to restore data from<br />
back-ups rather than pay a ransom, or<br />
being unable to pay where uninsured<br />
or under-insured, cybercriminals have<br />
pivoted to exfiltration (covert extraction)<br />
of data. After exfiltration, two ransom<br />
demands follow – the first in exchange<br />
for unlocking the system or data; the<br />
second in exchange for not selling the data<br />
on the dark web, or releasing it publicly.<br />
A third ransom demand may be made<br />
directly to the victim’s clients or suppliers,<br />
whose confidential information was<br />
compromised – or, alternatively, the threat<br />
of compromising clients or suppliers is<br />
used as leverage against the victim.<br />
A market for Ransomware-as-a-Service<br />
(RaaS) has emerged, with developers<br />
offering malware as a product for sale to<br />
hackers for a fee or a commission paid<br />
from the ransom.<br />
PAYING CYBERCRIMINALS<br />
The Australian Cyber Security Centre<br />
(ACSC) is the Federal Government’s lead<br />
agency for cybersecurity. The ACSC’s<br />
position on ransomware payments is<br />
clear: payments are never condoned, do<br />
not guarantee a return of stolen data or<br />
system access, and perpetuate a vicious<br />
circle by funding cybercriminals. Some<br />
organisations adopt a policy to never pay;<br />
for others, where health or safety is put at<br />
risk, payment is more readily justified. A<br />
2021 global survey indicates that of those<br />
attacked, a quarter paid the ransom, with<br />
the average ransom rising by 63% year-onyear.<br />
4 Ransoms are highest in the Asia-<br />
Pacific, averaging US$2.35 million. 5<br />
In practice, a victim’s options when<br />
faced with a ransomware demand are<br />
influenced by complex factors: the<br />
severity of the attack; the sensitivity of<br />
compromised data; the extent to which<br />
data has been exfiltrated; the feasibility,<br />
time and cost of either data restoration<br />
(from back-ups) or decryption; business<br />
continuity; reputational, ethical, financial<br />
and insurance considerations; and the risk<br />
that paying a ransom will attract future<br />
attacks.<br />
Victims must also grapple with the<br />
legality of paying a ransom. Ransomware<br />
payments are not specifically prohibited<br />
under Australian law. A payment could,<br />
however, offend anti-money laundering<br />
and counter-terrorism financing legislation<br />
where a victim holds sufficient knowledge<br />
as to the cybercriminal’s identity and<br />
possible use of the funds. 6 If an illegal<br />
payment was made, a defence may arise<br />
in circumstances of duress, sudden or<br />
extraordinary emergency or self-defence<br />
(of persons or property).<br />
Paying a ransom would also constitute<br />
an offence under Australian law if made<br />
to persons or entities proscribed by UN or<br />
Australian sanctions, or in contravention<br />
of sanction laws. 7 A defence arises<br />
for bodies corporate who prove they<br />
undertook reasonable precautions and<br />
due diligence to avoid a contravention.<br />
WHO TO NOTIFY<br />
Ransomware victims will need<br />
to consider their communications<br />
with affected persons, insurers and<br />
stakeholders. They may be required to<br />
disclose the incident under third party<br />
contracts. A cybercrime police report<br />
can be made via the ACSC.<br />
Various notification regimes also<br />
operate:<br />
• Organisations with an annual turnover<br />
exceeding $3 million (amongst others)<br />
must report ‘eligible data breaches’ and<br />
notify affected individuals under the<br />
Privacy Act 1988 (Cth).<br />
• Responsible entities for specified<br />
critical infrastructure assets will be<br />
required to report cybersecurity<br />
incidents. 8<br />
• Reporting entities under the Anti-Money<br />
Laundering and Counter-Terrorism Financing<br />
Act 2006 (Cth) have suspicious matter<br />
reporting obligations.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 19
FEATURE<br />
• ASX-listed entities should consider<br />
their continuous disclosure obligations.<br />
Disclosure may also be required in an<br />
entity’s financial reports.<br />
• Financial institutions must report<br />
‘material information security<br />
incidents’ under APRA Prudential<br />
Standard CPS 234.<br />
• Mandatory notification schemes<br />
apply in the health, defence, aviation<br />
and maritime transport sectors.<br />
Organisations may be required to liaise<br />
with other sector-specific regulators.<br />
• Australian businesses with international<br />
establishments or activities may have<br />
reporting obligations under foreign<br />
laws and regulations, such as the EU or<br />
UK General Data Protection Regulation.<br />
RANSOMWARE REFORM<br />
Regardless of the outcome of the<br />
Federal election, further ransomware<br />
reform is imminent, with both major<br />
parties releasing competing ransomware<br />
strategies. 9<br />
Two Opposition bills have proposed<br />
mandatory reporting of ransomware<br />
payments. The Federal Government has<br />
foreshadowed mandatory reporting<br />
of ransomware incidents. At the time<br />
of writing, both regimes are proposed<br />
to apply to businesses with an annual<br />
turnover of $10 million or more. 10<br />
On 17 February, <strong>2022</strong>, the Federal<br />
Government introduced the Crimes<br />
Legislation Amendment (Ransomware<br />
Action Plan) Bill <strong>2022</strong> (Cth). This Bill<br />
criminalises ransomware activities, RaaS and<br />
cyber-attacks on critical infrastructure, but<br />
20 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
does not introduce criminal or accessorial<br />
liability for making ransomware payments.<br />
By contrast, the Opposition has called for<br />
regulation of payments through measures<br />
such as government pre-approval. 11<br />
LIABILITY FOR ORGANISATIONS AND<br />
DIRECTORS<br />
A high alert issued by the ACSC in<br />
February, <strong>2022</strong> requested all Australian<br />
organisations to ‘urgently’ adopt an enhanced<br />
cybersecurity posture, as geopolitical<br />
tensions rose with the attack on Ukraine. 12<br />
Businesses may be exposed to ransomware<br />
attacks through their own security lapses or<br />
through supply chain vulnerabilities.<br />
In addition to theft or destruction<br />
of data and physical assets, reputational<br />
damage and financial losses, a ransomware<br />
attack can expose a business to litigation<br />
risk. Claims may be brought by clients<br />
or suppliers whose sensitive data has<br />
been stolen or leaked, or by contractors<br />
impacted by business disruptions.<br />
It is incumbent on organisations to<br />
consider mitigation measures such as:<br />
• Enhanced cybersecurity controls. 13<br />
• Staff education and simulations.<br />
• Contractual protections, such as<br />
cybersecurity requirements for suppliers<br />
and tailored force majeure clauses.<br />
• Multi-disciplinary response and<br />
continuity plans.<br />
• Cyber insurance (noting that it can<br />
be difficult to acquire, expensive and<br />
subject to exclusions and may cede<br />
control to an insurer).<br />
• Secure and regular back-ups and offline<br />
or ‘cold’ storage – key tools in avoiding<br />
many ransomware payments. Back-ups<br />
will not, however, solve the dilemma<br />
of particularly sensitive data under<br />
threat of public release; albeit neither<br />
will be paying the ransom,<br />
with any degree of certainty.<br />
Although it has discussed mandatory<br />
or voluntary cybersecurity governance<br />
standards for large businesses, 14 the<br />
Federal Government has not, to date,<br />
enacted any personal director liability<br />
for inadequate cyber protections.<br />
However, a director’s duty to act with<br />
care, skill and diligence will be breached<br />
by failing to prevent conduct carrying a<br />
foreseeable risk of harm to the interests<br />
of the company. 15 Having regard to the<br />
deteriorating cyber threat environment,<br />
it is increasingly likely that courts will<br />
consider inadequate cybersecurity<br />
measures to pose a foreseeable risk of<br />
harm. ASIC has also recently emphasised<br />
the active role it expects from directors in<br />
managing cyber risk. 16<br />
Last year, ASIC commenced its first<br />
action against an entity for cybersecurity<br />
shortfalls. The entity, which is alleged to<br />
have breached financial services licensee<br />
obligations, experienced ransomware and<br />
other attacks. 17<br />
PITFALLS FOR LEGAL PRACTITIONERS<br />
Perhaps unsurprisingly, the legal<br />
profession is an attractive target for<br />
ransomware due to the valuable and<br />
sensitive nature of information held<br />
on behalf of clients. Most ransomware<br />
attacks in Australia are reported in the<br />
legal, accounting and management services
FEATURE<br />
sector. 18 Ransomware attacks may target<br />
legal practices directly, or may seek to<br />
exploit interdependencies with professional<br />
networks and service providers.<br />
As well as notification obligations<br />
and exposure to loss and liability,<br />
legal practitioners must consider their<br />
professional responsibilities. A failure to<br />
implement appropriate protections may<br />
result in breaches of fiduciary, tortious<br />
and contractual duties to clients; a breach<br />
of the South Australian Legal Practitioners’<br />
Conduct Rules requiring maintenance of<br />
client confidence and competent, diligent<br />
delivery of legal services; and claims of<br />
unsatisfactory professional conduct or<br />
professional misconduct. Any ransomware<br />
payment would also require careful ethical<br />
navigation.<br />
Case examples highlight pitfalls of<br />
ransomware and other cyber-attacks for<br />
lawyers and their clients:<br />
• Law practices should ensure that<br />
important information, such as client<br />
data, retainer agreements and costs<br />
disclosures, is protected and backed-up. 19<br />
• Ransomware attacks can compromise<br />
data relevant to proceedings, causing<br />
evidentiary and discovery issues. 20 This<br />
can lead to loss of evidence, and cost<br />
and difficulties in restoring files (if<br />
restoration is possible). Where litigation<br />
is anticipated or on foot, it is vital to<br />
ensure that relevant documents are<br />
securely backed-up.<br />
• A UK firm’s failure to implement<br />
multi-factor authentication, patches<br />
and encryption, whose sensitive court<br />
bundles were released on the dark web<br />
by ransomware criminals, led to<br />
a £98,000 regulatory penalty. 21<br />
• Legal professional privilege is not an<br />
actionable legal right. It cannot found<br />
an application to claw back or prevent<br />
the use of privileged documents<br />
where they are stolen from a law<br />
firm’s computer system and publicly<br />
disseminated. 22<br />
• The impact of a cyber-attack can be farreaching,<br />
as illustrated by the law firm<br />
subject to the Panama Papers data spill.<br />
The infiltration of Mossack Fonseca’s<br />
systems and release of confidential<br />
documents led to severe reputational<br />
and financial consequences for the firm,<br />
and its closure two years later. B<br />
Endnotes<br />
1 This article is current as at 11 March <strong>2022</strong>.<br />
Cyber Security Industry Advisory Committee,<br />
Locked Out: Tackling Australia’s ransomware threat<br />
(March 2021) p.2.<br />
2 Australian Cyber Security Centre, Annual Cyber<br />
Threat Report 2020 – 2021 (15 September 2021),<br />
p.21, Figure 8.<br />
3 Australian Cyber Security Centre, 2021 Trends<br />
Show Increased Globalized Threat of Ransomware<br />
(10 February <strong>2022</strong>).<br />
4 Crowdstrike, 2021 Global Security Attitude Survey,<br />
p.10.<br />
5 Ibid.<br />
6 Criminal Code Act 1995 (Cth), Criminal Code Part<br />
5.3, Division 103 and Part 10.2, Division 400.<br />
7 Charter of the United Nations Act 1945 (Cth) ss. 21<br />
and 27 and Autonomous Sanctions Act 2011 (Cth)<br />
s.16.<br />
8 Under Part 2B of the Security of Critical<br />
Infrastructure Act 2018 (Cth), once the rules<br />
‘switching on’ these obligations are registered<br />
and a three-month grace period has passed.<br />
9 Department of Home Affairs, Ransomware Action<br />
Plan (October 2021); Federal Labor, Beyond<br />
the Blame Game: Time for a National Ransomware<br />
Strategy (February 2021).<br />
10 See the Opposition’s Ransomware Payments Bill<br />
2021 (Cth) and Ransomware Payments Bill (No<br />
2) 2021 (Cth) and Department of Home Affairs’<br />
medial release, New plan to protect Australians<br />
against ransomware (13 October 2021). The<br />
Opposition’s proposal would additionally apply<br />
to Government entities.<br />
11 Federal Labor, Beyond the Blame Game: Time for<br />
a National Ransomware Strategy (February 2021),<br />
pp.14 – 16.<br />
12 Australian Cyber Security Centre, Australian<br />
organisations should urgently adopt an enhanced cyber<br />
security posture (23 February <strong>2022</strong>; updated 4<br />
March <strong>2022</strong>).<br />
13 This ought to include, as a baseline, the ACSC’s<br />
‘Essential Eight’ strategies: see .<br />
14 Department of Home Affairs, Strengthening<br />
Australia’s cyber security regulations and incentives:<br />
An initiative of Australia’s Cyber Security Strategy<br />
2020 (July 2021); industry consultation closed in<br />
August 2021.<br />
15 ASIC v Cassimatis (2016) 336 A<strong>LR</strong> 209.<br />
16 ASIC Chair Joseph Longo, ‘ASIC’s corporate<br />
governance priorities and the year ahead’ (Speech<br />
delivered at the AICD Australian Governance<br />
Summit, Melbourne Convention Centre, 3 March<br />
<strong>2022</strong>).<br />
17 ASIC v RI Advice Group Pty Ltd [2021] FCA 1193.<br />
18 <br />
Office of the Australian Information<br />
Commissioner, Notifiable Data Breaches Report: July<br />
to December 2021 (22 February <strong>2022</strong>), pp. 23 – 26.<br />
19 Leung v Fordyce (t/a Pmf Legal Trading) [2019]<br />
NSWSC 18.<br />
20 In the matter of Beverage Freight Services Pty Ltd<br />
[2020] NSWSC 509; Cargill Australia Limited v<br />
Viterra Malt Pty Ltd (No. 28) [<strong>2022</strong>] VSC 13.<br />
21 Information Commissioner’s Office (UK),<br />
Monetary Penalty Notice issued under Data<br />
Protection Act 2018 to Tuckers Solicitors LLP (28<br />
February <strong>2022</strong>).<br />
22 Glencore International AG v Commissioner of<br />
Taxation (2019) 265 C<strong>LR</strong> 646.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 21
CLOUD COMPUTING<br />
An analysis of the Law Society of South<br />
Australia’s Cloud Computing Guidelines<br />
MARK FERRARETTO, SOLICITOR, EZRA LEGAL<br />
The Law Society publishes Cloud<br />
Computing Guidelines 1 which quite<br />
rightly guide legal practitioners through<br />
the various risks and issues associated<br />
with adoption of cloud services. What<br />
the Cloud Computing Guidelines neglect<br />
to mention, however, is that these same<br />
risks and issues also apply to on premises<br />
services. When evaluating cloud services,<br />
legal practitioners should evaluate the risk<br />
profile of cloud systems against the risk<br />
profile of adopting (or remaining with) on<br />
premises computer systems.<br />
This article and the next four that follow<br />
it analyse a set of cloud services commonly<br />
used in the legal profession against the<br />
Cloud Computing Guidelines and compares<br />
these services against on premises services.<br />
Before we get under way however, I<br />
should disclose a bias. I am a big fan of<br />
cloud services. The convenience of having<br />
information at your fingertips is simply<br />
too attractive. I constantly demonstrate<br />
to friends and colleagues how I can write<br />
on a tablet and have my writing magically<br />
appear on my desktop and on my phone<br />
at the same time. The accessibility that<br />
cloud services provide can lead to a great<br />
increase in productivity. Cloud services do<br />
pose unique challenges, data sovereignty<br />
and data security being but two. However,<br />
cloud services have evolved significantly<br />
over the last five years, to say nothing of<br />
the last 10 to 15 years. In my view, there<br />
are many contexts where using cloud<br />
services for data storage should now be<br />
considered best practice for law firms.<br />
Thus endeth my declaration of bias.<br />
What We Will Cover<br />
In this first article we’ll give a broad<br />
overview of what lies ahead, and then<br />
explore issues relating to governance of<br />
cloud computing.<br />
Firstly, we will discuss key points from<br />
the Guidelines and then discuss how I<br />
approach the analysis.<br />
The Cloud Computing Guidelines<br />
As I’ve said, the Cloud Computing<br />
Guidelines are drafted with a view to<br />
22 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
guiding practitioners through the evaluation<br />
and adoption of cloud systems. Overall, in<br />
my view, they paint a cautionary tale. The<br />
Guidelines cover a raft of issues, but they<br />
can be grouped into these broad categories:<br />
1. Governance;<br />
2. Confidentiality;<br />
3. Data security; and<br />
4. Data resilience.<br />
The Guidelines’ dealings with<br />
governance refer mainly to issues around<br />
data sovereignty and the governing<br />
jurisdiction of a cloud service’s terms of<br />
service. Data sovereignty raises issues of<br />
the underlying laws of a sovereign state that<br />
protect (or otherwise) your data. Ideally,<br />
practitioners would want their data located<br />
in Australia so that their data is protected<br />
by Australian law, which if nothing else, is<br />
a known quantity. Governing jurisdiction<br />
clauses in terms of service raise issues<br />
regarding the ease (or otherwise) of<br />
asserting a party’s legal rights.<br />
The Guidelines unsurprisingly<br />
deal extensively with confidentiality.<br />
Confidentiality stems from the risk of<br />
third party access to data but extends<br />
past this because, as we shall see, third<br />
parties always have access to our data<br />
regardless of whether it is in the cloud<br />
or on-premises. The confidentiality issue<br />
becomes a question of regulation of<br />
third-party access to a degree that satisfies<br />
practitioners’ obligations under the<br />
