Amendments to the Privacy Act take effect this week

Peter Clark has quite a few posts covering amendments to the Australian Privacy Act that come into effect this week.

This Wednesday the amendments to the Privacy Act 1988 take effect.  They should require a significant change to the manner in which privacy is regulated in Australia by the Privacy Commissioner.  He has been given significant and varied enforcement powers.  And the penalties for serious interferences with privacy, $340,000 for an individual and $1,700,000 for a company, and breaches of the Credit Reporting provisions of the Act (Part IIIA) are very significant.  The question is, and has always been, how active and effective the regulator will be.  Part of the problem in the past has been the opaque way complaints have been processed and the lack of understanding of the criteria used in not investigating complaints and and the relative lethargy of the office in the past, under previous occupants of the position. Given the gatekeeper role the Privacy Commissioner has under the Act this effects how effectively and assertively the Act is regulated, or otherwise.  It is a flaw in the structure of privacy legislation. Except for section 98 and the very limited circumstances of sections 90-91 any complaint has to be referred to the Privacy Commissioner (assuming no dispute resolution process is in place) and that office has the sole authority to bring civil penalty actions.  Unlike the Corporations Act where ASIC has powers as does an individual or company with standing to bring an action for breaches or the Consumer legislation where the ACCC and individuals can bring actions.
What actions has your organisation taken in relation to these amendments?  Have you updated your relevant policies and informed your staff?  Do you know they are aware of and understand how the changes affect them?

Twitter users can be held to account for their comments

An article by Michaela Whitbourn on The Sydney Morning Herald looks how recent cases have shown that amateur publishers can be held to account for their comments.

As the internet makes a media mogul of any person with a smartphone, tablet or computer, the defamation battles that were once waged only against well-resourced media companies are being fought on new ground.

Andrew Farley, a former student at Orange High School, found this out the hard way.

Farley did not have the benefit of editors, subeditors and lawyers vetting his posts when he made defamatory comments about music teacher Christine Mickle to about 50 Facebook friends and 60 Twitter followers.

Mickle sued him for defamation and, in an unpublished judgment in November that only came to light this week, he was ordered by the NSW District Court to pay $105,000 in damages. He has since declared bankruptcy.

Read more: Cases against Andrew Farley, Mike Kelly and Marieke Hardy show that Twitter users can be held to account for their comments

85% Of Electronics Retailers Ignore Australian Consumer Law: CHOICE

An article by Chris Jager over at lifehacker concerning a CHOICE investigation into the application of Australian Consumer Law illustrates how a lack of knowledge may be exposing major retailers and their staff to significant penalties:

The vast majority of staff at Australia’s major electronics retailers are pretty clueless when it comes to consumer rights, according to a new investigation by CHOICE. The consumer watchdog discovered widespread violations of Australian consumer law across 85 per cent of Harvey Norman, The Good Guys and JB Hi-Fi stores around the country.

During its investigation, CHOICE visited 80 Harvey Norman, The Good Guys and JB Hi-Fi stores across all Australian states and territories while posing as regular customers inquiring about the return of big ticket items. A whopping 85 per cent of sales staff were found to have limited or no understanding of their obligations under Australian consumer law.

In addition, every staff member that CHOICE spoke to attempted to sell an extended warranty, despite the fact that Australian retailers can’t impose an arbitrary period on when warranty support is available — instead, goods are expected to operate for a reasonable length of time.

For the full story see 85% Of Electronics Retailers Ignore Australian Consumer Law: CHOICE

It is interesting to note how the extended warranties are offered all of the time when there is an upside of increased sales commission, but how a lack of knowledge may actually be exposing these individuals and companies to a more significant downside in relation to penalties relating to breaches of Australian Consumer Law.  What are you doing to ensure you are not exposed to such penalties?

HP to pay $3 million for misleading consumers and retailers

The Federal Court today ordered Hewlett-Packard Australia (HP) to pay a $3 million civil pecuniary penalty for making false or misleading representations to customers and retailers regarding consumer guarantee rights.

The Australian Competition and Consumer Commission instituted proceedings against HP on 16 October 2012. Subsequently, the ACCC and HP came to an agreed settlement on the matter.

The Court found, based on the parties’ agreed facts, that HP made a number of false or misleading representations to consumers about their consumer guarantee rights, including that:

  • the remedies available to consumers were limited to the remedies available at HP’s discretion;
  • consumers were required to have their product repaired multiple times before they were entitled to a replacement;
  • the warranty period for HP products was limited to a specified express warranty period;
  • consumers were required to pay for remedies outside the express warranty period; and
  • products purchased online could only be returned to HP at HP’s sole discretion.

In addition, the Court found that HP represented to retailers that it was not liable to indemnify the retailer if the retailer failed to obtain authorisation from HP before giving a consumer a refund or replacement.

