So you’ve been hacked…

Data breaches are a common occurrence in the tech world. In the past, if you wanted to steal information, you would have had to buy a crowbar, break a window and jimmy open a filing cabinet. These days, however, stealing data is as easy as guessing a password. Whether your breach is due to a phishing scam, a patchy security system, or Janet in accounting, most modern companies have to deal with the issue of digital security.

In recognition of this fact, the Australian government recently amended the Privacy Act to include the Notifiable Data Breaches Scheme, a comprehensive guide on how to deal with a data breach. Of course, in law-land, “comprehensive” is often a synonym for “mind-numbing”, so we’ve put together a short guide on how you should deal with data breaches that won’t put you to sleep.

What is a data breach?

A data breach is anything that results in somebody having unauthorised access to information, and which is likely to result in serious harm. It’s pretty context-specific. For example, if your toddler steals your phone, guesses your work password and sends a selfie to your boss, that’s probably not a serious data breach. However, if a 30-year-old Russian hacker does the same thing to your entire work contact list, it might result in serious harm.

C.A.T.S

If you suffer a data breach, there’s one thing you need to remember: CATS. It’s an initialism we came up with to simplify the data breach process. (It also doubles as a reminder to look at cats on the internet, which is a great way to relieve stress after a data breach).

• Control - If you think a breach has happened, your first job is to control the situation. Stop the breach to the extent that you can, lockdown, and identify what information might have been breached.
• Assess - Assess the situation. Ask whether serious harm is likely. If it is, you need to conduct an assessment of the incident and decide whether you can do anything to fix the harm arising from the breach.
• Talk - If your assessment reveals that serious harm is likely, you need to make a submission to the Australian Information Commissioner. A standard form is available here. You also need to notify anybody who might be harmed by the breach, either by contacting them directly or posting a message on your website. We also recommend apologising – it’s good manners.
• Summarise - In the wake of a data breach, you need to summarise the incident and make a plan to stop breaches from taking place in the future. Consider making staff training mandatory, auditing your platform, or hiring an internet security company to manage your systems. In short, do whatever will stop that ageing Russian hacker from sending more poorly-lit selfies to your managing partner.

You should also look at cats on the internet. Seriously, it’ll calm you right down.

If you’d like to discuss your Data Security call Rouse Lawyers’ technology team on 07 3667 9696.

Fair Enough: Australian Copyright Law and Content Creators

By David Rose 

If you’ve ever been on YouTube, you may have noticed something funny crammed between the spittle-flecked invective comments section and the video. It usually looks something like this:

“Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.”

This disclaimer pops up on video games, music videos, and even adult websites, like the world’s nerdiest virus. All over the globe, people are taking copyrighted stuff and reissuing it under the doctrine of “fair use”.

What is fair use?

Like deep fried butter and deep fried Coca-Cola, fair use is an American concept. It was codified in the U.S. in 1978 and provides protection to people seeking to use the copyrighted material of others. When deciding what is “fair”, the courts consider:

a)    the purpose and character of the use;

b)    the nature of the copyrighted work;

c)     the amount of the work used as a whole; and

d)    the effect that the use would have on the value of the copyright.

If the courts consider the use of the copyrighted work ‘fair’, then the person using it does not have to seek permission from the copyright holder. Usually, this means that the person using the copyrighted material isn’t seeking to devalue the copyright, or make an easy profit by republishing it as their own.

How does fair use work?

Here’s an example of how these rules work: imagine a person wants to use this photograph with the caption ‘Brisbane’s best lawyer!’ in a testimonial. The photograph is copyrighted material, so can our reviewer use it? If we assume that the intention of the testimonial is not to devalue the existing copyright, or to make a profit from it, the photo and caption would probably be considered fair use under American law. Fair use allows you to make a comment, to criticise, to teach, to report news and to research, without having to get permission from copyright holders first.

Fair dealing in Australia

Australian law doesn’t currently contain a ‘fair use’ provision. Instead, we have something called ‘fair dealing’, which sounds like something a morally upstanding drug dealer might consider. Fair dealing is much more limited than fair use, and only allows copyrighted material to be used in five ways:

1-Criticism and review;

2-Satire or parody;

3-News;

4-Legal advice; and

5-Research and study.

