Kelvin Grove 07 3369 7145 | Wilston 07 3505 0355


New Data Breach Laws and your responsibilities



Amendments to the Privacy Act 1988 (Cth) are now in effect, introducing a mandatory notification scheme for data breaches.


What are the changes?

The scheme imposes notification and reporting obligations upon APP entities where they know or suspect there has been an eligible data breach, that is, a data breach involving personal information that is likely to result in serious harm to any individual affected.

So let’s unpack this a little.


Reporting obligations

The obligation imposed is to prepare a statement to report the breach to the Office of the Australian Information Commissioner (OAIC) and notify any individual affected. If it is not practical to notify individuals, the statement must be published on the entity’s website.


APP entities

Organisations and federal government agencies subject to the Privacy Act, which include:

  • NGOs, Government Agencies and Businesses with an annual turnover of $3 million;
  • Credit reporting bodies that hold credit information;
  • Health service providers who hold personal information; and
  • Tax file number recipients.


Know or suspect

The obligations under the amendments arise when the entity has reasonable grounds to suspect that there may have been an eligible data breach, even if there are not reasonable grounds to believe that the circumstances amount to an eligible data breach. The obligation on the entity in these circumstances is to commence and carry out an assessment within thirty days.


Data Breach

There are three main circumstances:

  1. Unauthorised disclosure: where an entity (including by its employee) makes information accessible or visible to a third party, whether intentionally or not.
  2. Unauthorised access: may be where a third party contractor or other person accesses information they are not permitted to access. This includes instances of hacking.
  3. Loss: for example where a phone, USB, file or hard drive is left on a bus, particularly if there is no password or encryption on the device where unauthorised disclosure/access is likely.


Likely to result

The risk of serious harm must be higher than a possible risk; it must be more probable than not.

This criteria is considered objectively, and the decision is whether a ‘reasonable person’ standing in the position of the entity, with the knowledge of the entity (not of the affected person) would consider that serious harm is more probable than not.

This depends on the nature of the information, and in a broad sense, the type of person the information may relate to. The entity is not however required to make external enquiries of the individuals affected.

For example, if the addresses of clients of a domestic violence victims support group are involved in a data breach, the entity would be aware that the persons involved are likely to be victims of domestic violence and therefore are likely to be at risk of serious harm where this information is disclosed.


Serious harm

While not defined in the Act, the phrase is likely to include physical, psychological, emotional, financial or reputational harm.

The Act contains a list of relevant matters to assist an entity in evaluating whether serious harm is likely, including:

  • The type/sensitivity of information involved;
    • Health/person information;
    • Documents used for identity fraud;
    • Location/contact information.
  • Whether there are any security measures protecting the information (such as encryption, passwords on phones and devices, codes), and the likelihood of these security measures being overcome;
  • The identity or class of persons who have obtained / might obtain the information and the likelihood that they want to cause harm;
  • The nature of possible harm; and
  • Any other relevant matters.


Any individual affected

As discussed above the entity is not required to look into the particular circumstances of the persons whose information may be compromised, however it is expected to make general enquiries to determine the matters outlined above. All of these matters, including the type of information, how long it was available and who accessed it are relevant.

The more people whose information was accessed and who may be affected by the breach, the higher the likelihood that one person will suffer serious harm.


Are there any exceptions?

There are a number of exemptions, most importantly that notification will not be required if the entity takes action to prevent serious harm before it is caused.


What are the penalties for non-compliance?

Failure to comply is considered an interference with the privacy of an individual and substantial penalties apply for entities who fail to comply with their reporting obligations. The OAIC can investigate complaints and, in the case of serious or repeated instances of non-compliance, apply to the Court for civil penalties of up to $2.1 million.


Is your business ready for the new Data Breach Notification laws? Do you need help evaluating a breach or drafting a compliant Statement to notify the OAIC and affected individuals? Just Us Lawyers can help your business organisation put policies into place to reduce the likelihood of Data Breaches and to help you evaluate and respond to a Data Breach if it occurs.

Get to know Just Us…. Skye Nicholson


Any favourite line from a movie?

“Get to the choppaaa!” – Arnold Schwarzenegger.


Do you have a favourite quote?