Australian Solicitor Conduct Rules. 2<br />
Data security is self-explanatory<br />
and has long been a concern of those<br />
looking to migrate to the cloud. As will<br />
be demonstrated, data security is also a<br />
significant issue with on-premises systems.<br />
Data resilience refers to several aspects.<br />
The most obvious being availability of<br />
data (ie: how often does a service crash).<br />
Less obvious are issues around incident<br />
management and data portability, data<br />
portability being the ability to extract data<br />
out of a cloud service if desired.<br />
Analysis<br />
The aim of my analysis is to apply<br />
the abstract concepts in the Guidelines<br />
to the practical context of cloud services<br />
commonly used by legal practitioners.<br />
To that end, I have decided to analyse<br />
the Guidelines against a set of popular<br />
cloud services and also against an onpremises<br />
context. The could services<br />
to be analysed are:<br />
• Dropbox (the consumer version); 3<br />
• Dropbox Business; 4<br />
• Google Workspace; 5<br />
• Microsoft 365; 6<br />
• LEAP; 7 and<br />
• Actionstep. 8<br />
It is worth stating that there are many<br />
other cloud services, large and small,<br />
that are available to legal practitioners.<br />
My intention is to focus on the more<br />
prominent services that many practitioners<br />
consider adopting or have already adopted.<br />
It is also worth stating that this analysis is<br />
not a substitute for performing your own<br />
due diligence!<br />
GOVERNANCE<br />
Two main points in the Cloud<br />
Computing Guidelines relate to governance<br />
– data sovereignty and jurisdictional issues.<br />
Let’s deal with data sovereignty first.<br />
Data Sovereignty<br />
As discussed above, data sovereignty<br />
relates to the location of data. The location<br />
of data is important as different countries<br />
prescribe different legal protections to data<br />
stored in them. Protections vary widely from<br />
country to country. Also, sovereign data<br />
protection may only extend to the citizens<br />
of a country. For example, data stored in the<br />
US may not be subject to the constitutional<br />
protections afforded to US citizens.<br />
Cloud services may store data across<br />
many countries. As cloud services usually<br />
store multiple copies of customer data (for<br />
resilience), it’s possible that information<br />
stored with a cloud service could fall under<br />
multiple widely-varying data legislation.<br />
Google, for example, stores its Google<br />
Workspace data in 18 different countries<br />
across the world, from the USA to Finland<br />
to Indonesia. 9
CLOUD COMPUTING<br />
TABLE 1 GOVERNANCE<br />
DATA SOVEREIGNTY<br />
(Location of data)<br />
GOVERNING JURISDICTION<br />
Dropbox ‘All around the world’ USA<br />
Dropbox Business<br />
Ideally, as practitioners, we would<br />
want our data stored in Australia so that<br />
it falls under the protections of Australian<br />
law which, although may not the most<br />
protective laws, at least are well-known<br />
and understood.<br />
So, we will assess data sovereignty<br />
by asking the question: ‘Can my data be<br />
stored exclusively in Australia?’<br />
Governing Jurisdiction<br />
Governing jurisdictional issues arise<br />
as most cloud service providers are based<br />
outside of Australia and usually require<br />
their customers to agree to have their<br />
agreements governed under foreign,<br />
predominantly US, laws. For Australians<br />
this predominantly raises a convenience<br />
and cost issue as any dispute needs to<br />
be litigated overseas. It also subjects<br />
agreements to foreign laws that may<br />
not contain the same level of consumer<br />
protection as Australian law.<br />
Data sovereignty and governing<br />
jurisdiction are clearly not issues in an<br />
on-premises environment. Data on<br />
premises is stored in Australia. For firms<br />
that outsource their IT support, they do so<br />
with local firms and these agreements are<br />
governed under Australian law.<br />
In contrast, these issues do arise<br />
with cloud services, particularly so with<br />
consumer services, such as Dropbox. The<br />
consumer Dropbox stores its data ‘around<br />
the world’ 10 , giving a user no control<br />
over where their data resides. Dropbox’s<br />
business offering is better, allowing file<br />
storage to be limited to Australia, but file<br />
File data in Australia, metadata<br />
and ‘Paper’ data in the US<br />
USA<br />
Google Workspace Worldwide USA<br />
Microsoft 365 Australia USA<br />
LEAP Australia Australia<br />
Actionstep Australia Australia<br />
On Premises Australia Australia<br />
metadata and other products, such as its<br />
‘Paper’ product, remain located in the US. 11<br />
Google’s Workspace business offering<br />
gives no option to nominate where data<br />
is to reside. A Workspace subscriber must<br />
accept that their data will reside in any of<br />
the 18 locations where Google has data<br />
centres. 12<br />
Microsoft 365 allows its customers to<br />
specify that all data, including email, file<br />
storage, SharePoint and Teams data, be<br />
located in Australia. 13 Both LEAP 14 and<br />
Actionstep 15 also locate data exclusively in<br />
Australia.<br />
Most of the cloud services reviewed<br />
contain jurisdictional clauses that govern<br />
agreements under US law. The Dropbox<br />
Business terms also impose a mandatory<br />
arbitration process. 16 The only exceptions<br />
for the services reviewed are LEAP and<br />
Actionstep which are governed under<br />
NSW law 17 (for LEAP) and ‘Australian<br />
law’ 18 according to Actionstep’s terms.<br />
The Verdict<br />
Clearly the on-premises solution wins out<br />
in this category. Data sitting in a practice’s<br />
office will be located in and governed<br />
by the jurisdiction a practitioner is most<br />
comfortable with. The practice management<br />
systems also do well in this category. The<br />
big cloud providers are all based in the US<br />
so while some, such as Microsoft, allow for<br />
location of data in Australia, terms are still<br />
governed by US Law.<br />
On-premises wins this round.<br />
In the next article we discuss<br />
confidentiality. B<br />
Endnotes<br />
1 ‘Cloud Computing Guidelines’ (Law Society<br />
of South Australia, February 2016) .<br />
2 ‘Australian Solicitors’ Conduct Rules (SA)<br />
2011 V3 with Commentary’ (Law Society<br />
of South Australia, 1 July 2015) .<br />
3 ‘Dropbox’, Dropbox In this paper ‘Dropbox’ means the<br />
consumer version of Dropbox (which has a free<br />
offering) and ‘Dropbox Business’ means the<br />
business offering (which has no free offering).<br />
4 ‘Secure Team Collaboration - Dropbox<br />
Business’, Dropbox .<br />
5 Google, ‘Google Workspace | Business Apps &<br />
Collaboration Tools’, Google .<br />
6 ‘Compare All Microsoft 365 Plans | Microsoft’<br />
.<br />
7 ‘Legal Practice Management Software | LEAP<br />
Legal Software’, LEAP AU .<br />
8 ‘Actionstep - Legal Practice Management<br />
Software’ .<br />
9 Google, ‘Global Locations - Regions & Zones’,<br />
Google Cloud .<br />
10 Dropbox, ‘Privacy Policy’, Dropbox .<br />
11 Dropbox, ‘Dropbox Business Security, A<br />
Dropbox Whitepaper’ 13 .<br />
12 Google (n 9).<br />
13 Microsoft, ‘Privacy & Security Terms’,<br />
Microsoft | Licensing .<br />
14 LEAP, ‘LEAP Information Security Policy |<br />
LEAP Legal Software’, LEAP AU .<br />
15 Actionstep, ‘Tems of Use’, Actionstep [9.4]<br />
.<br />
16 Dropbox, ‘Business Agreement’, Dropbox [13.2],<br />
[13.3] .<br />
17 This was confirmed to me by email in 1 February<br />
<strong>2022</strong> from a LEAP representative.<br />
18 Actionstep (n 15) [10.5].<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 23
FEATURE<br />
CANCELLATION COURT! DJOKOVIC<br />
RALLIED TO SECURE RELEASE<br />
BEFORE THE MINISTERIAL<br />
DISCRETIONS PROVED A WINNER<br />
CHRIS JOHNSTON AND ROSA TORREFRANCA, IMMIGRATION LAWYERS, WORK VISA LAWYERS<br />
The two recent Djokovic visa<br />
cancellations and appeals have<br />
provided insight into non-character related<br />
cancellation powers under the Migration<br />
Act 1958.<br />
The Federal Circuit Court and Family<br />
Court of Australia have established an<br />
online public file for the Djokovic matter. 1<br />
This was done with a view to the public<br />
interest and provides a great opportunity<br />
to view the inner workings of the courts,<br />
for law students or anyone interested,<br />
to view a range of relevant documents<br />
including primary documents from the<br />
Department of Home Affairs (DHA)<br />
and Tennis Australia, the lodgements<br />
with full grounds, the parties’ submissions<br />
and the decisions.<br />
From a detailed analysis of the files, we<br />
will discuss the turning points of the cases<br />
and lessons to be learned for visa holders<br />
trying to enter Australia.<br />
THE FIRST DJOKOVIC CANCELLATION:<br />
IN IMMIGRATION CLEARANCE AT THE<br />
MELBOURNE AIRPORT BEFORE ENTERING<br />
AUSTRALIA<br />
Novak Djokovic was granted a 408<br />
Temporary Activity Sports Stream visa,<br />
on 19 November, 2021. 2 We will detail<br />
the timing and content of interactions<br />
between Djokovic and the Delegate of<br />
the Minister of Immigration, because<br />
these events subsequently proved to be<br />
significant:<br />
• Djokovic arrived by plane at the<br />
Melbourne Airport just before<br />
midnight on 5 January, <strong>2022</strong>. 3<br />
• He was interviewed between 00.21<br />
and 00.52 am by a Delegate, with<br />
some brief breaks. 4<br />
24 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
• Djokovic was given a Notice of<br />
Intention to Cancel (NOITC) at or<br />
about 4.11am, 6 January, <strong>2022</strong>.<br />
• He asked for time to rest and to “talk<br />
to [his] solicitor again.” And asked for<br />
this time to be up until 8.00 or 8.30.<br />
• The Delegate checked with his<br />
superiors and then said that Djokovic<br />
would be given more time.<br />
• He was interviewed by the DHA<br />
officer from 6.07 am and the decision<br />
to cancel was made at 7.29<br />
• Djokovic was notified of the Decision<br />
to cancel at 7.42 am.<br />
The DHA decision record provides<br />
that the grounds for cancellation:<br />
“Under the Biosecurity Act 2015, there<br />
are requirements for entry into Australian<br />
Territory. These requirements include that<br />
international travellers make a declaration<br />
as to their vaccination status (vaccinated,<br />
unvaccinated, or medically contraindicated).<br />
… Previous infection with COVID-19 is<br />
not considered a medical contraindication<br />
for COVID-19 vaccination in Australia.<br />
Subject to Section 116(1) of the<br />
Migration Act 1958, the Minister may cancel<br />
a visa if he or she is satisfied that; (e) the<br />
presence of its holder in Australia is or<br />
may be, or would or might be a, a risk to:<br />
i. the health, safety or good order of the<br />
Australian community or a segment of<br />
the Australian community…<br />
Based on the above information, I am<br />
satisfied there are grounds to consider<br />
cancelling the visa holder’s subclass GG<br />
408 visa.” 5<br />
Following the cancellation, Djokovic<br />
was taken to immigration detention at the<br />
Park Hotel, where a number of asylum<br />
seekers in long term detention are also<br />
held.<br />
APPEAL TO THE FEDERAL CIRCUIT<br />
COURT (FCC)<br />
Arguments made before the FCC<br />
As Djokovic did not make it through<br />
immigration clearance, he did not ‘enter<br />
Australia’, the 408 visa was cancelled prior<br />
to entry. As such, merits review at the<br />
Administrative Appeals Tribunal (AAT)<br />
was not available and his appeal options<br />
were limited to the Federal Circuit Court.<br />
An appeal of the cancellation decision<br />
was lodged on the 6 January, <strong>2022</strong>. The<br />
applicant’s Representatives 6 submitted<br />
that there were a “variety of jurisdictional<br />
errors”. These grounds included:<br />
• Failure to give the required notice<br />
under section 119(1), (Ground 1A).<br />
• Error in purported formation of state<br />
of satisfaction in the Decision to cancel<br />
(Ground 1B)<br />
• Errors in failing to consider the<br />
applicant’s medical contraindication<br />
(Ground 1C)<br />
The applicant’s representative made<br />
arguments for why Djokovic had provided<br />
evidence for a “medical contraindication”.<br />
Under the Biosecurity Determination<br />
made under the Biosecurity Act 2015.<br />
• Failure to consider representation<br />
made by Djokovic (Ground 2A) and<br />
illogicality and/or unreasonableness in<br />
relation to extenuating circumstances<br />
(Ground 2B)<br />
• Procedural unfairness (Ground 3A)<br />
and unreasonableness in process (3B)<br />
preceding the cancellation.<br />
The representatives for the DHA<br />
submitted that all the grounds should<br />
be rejected, with detailed arguments on<br />
medical exemptions.<br />
In relation to ground (1A) claiming<br />
the NOITC was affected by error, the
FEATURE<br />
representatives for the Minister wrote:<br />
“That unfortunate typo misquoting the<br />
provision in one spot is unfortunate but<br />
immaterial.” 7<br />
The representatives submitted<br />
Djokovic’s claimed medical<br />
contraindication did not meet the<br />
requirements under the ATAGI<br />
Exemption Guidance (Ground 1C). 8<br />
In relation to the ground of illogicality,<br />
the representatives warn against the slide<br />
into impermissible merits review, citing<br />
Minister for Immigration and Citizenship v SZJSS<br />
(2010) 243 C<strong>LR</strong> 164 at [30]. 9 This argument<br />
proved to be of great significance in the<br />
second Djokovic cancellation and appeal.<br />
In relation to the claim of lack of<br />
procedural fairness (Ground 3A) the<br />
representatives provided: “Here, there is<br />
no evidence from the applicant’s lawyers<br />
about what they would or could have done<br />
between 7.42am and 8.30am, whom he<br />
had contacted previously.” 10<br />
In their conclusion, the Minister’s<br />
representatives made the following point,<br />
quoted below, that if the Court makes a<br />
decision in favour of the applicant, then<br />
the Minister has other cancellation powers<br />
under the Act:<br />
“if this Court were to make orders in<br />
the applicant’s favour, it would then be<br />
for the respondent to administer the Act<br />
in accordance with law. That may involve<br />
the delegate deciding whether to make<br />
another cancellation decision, but there are<br />
also other powers in the Act, as the Court<br />
would be aware.” 11<br />
FCC FINDS IN FAVOUR OF DJOKOVIC<br />
(FIRST DECISION)<br />
The Federal Circuit Court hearing<br />
was before Judge Kelly on the 10 January,<br />
<strong>2022</strong>. The hearing was video cast to<br />
the public, but was oversubscribed, and<br />
continually crashed.<br />
Judge Kelly was clearly unimpressed<br />
by many elements of the cancellation and<br />
provided some damning comments during<br />
the hearing.<br />
Judge Kelly said:<br />
“Here, a professor and an eminently<br />
qualified physician have produced and<br />
provided to the applicant a medical<br />
exemption,”<br />
“Further to that, that medical exemption<br />
and the basis on which it was given, was<br />
separately given by a further independent<br />
expert specialist panel established by the<br />
Victorian state government.” 12<br />
Judge Kelly went on to ask: “What<br />
more could this man have done?” 13<br />
In relation to the submission by the<br />
Respondents, suggesting that even if<br />
Djokovic had access to a lawyer at the<br />
later stages at the Airport and given the<br />
opportunity to respond, that a lawyer could<br />
not help him. Judge Kelly commented:<br />
“What they are saying is, ‘Getting in<br />
touch with your lawyers is not really going<br />
to help any of us. Why don’t we get it<br />
done?’” 14<br />
Judge Kelly found in favour of the<br />
applicant in the form of an Order. 15 The<br />
Order was based the unreasonableness<br />
of the cancellation process which was<br />
Ground 3B. 16<br />
Judge Kelly did not publish a detailed<br />
decision and so there was no insight in the<br />
grounds based on medical contraindication.<br />
The Order contained a notation which<br />
stated:<br />
“The respondent concedes that the<br />
delegate’s decision to proceed with the<br />
interview and make a decision to cancel<br />
the applicant’s visa pursuant to s 116<br />
of the Migration Act 1958 (Cth) was<br />
unreasonable in circumstances where:<br />
1. at 5:20am on 6 January <strong>2022</strong> the<br />
applicant was told that he could have<br />
until 8.30am to provide comments in<br />
response to a Notice of Intention to<br />
Consider Cancellation under s 116 of<br />
the Migration Act 1958 (Cth);<br />
2. instead, the applicant’s comments were<br />
then sought at about 6:14am.<br />
3. the delegate’s decision to cancel the<br />
applicant’s visa was made at 7.42am;<br />
4. the applicant was thus denied until<br />
8.30am to make comments;<br />
5. had the applicant been allowed until<br />
8:30am, he could have consulted others<br />
and made further submissions to the<br />
delegate about why his visa should not<br />
be cancelled.” 17<br />
The Order was that the decision to<br />
cancel be quashed 18 and that Djokovic be<br />
released immediately from immigration<br />
detention. 19<br />
FIRST CANCELLATION AND SUCCESSFUL<br />
APPEAL: LESSONS TO BE LEARNT<br />
Djokovic and any person entering<br />
Australia on a visa should take a number<br />
of steps to have been better prepared for a<br />
potential interview at the airport.<br />
These could have included:<br />
• Ensuring all information provided<br />
to the DHA or the Department of<br />
Foreign Affairs and Trade (DFAT) is<br />
accurate, including the information<br />
relating to travel and medical history<br />
and criminal history (including previous<br />
convictions)<br />
• Arriving at a time when he could more<br />
easily be represented, rather than at<br />
around midnight.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 25
FEATURE<br />
• Having a full set of his supporting<br />
documents available to him at the<br />
airport.<br />
Having an Immigration Lawyer at the<br />
airport or at least on call at the time of<br />
