Friday, 18 August 2017

Tips for contracting with a trustee

Contracting with a trustee increases the complexity and risk of any transaction.  It is imperative that government agencies understand and adequately manage these risks.

What are the risks of contracting with a trustee?


A trust is a relationship where one person or company (the trustee) holds assets for the benefit of another (the beneficiary).  When contracting on behalf of the beneficiaries, a trustee typically wishes to limit its liabilities to the extent to which it is indemnified out of the trust assets.

There are two major risks associated with the trustee's liability being limited in this way:


  1. The trust assets may not be of sufficient value to meet any debts incurred by the trustee.  
  2. The trust assets may not be available to meet any debts incurred by the trustee.  


What can be done to limit these risks?


If you have concerns about contracting with a trustee, there are a number of due diligence steps and contractual devices that can be used to limit these risks:

Review the trust deed


The extent of the indemnification available to the trustee from the trust assets is usually set out in a deed between the trustee and the beneficiaries.  Trust deeds are not publicly available and can only be obtained from the trustee.  Without access to the trust deed, it may be impossible to confirm the scope of a trustee's indemnity.

You can ask the trustee to provide a copy of the trust deed so you can determine the scope of the trustee's indemnification although it would not be unusual for the request to be refused on the grounds of confidentiality.  Further, there is no guarantee that the trustee and the beneficiaries will not modify the terms of the trust deed at a later date, including amending the scope of the trustee's indemnity out of the trust assets.


Obtain details of the trust's asset holdings for the particular trust


You will want to ensure that the trustee can meet any debts and liabilities arising under the contract.  Therefore, you can ask the trustee to provide details of the value of the assets which it holds on trust.  One thing to keep in mind is that even if the trust consists of assets of significant value at the time the contract is signed, there is no guarantee that the trust will still consist of those assets at the time that a relevant liability arises.

Ask the trustee to provide financial security


If there are any concerns that a trustee may not have sufficient trust assets to meet liabilities under the contract it might be prudent to require extra security.

Some of the most common forms of financial security in contractual arrangements include cash security deposits or bank guarantees.  In some cases parent company guarantees may be appropriate.
Another method of risk management is ensuring that the trustee has adequate insurance, so that the insurance policy can respond if an event covered by the policy occurs.  The type and amount of insurance should be customised to the specific contract.

Exclusions from the trustee's limitation of liability


A trustee's power to contract is subject to the limitations in the trust deed.  If the trustee incurs debt whilst acting outside of its conferred powers, or whilst acting fraudulently or negligently, these debts usually cannot be recovered from the trust assets.  In these circumstances, you should ensure that such conduct is excluded from the trustee's limitation of liability clause in your contract.


Further advice and assistance


Contracting with a trustee can add complexity to any commercial or property transaction.  For further advice and assistance, please contact:

Anthony Leggiero
Managing Principal Solicitor
Ph: 9947 1430
Email: anthony.leggiero@vgso.vic.gov.au

Brendan McIntyre
Acting Managing Principal Solicitor
Ph: 9947 1435
Email: brendan.mcintyre@vgso.vic.gov.au

Tuesday, 13 June 2017

Coming soon! Cyber security audits announced by VAGO


The Victorian Auditor-General’s Office (VAGO) has this month announced plans to conduct audits on departments and agencies to assess their implementation of the Victorian Protective Data Security Framework (VPDSF) and Victorian Protective Data Security Standards (VPDSS), as well as cyber security strategy.

The audits, to run in 2018-19, will ascertain whether the VPDSF and VPDSS have been effective in improving cyber resilience in government to determine whether departments and agencies can adequately prevent, respond to and recover from cyber security attacks.

The Commissioner for Privacy and Data Protection released the VPDSF and VPDSS in mid-2016 to provide direction for Victorian public sector agencies on their data security obligations.  Department heads must prepare Protective Data Security Plans to address the VPDSS and submit the plan to the Commissioner.

Whilst VAGO will be undertaking performance audits for the purpose of ascertaining the effectiveness of the VPDSF and VPDSS in improving government's cyber resilience, the Commissioner may also conduct monitoring and assurance activities, including audits, to ascertain whether departments and agencies are complying with data security standards.

If you would like to know more, contact:

Rebecca Radford
9947 1403

Snezana Stojanoska
9947 1412

James Stephens
 9947 1422

Friday, 9 June 2017

Commonwealth Government introduces Government Procurement (Judicial Review) Bill 2017

Procurement practitioners may have noticed that on 25 May 2017, the Commonwealth Government introduced the Government Procurement (Judicial Review) Bill 2017 designed to give the Commonwealth procurement rules some extra teeth.