When deciding whether a use is ‘fair’, we consider very similar things to the Americans. We ask how much of the work is going to be copied, whether the use will devalue the original, whether the original creator will be given credit, and a few other issues.

Should Australia adopt fair use?

There are good arguments for Australia adopting fair use. For one thing, it’s clear that Australia is the legal equivalent of a 60-year old with sciatica… incredibly inflexible. Fair dealing is limited to 5 categories, which means we have pre-set guidelines as to what is fair dealing. If something new and novel comes along, our laws might not be able to deal with it properly.

Think about VCRs, for example. Remember those? They were the mutant cousins of cassette tapes that we used to watch videos on. Wait, you don’t remember cassette tapes? Oh, God. We’re getting old. See, back in the 90s, before TV was in the cloud and the cloud was full of carbon monoxide, people used to tape Friends and Fraiser using their VCR. That way, they could watch their shows any time they liked! It was like Netflix, but instead of being “on demand”, your shows were “in the cupboard” under a box of old socks.

In America, the home taping craze was allowed under the doctrine of fair use. When people were pirating copyrighted shows, fair use stepped in to save the day. Things went a little bit differently in Australia. Fair dealing didn’t apply to the new technology of VCRs, and home taping remained illegal (despite the fact that everybody did it) until 2006. For reference, that’s 6 years after the DVD-ready PlayStation 2 came out.

A lot of companies are jostling for fair use provisions in Australia. Both Google and Wikipedia believe that Australians need fair use. They argue that if their companies had begun in Australia, our copyright laws would have killed them before they even started. Wikipedia’s use of copyrighted images, for example, would almost certainly be prohibited under Australian law. The Australian Law Reform Commission also believes in fair use, stating that “fair use would provide flexibility to respond to changing conditions and would assist innovation.”

It seems fairly obvious to us that allowing fair use would give Aussies a fair go, and that sounds fair enough to us. Fair dinkum.

If you’d like to discuss the Australian Copyright laws, call Rouse Lawyers’ technology team on 07 3667 9696.

Compliance with new employment laws: ‘reasonable steps’ franchisors can take

By Luke McKavanagh, Justine Ansell & Matthew Rouse 

The Fair Work Amendment (Protecting Vulnerable Workers) Act 2017 (the Act)took effect on 15 September 2017. The Act was triggered in response to the highly publicised 7-Eleven employee underpayment scandal which has engulfed the franchise sector since late 2015, along with several recent systemic underpayment scandals by Domino’s Pizza and Caltex franchisees.

The key changes brought by the Act include:

1- new offences and increased financial penalties (details below) for breaches of workplace laws, including those who underpay employees, fail to keep correct time and wage records, fail to issue compliant pay slips and/or who force employees to repay wages (the ‘cash-back’ scheme that 7-Eleven was recently embroiled in);

2- increased investigative powers of the Fair Work Ombudsman, including increased powers to inspect and require employers to provide employment records and attend interviews under oath;

3- new offences and liability provisions for franchisors and parent companies making them liable in some circumstances for the actions of their franchisees and subsidiaries; and

4- a new onus of proof that effectively means someone is presumed guilty of an alleged underpayment if they cannot show, to the satisfaction of a court (e.g. through adequate employment records or other means) that they have paid their employees correctly. This means keeping the required employment records will become critical moving forward.

What the new laws mean for franchisors

The Act holds franchisors and holding companies responsible for underpayments and workplace law breaches by their franchisees or subsidiaries if the franchisor or holding company knew, or reasonably should have known, about the contravention and failed to take reasonable steps to prevent it. This greatly expands on the existing laws and has massive ramifications on the franchising industry.

The franchise-specific provisions of the legislation will only apply to franchisors who have a significant degree of influence or control over the affairs of their franchisees. How this influence or control will be assessed is yet to be determined because the legislation hasn’t been tested in the courts.

The legislation means that if a franchisee underpays an employee, fails to keep proper employment records or contravenes another workplace law (for example discrimination or bullying) then the employee could make a claim against the franchisor. The Fair Work Ombudsman can also institute proceedings against the franchisor. In the eyes of the law the franchisor could be seen as the party at fault, responsible and liable to pay compensation.