arrival, so that they could have assisted<br />
him with his opportunity to respond.<br />
In circumstances where someone has<br />
had their visa cancelled in immigration<br />
clearance, the possibility of a successful<br />
appeal of an airport cancellation to the<br />
FCC has been demonstrated by Judge<br />
Kelly’s order. The process of cancellation<br />
and the reasonableness of denying<br />
access to a lawyer are areas of potential<br />
jurisdictional error.<br />
DJOKOVIC PREPARING TO PLAY AND<br />
WAITING FOR A FURTHER DECISION<br />
After Djokovic’s successful appeal,<br />
there were four days of waiting to see if<br />
there would be a second cancellation.<br />
During this time, there was a high<br />
level of scrutiny in the media in relation<br />
to Djokovic’s actions in the weeks leading<br />
up to his travelling to Australia. 20 These<br />
articles raised issues which could have<br />
been grounds for a further cancellation.<br />
The issues included whether he had been<br />
accurate in his travel declaration form that<br />
was completed prior to entering Australia.<br />
Further issues emerged in relation to<br />
Djokovic’s actions immediately following<br />
his finding out that he had contracted<br />
Covid in mid-December, 2021. It was<br />
reported that he attended public events<br />
like the commemoration of his personal<br />
stamp in Serbia and a basketball match<br />
in Barcelona after testing positive for<br />
COVID-19. 21<br />
As these details emerged in the media<br />
Djokovic made statements in his social<br />
media saying that there had been errors. 22<br />
Djokovic was likely attempting to<br />
reduce the chance of a cancellation<br />
under s116(1AB) for providing incorrect<br />
information.<br />
THE SECOND DJOKOVIC CANCELLATION:<br />
BACK TO DETENTION AND FULL FEDERAL<br />
COURT APPEAL<br />
The second decision relates to what<br />
is often called the God powers of the<br />
Minister of Immigration.<br />
26 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
At the 10 January, <strong>2022</strong> hearing of<br />
Djokovic’s application to quash the 6<br />
January, <strong>2022</strong> decision of the Delegate<br />
of the Minister to cancel his visa, counsel<br />
for the Minister for Home Affairs<br />
informed the Court that the Minister for<br />
Immigration, Citizenship, Migrant Services<br />
and Multicultural Affairs (Minister) would<br />
be considering whether or not to exercise<br />
the Minister’s personal power to cancel<br />
a visa under s133C(3) of the Migration<br />
Act. 23 The relevant part of s133C(3) reads:<br />
133C Minister’s personal powers to<br />
cancel visas on section 116 grounds<br />
Action by Minister—natural justice does not<br />
apply<br />
(3) The Minister may cancel a visa held by a<br />
person if:<br />
i. the Minister is satisfied that a<br />
ground for cancelling the visa<br />
under section 116 exists; and<br />
(b) the Minister is satisfied that it would be<br />
in the public interest to cancel the visa.<br />
Note: The Minister’s power to cancel a<br />
visa under this subsection is subject to<br />
section 117 (see subsection (9) of this<br />
section).<br />
(4) The rules of natural justice, and the<br />
procedures set out in Subdivisions E<br />
and F, do not apply to a decision under<br />
subsection (3).<br />
As mentioned above, the delegate of<br />
the Minister cancelled Djokovic’s visa<br />
pursuant to Section 116(1)I(i) of the<br />
Migration Act 1958(Cth), which reads:<br />
116 Power to cancel<br />
1. Subject to subsections (2) and (3), the<br />
Minister may cancel a visa if he or she<br />
is satisfied that:<br />
…<br />
I the presence of its holder in Australia is or<br />
may be, or would or might be, a risk to:<br />
i. the health, safety or good order<br />
of the Australian community<br />
or a segment of the Australian<br />
community; …<br />
The power given to the Minister<br />
under s133C(3) is personal and cannot be<br />
delegated.<br />
It is also clear under s133C(4) that the<br />
Minister in exercising the power is not<br />
required to afford ‘natural justice’ to the<br />
visa holder. It will be recalled that natural<br />
justice was the reason why the Minister’s<br />
delegate’s decision made on 6 January,<br />
<strong>2022</strong> was quashed by the Court. The<br />
procedure adopted by the delegate was<br />
unreasonable. 24<br />
So it came to pass that late on 14<br />
January, <strong>2022</strong> (a Friday) as foreshadowed<br />
by the Minister’s counsel, the Minister<br />
exercised his power to cancel Djokovic’s<br />
visa under the above-mentioned section.<br />
Djokovic had the resources to mobilise<br />
a legal team to work late on a Friday night<br />
in order to file an urgent application seeking<br />
interim relief and for judicial review.<br />
The following day (Saturday), the matter<br />
was transferred from the Federal Circuit<br />
and Family Court to the Federal Court.<br />
The Chief Justice directed that the original<br />
jurisdiction be exercised by a Full Court.<br />
On the Sunday, a day before the start<br />
of the Australian Open, Djokovic was<br />
in court but probably not the court he<br />
thought he would be attending when<br />
he arrived in Australia late on 5 January,<br />
<strong>2022</strong>. The matter was heard by Allsop CJ,<br />
Besanko and O’Callaghan JJ.<br />
The Court on the same day of the<br />
hearing dismissed Djokovic’s application,<br />
with costs.<br />
Djokovic’s grounds<br />
Djokovic’s legal team put forward<br />
three grounds 25 :<br />
1. That the Minister’s decision had binary<br />
legal outcomes, that is, not to cancel<br />
and let Djokovic stay in Australia or<br />
cancel his visa, detain him and remove<br />
him from Australia. They argued that<br />
it was unreasonable for the Minister<br />
to only consider the effect of his<br />
presence in Australian but not the<br />
effect if Djokovic gets deported. The<br />
Minister’s decision is therefore affected<br />
by jurisdictional error.<br />
2. They submitted that the Minister cited<br />
no evidence that supported his findings<br />
that Djokovic’s presence in Australia<br />
may “foster anti-vaccination sentiment”<br />
and therefore he cannot make the<br />
finding that Djokovic may be a risk to<br />
the health of the Australian community,<br />
that he is a risk to the good order of<br />
the Australian community and that it<br />
would be in the public interest to cancel<br />
Djokovic’s visa.<br />
3. It was also argued that the Minister
FEATURE<br />
did not seek Djokovic’s view on<br />
vaccination, instead the Minister relied<br />
on an interview conducted in <strong>April</strong><br />
2020 wherein Djokovic said that he<br />
was “opposed to vaccination”.<br />
It was noted that at the time of this<br />
interview, COVID-19 vaccines were<br />
not yet available and that Djokovic later<br />
clarified his position that he was “no<br />
expert”, “would keep an open mind” and<br />
would want to have an “option to choose<br />
what’s best for my body.” 26<br />
The Court dismissed all three grounds.<br />
Reasons of the ruling<br />
The crux of this matter turns on the<br />
“satisfaction” of the Minister as provided<br />
for by s 133C(3)(a) of the Act that there<br />
is a ground for cancelling the visa under<br />
s116(1)(e)(i) of the Act and the Minister<br />
is satisfied that it would be in the public<br />
interest to cancel the visa (s133C(4).<br />
As ruled by the Court, “[t]he<br />
satisfaction of the Minister is not an<br />
unreviewable personal state of mind. The<br />
law is clear as to what is required. If, upon<br />
review by a court, the satisfaction is found<br />
to have been reached unreasonably or was<br />
not capable of having been reached on<br />
proper material or lawful grounds, it will<br />
be taken not to be a lawful satisfaction for<br />
the purpose of the statute” 27 :<br />
The Court further ruled in paragraphs<br />
25 to 26 and 28, so long as the Minister in<br />
exercising his power to cancel the visa “do<br />
so based on some evidence, rather than no<br />
evidence or no material, unless the finding<br />
is made in accordance with the Minister’s<br />
personal or specialised knowledge or<br />
by reference to that which is commonly<br />
known”: The High Court (Keane,<br />
Gordon, Edelman, Steward and Gleeson<br />
JJ) in Minister for Immigration, Citizenship,<br />
Migrant Services and Multicultural Affairs v<br />
Viane [2021] HCA 41; 395 A<strong>LR</strong> 403 and<br />
does “not act dishonestly, capriciously<br />
or arbitrarily”, then the “Courts of law<br />
cannot and ought not interfere” : Starke<br />
J in Boucaut Bay Company Ltd (in Liq) v<br />
Commonwealth [1927] HCA 59; 40 C<strong>LR</strong> 98<br />
The Minister in cancelling Djokovic’s<br />
visa provided a 10-page Statement of<br />
Reasons. The Minister did not have the<br />
obligation to provide the statement of<br />
reasons 28 but perhaps in anticipation of<br />
a legal challenge and the publicity of the<br />
case, did so.<br />
In the Minister’s Statement of Reasons,<br />
the Minister noted among others, that:<br />
1. Djokovic is a high-profile personality;<br />
2. who is unvaccinated;<br />
3. has publicly declared that he was<br />
opposed to being vaccinated;<br />
4. Djokovic has disregarded precautionary<br />
requirements to stop the spread of<br />
COVID-19 by attending an interview<br />
and photoshoot after receiving his<br />
positive COVID-19 test result. 29<br />
The Minister in his reasons noted<br />
the Djokovic’s presence in Australia may<br />
foster anti-vaccination sentiment and may<br />
persuade the undecided against getting the<br />
COVID-19 vaccine or the booster at the<br />
time when there is a surge in the number<br />
of COVID-19 infections in Australia. 30<br />
Djokovic’s arguments failed because as<br />
the Court ruled the legal requirement was<br />
whether the Minister is “satisfied” that the<br />
“presence” of the visa holder may be a<br />
risk to the health, safety or good order of<br />
the Australian community. The Minister<br />
is not required to consider the effects of<br />
deporting the visa holder. 31<br />
The Court also ruled that it was<br />
open for the Minister to find that it was<br />
perceived by the public that Djokovic<br />
was not in favour of vaccinations and not<br />
necessarily about Djokovic’s views.<br />
Further, it was noted that it was not<br />
that Djokovic’s actions and statements<br />
were/are a threat to public health, safety<br />
or good order but it is his presence in<br />
Australia may be, or would or might be,<br />
a risk to the health, safety or good order<br />
of the Australian community or a<br />
segment of the Australian community.<br />
YOUR fertility, YOUR way<br />
Intelligent science, caring for<br />
YOUR fertility, in South Australia<br />
Can you see children in your<br />
future but you aren’t ready yet?<br />
It’s YOUR timeframe.<br />
The benefit of time – is the time to pursue<br />
your dream career, to meet the right partner,<br />
or to pursue your family when you feel ready<br />
– all with the peace of mind that you’ll be able<br />
to start your family when YOU feel it’s right.<br />
The main options for preserving fertility is to<br />
freeze eggs, sperm or embryos. For women,<br />
we offer state of the art freezing techniques,<br />
giving you the best opportunity for pregnancy<br />
later. For men, we freeze a sample of your<br />
semen for later use. Call us and we can<br />
support your decision making.<br />
Own YOUR future | 08 8100 2900<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 27
FEATURE<br />
Therefore, all the Minister has to show<br />
is that he is satisfied that Djokovic is a<br />
possible influence, a hero for anti-vaxxers.<br />
THE MINISTER’S “GOD-LIKE” POWERS<br />
The Court’s decision highlights<br />
the powers vested on the Minister of<br />
Home Affairs which has been described<br />
as “god-like”.<br />
To give us an idea of how broad and<br />
substantial the powers of the Minister are, a<br />
report, “Playing God, The Immigration Minister’s<br />
Unrestrained Power” 32 published by Liberty<br />
Victoria in 2017 noted that the Minister<br />
for Immigration and Border Protection<br />
(as the Minister was then known) has the<br />
most discretionary powers of any Cabinet<br />
Minister. The Minister for Immigration is<br />
responsible for the administration of 20<br />
Acts but has 47 ‘national interest’ or ‘public<br />
interest’ powers. Compare this to the Prime<br />
Minister who is responsible for 43 acts<br />
but only has 3 ‘national interest’ or ‘public<br />
interest’ powers. 33<br />
It may be a surprise for most<br />
Australians to know that the Minister<br />
for Immigration has powers that are not<br />
subject to natural justice.<br />
Quoting the Liberty Victoria’s report:<br />
“The concept of natural justice is so<br />
fundamental to Australian law that the courts<br />
have repeatedly held that it cannot be excluded<br />
from such a decision without ’plain words of<br />
necessary intendment’, a ‘clear manifestation’<br />
of the legislature’s intention to deny it. Without<br />
such plain words, legislation will always be read<br />
to include natural justice and decisions must be<br />
made in accordance with its requirements.” 34<br />
Section 133(C) of the Migration Act<br />
is just one of the many powers conferred<br />
upon the Minister for Immigration. While<br />
the exercise of the power is reviewable,<br />
the threshold for the court to overrule the<br />
Minister’s decision is low as can be seen in<br />
Djokovic’s case.<br />
WHY DID DJOKOVIC LEAVE SO PROMPTLY<br />
AFTER THE SECOND CANCELLATION?<br />
The timing of the second cancellation<br />
meant that there was not enough time to<br />
effectively mount a legal challenge to the<br />
decision of the full Federal Court.<br />
The <strong>2022</strong> Australian Open was to<br />
28 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
commence the day after the decision of<br />
the court.<br />
There are cost implications in relation<br />
to having been held in immigration<br />
detention and also in relation to be being<br />
deported 35 .<br />
Further time in immigration detention<br />
would also have undermined Djokovic’s<br />
ability to maintain his physical fitness.<br />
With potential cost implications and the<br />
possibility of prolonged detention, it is not<br />
surprising that Djokovic left promptly.<br />
FUTURE IMPACTS FOR DJOKOVIC FROM<br />
THE VISA CANCELLATION<br />
Djokovic faces is three-year bar<br />
pursuant to public interest criteria (PIC)<br />
4013 and 4014 in Schedule 4 of the<br />
Migration Regulations 1994 from applying<br />
for a further Australian visa due to the<br />
cancellation under s116.<br />
He could also face problems from<br />
public interest criteria 4020 related to<br />
providing false or misleading information,<br />
which applies to most Australian visas,<br />
including the subclass 408 Sports Stream<br />
visa. If Djokovic wants to play the<br />
2023 Australian Open, he will need to<br />
successfully be granted a 408 visa. There<br />
is significant potential for information<br />
provided as part of his most recent 408, to<br />
be found to be misleading. This includes<br />
his Australian Travel Declaration in which<br />
he said he had not travelled in the 14 days<br />
prior to his flight to Australia. 36 There is,<br />
allegedly potential evidence to suggest<br />
Djokovic did travel during that time.<br />
There is a permanent residency visa<br />
called the Distinguished Talent Visa, which<br />
allows for people in professions, sports and<br />
the arts to apply for permanent residency.<br />
The criteria includes that the person must<br />
be able to demonstrate that they are at the<br />
top of the field and that they could easily<br />
obtained employment within Australia.<br />
Having struggled to meet the<br />
requirements for a temporary visa to<br />
enter Australia, Djokovic could potentially<br />
apply to become an Australian permanent<br />
resident through a Distinguished Talent<br />
Visa. But the question is would he want to?<br />
IMPLICATIONS FOR HIGH PROFILE VISITORS<br />
TO AUSTRALIA WHO MAY POSE A RISK?<br />
The Full Federal Court decision raises<br />
the question - Are the powers of the<br />
Minister of Immigration too wide?<br />
The God powers of the Minister<br />
under the Migration Act 1958 in s116(e)<br />
i are not restrained to be exercised in<br />
favour of health issues such as in a<br />
pandemic.<br />
The speculative and low level of<br />
potential risk is “may be, our would or<br />
might be, a risk to” provides great power<br />
to define the future risk.<br />
The type of risk is to “the health,<br />
safety or good order of the Australian<br />
community or a segment of the Australian<br />
community”.<br />
We have just seen an example of<br />
“health”, but “safety” is a wide concept<br />
and “good order” similarly vague.<br />
Is being able to cancel someone’s visa<br />
based on something that might or may<br />
happen representing the best the interests<br />
of Australia?<br />
There may be other public figures that<br />
could arrive to work in Australia and have<br />
their visa cancelled due to the possibility<br />
of arousing a strong public response in<br />
relation to a particular issue. For example,<br />
could Greta Thunberg represent a risk<br />
to Australia’s good order, if she “may”<br />
inspire many young people to go to<br />
environmental protests?<br />
The next high profile visa cancellation<br />
could be just around the corner. Prime<br />
Minister Scott Morrison responded to a<br />
question about Kanye West by saying:<br />
“the rules are you’ve got to be fully<br />
vaccinated.” 37<br />
WHAT ARE THE PRACTICAL LESSONS<br />
FROM THE SECOND CANCELLATION USING<br />
THE MINISTERIAL POWERS?<br />
The involvement of the world’s<br />
number one tennis player is unusual<br />
but visa cancellations are actually fairly<br />
common in migration law.<br />
1. Timing<br />
Do not be fooled by the quick results<br />
in Djokovic. The speed as to when the<br />
case was listed and when the decision<br />
was handed out. This does not reflect<br />
the reality in immigration cases where<br />
normally matters takes months even years<br />
to be resolved. The Biloela family, the<br />
Sri Lankan Tamil family who has been in<br />
detention since 2018, is a case in point.