The full story is available from the Australian Competition & Consumer Commission.

Townsville City Council PolicyPoint Case Study

Since 2008 when the local government entities of Townsville City Council, NQ Water and Thuringowa City Council amalgamated to form the new Townsville City Council, PolicyPoint has been helping the Council meet its employee training and corporate governance commitments.

With more than 1700 employees, Townsville City Council services 175,000 residents across 3,700 square kilometres of far North Queensland. The Council provides a wide range of services including infrastructure, water, parks, waste, leisure and public works.

In the lead-up to the amalgamation, a comprehensive review of Council policies was undertaken. When the new Council came into being, Council management needed to ensure that the organisation’s core policies and procedures were understood by all employees.

“Each of the three organisations that became amalgamated had their own sets of policies and procedures, all of which had to be reviewed to determine their appropriateness for the amalgamated Council”, said Geraldine Wood, Executive Manager Corporate Governance, Townsville City Council. “There was a lot of potential for confusion and uncertainty amongst staff when the new Council was formed; in particular there was the risk that employees would find themselves working under  policies that were obsolete, incorrect or unexplained.”

Rather than opt for an in-house solution, Townsville Council installed PolicyPoint Enterprise, a complete policy compliance solution that allows an organisation to distribute policy information, capture staff members’ acknowledgement of relevant policies and test for understanding.

“When the new Townsville Council was created we required a policy awareness program for all employees – we regard a program of this type as one of the central building blocks of good governance”,. “The PolicyPoint system impressed us as a solution that would easily enable staff to know what our policy direction is with regards to the job role they occupy.

“It is important that the Council maintain high standards when it comes to our corporate culture. As with any local government we are funded by the public and we are accountable to the ratepayers; accordingly all our staff need to know what we stand for and what is required of them.”

The PolicyPoint solution forms part of every new employee’s induction program as well as ongoing training. Council policies are broken down into categories with many being department-specific, for example finance, roads and engineering etc. Policies that need to be understood by all employees cover such areas as codes of conduct, the environment and workplace health and safety. For many policies – for example electrical safety – there is a legal requirement for all employees to be aware of them.

Approximately every two weeks a new staff member logs onto PolicyPoint via the Council’s intranet and is introduced to a new set of policies. After reading over the policies the user answers a handful of multiple choice questions to verify their understanding of them. As new policies are introduced new PolicyPoint modules are created for staff members to respond to.

“The PolicyPoint system has enabled us to avoid a situation where new employees are bombarded with Council policy material”, said Ms Wood. “PolicyPoint allows us to pace the policy education process steadily, allowing employees the best opportunity to understand the Council’s guidelines, policies and procedures and how their job responsibilities relate to them.”

Since PolicyPoint was installed there has not been an incident whereby an employee’s ignorance of a policy has produced harmful consequences for the Council.

“As a risk management tool PolicyPoint has proved its worth as is evident by the lack of any serious policy breaches”, said Ms Wood. “From a monitoring and verification perspective PolicyPoint is also proving effective. There have been a few occasions where an employee has claimed they were unaware of a particular policy, but in response we have been able to point to their completion of the relevant policy module to determine that that was not the case.”

The PolicyPoint system has been well-received by employees, as Ms Wood explains: “PolicyPoint has gained widespread positive acceptance amongst staff, which is very pleasing”, she said. “The ongoing task of learning and being tested on Council policies is effective without placing an onerous burden on staff members. For the vast majority of our employees meeting their PolicyPoint obligations is a stress-free part of their job.”

Looking towards the future, Townsville City Council plans to stick with PolicyPoint as its policy management solution.

“PolicyPoint is doing exactly what we expected of it”, said Ms Wood. “Importantly the customer support we have received from PolicyPoint has been first-class from day one. The professionals at PolicyPoint are very tuned in to our needs and objectives and they have developed a strong relationship with the Council. In the immediate future there is potential to expand our use of PolicyPoint particularly with regards to training.”

Employers pull plug on social media

An article by Clay Lucas in The Sydney Morning Herald provides examples of several workplaces that are banning their staff from accessing social media during working hours.

WORKPLACES are banning their staff from accessing social media during working hours, and trying to prevent them making comments about their employer after hours.

Across Australia, only 91 businesses have sought to formally ban their staff from accessing Facebook, Twitter and other social media sites as part of a workplace agreement.

The first enterprise deals featuring such bans began appearing in 2010, and increased five-fold in 2011, Fair Work Australia agreement searches show.

For the full story see Employers pull the plug on social media sites

Banning access to social media may be going a little too far.  We think it makes much more sense to have a good policy that clearly details how such technologies should be used appropriately in the workplace.  To round this out you should ensure you have a mechanism in place to confirm your people have received and understand the policy.