The legislation also adopts a much broader definition of what constitutes a franchise relationship compared to the definition under the Franchising Code of Conduct. This means that many licencing or distribution arrangements will be caught. For example, if a distributor underpays an employee then the employee could have recourse against the distributor’s supplier.

Sham contracting arrangements should also be kept in mind. If a franchisee was to engage a worker as a ‘contractor’ but in actual fact that worker should be classed as an ‘employee’, then this will be a breach of a workplace law, exposing the employer to a range of risks including underpayments, compensation and financial penalties. The worker may also have recourse against the franchisor.

What franchisors should do

If franchisors have significant control or influence over their franchisees then they need to take reasonable steps to limit their liability. Franchisors can no longer turn a blind eye and not take action if they have cause to suspect a franchisee is contravening workplace laws. Franchisors must now pay closer attention to how their franchisees manage their personnel and employment processes.

The crux of the legislation is that franchisors need to have reasonable steps in place to monitor compliance with workplace laws. Because the correct approach to determine what ‘a significant degree of control or influence over the affairs of a franchisee’ has not yet been determined, then from a risk-management point of view, or if adopting a conservative approach, then the prevailing view amongst industry professionals is that franchisors should assume that they do have such control and take reasonable steps.

What is a ‘reasonable step’ on a franchisor’s behalf will depend on the circumstances on a case-by-case basis. It is clear from the legislation that the more steps a franchisor takes, the less likely they are to be held liable.

If franchisors feel that they don’t have a degree of control or influence over franchisees then they need to be able to back that up.

As flagged above, the prevailing view amongst industry professionals which we recommend (at least until the legislation is tested and there is legal precedent) is to adopt a conservative approach and presume that franchisors will be liable unless this can be proven otherwise.

We recommend that all franchisors adopt a ‘reasonable steps compliance plan’ which might involve some or all of the following, depending on the circumstances:

1- A system-wide memo sent to all franchisees. This should explain and emphasise that the correct engagement of employees and compliance with workplace laws is the responsibility of the franchisee. It should remind franchisees of their obligation to comply with workplace laws such as correct classification of employees, correct payment of wages, compliance with any applicable modern award or industrial instrument and relevant legislation, correct payment of entitlements (PAYG taxes, leave, superannuation, etc), compliance with any visas for migrant workers and record-keeping obligations.

2- Reviewing standard-form franchise agreements and operations manuals to clearly set out the obligations of franchisees under workplace laws.

3- Regular and active monitoring franchisees, and if warranted, carrying out targeted or random field visits and compliance audits (complying of course with any process to be followed under the existing franchise agreement). Sending out questionnaires for completion by franchisees is another important step in active monitoring. Regular audits following the return of questionnaires may act as a deterrent to other franchisees who will be aware that audits are commonplace and that consequences for non-compliance with workplace laws are enforced.

4- Checking what modern awards or industrial instruments are applicable to the particular industry for the purpose of self-education and educating franchisees and employees.

5- Obtaining advice from third party consultants where required.

6- Reviewing or developing policies (covering such things as workplace bullying, sexual harassment, discrimination and privacy), information kits, checklists and other resources for franchisees. This doesn’t mean franchisors must take out their own exhaustive review of all workplace laws. However, the resources need to be enough to make the franchisee consider what needs to be taken into account and complied with. It should aim to point them in the right direction. The medium could be transmission through the franchisor’s internal intranet system or a link to a webinar. The Fair Work Ombudsman’s website has some useful online resources and training material as a starting point. We also recommend franchisors provide all franchisees with a copy of or link to the Fair Work Ombudsman’s Fair Work Handbook which they should be required to read and familiarise themselves with.

7- Reviewing or developing internal policies, educational resources and online/inhouse training for the franchisor’s own staff to know what to look for and to know what to say when presented with an employment related enquiry from a franchisee or one of their employees.

8- Reviewing the initial, ongoing and refresher training provided to new and existing franchisees to include workplace law compliance strategies. This could be incorporated into the induction process for new franchisees.