FEATURE<br />
2. Re-cancellation<br />
The re-cancellation of Djokovic’s visa<br />
raises the question of why appeal?<br />
It is often difficult to justify to a<br />
potential client the expense and time<br />
involved in challenging a cancellation at the<br />
Federal Circuit Court.<br />
When even if successful the Minister<br />
may and often does step in and cancel the<br />
person’s visa again.<br />
What is the point in appealing when<br />
the Minister can re-cancel the visa under<br />
s133C. The Minister can also cancel visas<br />
not just on the grounds stated in s 116 (1)<br />
but also on character grounds under s 501<br />
of the Migration Act.<br />
As discussed above, how about other<br />
“high-profile” candidates or visa holders?<br />
Could their visa also be cancelled on the<br />
ground that they pose a risk to Australia’s<br />
“public order”.<br />
3. Costs involved in appealing to the<br />
Federal Court<br />
The second Djokovic application to the<br />
full Federal Circuit Court was “dismissed<br />
with costs, which was to be agreed or<br />
failing agreement assessed”. Djokovic,<br />
being the world’s number tennis player with<br />
millions of dollars in career earnings can<br />
without a doubt afford to pay these costs.<br />
However, potential clients who are<br />
also thinking of challenging the Minister’s<br />
decision to cancel should also be warned<br />
about the costs involved. Visa holders are<br />
often not aware that they are not only liable<br />
for their own costs (the court application<br />
fees, lawyers and barristers fees, etc) but<br />
are also at risk of having to pay the costs<br />
of the Minister which could be potentially<br />
substantial if they lose.<br />
4. High-profile visa holders beware<br />
The Full Federal Court decision<br />
underlines the Minister’s wide discretionary<br />
power under s133C. High profile<br />
personalities planning to come to Australia<br />
should think carefully if their profiles and<br />
views could lead to being cancelled.<br />
5. Risk to all visa holders<br />
The risk of having a visa cancelled is<br />
not just for temporary visa holders but<br />
also for permanent visa holders. Those<br />
that hold permanent resident visas should<br />
consider applying for Australian citizenship<br />
to avoid any visa cancellation. B<br />
Endnotes<br />
1 Federal Circuit and Family Court of Australia,<br />
Novak Djokovic Online File, https://www.fcfcoa.<br />
gov.au/migration-law/online-file/djokovic at 30<br />
January <strong>2022</strong>.<br />
2 OP Holdenson QC, N M Wood SC, N Dradojlovic, J<br />
E Hartley, (The Applicant’s representatives) Applicant’s<br />
outline of submissions, 8 Jan <strong>2022</strong>, p35, in Federal<br />
Circuit and Family Court of Australia, Novak Djokovic<br />
Online File, https://www.fcfcoa.gov.au/migration-law/<br />
online-file/djokovic at 30 January <strong>2022</strong>. 2 [1].<br />
3 Ibid, 1 [1].<br />
4 Ibid, 100 [26].<br />
5 Delegates Decision to Cancel under section 116<br />
of the Migration Act 1958, Sudhir R, Position<br />
Number 60063579, 06 January <strong>2022</strong>, 7.29am<br />
6 OP Holdenson QC, N M Wood SC, N<br />
Dradojlovic, J E Hartley, (The Applicant’s<br />
representatives) Applicant’s outline of<br />
submissions, 8 Jan <strong>2022</strong>, p35, in Federal Circuit<br />
and Family Court of Australia, Novak Djokovic<br />
Online File, https://www.fcfcoa.gov.au/migrationlaw/online-file/djokovic<br />
at 30 January <strong>2022</strong>.<br />
7 Ibid, at 23 [3].<br />
8 Christopher Tran and Naomi Wootton, (The<br />
Respondent’s representatives) Respondent’s<br />
outline of submissions, 9 Jan <strong>2022</strong>, p35, in<br />
Federal Circuit and Family Court of Australia,<br />
Novak Djokovic Online File, https://www.fcfcoa.<br />
gov.au/migration-law/online-file/djokovic at 12<br />
February <strong>2022</strong> 30-53 [5-9]<br />
9 Ibid, 63 [10], Citing See Minister for Immigration<br />
and Citizenship v SZJSS (2010) 243 C<strong>LR</strong> 164<br />
at [30] (the Court, referring with approval to<br />
observations of Basten JA with whom Allsop P<br />
(as his Honour then was) agreed in Swift v SAS<br />
Trustee Corporation [2010] NSWCA 182 at [45]);<br />
Carrascalao v Minister for Immigration and Border<br />
Protection (2017) 252 FCR 352 at [32] (the Court).<br />
10 Ibid, para 15 [3].<br />
11 Ibid, 76, [12].<br />
12 Karen Sweeney, Judge: ‘What more could Djokovic<br />
do?’, (Web Article, 10 January <strong>2022</strong>) https://<br />
indaily.com.au/news/national/<strong>2022</strong>/01/10/<br />
judge-what-more-could-djokovic-do/.<br />
13 Ibid.<br />
14 Aaron Patrick, Djokovic scored a judge who’s a fan, of<br />
his case, Australian Financial Review, 10 January<br />
<strong>2022</strong>, (Web Article) https://www.afr.com/workand-careers/workplace/djokovic-scores-a-judgewho-s-a-fan-of-his-case-<strong>2022</strong>0110-p59n1e.<br />
15 Order of Kelly J, in Novak Djokovic v Minister<br />
for Home Affairs (Federal Circuit Court,<br />
MlG35/<strong>2022</strong>, 10 January <strong>2022</strong>0.<br />
16 Ibid, Notation, [2].<br />
17 Ibid, [2].<br />
18 Ibid, 1 [1].<br />
19 Ibid, 3 [1].<br />
20 Georgia Hitch and Stephanie Borys, ABC News,<br />
Questions raised over Novak Djokovic travel declaration<br />
on entry form to Australia (Web Article, 12 January<br />
<strong>2022</strong>) <br />
; See also ESPN,<br />
New wrinkle: Travel declaration made by top-ranked<br />
tennis star Novak Djokovic raising questions about his<br />
compliance with Australia’s COVID-19 rules (Web<br />
Article 11 January <strong>2022</strong>) https://www.espn.<br />
com.au/tennis/story/_/id/33039293/prime-<br />
ministers-australia-serbia-speak-phone-novak-<br />
djokovic-disputed-visa.<br />
21 Tumaini Carayol and Christopher Knaus, The<br />
Guardian, Djokovic pictured maskless at public<br />
event one day after positive Covid test (Web Article 9<br />
January <strong>2022</strong>) https://www.theguardian.com/<br />
sport/<strong>2022</strong>/jan/08/novak-djokovic-reliedon-december-covid-infection-for-vaccineexemption-court-documents-reveal<br />
22 Djokernole (Instagram, 12 January <strong>2022</strong>)<br />
< https://www.instagram.com/p/<br />
CYnO7cDqbdj/> ; See also AlJeezera, Full text of<br />
Novak Djokovic statement on his COVID-19 ‘errors’<br />
(Web Article 12 January <strong>2022</strong>) https://www.<br />
aljazeera.com/sports/<strong>2022</strong>/1/12/full-text-ofnovak-djokovic-statement-on-his-covid-19-errors<br />
23 Order of Judge A Kelly, in Novak Djokovic v<br />
Minister for Home Affairs (Federal Circuit Court,<br />
MlG35/<strong>2022</strong>, 10 January <strong>2022</strong>, Notation; see<br />
also Djokovic v Minister for Immigration, Citizenship,<br />
Migrant Services and Multicultural Affairs [<strong>2022</strong>]<br />
FCFC 3 [6].<br />
24 Novak Djokovic v Minister for Home Affairs (Federal<br />
Circuit Court, MlG35/<strong>2022</strong>, 10 January <strong>2022</strong>0.<br />
25 Applicant’s Application, 6 Jan <strong>2022</strong>, pp4- 7, in<br />
Federal Circuit and Family Court of Australia,<br />
Novak Djokovic Online File, https://www.fcfcoa.<br />
gov.au/migration-law/online-file/djokovic at 12<br />
February <strong>2022</strong>; See also Djokovic v Minister for<br />
Immigration, Citizenship, Migrant Services and<br />
Multicultural Affairs [<strong>2022</strong>] FCFC 3 [69]<br />
26 Djokovic v Minister for Immigration, Citizenship,<br />
Migrant Services and Multicultural Affairs [<strong>2022</strong>]<br />
FCFC 3 [72]( Allsop CJ, Besanko and<br />
O’Callaghan JJ).<br />
27 Ibid [21].<br />
28 Ibid [103].<br />
29 Ibid [44-68].<br />
30 Ibid.<br />
31 Ibid [95].<br />
32 Liberty Victoria’s Rights Advocacy Project,<br />
Playing God, The Immigration Minister’s Unrestrained<br />
Power (2017)<br />
33 Ibid, 4-5<br />
34 Liberty Victoria’s Rights Advocacy Project,<br />
Playing God, The Immigration Minister’s Unrestrained<br />
Power (2017) 9 quoting Plaintiff M61/2010E<br />
v Commonwealth (2010) 243 C<strong>LR</strong> 319, 352 [74]<br />
(French CJ, Gummow, Hayne, Heydon, Crennan,<br />
Kiefel and Bell JJ) (‘Offshore Processing Case’)<br />
, Kioa v West (1985) 159 C<strong>LR</strong> 550, 584 (Mason J)<br />
and 610 (Brennan J)<br />
35 For example, NZ born AARON GRAHAM<br />
who was a former bikie, had his visa cancelled<br />
three times, Graham v Minister for Immigration<br />
and Border Protection [2018] FCA 1012; see<br />
also 9News, NZ-born bikie’s visa cancelled again<br />
(Web Article, 6 September 2017) < https://<br />
www.9news.com.au/national/nz-bikie-<br />
deportation-attempt-quashed/9cd633a3-dbc8-<br />
404c-8e06-5c1b34762343><br />
36 Australian Travel Declaration for Novak<br />
Djokovic, Affidavit of Natalie Bannister filed 8<br />
January <strong>2022</strong>, p35<br />
37 Eden Gillespie, Kanye West warned he must have two<br />
vaccine doses ahead of concert tour in Australia, (<strong>2022</strong>),<br />
SBS, https://www.sbs.com.au/news/kanye-westwarned-he-must-have-two-vaccine-doses-aheadof-concert-tour-in-australia/2313cfbe-4e4a-4cedb51f-cc8d32e865fc,<br />
at 29 January <strong>2022</strong>.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 29
CYBERSECURITY<br />
Governing cybersecurity: Critical<br />
infrastructure, spies and consumers<br />
ROBERT CHALMERS, LECTURER, COLLEGE OF BUSINESS, GOVERNMENT AND LAW, FLINDERS UNIVERSITY<br />
Cybersecurity issues are running hot.<br />
Hacking is becoming more pervasive<br />
and impactful, naturally following the<br />
expansion of computing into every<br />
aspect of our lives. Now our ‘Internet<br />
of Things’ (IoT) devices, wearables and<br />
other consumer devices are part of the<br />
“attack surface” that we project into the<br />
world. Businesses and organisations are<br />
devoting significant effort to managing the<br />
risks in response to constant probing for<br />
vulnerability and attacks seizing up their<br />
systems or stealing and exposing their<br />
information (and that of their consumers<br />
and partners). Lawyers are called on to<br />
advise and assist in relation to prevention,<br />
recovery and associated contracts and<br />
litigation, but they themselves (and the IT<br />
providers they rely on) are hardly immune<br />
to these same problems. 1<br />
Governments too are subject to<br />
intrusions, from state and non-state actors.<br />
They have also been issuing more strident<br />
calls for individuals and organisations<br />
to protect themselves and steadily<br />
introducing additional legislative controls<br />
to try to regulate cyber risks. Further<br />
reforms are now proposed in fields<br />
including private and public infrastructure,<br />
electronic surveillance and consumer<br />
protection. What are these, what impact<br />
will they have on the law, and what do they<br />
tell us about future trends?<br />
‘ALL YOUR BASE ARE BELONG TO US’ 2<br />
Much of the current legislative push<br />
comes from the Department of Home<br />
Affairs, which has been steadily layering up<br />
controls and powers in recent years. One<br />
of its priorities is to increase the security<br />
and resilience of critical infrastructure<br />
and systems of national significance.<br />
Following the introduction of the Security<br />
of Critical Infrastructure Act 2018 (Cth) and<br />
the Security Legislation Amendment (Critical<br />
Infrastructure) Act 2021 (Cth) (SLACI Act),<br />
consultations have recently closed on<br />
30 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
exposure draft of further amendments: the<br />
Security Legislation Amendment (Critical<br />
Infrastructure Protection) Bill <strong>2022</strong>.<br />
You would be forgiven for thinking<br />
that the scope of ‘critical infrastructure<br />
and systems of national significance’<br />
might be fairly restricted. However it is<br />
expansive: the SLACI Act expanded the<br />
coverage of the framework from four<br />
to eleven sectors (communications, data<br />
storage or processing, financial services<br />
and markets, water and sewerage, energy,<br />
healthcare and medical, higher education<br />
and research, food and grocery, transport,<br />
space technology, defence industry) and<br />
22 asset classes. So huge swathes of the<br />
economy are covered and now obliged<br />
to report cyber incidents and give owner<br />
and operator information to the Register<br />
of Critical Infrastructure Assets. The new<br />
Bill would enact a framework for risk<br />
management programs, declarations of<br />
systems of national significance and further<br />
enhance obligations on cyber security.<br />
SPIES LIKE US<br />
Electronic surveillance is also lined<br />
up for further reform, adding to already<br />
considerable changes in recent years. The<br />
legislation in this area is extensive and<br />
includes the Telecommunications (Interception<br />
and Access) Act 1979 (Cth) (TIA Act), the<br />
Surveillance Devices Act 2004 (Cth) (SD<br />
Act), the Australian Security Intelligence<br />
Organisation Act 1979 (Cth) (ASIO Act),<br />
the Telecommunications Act 1997 (Cth),<br />
and elements of state and territory laws.<br />
Powers for electronic surveillance have<br />
been steadily growing, and this increase has<br />
often been linked to the need to counter<br />
the growing sophistication of technologies<br />
in communication and cryptography. As<br />
the recent discussion paper itself said:<br />