What does the Bill propose?

The Bill would enable the Federal Court to grant an injunction or order for compensation for a contravention of relevant Commonwealth Procurement Rules by a Commonwealth entity.

A supplier whose interests are affected by the relevant conduct (which includes a potential supplier ie bidder) may make an application to the court for compensation or an injunction, which may halt the procurement process or preserve the supplier's rights in the process.  

The Bill also provides for complaints to be made to the accountable authority of a relevant Commonwealth entity about a contravention of the relevant Rules, which must then be investigated.


Does this impact Victoria?

The bill does not affect state procurements.  In Victoria, an unsuccessful bidder has to bring proceedings (including an injunction) against an agency under contract law, for breach of the contract that may have been formed through the procurement process. 

If you'd like any more information about government procurement, please contact:

Assistant Victorian Government Solicitor
9947 1404

Managing Principal Solicitor
9947 1403


Thursday, 1 June 2017

Time for a change: Eight ways to get ready for amendments to the FOI Act

The passing of the Freedom of Information Amendment (Office of the Victorian Information Commissioner) Act 2017 has brought about notable changes to Victoria’s Freedom of Information (FOI) regime for agencies and applicants.

Victoria's amendments are designed to promote a culture of open government through access to information and strengthen oversight of the administration of the FOI Act.
The changes come into effect on 1 September 2017.

Contact us for the complete suite of updated FOI templates, available for a fixed fee.

Here are eight things FOI agencies need to do to be ready for the changes.


1. Shorter time frames for processing FOI requests

Agencies and Ministers must make decisions on FOI requests within 30 days, instead of the previous 45 day period.
With the agreement of an applicant, this time frame can be extended by up to 30 days, with the possibility of additional extensions, so long as the extension is granted before the relevant period expires.
Decision makers are permitted an extension of up to 15 calendar days for requests that require consultation with specified third parties (under sections 29, 29A, 31, 31A, 33, 34 or 35) before a decision is made.
Action: Update correspondence templates, FOI manuals and other materials.  Importantly, consider ways of streamlining your document searches, FOI processing and other processes to make them as efficient as possible.


2. New Office of the Victorian Information Commissioner

On 1 September 2017, the new Office of the Victorian Information Commissioner (OVIC) will replace the existing Offices of the Freedom of Information Commissioner and the Commissioner for Data Protection and Privacy.
OVIC is an independent regulatory body.  It will comprise an Information Commissioner who will be assisted by two Deputy Commissioners responsible for FOI and privacy and data protection respectively.
Action: Watch out for updates and free training on the new OVIC to be offered by the current Office of the Freedom of Information Commissioner.

3. Power to review decisions of principal officers and Ministers 

OVIC has power to review FOI decisions made by principal officers and Ministers.
The amendments also provide that OVIC can accept a complaint about a decision made by a Minister that a document does not exist or cannot be located, or a failure by a Minister to comply with new Ministerial professional standards (see below).
Action: Update decision letter templates to advise that review of a decision to refuse a document, or a complaint about a ‘no documents’ decision made by a principal officer or a Minister, can be made to OVIC within 60 days after the date of the decision.

4. Power to review decisions refusing access to Cabinet documents 

OVIC has power to conduct reviews of decisions refusing access to documents exempted under the Cabinet documents exemption (section 28(1)).
Conclusive certificates signed by the Secretary to the Department of Premier and Cabinet and produced to establish that a document is subject to the Cabinet document exemption no longer apply.  In any case, such certificates were not commonly in use.
Action: Ensure decision letters address the relevant factors required in order to claim the Cabinet exemption, namely that the purpose or a substantial purpose for creating the document was for it to be submitted to Cabinet (or a sub-committee of Cabinet) for its consideration.  Care taken to establish the basis of a Cabinet exemption from the outset (including evidence of the purpose for which a document was created) will assist in any review of a decision to apply this exemption.

5. Increased powers in relation to searches for documents

Upon review of a decision, OVIC has power to require an agency or a Minister to conduct further searches for documents.  OVIC may specify methods for undertaking a further search for documents, for example, by directing an agency to use a specified key word search of its email system.
In cases where an agency or Minister refuses a request on the basis that the work involved in processing the request would substantially and unreasonably divert resources or interfere with the performance of the agency or the Minister’s functions, OVIC can require a further search or that a ‘reasonable sample’ of documents be produced.