“If you’re going through hell, keep going” – Winston Churchill.


If you could change one thing about working here, what would it be? 

Casual Fridays and a printer on my desk for when I get lazy haha.


If you could interview one person (dead or alive) who would it be?

Cooper Cronk – he has played such a pivotal role in NRL throughout recent years and I would like to see what he has instore following his retirement (since no other reporters can get it out of him).   


Tell us three things most people don’t know about you…

  1. I love what I do;
  2. I love my NRL; and
  3. I broke my leg in 2015… unfortunately while I was working at an office that was in a high-rise building. I had to get authorisation to use the chair lift.


What does a typical day look like for you?

Emails, emails, emails, drafting correspondence to clients and/or other firms and often I will also spend time either researching or reading relevant conditions and clauses.


 What is the first thing you would buy if you won the lottery?

Send my parents on a holiday, buy an investment property, a boat and a jet ski ie. “The dream”!


What food/drink do you wish had zero calories?

Beer and ice-cream.


You’re happiest when?

 I’m with friends and family either at the beach or simply enjoying the outdoors of this beautiful country.


Skye is part of the Kelvin Grove branch team. Presently she is assisting our solicitor, Natalie Smyth, in various areas including Commercial Law and Binding Financial Agreements.  If you have any queries  – call/email Just Us Lawyers or complete our enquiry form for a quote today.

What will happen to my pet after I die

By Sarah Camm

Working out what will happen to your estate and who will benefit from it can be a bit like a checklist:

  • Spouse – check
  • Children – yep
  • Parents – sorted
  • Siblings – okay
  • Pet?

For many people, their pet might actually be their most dependent dependant. Have you thought about what will happen to your furry friend after you pass away?

Where will they go?

Many people don’t like to think of pets as property and humans as owners, but in the eyes of the law these particular family members are treated as chattels, and will go to your beneficiaries.

Can I give them my property?

No, unfortunately your pet pup cannot actually own your house, or your jewellery or even your cash. This is probably a good thing because I doubt they would know what to do with it. Luckily you can leave a portion of your estate “for the benefit of” your bestie.

Who should I leave the property to?

There are a couple of options.

If you have only one pampered pet in your life, you might leave a fixed sum to a person that you trust who will use these funds for the benefit of your pet. This should be the same person as you actually name as the new carer for your pet. You obviously trust them with your pet’s wellbeing, just be sure you trust them to use the cash correctly.

If you have a few pets, or you want separate people to help with care and finances you might consider setting up a trust for your beloved companions. A trust gives you a bit more control, and may even generate its own income, meaning your property can provide for your pet for some time to come.

Important things to remember

  1. Make sure your Will is valid and binding – a dispute over the validity of your Will could cause costly litigation and delay, meaning your pet’s future may be uncertain.
  2. Make your intentions clear – your Will should clearly state who is to look after your pet after you die, and what (if any) property you are leaving for their benefit.
  3. Leave your pet to one beneficiary, but name a backup just in case.
  4. Make sure your pet’s new owner has agreed!!

Dogs, cats and all other furry friends thrive on consistency and don’t like to move around a lot. Taking the time now to make their futures certain can make a confusing time in their life a little more comfortable, and give you the peace of mind that they will be well looked after for years to come.

A Wills & Estates solicitor can assist you to work through a number of best – and worst – case scenarios to ensure that your Will is as certain as possible. At Just Us Lawyers we have experience in drafting Wills for clients with a wide range of circumstances. Contact Just Us Lawyers Wilston office to enquire about drafting a new Will that reflects your wishes.

Here’s cheers to the office Christmas Party

By Sarah Camm

For many, the office Christmas party is the social highlight of the work calendar.

For others, it can be hard work, which makes sense because, in some ways, it is work – an official work function which employees are generally expected to attend, aimed at improving employee-employer, and inter-employee relations.

Their unique feature means that, even if they are not held during usual working hours, employees who have let their hair a little too far down often find themselves in the manager’s office on Monday morning.

So – can you really get fired because of your behaviour at the Christmas party? The answer is yes!*


You see, while some cases are fairly clear cut (for example, Mr McDaid who threw one colleague into a pool and then initiated a fist fight with his General Manager) there can be a grey area where the official function ends and employees decide to party on.