[t]o keep pace with technology and the criminals<br />
who seek to exploit it, the Government has<br />
amended the TIA Act more than 100 times,<br />
with most amendments occurring in the past<br />
15 years. As a result, the powers currently<br />
in the TIA Act, SD Act and parts of the<br />
ASIO Act and Telecommunications Act span<br />
more than 1,000 pages of legislation and<br />
contain more than 35 different warrants and<br />
authorisations. 3<br />
Government is proposing further<br />
powers for the Australian Federal Police<br />
and the Australian Criminal Intelligence<br />
Commission ‘to combat dark web<br />
and anonymising technologies’ and is<br />
considering repeal of the legislation referred<br />
to above, replacing it with ‘one single Act<br />
that is clearer, more coherent and better<br />
adapted to the modern world’. 4 It points<br />
to similar reforms in the UK and NZ: also<br />
members (along with the US and Canada)<br />
of the so called “5 eyes” security alliance.<br />
Expect an exposure draft in late <strong>2022</strong>.<br />
PROTECTING THE CYBER CONSUMER<br />
In the brave new world of pervasive<br />
computing, everything is connected. In<br />
response fields of regulation once separate<br />
and more static are being drawn together<br />
and subjected to a much higher rate of<br />
change. National security, privacy, digital<br />
identity, rights to personal communication,<br />
and consumer protection converge, but<br />
are also in tension. One example where<br />
these issues converge is in IoT devices:<br />
everything from wearables 5 to home<br />
infotainment hubs, robotic vacuum<br />
cleaners 6 , toys and surveillance cams (with<br />
sometimes the latter two being one and<br />
the same). 7<br />
In support of this over the last few<br />
years government has been considering<br />
and implementing various measures. In<br />
2020 it introduced a Voluntary Code of<br />
Practice: Securing the Internet of Things<br />
for Consumers’. 8 This covers smart<br />
products such as lights, TVs, watches,<br />
baby monitors, and connecting routers and<br />
sets out 13 principles for manufacturers
CYBERSECURITY<br />
to abide by, based on consultations led by<br />
the Department of Home Affairs and the<br />
Australian Signals Directorate. Further<br />
research in 2021 indicated difficulties in<br />
implementing the voluntary, principlesbased<br />
guidance. Firms called for clearer<br />
guidance and internationally aligned<br />
standards, but even simple measures<br />
such as vulnerability disclosure policies<br />
were not being adopted. Government<br />
is now considering moving from<br />
voluntary to mandatory cyber security<br />
standards for smart devices and/or cyber<br />
security labelling. 9 With the exception<br />
of the Privacy reforms dealt with below,<br />
specific reform detail has not yet been<br />
tabled. However, it seems very likely that<br />
additional measures will be introduced.<br />
Government specifically flagged it was<br />
considering changes to the Australian<br />
Consumer Law to enhance consumer<br />
guarantees and bring clearer application<br />
to digital products, and many of these<br />
IoT devices are connected to, or sold and<br />
supported by, the digital platforms that<br />
are the subject of broader enquiries and<br />
activities by the Australian Competition<br />
and Consumer Commission. 10<br />
Turning to the subject of privacy<br />
reform, late in 2021 the Government<br />
unveiled an exposure draft for a new<br />
Online Privacy Bill, 11 which would<br />
enable binding online privacy codes<br />
applicable to digital platforms, in addition<br />
to strengthening general penalties 12<br />
and enforcement under the Privacy Act<br />
1988 (Cth). The online privacy codes<br />
could go beyond standard privacy code<br />
measures and introduce more granular<br />
consent requirements and age verification<br />
measures, as well as the capacity for<br />
consumers to withdraw consent.<br />
Government has also released a discussion<br />
paper contemplating additional reforms<br />
based on international data and consumer<br />
protection law, including the European<br />
General Data Protection Regulation. 13<br />
There has been extensive academic<br />
exploration of the trends and possible<br />
direction for regulation of IoT devices,<br />
which provides guidance as to likely<br />
options, and further suggests additional<br />
regulation is likely. 14<br />
A CYBER EYE TO THE FUTURE<br />
The immediate future looks even more<br />
crowded with reform than the recent past.<br />
Even if there is then a lull on some of<br />
those fronts, other related fields are already<br />
the subject of regulatory attention: not<br />
least that of digital identity. This connects<br />
to issues of age verification, recently<br />
introduced director ID, and broader<br />
government and private developments<br />
in pursuit of a ‘Trusted Digital Identity<br />
Framework’. 15<br />
It is important that in designing<br />
appropriate regulatory frameworks we<br />
are not distracted by the ever shifting<br />
sands of technical standards, but rather<br />
maintain a clear focus on the underpinning<br />
principles and human rights that need to<br />
be maintained. Lawyers have a critical and<br />
ongoing role to play in securing that future<br />
and designing appropriate regulatory<br />
frameworks. Turning a blind eye to cyber<br />
issues as simply ‘technical’ matters is not<br />
an option. B<br />
Endnotes<br />
1 For example, Allens and the Australian Securities<br />
and Investments Commission were both hit by<br />
a cyber-attack mediated by software they were<br />
reliant on: The Australian Financial Review (online,<br />
25 January 2021) .<br />
2 Internet ‘engrish’ meme derived from a computer<br />
game involving battles with cyborgs, used here<br />
with reference to the extension of regulation over<br />
a very broad field.<br />
3 Department of Home Affairs, Reform of Australia’s<br />
electronic surveillance framework (online, 2021<br />
Discussion Paper) 5 .<br />
4 Ibid 4.<br />
5 In this regard note the security breaches connected<br />
to the Strava app: Thomas Brewster, ‘Why Strava’s<br />
Fitness Tracking Should Really Worry You’ (online,<br />
29 January 2018) Forbes .<br />
6 Note that the terms of service for ‘roomba’<br />
vacuum cleaners permit them to map your home<br />
and send this data to irobot: .<br />
7 Amelia Tait, ‘Are smart toys spying on children?’<br />
The New Statesman (online, 6 December 2016)<br />
.<br />
8 Department of Home Affairs, Voluntary Code of<br />
Practice - Securing the Internet of Things for Consumers<br />
.<br />
9 Department of Home Affairs, Strengthening<br />
Australia’s cyber security regulations and incentives<br />
An initiative of Australia’s Cyber Security Strategy 2020<br />
.<br />
10 ACCC, Digital Platforms .<br />
11 <br />
Attorney General’s Department, Online Privacy<br />
Bill Exposure Draft .<br />
12 up to 10% of an organisation’s turnover.<br />
13 <br />
Attorney General’s Department, Privacy Act Review<br />
– Discussion paper .<br />
14 <br />
See e.g. Jeannie Marie Paterson, Yvette Maker ‘AI<br />
in the Home: Artificial Intelligence and Consumer<br />
Protection’ - to be published in Ernest Lim and<br />
Phillip Morgan (eds), The Cambridge Handbook of<br />
Private Law and Artificial Intelligence (Cambridge<br />
University Press, Forthcoming) and available<br />
at ; Kayleen Manwaring,<br />
Roger Clarke, ‘Is your television spying on<br />
you? The Internet of Things needs more than<br />
self-regulation’ Computers and Law: Journal for the<br />
Australian and New Zealand Societies for Computers<br />
and the Law (2021) 93, 31-36 available at .<br />
15 Australian Government, Trusted Digital Identity<br />
Framework (TDIF) .<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 31
FEATURE<br />
Tour de France: Avoiding the<br />
domino effect in the peloton<br />
ANNEMARIE GOODWIN, SPORTS LAWYER<br />
This article aims to minimise crashes at<br />
Tour de France. This article identifies<br />
a link between crashes and spectator<br />
inference, physical contact during sprint<br />
finishes and detour disqualifications. Cycling<br />
is a dangerous sport. Crashes are inevitable.<br />
The law must still try to minimise crashes,<br />
avoiding the domino effect in the peloton.<br />
SPECTATOR INTERFERENCE<br />
Should spectator interference be<br />
tolerated at Tour de France? No. This is<br />
highlighted by an incident at 2021 Tour<br />
de France. A fan stepped onto the road,<br />
with their back to the oncoming peloton.<br />
The fan held up a sign (which contained a<br />
message for relatives) to the TV cameras.<br />
The fan was not cheering on cyclists. They<br />
were trying to get themselves on TV. Cyclist<br />
Tony Martin crashed into the sign. This<br />
caused a domino effect in the peloton. The<br />
result was arguably the worst crash in Tour<br />
de France history. 26 cyclists were injured. 1<br />
French police arrested the fan over this<br />
incident. 2 The fan was charged with reckless<br />
endangerment and involuntarily causing<br />
injuries. Maximum punishment was one<br />
year in prison and $15000 EU fine. Due<br />
to their mental health, the fan was issued<br />
a $1200 EU fine. The result was to deter<br />
spectators from causing crashes at Tour<br />
de France in the future. Race organisers<br />
decided not to take legal action against the<br />
fan. Injured cyclist Marc Soler considered<br />
suing the fan. 3 A harsh fine and/or criminal<br />
charges is appropriate. The fan deliberately<br />
chose to obstruct the road, causing<br />
widespread harm. The winner of Tour de<br />
France should not be whichever cyclist is<br />
lucky enough to avoid being knocked down<br />
32 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
by a roadside fan. The winner should be the<br />
cyclist with the most strength and skill.<br />
Does responsibility to prevent spectator<br />
interference rest with race organiser ASO<br />
(Armaury Sport Organisation), the UCI<br />
(Union Cycliste International), French<br />
police or the spectators themselves?<br />
Eliminating spectator interference is a<br />
shared responsibility between ASO, the<br />
UCI, French police and roadside fans. ASO,<br />
the UCI and French police are already<br />
doing everything possible to prevent<br />
spectator interference. ASO and the UCI<br />
do not have the unlimited funds required<br />
to place barriers along the entire Tour de<br />
France route. French police do monitor<br />
roadside fans. At the 2021 Tour de France,<br />
French police arrested the spectator who<br />
caused Tony Martin’s crash. Given the<br />
ratio of French police to roadside fans,<br />
it is unreasonable to make French police<br />
solely responsible for eliminating spectator<br />
interference. In other sports like tennis,<br />
security can permanently eject a disruptive<br />
fan from the stadium. If French police<br />
eject a disruptive fan from one section of<br />
the race route then the fan can re-enter at<br />
another section of the race route.<br />
The UCI regulations should be urgently<br />
redrafted to address spectator interference<br />
at Tour de France. A new law is required<br />
which imposes heavy fines and/or criminal<br />
charges on fans who cause crashes.<br />
Spectator interference must be defined<br />
very broadly to include any act. Examples<br />
do not just include the fan making contact<br />
with a cyclist. Examples also include an<br />
object held by a fan (sign, camera strap<br />
etc) and smoke from a flare held by a fan<br />
making contact with a cyclist. The law<br />
should apply regardless of whether the<br />
spectator interference is accidental or<br />
intentional. All that is required by way of<br />
evidence is video footage of the incident.<br />
Proceeds of the fine should be passed<br />
onto the cyclist, to compensate for any<br />
loss. Heavy fines and/or criminal charges<br />
should eliminate spectator interference. A<br />
ban on roadside fans at Tour de France is<br />
not a viable option. Their presence cheers<br />
up cyclists and enhances TV coverage for<br />
viewers. In other sports like tennis there is<br />
distance between a fan and their favourite<br />
athlete. Close proximity between a fan and<br />
their favourite rider makes cycling a great<br />
spectator sport.<br />
PHYSICAL CONTACT<br />
Should a cyclist be punished for<br />
deliberate physical contact in a sprint finish?<br />
Yes. There have been several relegations<br />
for repeated headbutting in a sprint finish,<br />
including Fernando Gaviria and Andre<br />
Greipel at 2018 Tour de France 4 and Caleb<br />
Ewan at 2019 Tour Down Under. 5 These<br />
decisions show accidental physical contact<br />
is acceptable in a sprint finish but clearly<br />
deliberate physical contact is not.<br />
Some commentators claim deliberate<br />
physical contact during a sprint finish is<br />
simply part of the sport. 6 The fact that<br />
a practice has existed for a long time<br />
does not automatically mean it is the best<br />
practice. Cycling is dangerous enough<br />
without cyclists deliberately knocking their<br />
opponents in the rush to the finish line.<br />
Cycling is not a contact sport like boxing.<br />
The Tour de France winner should not<br />
be whichever cyclist in the peloton is best<br />
at knocking their opponents out the way.