Compliance with a request to conduct a further search or produce a reasonable sample must be undertaken within at least 10 business days, however, this period may be extended.  Within three days after the conclusion of this time frame, the agency or Minister must notify OVIC of the outcome of the further search or retrieval of sample documents.  OVIC has power to refer a complaint back to the agency or Minister to make a fresh decision.
Action: Consider making detailed notes of searches undertaken for documents, including locations searched and key word searches undertaken. This will assist you should a review application or complaint be made to OVIC.
If you receive a notice requiring a further search or a sample of documents, ensure you comply with the deadline provided in the notice.

6. New coercive and investigative powers

OVIC has power to conduct an own-motion investigation into an agency or principal officer's performance of functions or obligations under the FOI Act. As part of an investigation, the Information Commissioner can compel the production of documents and witnesses to attend before the Commissioner to be examined on oath or affirmation.
A person served with a notice to produce or attend will have the same protection and/or immunity as a witness in a Supreme Court proceeding and will have the right to legal representation if attending to answer questions.
Non-compliance with a notice to produce or attend to answer questions without a reasonable excuse may constitute an offence.
Action: If you receive a notice requiring you to produce documents or appear before the Commissioner to answer questions, ensure you comply with the requirements set out in the notice and, if required, seek clarification from OVIC.

7. Documents that may prejudice an IBAC investigation

Agencies and Ministers should be aware that documents in their possession, which would (or would be reasonably likely to) prejudice or adversely affect IBAC's investigations or informants, are exempt.
Action: If you identify such a document, notify IBAC that you have received a request for access to the document and seek IBAC's view as to whether the document should be disclosed.
Consider preparing a policy and provide training to decision makers to ensure compliance with this requirement.

8. Reduced time limit for agencies and Ministers to apply for review

While FOI applicants continue to have 60 days to lodge a VCAT review application for an OVIC decision, the time frame for an agency or Minister to lodge a VCAT review application is 14 days.

9. Professional standards for decision makers

OVIC will implement professional standards which will operate like a code of conduct to ensure FOI decision makers meet minimum standards for dealing with applicants, conducting document searches, processing requests and engaging in timely and good decision making. The standards are binding on agencies and principal officers.  Principal officers are also responsible for ensuring that all officers and employees are informed about the standards and for ensuring compliance by junior staff.
The standards do not automatically apply to staff in Ministerial offices, but the Premier has the power to adopt the standards (with modifications, if needed) and apply them to Ministers and their staff (Ministerial Standards).
Action:  You may receive an invitation from OVIC inviting your agency to participate in a consultation process for the development of the standards.
Provide training for your FOI decision makers and staff to ensure compliance with the new standards. 
Ensure your agency’s current practices comply with not only the legal requirements but also the 'spirit’ of the FOI Act.

This blog was prepared by Joanne Kummrow and Samudhya Jayasekara with the assistance of Milli Allan.

For further information on FOI matters contact:

Joanne Kummrow 
8684 0462

Andrew Field 
8684 0889

Michele Rowland
8684 0413

Kay Chan
8684 4020

Thursday, 25 May 2017

Don't buy a data breach - Privacy and data security when procuring goods and services

At our recent monthly seminar 'Information Sharing and Data Protection - Know your Value', we discussed the importance of monitoring suppliers to mitigate privacy and data breaches.  This data security theme was continued during the Commissioner for Privacy and Data Protection's recent Privacy Awareness Week.

Remember these key messages and tips to help minimise the risk of your procurement experiencing a data or privacy breach:

Value your Data

From the outset, think about the value of the data that your supplier will collect or have access to during the arrangement.  This will enable you to determine the appropriate information handling and privacy requirements you'll need.

Choose the Right Supplier 

Ensure that your information handling and privacy requirements are part of your sourcing plan and clearly set out in your market facing documents.  Award a contract to a supplier who can demonstrate a good track record of understanding and implementing privacy and data security.

One size does not fit all  

Your risk management strategy needs to be proportionate and tailored to the size and activity of your procurement.  Data heavy supply arrangements may need to consider additional protections, including how information will be managed when a supplier transitions out.

Monitor your supplier's performance against the contract 

The words in the agreement are important, but ongoing contract management is necessary for early detection of possible data and privacy breaches.