9- Depending on the franchisor’s rights under the applicable franchise agreement, requiring franchisees to complete online Fair Work training programs and provide completion certificates to the franchisor.

10- Encouraging feedback as both franchisees and their employees should feel comfortable approaching a franchisor in respect to issues with the system. Employees should not feel that they are prevented from raising employment concerns with the franchisor. There should be an agreed point of contact within the franchisor’s organisation (whether an individual, phone hotline or email address) by which franchisees and their employees can raise concerns.

11- Listening to concerns that franchisees or their employees raise regarding the system and developing internal reporting processes to manage concerns. Franchisors shouldn’t ignore issues. It is in a franchisor’s best interest to ensure that franchisees are operating their businesses adequately and in compliance with workplace laws. If franchisees are struggling to pay their employees the proper entitlements, and if this is a widespread concern, that could indicate the need to review the structure of the franchise system.

12- Treating franchisees with uniformity. Franchisors could be accused of breaching their good faith obligations under the Franchising Code of Conduct if they single out a particular franchisee. If audits are to be carried out and consequences for non-compliance enforced, then all franchisees should be treated equally.

13- Developing a process for the franchisor to follow when addressing alleged employee underpayments and contraventions of workplace laws.

14- Developing resources for the franchisor’s own staff and franchisees setting out how to respond to a request or investigation by the Fair Work Ombudsman, for example, FAQs or guidelines. It is important that franchisees are aware of their legal obligations in that regard and the powers of Fair Work Ombudsman inspectors.

15- If franchisors have any suspicions about a breach of workplace laws, taking immediate action and being on the forefront.

Simply referring franchisees to the Fair Work Handbook will not itself be sufficient to demonstrate the franchisor has taken ‘reasonable steps’.

Takeaways

If franchisors don’t have a reasonable steps compliance plan, then they expose themselves and their franchise system to liability.

If franchisees know that franchisors are serious about enforcement, then that may be more incentive for franchisees to carry out their own internal reviews into whether they are compliant and to be proactive in compliance.

Franchisees and franchisors must also be prepared to face tougher financial penalties for breaching workplace laws. These are now significant. In some cases, the penalties will be up to $630,000 for corporations (i.e. operating as a company) and $126,000 for individuals (i.e. operating as a sole trader, or people who are decision makers in a company, for example an officer/director or HR manager). These penalties apply per breach, meaning if two employees are underpaid then there could be multiple breaches and multiple penalties.

Usually there are multiple breaches of the Act for underpayment and non-compliance offences, so non-compliance is expected to be a very expensive exercise going forward. We expect the Fair Work Ombudsman and inspection activity and prosecutions to significantly increase and the fines imposed by the courts to continue to significantly increase as well.  We have already seen this in the most recent decisions being handed down. We are also seeing the move toward making the individuals involved in non-compliance liable, including directors, officers, HR managers, payroll providers and most recently third party professional services advisors, including accountants and payroll providers.

Deliberately underpaying employees or retaining false records may also constitute fraudulent conduct in certain circumstances, entitling a franchisor to immediately terminate a franchise agreement, or at the very least, acting as grounds for a breach notice to be issued (depending on the provisions of the applicable franchise agreement).

At Rouse Lawyers we can speak with franchisors to assess whether they are engaging in any operational activities which may indicate a ‘degree of influence or control’ over franchisees. This can involve an examination of the franchisor’s general systems and procedures for dealing with franchisees. We can also assist franchisees who may have concerns regarding compliance and the engagement of their employees.

As the recent 7-Eleven scandal has shown, if the media were to discover a contravention of workplace laws, then this can put a negative spotlight on a franchise system and cause irreparable reputational damage. Franchisors and franchisees have no control over what the media says once a story hits the news. The Fair Work Ombudsman could also take action to name and shame or prosecute the franchisee and/or franchisor and the business.

If you have any concerns about compliance, the underpayment of employees or questions about the new laws, please get in touch with one of our lawyers. We have dedicated franchise and employment law teams that can assist.

Need advice?  Talk to the Franchising team at Rouse Lawyers. Contact us today!