FEATURE<br />
The Tour de France winner should be the<br />
cyclist with the most strength and skill.<br />
The 2019 Tour Down Under highlight<br />
was arguably Elia Viviani’s Stage 1 win. 7 A<br />
viewer can watch this sprint finish several<br />
times without becoming bored. The win<br />
was a result of strength and skill. No<br />
physical contact required.<br />
DETOUR DISQUALIFICATIONS<br />
Should a cyclist be disqualified for a<br />
mid-race detour? No. The UCI introduced<br />
detour disqualifications in 2014. 8 The reason<br />
for this rule is that detours can endanger<br />
roadside fans. They might also give a<br />
cyclist an unfair advantage over the rest of<br />
the peloton. The UCI Regulations offer<br />
punishments which include disqualification<br />
or a time penalty. The UCI Regulations<br />
also state race organisers will help minimise<br />
detours by marking the race route (using<br />
barriers or tape) where it is alongside a<br />
sidewalk, pavement or cycle path.<br />
Some commentators claim cyclists have<br />
been racing on sidewalks which do not form<br />
part of the official race route for so long it<br />
is simply part of the sport. 9 The fact that a<br />
practice has existed for a long time does not<br />
automatically mean it is the best practice.<br />
Some team managers believe barriers, not<br />
disqualification, should be used to prevent<br />
cyclists from detouring off the official<br />
race route. It is better to deter detours<br />
through time penalties or disqualification<br />
than barriers, which cost money. The UCI<br />
Regulations on detours are correct. UCI<br />
officials still need to use common sense. In<br />
most detour cases, disqualification is not<br />
appropriate. Most detours are too trivial to<br />
impact on the overall race result. If they do<br />
then UCI officials should simply impose<br />
a time penalty to address the advantage<br />
a detour has given a cyclist over the rest<br />
of the peloton. Most detours are made to<br />
avoid a mass crash in the peloton. Cyclists<br />
should be encouraged to Ride defensively<br />
without fear of disqualification. Only if the<br />
detour is not made to avoid a mass crash in<br />
the peloton and endangers roadside fans is<br />
disqualification appropriate.<br />
There have been two significant detour<br />
cases. Peter Sagan’s detour at 2018 Amstel<br />
Gold and Luke Rowe’s detour at 2018<br />
Tour of Flanders. 10 Sagan’s detour did not<br />
endanger fans. Rowe’s detour did.<br />
What if a detour avoids a mass crash<br />
in the peloton but also endangers roadside<br />
fans? How does the UCI morally evaluate<br />
if cyclist or fan safety is more important?<br />
These examples provide guidance on how<br />
UCI officials should assess a detour.<br />
CONCLUSION<br />
This article finds solutions to minimise<br />
crashes at Tour de France, eliminate<br />
spectator inference and deliberate physical<br />
contact between cyclists in a sprint finish,<br />
and allow cyclists to detour without<br />
disqualification if the reason is to avoid a<br />
mass crash in the peloton. These solutions<br />
avoid the domino effect in the peloton. B<br />
Endnotes<br />
1 James Matthey, ‘Shocking list emerges after idiot<br />
fan causes horrifying Tour de France crash’,<br />
27/6/21, news.com.au https://www.news.com.<br />
au/sport/cycling/shocking-list-emerges-afteridiot-fan-causes-horrifying-tour-de-france-crash/<br />
news-story/0204e2f318b44d013c02fc8d37389397<br />
2 Chris Marshall-Bell, ‘Tour de France organisers<br />
will not sue fan who caused mass pile-up on stage<br />
one’, Cycling Weekly, 2/7/21<br />
https://www.cyclingweekly.com/news/tour-defrance-organisers-will-not-sue-fan-who-causedmass-pile-up-on-stage-one<br />
3 Alasdair Fotheringham, ‘Injured Soler considers<br />
legal action against fan who triggered Tour de<br />
France crash’, Cycling News, 1/7/21<br />
https://www.cyclingnews.com/news/injuredsoler-considers-legal-action-against-fan-whotriggered-tour-de-france-crash/<br />
4 ‘Headbutts see relegations as sprinters melt<br />
down’, 15/7/18, SBS https://www.sbs.com.au/<br />
cyclingcentral/article/2018/07/15/headbuttssee-relegations-sprinters-melt-down<br />
5 Matt de Neef, ‘Double drama at Tour Down<br />
Under: Bevin Crashes, Ewan Relegated’, [16-<br />
17], 19/1/19, Cycling Tips https://cyclingtips.<br />
com/2019/01/double-drama-at-the-tour-downunder-bevin-crashes-ewan-relegated/<br />
6 ‘Controversy and Crashes TDU 5 th stage’,<br />
19/1/19, SBS https://www.sbs.com.au/<br />
cyclingcentral/article/2019/01/19/controversyand-crashes-tdu-fifth-stage<br />
7 Chris Marshall-Bell, ‘Elia Viviani wins Tour<br />
Down Under Stage 1 after superb late sprint’,<br />
15/1/19, Cycling News https://www.<br />
cyclingweekly.com/news/racing/elia-vivianiwins-tour-stage-one-superb-late-sprint-404926<br />
8 UCI Cycling Regulations – Part 2 Road Races –<br />
Article 2.2.015, 2.2.025 and 2.12.007 [7.6].<br />
https://www.uci.org/inside-uci/constitutionsregulations/regulations<br />
9 Patrick Fletcher, Sadhbh O’Shea, ‘Officials ready<br />
to disqualify riders using sidewalks’, [13-15],<br />
31/3/17, Cycling News http://www.cyclingnews.<br />
com/news/tour-of-flanders-officials-ready-todisqualify-riders-using-sidewalks/<br />
10 Richard Windsor, ‘UCI must be consistent’,<br />
19/4/19, Cycling Weekly http://www.<br />
cyclingweekly.com/news/racing/uci-mustconsistent-tiesj-benoot-critical-governing-bodybike-path-rules-376869<br />
About the author<br />
Annemarie Goodwin is a Sports Lawyer who<br />
specialises in tennis and cycling.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 33
TAX FILES<br />
Trust distribution alerts<br />
JOHN TUCKER, DW FOX TUCKER LAWYERS<br />
On 23 February, <strong>2022</strong> the<br />
Commissioner of Taxation issued a<br />
number of publications, some still drafts,<br />
that will impact on decisions regarding<br />
trust distributions that are required to be<br />
made by 30 June, <strong>2022</strong>.<br />
Of the publications, three are<br />
concerned with reimbursements<br />
agreements under s100A of the Income Tax<br />
Assessment Act 1936, and the remaining<br />
one is concerned with Division 7A and its<br />
application to unpaid trust distributions<br />
from a trust to a company.<br />
The only publication of immediate<br />
effect is Taxpayer Alert TA <strong>2022</strong>/1. In<br />
this Alert the Commissioner advised that<br />
his office is reviewing trust arrangements<br />
where trust income is appointed between<br />
members of a family group, including<br />
children over 18 years of age, but it<br />
appears in substance that the parents<br />
exercise control over and enjoy the benefit<br />
of the income.<br />
An example given of the<br />
circumstances being reviewed is where<br />
expenses benefitting the child are, in the<br />
Commissioner’s view, “properly understood<br />
to be parental expenses”, referring to costs<br />
of their upbringing as a minor, or for “the<br />
kinds of ongoing financial support parents<br />
would ordinarily provide for their children”.<br />
Allied with these circumstances is<br />
where the appointed income is seen to<br />
be “more properly explained by the tax<br />
outcomes detailed”, such as accessing<br />
the tax-free thresholds, than by “ordinary<br />
familial considerations”.<br />
The quoted expressions are imprecise.<br />
Some insight into them is contained in<br />
a list of features that the arrangements<br />
under review will, or mostly will, display.<br />
Among these are an application of the<br />
income distributed to meet expenses<br />
of the parents, possibly recorded as<br />
34 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
beneficiary loans from the trustee to the<br />
parents, which the children then actually,<br />
or purportedly, direct to be repaid. Also<br />
these might include expenses in the<br />
upbringing of the child, such as school<br />
fees or living at home expenses (as<br />
opposed to meeting reasonable rent for<br />
living away from home or car expenses),<br />
where there is no expectation of these<br />
being repaid by the children from any<br />
source of income other than the trust<br />
distributions.<br />
Tax Alerts are used by the<br />
Commissioner to express “concerns”<br />
generally on the basis of his assertion<br />
of perceived unlawful tax avoidance.<br />
Given the penalties applicable to any<br />
arrangement found to be that and the<br />
cost of any attempt to dispute such<br />
a perception, the expression of such<br />
concerns generally suffices to deter all<br />
from risking a challenge to the concerns<br />
stated by the Commissioner.<br />
In TA <strong>2022</strong>/1, apart from the spectre<br />
of tax avoidance, the Commissioner<br />
also raises sham, sections 100A, 95A(1)<br />
and 97(1) of the 1936 Assessment Act,<br />
but only by reference and without any<br />
supporting explanation.<br />
With these sorts of arrangements<br />
being quite common, and the need by 30<br />
June, <strong>2022</strong> for trustees to make decisions<br />
about the distribution of trust income,<br />
this Alert will, for many, require careful<br />
consideration.<br />
Of note in the concerns listed in the<br />
Tax Alert is mention of section 100A<br />
and that the arrangements described may<br />
constitute a “reimbursement agreement”<br />
for its purposes.<br />
Section 100A was introduced into the<br />
1936 Act targeted against trust stripping,<br />
a practice, at its simplest, of vesting net<br />
income, otherwise taxable, in a beneficiary<br />
who assumed all liability for tax on it and<br />
gave a non-assessable payment to another,<br />
usually another beneficiary or their related<br />
entity, in return.<br />
The section was however drafted in<br />
wider terms than if just focussed on this<br />
practice. It applies to any trust distribution<br />
that arises from a ‘reimbursement<br />
agreement’.<br />
There have been indications among<br />
tax practitioners that the Commissioner<br />
has held concerns about even such<br />
arrangements as a distribution being<br />
determined in favour of a beneficiary,<br />
not paid, and treated as owing, being<br />
encompassed by the wording of s100A.<br />
While the Commissioner has engaged<br />
in confidential consultation regarding<br />
these issues, for many months tax advisors<br />
have been waiting on the Commissioner<br />
to publish for public consultation a<br />
foreshadowed Taxation Ruling on this<br />
provision, which has now been done as<br />
draft Taxation Ruling TR<strong>2022</strong>/D1 and<br />
draft Practical Compliance Guide PCG<br />
<strong>2022</strong>/D1, both of which were published<br />
contemporaneously with TA <strong>2022</strong>/1.<br />
The single way out of s100A is the<br />
definition of ‘agreement’ which specifically<br />
excludes an agreement ‘entered into in the<br />
course of ordinary family or commercial<br />
dealing’.<br />
These words are the subject of<br />
discussion in draft ruling TR <strong>2022</strong>/<br />
D1. They have recently received judicial<br />
consideration in a judgement 1 , now under<br />
appeal by the Commissioner, in their<br />
application to a particular fact situation.<br />
While illustrative, the judgement stops<br />
short of any attempt to provide an<br />
expose on the universal application of the<br />
provisions, and it is unclear what reliance<br />
the Commissioner will place on the<br />
judgement given his appeal and the more
TAX FILES<br />
limited views expressed in the drafting<br />
ruling.<br />
In TR <strong>2022</strong>/D1 the Commissioner<br />
asserts that the word ‘family’ refers just to<br />
natural persons, and he draws a distinction<br />
between what is ordinary and what is<br />
common, with a focus on whether the<br />
arrangement is “capable of explanation<br />
as achieving normal or regular familial or<br />
commercial ends”.<br />
For a dealing to be an ordinary<br />
commercial dealing the Commissioner<br />
requires it to advance the respective<br />
interests and commercial objects of<br />
the parties. If there are present in<br />
the agreement features which, to the<br />
Commissioner, appear tax driven, he says<br />
these will be relevant to the objective<br />
enquiry whether the agreement is entered<br />
into in the course of ordinary dealing.<br />
The potential impact of the<br />
Commissioner’s views is very wide<br />
reaching. Advisors will need to consider<br />
TR<strong>2022</strong>/1 (when issued) very carefully<br />
with respect to the determination of trust<br />
distributions and the actions required to<br />
be taken in consequence of particular<br />
determinations. All this most likely before<br />
30 June <strong>2022</strong>.<br />
The final publication is draft Taxation<br />
Determination TD <strong>2022</strong>/D1 entitled<br />
“Income Tax: Division 7A: When will an<br />
unpaid present entitlement or amount<br />
held on sub-trust become the provision<br />
of ‘financial accommodation’”, which<br />
was released contemporaneously with a<br />
web page publication entitled ‘Unpaid<br />
Present Entitlement’ (with reference<br />
to Division 7A of ITAA 1936 relating<br />
to deemed dividends). The point of<br />
this draft determination is to warn that<br />
arrangements to distribute a share of<br />
net income to a company, not pay it and<br />
purport to hold it on a sub-trust, will<br />
need to comply with the Commissioner’s<br />
stipulation for a sub-trust if they are not<br />
to be deemed ‘financial accommodation’<br />
and result in a deemed dividend from<br />
the company to the trust. In this way,<br />
the determination looks at arrangements<br />
similar to those of concern under s100A,<br />
albeit with a view to Division 7A (given<br />
that the beneficiary is a company) rather<br />
than s100A.<br />
As mentioned, the Tax Alert is<br />
of immediate effect. The Ruling and<br />
Guidance are to apply on publication<br />
(once finalised) and the Determination<br />
(once finalised) from and after 1 July <strong>2022</strong>.<br />
Tax Files is contributed by members of the<br />
Taxation Committee of the Business Law Section<br />
of the Law Council of South Australia B<br />
Endnotes<br />
1 By Logan J in Guardian AIT Pty Ltd ATF<br />
Australian Investment Trust v FCT [2021]<br />
FCA 1619<br />
We Are Forensic Experts In<br />
• Engineering Analysis & Reconstruction<br />
• Traffic Crashes & Road Safety<br />
• Workplace or Mining Incidents<br />
• Reporting & Experts Court Testimony<br />
Delta V Experts<br />
• Clarifies the facts in a situation<br />
• Scientifically substantiates the evidence<br />
• Failure Analysis & Safety Solutions<br />
• Physical, Crash, Incident & Vehicle<br />
Dynamic Handling Testing<br />
DELTA-V EXPERTS<br />
• Strengthens your communication<br />
• Diverse experience and expertise<br />
03 9481 2200 www.dvexperts.net 9 Springbank Street, Tullamarine, 3043<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 35
DIALOGUE<br />
A roundup of recent<br />
Society meetings &<br />
conferences<br />
ROSEMARY PRIDMORE, EXECUTIVE OFFICER<br />
9 December 2021<br />
National statutory tort for invasion of<br />
Bprivacy<br />
ec Sandford participated for the<br />
Society in an online roundtable<br />
meeting convened by the LCA to discuss<br />
its approach to a national statutory tort for<br />
invasion of privacy.<br />
15 December 2021<br />
The Honourable Connie Bonaros MLC<br />
and the Honourable Frank Pangallo<br />
MLC<br />
Society representatives Bec Sandford,<br />
Justin Stewart-Rattray (President-Elect)<br />
and Nathan Ramos (Policy Coordinator)<br />
met with SA Best MLCs in relation to the<br />
Society’s Key Election Issues for the <strong>2022</strong>,<br />
via videoconference.<br />
17 December 2021<br />
<strong>2022</strong> Law Council of Australia<br />
President –<br />
At a videoconference meeting with<br />
Tass Liveris, Bec Sandford and Stephen<br />
Hodder discussed the issues Mr Liveris<br />
intends to focus on during his presidency<br />
of the LCA in <strong>2022</strong>.<br />
27 January <strong>2022</strong><br />
The Honourable Robert Simms MLC<br />
Justin Stewart-Rattray, <strong>2022</strong> President<br />
and Nathan Ramos met with the<br />
Honourable Robert Simms MLC in relation<br />
to the Society’s Key Election Issues.<br />
2 February <strong>2022</strong><br />
Disability access to the Courts<br />
In response to concerns raised by<br />
the Society via its Equality, Diversity and<br />
Inclusion Committee, Justin Stewart-<br />
Rattray, Mark Douglas (Chair of the<br />
36 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
EDI Committee) and Michael Esposito<br />
(Communications Manager) met with the<br />
Honourable Justice Bampton and Con<br />
Koutsounis, Senior Facilities Officer of<br />
the Courts Administration Authority in<br />
relation to disability access to the Courts.<br />
15 February <strong>2022</strong><br />
The Honourable Frank Pangallo MLC<br />
At the instigation of SA Best, Justin<br />
Stewart-Rattray and Nathan Ramos met<br />
with the Honourable Frank Pangallo MLC<br />
and his advisers to discuss elements of<br />
a State election submission by the Police<br />
Association of SA.<br />
23 February <strong>2022</strong><br />
Legal Services Commission<br />
Justin Stewart-Rattray and Stephen<br />
Hodder attended a meeting of the Legal<br />
Services Commission (LSC), at the LSC’s<br />
invitation. They congratulated Peter<br />
Slattery upon his appointment as Chair<br />
of the LSC, advised of the Society’s Key<br />
Election issues relating to funding and<br />
raised a number of issues (including<br />
at the suggestion of the Criminal Law<br />
Committee).<br />
