Byline: Julia Cameron

Businesses using standard form contracts — including trading terms and conditions, online click-through agreements and independent contractor agreements that are not routinely negotiated — are at risk of breaching strengthened unfair contract term (UCT) laws under the Australian Consumer Law (ACL) which came into force on 9 November 2023.

There is now less than 12 months to review your business’s standard-form contracts for unfair contract terms (UCTs) to avoid contravention of the Australian Consumer Law in Schedule 2 of the Competition and Consumer Act 2010.

• Prospective directors must obtain a director ID number before appointment.
• Existing directors must obtain their director ID numbers by 30 November 2022.

• Temporary measures to allow for virtual meetings, electronic signing and distribution of corporate documents by corporations have been permanently enacted.
• Additional changes have been introduced to modernise and update the Corporations Act 2001 (Corporations Act).

Under changes to the Treasury Laws Amendment (Registries Modernisation and Other Measures) Act 2020 (Cth) introduced in June 2021, all directors will be required to verify their identity as part of a new Director Identification Number (director ID) requirement.

• Businesses must remember their privacy obligations when collecting vaccination status information (and other sensitive information) about employees, contractors and other visitors to the workplace.
• Unless collection is required or authorised by law, informed consent is generally required for the collection of sensitive information.
• Businesses must provide a Collection Notice to all individuals, including employees, even if consent to collection is not required.
• Only the minimum amount of personal information reasonably necessary to prevent or manage COVID-19 or required by law should be collected, used or disclosed.

In a high-profile reminder that claims made in advertising need to be properly substantiated and supported by evidence, the Federal Court has ordered Lorna Jane to pay $5 million in penalties for making false and misleading representations to consumers, and engaging in conduct liable to mislead the public, in connection with its “LJ Shield Activewear”.

A data breach occurs when personal information is subject to unauthorised access or disclosure or if information is lost in circumstances where unauthorised access or disclosure is likely. A breach must be notified to the Office of the Australian Privacy Commissioner (OAIC) and all affected individuals when one or more individuals are likely to suffer serious harm as a result of the breach.

Turn your mind to the other businesses with which you share personal information – they may be based in Australia or overseas, they may receive personal information about a single customer (for example, to facilitate delivery of an order), or whole databases (for example, to carry out marketing campaigns or store your CRM).

As Privacy Awareness Week 2020 draws to a close we reflect on what businesses can do to ‘Reboot your privacy’ as well as some current hot topics in the Australian privacy space:

• Many Australian businesses must disclose when they have been affected by a data breach
• While reputational damage is a critical risk for businesses, there is also the threat of monetary penalties of up to $2.1 million and orders of uncapped compensation
• A representative complaint – similar to a class action – has been made against Optus on behalf of a group of individuals affected by an alleged breach in 2019.

We’re a small business. The Privacy Act and Notifiable Data Breach Scheme don’t apply to us.

Generally, businesses do not need to comply with the Privacy Act until their annual turnover reaches $3 million. However, some businesses are required to comply regardless of their size.

• Landlords should register security interests on the PPSR in cash security deposits or cash bonds paid under a commercial or retail leases