In 2010, Mr Lawrance almost lost his job for showing off his “party trick” – opening drinks with his genital piercing.

In Mr Brown’s case, the official function had ended, however he remained in the function room for a little while before walking to the nearby balcony and urinating over it onto the unsuspecting diners at the restaurant below.  Mr Brown’s application that his dismissal was harsh, unjust or unreasonable was dismissed. The incident was near enough in time and location to the work function to be considered “connected with” his employment.

Mr Keenan’s case was another boozey office party (I’m sensing a theme). On the Monday following the event Mr Keenan’s managers were investigating 8 incidents of inappropriate behaviour, ranging from swearing at (and about) the company Directors to non-consensual surprise kisses to co-workers. Mr Keenan’s termination was found to be harsh and unjust on the following bases:

  • The Sexual Discrimination Act states it is unlawful for an employee to sexually harass a fellow employee;
  • While several of his acts amount to sexual harassment, these occurred after the official function had ended, in the public bars and taxi rank, not in the function room;
  • Other incidents amounted to intimidating behaviour, not sexual harassment;
  • Many incidents, were simply too minor to warrant termination;
  • The one incident that could warrant termination that did occur during the function could still not cause a valid termination as it was a one-off occurrence where no prior warnings had been issued, and termination would be harsh when compared with other similar matters at that workplace.

However, It is unclear whether Mr Keenan was reinstated to his former position as a further hearing was ordered but not held.

Yet another case involving serious accusations of sexual harassment lit up the media headlines between 2007 and 2008. Ms Streeter was dismissed after having sex with a male colleague while 3 other employees slept in the room, and later sat in a bath with 2 male colleagues while a female colleague used the toilet. Her dismissal was initially overturned but then on appeal her termination was confirmed. This was not on the basis of the harassment itself but on the basis that when questioned by management about the events, which took place hours after the Christmas party in a private hotel room, she lied.

For similar reasons, employers’ have been held liable for employees’ injuries that occurred at the Christmas party. For example, Ms Wolmar successfully claimed compensation for injuries sustained when she fell off the portable dance floor, with the judge stating that attendance at Christmas parties is now widely considered as being “part of the job” – putting them squarely within the purview of employer’s obligations.

Liability may extend to employees’ travelling to and from the event.

However an employer’s  liability may not extend to accidents or injuries which occur because of an employee’s “frolic”, or a solo adventure which takes them outside the activities that may be expected to occur at a work event. An injury which is not reasonably foreseeable to the employer is also unlikely to be bring liability upon the employer, such as the assault of an employee by a non-employee who was attending the same venue as the work function.

To ensure no unnecessary headaches are felt following the office party, employers should set and follow some rules, which are communicated to all employees prior to the event, including:

  • Setting a start and end time for the function;
  • Party-goers should not be able to remain in the function room following the event;
  • Employers should offer employees a way to get home;
  • Responsible service of alcohol should be followed;
  • Food should be available if alcohol is, as should water and other non-alcoholic drinks;
  • The venue should provide a safe environment;
  • If gifts are to be exchanged, these should be rated G;
  • Employees must be advised that workplace policies apply – this includes sexual harassment, workplace discrimination and social media policies.

Just Us Lawyers act for employers and employees. If you find yourself involved in an employment dispute our team of employment experts will get you through the system, whatever side you are on.

Second Marriages and Pre-Nups: A Cautionary Tale


Some people think that they can have their wedding cake and eat it too.

The most common way of protecting assets for people entering new relationships after the break down of a previous one, particularly where there are children from a former relationship,  is to enter a “Pre- Nup” or Binding Financial Agreements (“BFAs”) as they are more correctly known. 

On 8 November 2017 the High Court of Australia handed down its decision in the case of Thorne v Kennedy. The decision has been hailed by some commentators as a landmark case, which spells the “death knell” for BFA’s.

However, in our view this is an overstatement.  Binding Financial Agreements will continue to be an important means of protecting family assets for the children of previous relationships. However, the decision provides a salutary warning for those intent upon imposing one sided agreements on their prospective partner with little consideration of their future needs and the capacity to properly provide for them in the event that the relationship breakdown.