How social media can be a danger for employers

An excellent quote from Tony Vernier, managing director of Australian Business Lawyers and Advisors appeared in The Sydney Morning Herald today in reference to social media policies:

“And you can’t just have a policy on the shelf – if people don’t know about it, it’s as if you don’t have a policy”

So not only do you need a social media policy, but you need to ensure the policy is known.  This is exactly what PolicyPoint does.

The article provides real world examples of where the lack of an effective mechanism to ensure such policies was known caused organisations and individuals considerable inconvenience and expense.  Had the organisations concerned been able to show proof that the staff had demonstrated knowledge of the policies the situations described would have been much easier to deal with, of course had they utilised such a mechanism the situations would be less likely to occur in the first place.

For the full story see How social media can be a danger for employers

11 ERM policy blunders to avoid

Are your employees actually following the organisation’s ERM policy framework?

Part two of this series on policy management reveals 11 of the most common policy blunders that can scupper the effective implementation of ERM in your company.

1. Having no policies in place: Over the years we have come across more than a handful of executives that refuse to document policies and procedures. The overwhelming reason appears to be that they have had a bad experience where the company’s documented policies have not been properly implemented, and have subsequently been relied upon in legal claims by former staff members. For those that do not believe in documenting policies and procedures we wholeheartedly agree that you shouldn’t publish policies that you are not going to enforce. We also wholeheartedly believe that you can achieve the significant benefits outlined in part one of this series (seen here) if you take the time and effort to ensure effective policy implementation and maintenance.

2. Paper-based content distribution: We don’t see this too much these days, as most organisations make their policies available from a centralised publishing location such as an intranet or even a shared drive, where they can be assured (at least in theory) only the latest version of the policy is available to staff. The old model of distributing paper-based policies is fraught with danger as every policy change requires each and every distributed version to be updated. Of course, the updates rarely happen in practice with the end result being that an organisation has multiple, uncontrolled versions of policies and procedures floating around. All in all, a true recipe for chaos.

3. Lack of policy management systems and expertise: The degree of skill required to draft policies, and effectively implement and maintain policies, is commonly underestimated. Not only must policy managers be able to prioritise which policies need to be created, they must also be able to write in plain English, while conforming to organisational standards and styles. However, perhaps the biggest challenge for policy managers is to understand the organisation’s policy implementation process and to draft the policies so they can be effectively communicated, maintained and integrated with other organisational content. Many of the ‘policy blunders’ listed in this blog come down to a lack of policy management systems and expertise.

- ends -

… read the full article at

Not sure your employees are complying with your policy framework? Contact PolicyPoint for a confidential review of options for ensuring employees regularly review – and demonstrate their understanding – of your ERM or broader compliance framework.


IBM bans Siri over concerns she has loose lips

Siri has had her visitor badge revoked at IBM. Apparently she can’t keep quiet about what she hears.

Although IBM has allowed the iPhone 4S and other employee-owned consumer smartphones and tablets, like so many other companies barraged by their smartphone-toting workers, company chief information officer Jeanette Horan has said it’s been more of a migraine than a cost-saving solution.

“We found a tremendous lack of awareness as to what constitutes a risk,” Horan recently told MIT’s Technology Review. Now they’re trying to educate their employees.

Many voice-recognition services like Siri actually transmit the words spoken to them to a database, so they can get smarter, grow their vocabulary and learn different accents. But loose lips, however seemingly benign or even academic in nature, are counter to the secretive and competitive nature of business.

For decades, corporate information technology departments held the keys to mobile communication. They portioned out the devices that they configured with approved software and, to that end, controlled what got in and out of the company.

But now there’s a bit of a potluck approach to communications, with everyone from the CEO down bringing in their own device whether smartphone or tablet.

- -

Story available at Worried about potential risks from your employees’ IT use? Contact PolicyPoint for more information on ensuring all staff – from board level down – is full aware of what they must and must not do to preserve your company’s IP.


NSW agencies push very hard for SaaS rollouts

Several major New South Wales Government agencies have unveiled major and wide-ranging plans to imminently purchase Software as a Service-style IT solutions, in moves which have the potential to re-cast the dynamics of the perceived relationship between Australia’s public sector and the burgeoning class of SaaS-delivered IT packages.

Australia’s public sector has in the past notoriously been averse to purchasing IT solutions which are delivered as a service.

However, if the NSW Government has its way, much of this may be about to change. Over the past few months, several major NSW Government agencies have kicked off large IT purchasing initaitives which specifically highlight a preference for SaaS solutions, as opposed to on-premises deployments.

- -


This is great news for companies like PolicyPoint, as we already provide our service on an SaaS basis  local government and enterprises seeking to embed a compliance and/or performance culture. As Delimiter notes,it is fascinating to see the NSW Government moving in the SaaS direction – and it will be worth re-examining their takeup of sofware-as-a-service over time. Contact us if you’d like a free demo of how PolicyPoint can make a difference to your organisation!