24 February <strong>2022</strong><br />
Federal Circuit and Family Court CEO<br />
and Principal Registrar and Deputy<br />
Principal Registrar<br />
The Co-Chairs of the Family Law<br />
Committee, Ryan Thomas and Daphne<br />
Moshos and former Co-Chair of the<br />
Committee Jane Miller joined Justin<br />
Stewart-Rattray at a meeting with the CEO<br />
and Principal Registrar, David Pringle<br />
and Deputy Principal Registrar, Virginia<br />
Wilson of the FCFCOA.<br />
A number of issues of interest were<br />
discussed and well received and open lines<br />
of communication were established. It is<br />
expected the Court will publish a summary<br />
or update relating to the problems<br />
experienced since September 2021 when<br />
the new court system was introduced and<br />
what has been done to date to try and<br />
rectify them.<br />
3 March <strong>2022</strong><br />
Joint Rules Advisory Committee<br />
Various issues and suggestions for<br />
amendments to the Uniform Civil Rules<br />
were the subject of consideration at a<br />
meeting of the Joint Rules Advisory<br />
Committee that was attended by Justin<br />
Stewart-Rattray, Alexander Lazarevich and<br />
Philip Adams.<br />
18 and 19 March <strong>2022</strong><br />
Quarterly meetings of Law Council<br />
(LCA) Directors, Conference of Law<br />
Societies, CEOs of Law Societies; and<br />
joint CEOs<br />
Justin Stewart-Rattray (as President<br />
and also as Society appointed Director<br />
of the LCA) and Stephen Hodder<br />
variously participated in the above<br />
quarterly meetings, which were held via<br />
videoconference. Key topics of discussion<br />
included the implementation of the new<br />
Australian Solicitors’ Conduct Rules; the<br />
results of a survey by the Law Society of<br />
NSW of the impact of COVID on the<br />
justice system; the LCA’s “Call to Parties”<br />
advocacy document for the upcoming<br />
Federal election; and mandatory reporting<br />
of the misconduct of other lawyers under<br />
consideration in Victoria. B
WELLBEING & RESILIENCE<br />
Doomscrolling: What is it<br />
and how can we stop it?<br />
AMY NIKOLOVSKI, MANAGING PARTNER, DBH LAWYERS AND MEMBER, WELLBEING AND RESILIENCE COMMITTEE<br />
read a quote recently (on social media I<br />
I confess) that said, “Millennials have had<br />
to deal with 9/11, two global financial crises,<br />
a pandemic, unaccountable natural disasters<br />
and now World War 3 all before we turn<br />
40”, and well, it really hit me in the feels.<br />
Because it seems at the moment, every<br />
time you turn on the TV another terrible<br />
thing occurs. These last two- and a-bit<br />
years have been particularly hard and if<br />
you are anything like me, you have found<br />
yourself addicted to “doomscrolling.”<br />
So, what is it?<br />
According to Urban Dictionary<br />
“Doomscrolling is when you keep scrolling through<br />
all of your social media feeds, looking for the most<br />
recent upsetting news about the latest catastrophe,”<br />
this in turn triggers the release of stress<br />
hormones that can affect both your mental<br />
and physical health.<br />
The COVID-19 pandemic was<br />
thought to start the term, with it trending<br />
on Twitter in 2020, now doomscrolling<br />
has become a part of many of our daily<br />
routines. The constant consumption of<br />
bad news can lead to catastrophising or<br />
focusing on the negative aspects of the<br />
world around you in a way that makes<br />
it more and more difficult to notice the<br />
positive. The behaviour can be addictive -<br />
comparative to a car crash where you are<br />
watching something, and you just cannot<br />
look away.<br />
Are you a doomscroller like me? If<br />
so, here are some tips to stop (and I will<br />
attempt to take my own advice):<br />
MAKE MORNINGS SACRED<br />
Stop using your phone as your<br />
alarm, this will in turn stop you from<br />
automatically checking social media<br />
feeds first thing when you wake up in the<br />
morning, which will in turn hopefully set<br />
you off on the right foot.<br />
PUT THE PHONE DOWN<br />
Every time I get a notification, I cannot<br />
help myself, pick it up, and check my<br />
phone, I think often I don’t even realise<br />
how often I’m doing it. Put your phone in<br />
another room and take a break from the<br />
world, we do not have to be available 24/7.<br />
Also, if you have an iPhone (I would<br />
assume android would have the same<br />
capacity) check your screen time (go to<br />
settings and screen time) you may be<br />
disgusted at how much time you are on<br />
your phone.<br />
LIMIT SOCIAL MEDIA APPS ON YOUR<br />
PHONE<br />
While you are in your settings put a<br />
limit on how much time you can access<br />
social media, this may in turn get you out<br />
of that TikTok or Facebook rabbit hole<br />
you fell down by alerting you to how<br />
much time you have actually spent that day<br />
already.<br />
FIND ANOTHER ACTIVITY TO REPLACE<br />
DOOMSCROLLING<br />
Enjoy this beautiful Autumn weather,<br />
go for a walk, pick up a book, play with<br />
your kids, do something for you in<br />
that time. Replace doomscrolling with<br />
something that delivers that kick of<br />
adrenalin/cortisol for good rather than bad.<br />
The world at the moment seems like<br />
a very scary place, but there are ways we<br />
can take back control. If you feel like you<br />
may have lost control, there is no shame in<br />
admitting you need help. Reach out to Law<br />
Care, Dr Jill, your workplace EAP or any<br />
other resources to get you out of the funk<br />
you may be in at the moment with what<br />
feels like never ending bad news being<br />
thrown on a daily basis.<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 37
FAMILY LAW CASE NOTES<br />
Family Law Case Notes<br />
CRAIG NICOL AND KELEIGH ROBINSON, THE FAMILY LAW BOOK<br />
CHILDREN – FATHER UNSUCCESSFULLY<br />
APPEALS ORDER AUTHORISING MOTHER<br />
TO VACCINATE CHILD AGAINST COVID-19<br />
In Dacombe & Paddison [2021]<br />
FedCFamC1A 103 (23 December, 2021)<br />
Austin J (sitting in the appellate jurisdiction<br />
of the Federal Circuit and Family Court<br />
of Australia) summarily dismissed a<br />
father’s appeal against a consent order,<br />
which authorised the mother to arrange<br />
vaccinations of the parties’ daughter.<br />
The Court said (from [8]):<br />
“An appeal may be summarily<br />
dismissed if the appellant has no<br />
reasonable prospect of successfully<br />
prosecuting it (s 46(2)) [ed. Of the Federal<br />
Circuit and Family Court of Australia Act<br />
2021 (Cth)], even if it is not hopeless or<br />
bound to fail (s 46(3)) ( … )<br />
[10] The father’s first contention – that<br />
he did not consent to the order – is false. …<br />
[11] While it was the legal practitioners<br />
who confirmed the parties’ agreement, the<br />
father did not demur when the primary<br />
judge was informed of the compromise. …<br />
[12] When the primary judge sought to<br />
formulate an order to properly reflect the<br />
parties’ agreement, the father even helped<br />
with the drafting ( … )<br />
[14] [The father] … only disagreed<br />
with any form of government-imposed<br />
immunisation or treatment for the child,<br />
but the appealed order did not deal with<br />
any form of immunisation or treatment<br />
mandated by government because<br />
the parties agreed the child should be<br />
immunised ( … )<br />
[16] … Ground 1 of the father’s appeal<br />
depends entirely upon his false contention<br />
that he did not consent to the appealed<br />
38 THE BULLETIN <strong>April</strong> <strong>2022</strong><br />
order. He did and now he cannot appeal<br />
the order on merit in the teeth of such<br />
consent. …<br />
[17] … [Section] 51(xxiiiA) of the<br />
Constitution enables the parliament to make<br />
laws about the provision of medical and<br />
dental services (but not so as to authorize<br />
any form of civil conscription) ( … )<br />
[21] … [T]he Constitutional<br />
impediment only affects the validity of<br />
federal legislation which enables the civil<br />
conscription of medical and dental services,<br />
upon which field the Family Law Act does<br />
not play. An order made under the …<br />
Act which ensures a child’s receipt of …<br />
medical treatment is not caught by the<br />
prohibition ( … )”<br />
PROPERTY – APPLICANT’S EQUITABLE<br />
TRUST CLAIM FAILS AS PURCHASES WERE<br />
GIFTS – RESPONDENT’S CLAIM FAILS AS<br />
THERE WAS NO DE FACTO RELATIONSHIP<br />
In H, AW v K, S [2021] SASC 128 (11<br />
November, 2021) Bochner J of the Supreme<br />
Court of South Australia dismissed all<br />
applications after a four year relationship<br />
between a dual citizen of Australia and the<br />
USA (the applicant) and a single mother<br />
who lived in Adelaide (the respondent).<br />
The applicant sought a declaration that<br />
the respondent’s vehicle and bank balances<br />
were held on trust for him ([4]).<br />
The respondent argued the dealings<br />
were gifts and [she] sought a declaration that<br />
the parties were in a de facto relationship.<br />
The Court said (from [52]):<br />
“The applicant agreed that [his] …<br />
communication [to the respondent]<br />
amounted to representations that he<br />
would provide for her … He denied …<br />
that the provision of financial support<br />
… or … any other gifts to her would be<br />
unconditional. ( … )<br />
[59] … [T]he parties did not acquire<br />
any assets together … The respondent<br />
never visited the applicant’s house …, nor<br />
was she invited to do so. ( … )<br />
[151] The applicant came to Adelaide<br />
[where the Respondent lived] between<br />
five and nine times each year during the<br />
relationship. The length of the visits<br />
varied, from less than twenty-four hours,<br />
to seven days ( … )<br />
[193] … I consider that the parties’<br />
relationship was not that of a couple living<br />
together on a genuine domestic basis. The<br />
evidence does not demonstrate ‘the merger<br />
of two individual lives into life as a couple’<br />
… [I]t demonstrates two individuals living<br />
their separate lives and coming together<br />
seven or eight times each year for some<br />
shared time. It my view it is the time that<br />
was shared, rather than the lives.”<br />
As to the trust claim, the Court said<br />
(from [214]):<br />
“ … [T]his evidence leads me to the<br />
conclusion that the moneys given to<br />
the respondent … were a gift. … [A]ny<br />
statements made by the applicant that the<br />
moneys should be used for rent, clothes<br />
and other expenses were no more than<br />
indicative of his motive … They did not<br />
serve to impress the funds with a trust.”<br />
CHILDREN – HAGUE CHILD ABDUCTION<br />
CONVENTION – ORDER FOR PRODUCTION<br />
OF SOLICITOR’S FILE SET ASIDE, GIVEN ITS<br />
IRRELEVANCE TO HABITUAL RESIDENCE<br />
In Sterling [<strong>2022</strong>] FedCFamC1A 3 (27<br />
January, <strong>2022</strong>), the Full Court (Austin,
FAMILY LAW CASE NOTES<br />
Berman & Harper JJ) allowed an appeal<br />
from a decision of Williams J, where a<br />
mother had travelled to Germany with the<br />
parties’ daughter for a holiday, but then<br />
communicated to the father that she would<br />
not return to Australia and unsuccessfully<br />
sought parenting orders in a German Court.<br />
The German Court applied the<br />
Hague Convention on the Civil Aspects of<br />
International Child Abduction and found that<br />
the daughter was habitually resident in<br />
Australia and that Australian courts had<br />
exclusive jurisdiction. The father then<br />
successfully applied for orders for the<br />
return of the child, for which the father<br />
engaged a German lawyer.<br />
Before the child’s return, the father<br />
issued parenting proceedings in Australia,<br />
where the Court scheduled a discrete<br />
hearing as to whether the Court had<br />
jurisdiction pursuant to s 111CD of the Act.<br />
In those proceedings, the mother<br />
contended that the father had waived<br />
privilege to his German solicitors’ file,<br />
whereas Williams J ordered that it be<br />
produced. The father appealed, to which<br />
the Full Court said (from [23]):<br />
“The application of ss 111CD(1)(a),<br />
111CD(1)(b) or 111CD(1)(f) depends<br />
upon whether or not the child is<br />
habitually resident in either Australia<br />
or Germany ( … )<br />
[25] Given the singular contentious<br />
issue affecting the exercise of Australian<br />
jurisdiction was the identification of the<br />
child’s place of habitual residence,<br />
it begged the question of how the file<br />
of the father’s German lawyer could be<br />
relevant ( … )<br />
[32] As an entirely factual question,<br />
the determination of the child’s place of<br />
habitual residence could not conceivably<br />
be materially influenced by any<br />
communication between the father and<br />
his German lawyer concerning the prior<br />
German proceedings. ( … )<br />
[34] Regardless of whether the father<br />
waived his legal professional privilege by<br />
his conduct, which is another issue by<br />
which the parties were distracted, there<br />
was no need to compel his surrender<br />
of the confidentiality he reposed in the<br />
lawyer/client communications.”<br />
PROPERTY – CONTRIBUTIONS<br />
ASSESSMENT OF 65 PER CENT IN FAVOUR<br />
OF THE WIFE CONTAINED ERROR AS<br />
TRAILING COMMISSIONS REMAINED A<br />
JOINT CONTRIBUTION<br />
In Candle & Falkner [2021]<br />
FedCFamC1A 102 (23 December, 2021),<br />
the Full Court (McClelland DCJ, Berman<br />
& Harper JJ) allowed an appeal from a<br />
decision of Foster J in a case involving<br />
a 13 year marriage where the parties<br />
established and operated a residential<br />
home lending business (C Pty Ltd). After<br />
litigation, in 2010 the husband received a<br />
payout from a third party on the condition<br />
that he resign as director, after which the<br />
wife was sole director and conducted<br />
operations of the company.<br />
The Court assessed the wife’s<br />
contributions at 65 per cent, finding<br />
that from 2010 onwards, the wife had<br />
“overwhelmingly contributed to the<br />
evolution of the current asset pool<br />
through her ongoing management of C<br />
Pty Ltd” ([38]). The husband appealed.<br />
The Full Court said (from [82]):<br />
“We are … persuaded that the primary<br />
judge failed to take account of relevant<br />
contributions of the husband.<br />
[83] It was common ground that C Pty<br />
Ltd was a joint enterprise of the parties<br />
from inception until March 2010, when the<br />
husband ceased to be a director. … [T]he<br />
business of C Pty Ltd produced an income<br />
stream for the benefit of the parties from<br />
trailing commissions, which continued for<br />
an average of five to six years. It followed<br />
that some trailing commissions continued<br />
past 2010, and thus some of the income<br />
produced by C Pty Ltd post-2010 must<br />
be seen as the result of the parties’ joint<br />
efforts in the business before 2010 ( … )<br />
[90] The husband argued that the<br />
ultimate result of 65 per cent to the wife<br />
could only be justified by ignoring the<br />
husband’s contributions to the business of<br />
C Pty Ltd … after December 2010 ( … )<br />
[92] … [H]is Honour assessed<br />
contributions by reference to his detailed<br />
findings about the course of contributions<br />
… The problem is that nowhere in those<br />
paragraphs is there any mention of<br />
specific contributions by the husband to<br />
C Pty Ltd … after 2010. Consequently, we<br />
are unable to conclude his Honour took<br />
those contributions into account, despite,<br />
or even because of, the reference to [the<br />
husband’s] ‹minimal contributions’ in …<br />
the reasons. …<br />
[93] Once it is accepted that the<br />
primary judge failed to take account of<br />
contributions by the husband to C Pty Ltd<br />
… even if more modest than those of the<br />
wife, the percentage assessment of 65 per<br />
cent in favour of the wife is unsafe and<br />
cannot stand.” B<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 39
RISK WATCH<br />
Control your trolls: Protecting<br />
your practice on social media<br />
KATE MARCUS, RISK & CLAIMS SOLICITOR, LAW CLAIMS<br />
Law Practices should be alert to the<br />
risks of maintaining a social media<br />
presence. With the ever-changing needs<br />
of communication and marketing, social<br />
media - whether it be through Meta,<br />
Facebook, You Tube, WhatsApp. Twitter,<br />
Instagram, Pinterest, Snapchat to name but<br />
a few - is a tool which many Law Practices<br />
are utilising. However, care needs to be<br />
taken.<br />
Whilst last year’s High Court decision<br />
of Fairfax Media Publications Pty Ltd & Ors<br />
v Voller [2021] HCA 27 was of particular<br />
relevance to media outlets operating social<br />
media pages, the implications of the<br />
judgment extend beyond traditional media<br />
organisations.<br />
Following a news story about Mr<br />
Voller and his incarceration in a juvenile<br />
detention centre in the Northern Territory,<br />
a number of allegedly defamatory<br />
comments were made by third parties<br />
on the appellants’ Facebook pages. Each<br />
of the appellants were media companies<br />
with newspaper and/or television stations<br />
and each operated a public Facebook<br />
page where third-party Facebook users<br />
could make comments. Mr Voller issued<br />
proceedings alleging that the appellants<br />
were liable for defamation as the<br />
publishers of those comments.<br />
By majority the High Court held<br />
that, subject to any applicable defences,<br />
defamation operates as a tort of<br />
strict liability and intention to publish<br />