The case revolves around the couple of “Ms Thorne” and “Mr Kennedy”. This is not their real names.

The couple met online. Ms Thorne was 36 years old at the time, lived in the Middle East, and had no substantial assets. About seven months into the relationship she moved to Australia to be with Mr Kennedy, a 67 year old property developer whose approximate wealth was between 18 and 24 million dollars.

Under the Family Law Act a BFA is only binding if each party receives independent advice. Nine months after moving to Australia and ten days before the wedding Mr Kennedy took Ms Thorne to see a solicitor regarding the pre-nup. Mr Kennedy waited in the car outside. This was the first time Ms Thorne was made aware of the contents of the agreement she was expected to sign. The solicitor provided written advice to Ms Thorne regarding the agreement. Her advice was that it was “the worst agreement that she had ever seen”, that it was “entirely inappropriate” and that “Ms Thorne should not sign it.”

Despite this, four days before the wedding Ms Thorne signed the agreement.

A second agreement was signed approximately four weeks after the wedding, which was in substantially the same terms and to which Ms Thorne’s solicitor gave the same advice, urging her not to sign it.

Just under four years after the wedding, Mr Kennedy separated from Ms Thorne.

Under the agreement, as they had separated after three years without children, Ms Thorne was entitled only to a lump sum of $50,000. After receiving advice by chance from someone at a hairdressers, Ms Thorne commenced proceedings. Mr Kennedy died during the trial and the trustees of his estate, his two children, were substituted as parties.

Ms Thorne was successful at trial, lost the Full Court appeal, and has now had her appeal upheld and the original decision reinstated.

The High Court held that the agreements were void because they were signed under circumstances of undue influence and unconscionable conduct. Both concepts are wide, and difficult to define, particularly as they overlap quite substantially. In general however, undue influence looks at the quality of the weaker person’s consent, while unconscionable conduct looks at the behaviour of the stronger party.

The majority found that terms which are “grossly unreasonable, even for agreements of this nature” which usually contain some imbalance, are an indicator of the presence of undue influence. However, this may not mean the death of all BFAs as some commentators have claimed.

The majority noted that the primary judge found, in this case, that the inequality of bargaining power went beyond merely a difference in financial circumstances, and included:

  • Ms Thorne’s visa status;
  • Ms Thorne’s reliance on Mr Kennedy for all things;
  • Ms Thorne’s emotional connection to the relationship, which she did not envision would end in separation;
  • Ms Thorne’s desire for motherhood;
  • Ms Thorne’s wish for her marriage to succeed;
  • The time pressure; and
  • The “publicness” of the upcoming wedding.

They held that undue influence involves pressure which deprives a person of their free choice, and that here Ms Thorne, for the above reasons, felt “powerless” and that she had “no choice” but to sign, and the agreements should therefore be set aside.

The majority and Nettle J went on to say that the agreements could also be set aside for unconscionable conduct, as Ms Thorne was at a special disadvantage in signing the agreements which Mr Kennedy not only was aware and took advantage of, but that he had partially created in particular through the timeframe he had imposed on her understanding and signing the agreements before the marriage.

Gordon J agreed that the agreements should be set aside but found that this could be on the basis of unconscionable conduct only. She said that undue influence did not exist here as Ms Thorne’s will was not overborne. Ms Thorne made a decision to enter into the marriage and was aware that in order to enter into the marriage she had to sign the agreement. The fact that her options were limited (sign the agreement and get married or do not sign the agreement and do not get married) does not mean she did not make a free choice to (a) get married, and (b) in order to have that marriage, sign the agreement.

The news stories shouting that this decision signals the “death knell” for BFAs are in our view both over-stating and over-simplifying the decision. The High Court expressly stated that fiancé-fiancée relationships do not give rise to a presumption of undue influence. In cases with less extreme circumstances, for instance, if Ms Thorne was aware of the contents of the pre-nup before moving to Australia and the agreement to distribute the property of the marriage was more even handed, a BFA or pre-nup may be upheld by a Court if challenged.

This article is not designed to act as or replace the provision of legal advice. To review the terms of your pre-nup or for specialist advice regarding the validity of your BFA contact Just Us Lawyers  for a quote today.

Page 1 of 13123...Last »