the specific content is therefore not<br />
required in order to render someone<br />
liable as a publisher of defamatory<br />
content. The liability of a publisher<br />
depends on whether, by facilitating and<br />
encouraging the relevant communication,<br />
it “participated” in the communication.<br />
By creating a public Facebook page<br />
and posting contents on that page, the<br />
appellants facilitated, encouraged and<br />
thereby assisted in the publication of<br />
comments from third-parties. Accordingly,<br />
the appellants were held to be the<br />
publishers of the third-party comments.<br />
Implications for Law Practices<br />
The ramifications of the judgment<br />
extend beyond Facebook and media<br />
outlets. It highlights that organisations<br />
which maintain their own websites and<br />
social media pages are exposed to risk.<br />
This includes law firms.<br />
If you have a social media page upon<br />
which third-party users can post comments,<br />
care must be taken. By providing such a<br />
forum, there is a risk that the law firm could<br />
be found to be a publisher for the purposes<br />
of defamation law.<br />
What can you do?<br />
It is often difficult to disable comments<br />
on social media sites but it is worth<br />
considering whether it is necessary for the<br />
public to comment on your business pages<br />
or posts. While larger organisations may<br />
have the infrastructure to monitor sites<br />
constantly and remove offending posts<br />
almost immediately, smaller organisations<br />
will need to take extra precautions and be<br />
highly vigilant. Bear in mind that posts can<br />
“go viral” in a matter of minutes. It is now<br />
possible with Facebook, for example, to<br />
disable posting to your business page by<br />
the public.<br />
Law Practices with social media<br />
presence are encouraged to<br />
1. consider whether to disable posting/<br />
commentary altogether<br />
2. rigorously monitor and moderate the<br />
site(s)<br />
3. immediately remove any comment or<br />
image which may (even remotely) cause<br />
offence.<br />
If you are not in a position to<br />
constantly monitor your social media sites,<br />
query if your needs are better met by<br />
disabling comments or by having a website<br />
that does not provide for third party<br />
comments.<br />
Practitioners also need to be alert<br />
to the fact that defamatory posts on<br />
social media may not be covered by<br />
your Practice’s professional indemnity<br />
insurance. Coverage will depend on<br />
the nature of the social media involved<br />
and the nature of the posts themselves.<br />
General defamatory posts may not be<br />
sufficiently connected with the “legal<br />
practice” so as to fall within cover. If<br />
defamatory statements have a real link to<br />
the actual work undertaken by the practice,<br />
then there may be cover under the<br />
policy. However, each situation depends<br />
heavily on its individual facts and it is not<br />
possible to be definite about coverage<br />
in the absence of all relevant facts and<br />
details. It is therefore essential that Law<br />
Practices tread carefully and consider all<br />
the implications of their social media<br />
presence.<br />
40<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong>
BOOKSHELF<br />
F Assaf SC<br />
3 rd ed LexisNexis 2021<br />
HB $235<br />
ASSAF’S WINDING UP IN INSOLVENCY<br />
Abstract from LexisNexis<br />
Assaf’s Winding Up in Insolvency is a<br />
practitioner-focused reference text providing<br />
comprehensive treatment of all aspects of<br />
winding up in insolvency. Formerly known<br />
as Statutory Demands and Winding Up in<br />
Insolvency, this new text has been completely<br />
rewritten, updated and expanded. The work<br />
discusses in detailed and scholarly fashion all<br />
requirements of winding up in insolvency<br />
including establishing insolvency, practical issues<br />
relating to issuing and setting aside statutory<br />
demands, making and opposing winding up<br />
applications and includes guidance on the<br />
recent labyrinthine amendments made to the<br />
Corporations Act by the Corporations Amendment<br />
(Corporate Insolvency Reforms) Act, 2020 and<br />
temporary amendments made in response to<br />
the Covid-19 pandemic. In addition, the book<br />
discusses cross-border aspects of winding-up<br />
in insolvency and the winding up of Part 5.7<br />
bodies. Complete with precedents, this work is an<br />
essential reference text for all legal practitioners.<br />
GE dal Pont<br />
3 rd ed LexisNexis 2021<br />
PB $300.00<br />
LAW OF CHARITY<br />
Abstract from LexisNexis<br />
Cited frequently in decisions in superior<br />
courts across Australia, including in the High<br />
Court of Australia, Law of Charity is a highlevel<br />
work focusing on the law that governs and<br />
regulates the application of money or property<br />
for charitable purposes. Providing coverage<br />
of Australian law and, for chiefly comparative<br />
purposes, salient aspects of charity law in other<br />
common law jurisdictions … this work is an<br />
exposition of the law pertaining to charitable<br />
objects, also encompassing the history of<br />
charity law, the privileges extended to charity<br />
and matters of jurisdiction vis-à-vis charity law.<br />
It concludes with a set of chapters dedicated to<br />
the reform of this area of law. Law of Charity<br />
is the ideal companion to Taxation of Charities<br />
and Not-for-profits, which is the essential<br />
resource for those who need to master nonprofit<br />
tax issues or provide sound professional<br />
advice to the sector.<br />
J Catanzariti & K Egan<br />
2 nd ed LexisNexis 2021<br />
PB $14000<br />
WORKPLACE BULLYING<br />
Abstract from LexisNexis<br />
With the addition of bullying provisions in<br />
the Fair Work Act 2009 (Cth), workplace bullying<br />
was finally acknowledged by the law. The<br />
Fair Work Commission was conferred a wide<br />
range of powers to deal with complaints about<br />
workplace bullying. Naturally, many employers<br />
took an interest in the legal ramifications of this<br />
burgeoning area of law. Aside from the legal<br />
risks, workplace bullying has the capacity to<br />
inflict great psychological harm upon its victims.<br />
The second edition of Workplace<br />
Bullying explores, in greater depth, the<br />
psychological aspect of such bullying and its<br />
damaging effects. Workplace Bullying offers<br />
advice on how a toxic workplace environment<br />
can be prevented from forming. It provides<br />
a practical guide to victims of workplace<br />
bullying regarding how they can recover and<br />
build resilience, and an overview of new legal<br />
developments in this evolving area of law<br />
FAMILY PROVISION IN AUSTRALIA<br />
Abstract from LexisNexis<br />
Family Provision in Australia is a frequently<br />
cited text in various court judgments across all<br />
states and territories, including the High Court<br />
and Federal Court of Australia as well as the<br />
Court of Appeal-Civil Division and Chancery<br />
Division of England and Wales. It includes a<br />
comprehensive checklist, case tables, forms,<br />
precedents and extracts of relevant state and<br />
territory legislation.<br />
J de Groot & B Nickel<br />
6 th ed LexisNexis 2021<br />
PB $260.00<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 41
GAZING IN THE GAZETTE<br />
3 FEB 2021 – 2 MAR <strong>2022</strong><br />
A MONTHLY REVIEW OF ACTS, APPOINTMENTS,<br />
REGULATIONS AND RULES COMPILED BY MASTER ELIZABETH<br />
OLSSON OF THE DISTRICT COURT OF SOUTH AUSTRALIA<br />
ACTS PROCLAIMED<br />
Statutes Amendment (Fund Selection and<br />
Other Superannuation Matters) Act 2021<br />
(No 16 of 2021) Commencement Part 2:<br />
30 November <strong>2022</strong><br />
Gazetted: 3 February <strong>2022</strong>,<br />
Gazette No. 7 of <strong>2022</strong><br />
Statutes Amendment (Child Sexual Abuse) Act<br />
2021 (No 57 of 2021)<br />
Commencement: 1 June <strong>2022</strong><br />
Gazetted: 17 February <strong>2022</strong>,<br />
Gazette No. 9 of <strong>2022</strong><br />
Statutes Amendment (Local Government Review)<br />
Act 2021 (No 26 of 2021), Commencement<br />
s 126 but only insofar as it inserts ss 262G<br />
and 262J into Local Government Act 1999:<br />
17 February <strong>2022</strong><br />
Gazetted: 17 February <strong>2022</strong>,<br />
Gazette No. 9 of <strong>2022</strong><br />
ACTS ASSENTED TO<br />
Nil<br />
APPOINTMENTS<br />
Nil<br />
RULES<br />
Legal Practitioners Act 1981<br />
Rules of the Legal Practitioners Education<br />
and Admission Council 2018<br />
Gazetted: 17 February <strong>2022</strong>,<br />
Gazette No. 9 of <strong>2022</strong><br />
REGULATIONS PROMULGATED (3 FEBRUARY <strong>2022</strong> – 2 MARCH <strong>2022</strong>)<br />
REGULATION NAME REG NO. DATE GAZETTED<br />
Southern State Superannuation (Fund Selection and Other Matters) Amendment Regulations <strong>2022</strong> 7 of <strong>2022</strong> 3 February <strong>2022</strong>, Gazette No. 7 of <strong>2022</strong><br />
Child Safety (Prohibited Persons) Amendment Regulations <strong>2022</strong> 8 of <strong>2022</strong> 3 February <strong>2022</strong>, Gazette No. 7 of <strong>2022</strong><br />
Youth Justice Administration Amendment Regulations <strong>2022</strong> 9 of <strong>2022</strong> 3 February <strong>2022</strong>, Gazette No. 7 of <strong>2022</strong><br />
Road Traffic (Miscellaneous) (Road Closing and Exemptions for Events) Amendment Regulations <strong>2022</strong> 10 of <strong>2022</strong> 10 February <strong>2022</strong>, Gazette No. 8 of <strong>2022</strong><br />
Harbors and Navigation (Miscellaneous) Amendment Regulations <strong>2022</strong> 11 of <strong>2022</strong> 10 February <strong>2022</strong>, Gazette No. 8 of <strong>2022</strong><br />
Summary Offences (Vehicle Immobilisation Device) Amendment Regulations <strong>2022</strong> 12 of <strong>2022</strong> 10 February <strong>2022</strong>, Gazette No. 8 of <strong>2022</strong><br />
Freedom of Information (Exempt Agency) (Public Advocate) Amendment Regulations <strong>2022</strong> 13 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Guardianship and Administration (Fee Notices) Amendment Regulations <strong>2022</strong> 14 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Mental Health (Fee Notices) Amendment Regulations <strong>2022</strong> 15 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Health Practitioner Regulation National Law (South Australia) (Telepharmacy) Amendment Regulations <strong>2022</strong> 16 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Fisheries Management (General) (Hand Fish Spear and Spear Gun) Amendment Regulations <strong>2022</strong> 17 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Fisheries Management (Demerit Points) (Hand Fish Spear and Spear Gun) Amendment Regulations <strong>2022</strong> 18 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
Land Acquisition (Miscellaneous) Amendment Regulations <strong>2022</strong> 19 of <strong>2022</strong> 17 February <strong>2022</strong>, Gazette No. 9 of <strong>2022</strong><br />
42<br />
THE BULLETIN <strong>April</strong> <strong>2022</strong>
CLASSIFIEDS<br />
VALUATIONS<br />
MATRIMONIAL<br />
DECEASED ESTATES<br />
INSURANCE<br />
TAX REALIGNMENT<br />
INSOLVENCY<br />
FURNITURE<br />
ANTIQUES, COLLECTIONS<br />
BUSINESS ASSETS<br />
MACHINERY<br />
MOTOR VEHICLES<br />
CARS, BOATS, PLANES<br />
CITY & COUNTRY<br />
ROGER KEARNS<br />
Ph: 08 8342 4445<br />
FAX: 08 8342 4446<br />
MOB: 0418 821 250<br />
E: auctions@senet.com.au<br />
Certified Practising Valuer NO.346<br />
Auctioneers & Valuers Association<br />
of Australia<br />
Banking<br />
Expert<br />
Lending & recovery decisions,<br />
including: Banking Code issues,<br />
finance availability, capacity to<br />
settle, and loan enforcement.<br />
Geoff Green 0404 885 062<br />
Details of qualifications and<br />
experience, including giving evidence<br />
in the FCA, VSC and SICC, via:<br />
BankingExpertWitness.com.au<br />
VALUER<br />
Commercial & Residential<br />
Real Estate<br />
Matrimonial<br />
Deceased Estates<br />
Rentals etc.<br />
Experienced Court<br />
Expert Witness<br />
Liability limited by a scheme approved under<br />
Professional Standards Legislation<br />
JANET HAWKES<br />
Cert. Practising Valuer, AAPI<br />
0409 674 122<br />
janet@gaetjens.com.au<br />
Business<br />
valuations<br />
Simple, clear,<br />
unbiased advice,<br />
without fear or<br />
favour.<br />
t. +61 8 431 80 82<br />
Hugh McPharlin FCA<br />
d m. +61 +61 8 8139 401 712 1130 908<br />
m e. +61 ahi@andrewhillinvestigations.com.au<br />
419 841 780<br />
e hmcpharlin@nexiaem.com.au<br />
w nexiaem.com.au<br />
Consulting Engineers<br />
Australian Technology Pty Ltd<br />
for expert opinion on:<br />
• Vehicle failure and accidents<br />
• Vehicle design<br />
• Industrial accidents<br />
• Slips and falls<br />
• Occupational health and safety<br />
• Statistical analysis<br />
W. Douglass R. Potts<br />
MAOQ, FRAI, FSAE-A, FIEAust,<br />
CPEng, CEng, FIMechE<br />
8271 4573<br />
0412 217 360<br />
wdrpotts@gmail.com<br />
Andrew Hill Investigations<br />
Investigating:<br />
ABN 68 573 745 238<br />
• workplace conduct<br />
• fraud<br />
• unprofessional conduct<br />
• probity<br />
Support services:<br />
• forensic computing analysis<br />
• transcription services<br />
• information sessions, particularly<br />
for HR practitioners on the<br />
investigative process<br />
• policy development.<br />
PO Box 3626<br />
Andrew Hill<br />
Andrew Hill<br />
Investigations<br />
NORWOOD SA t. 5067 +61 8 431 80 82<br />
m. +61 401 712 908<br />
e. ahi@andrewhillinvestigations.com.au<br />
Fellow AIPI<br />
Licensed Investigation Agents<br />
& Process Servers<br />
Servicing the Mid North, Yorke &<br />
Eyre Peninsula`s and Outback of<br />
South Australia with:<br />
• Process Serving<br />
• Property Lockouts<br />
• Investigations<br />
• Missing Persons<br />
OUTBACK BUSINESS SERVICES<br />
P.O. Box 591,<br />
PORT AUGUSTA. 5700<br />
P: 0418 838 807<br />
info@outbackbusinessservices.com.au<br />
LawCare<br />
The LawCare Counselling<br />
Service is for members of<br />
the profession or members<br />
of their immediate family<br />
whose lives may be adversely<br />
affected by personal or<br />
professional problems.<br />
If you have a problem, speak<br />
to the LawCare counsellor<br />
Dr Jill before it overwhelms you.<br />
Dr Jill is a medical practitioner<br />
highly qualified to treat social<br />
and psychological problems,<br />
including alcoholism and drug<br />
abuse.<br />
The Law Society is pleased to<br />
be able to cover the gap<br />
payments for two consultations<br />
with Dr Jill per patient per<br />
financial year.<br />
All information divulged to the<br />
LawCare counsellor is totally<br />
confidential.<br />
To contact Dr Jill 08 8110 5279<br />
7 days a week<br />
LawCare is a member service<br />
made possible by the generous<br />
support of Arthur J. Gallagher<br />
The Litigation Assistance Fund (LAF) is a<br />
non-profit charitable trust for which the<br />
Law Society acts as trustee. Since 1992<br />
it has provided funding assistance to<br />
approximately 1,500 civil claimants.<br />
LAF receives applications for funding<br />
assistance from solicitors on behalf of<br />
civil claimants seeking compensation/<br />
damages who are unable to meet the<br />
fees and/or disbursements of prosecuting<br />
their claim. The applications are<br />
subjected to a means test and a merits<br />
test. Two different forms of funding exist –<br />
Disbursements Only Funding (DOF) and<br />
Full Funding.<br />
LAF funds itself by receiving a relatively<br />
small portion of the monetary proceeds<br />
(usually damages) achieved by the<br />
claimants whom it assists. Claimants who<br />
received DOF funding repay the amount<br />
received, plus an uplift of 100% on that<br />
amount. Claimants who received Full<br />
Funding repay the amount received, plus<br />
15% of their damages. This ensures LAF’s<br />
ability to continue to provide assistance<br />
to claimants.<br />
LAF recommends considering whether<br />
applying to LAF is the best course in the<br />
circumstances of the claim. There may be<br />
better methods of obtaining funding/<br />
representation. For example, all Funding<br />
Agreements with LAF give LAF certain<br />
rights including that funding can be<br />
withdrawn and/or varied.<br />
For further information, please visit<br />
the Law Society’s website or contact<br />
Annie MacRae on 8229 0263.<br />
Family Law - Melbourne<br />
Marita Bajinskis<br />
formerly of<br />
Howe Martin & Associates<br />
is a Principal at<br />
Blackwood Family Lawyers<br />
in Melbourne<br />
Marita is an Accredited Family<br />
Law Specialist and can assist with<br />
all family law matters including:<br />
• matrimonial and de facto<br />
• property settlements<br />
• superannuation<br />
• children’s issues<br />
3/224 Queen Street<br />
Melbourne VIC 3000<br />
T: 03 8672 5222<br />
Marita.Bajinskis@<br />
blackwoodfamilylawyers.com.au<br />
www.blackwoodfamilylawyers.com.au<br />
CONSULTING<br />
ACTUARIES<br />
FOR PROFESSIONAL<br />
ACTUARIAL ADVICE ON<br />
- Personal Injury -<br />
- Workers Compensation -<br />
- Value Of Superannuation -<br />
Contact<br />
Deborah Jones, Geoff Keen<br />
or Victor Tien<br />
08 8232 1333<br />
contact@brettandwatson.com.au<br />
www.brettandwatson.com.au<br />
Ground Floor<br />
157 Grenfell Street<br />
Adelaide SA 5000<br />
<strong>April</strong> <strong>2022</strong> THE BULLETIN 43
We manage one of SA’s largest<br />
social media accounts.<br />
boylen.com.au<br />
P (08) 8233 9433