If you'd like assistance on managing your suppliers to meet your information handling obligations, please contact:

Rebecca Radford
9947 1403

James Stephens
99471422

Snezana Stojanoska
9947 1412

Tuesday, 14 March 2017

Victorian Commissioner for Privacy and Data Protection Report - Learnings and Hurdles

A recent Commissioner for Privacy and Data Protection (CPDP) report on information governance at the Department of Health and Human Services (DHHS) provides valuable guidance to assist government agencies to comply with the Privacy and Data Protection Act 2014 (Act) and the Victorian Protective Data Security Standards, in particular.  Below we look at key learnings that other agencies can take on board as part of their own compliance preparation.

A high priority: manage your contracted service providers


Department and agency heads will be responsible for ensuring that both their own organisations and their Contracted Service Providers (CSP) comply with the Standards.  Contract terms making CSPs liable for compliance with the Information Privacy Principles won't remove the risk of privacy and data security incidents occurring.

The finding in the Report showed that while agencies must ensure their agreements with CSPs are consistent and reflect up to date information governance requirements, there needs to be appropriate and effective resourcing, due diligence and monitoring of CSP compliance too.  Without appropriate monitoring, there is a greater risk of incidents which could mean that the agency may not have met its obligations under the Act.

Achieving compliance with the Victorian Protective Data Security Standards


The Report recognises that not all Victorian Public Sector organisations may be fully compliant with the Standards by July 2018.  Showing that you are on track is crucial though, and submitting a security assessment and plan to the CPDP is mandatory.  Further, the CPDP recognises that some agencies may already comply with much of the Standards by having implemented the Information Security Management Framework (2009) and through annual reporting to the Victorian Auditor-General's Office.  The steps required to achieve compliance will not necessarily be the same for all agencies or wholly new or particularly onerous.

Other factors to consider in your compliance framework


  • Are your information policies and procedures consistent and do they reference each other?  Are your staff aware of where to find them, and are they regularly checked and updated?
  • Does your organisation have up to date privacy and data security incident management procedures? Does your organisation need defined criteria of when to notify others and escalate incidents?
  • Have you developed scenario-based privacy and data-security training for CSPs and your frontline staff based on their day-to-day roles?
  • Do you need an information asset register?  This can identify the information you handle, its value, risks and regulatory requirements, and how to use and manage it.


If you have any queries regarding privacy law in Victoria, please call:

Rebecca Radford
Managing Principal Solicitor
9947 1403

Molina Asthana
Principal Solicitor
9947 1420

James Stephens
Principal Solicitor
9947 1422

Wednesday, 22 February 2017

No longer in the shadowlands: regulation of unregistered health service providers

As of 1 February 2017, Victoria has a new health complaints system with the commencement of the Health Complaints Act 2016 (Act) and the appointment of the inaugural Victorian Health Complaints Commissioner, Karen Cusack. This new role replaces the former Health Services Commissioner.

It has been almost 30 years since the Victorian health complaints scheme was designed. In this time, the number and diversity of health services available have increased significantly.

Media reports over a number of years have highlighted the stories of vulnerable and unwell people, who have obtained health services from unregistered health service providers based on what they later realised were false or misleading claims about the efficacy of the treatment. In a number of cases, the treatment received has been experimental, costly, and provided to the potential detriment of the patient’s health in cases where other treatment options have been ignored or discouraged.

Previously, there was only limited recourse under consumer protection and trade practices legislation in situations where a person complained about an unregistered health service provider.

The new Act seeks to address the previous ‘shadowlands’ of unregistered health providers to better protect members of the public from receiving unsafe or non-efficacious health services.

Many providers of, what are often described as, 'alternative' or 'non-mainstream' health services are not subject to professional registration and, therefore, lie beyond the regulation of the 14 health profession boards and the Australian Health Practitioner Regulation Agency (AHPRA). The Health Practitioner Regulation National Law (Victoria) Act 2009 is also not directed at preventing a registered health practitioner from providing unsafe, non-efficacious or unethical health services where such treatment is outside the scope of their professional registration.

The Act applies to all providers of a 'health service'. This term is defined broadly in the Act and focuses on the purpose of the activity. For example, any activity intended or claimed to 'assess, predict, maintain or improve [a] person's physical, mental or psychological health or status', as well as therapeutic counselling services. Importantly, the Act introduces a Code of Conduct that sets standards for the provision of safe and ethical health services.

The Act seeks to promote the efficient and effective management of complaints with a focus on conciliation. However, where a complaint cannot be resolved, the Act provides the Commissioner with significant powers to investigate complaints and take action against unsafe or unethical health service providers.

Powers of the Health Complaints Commissioner

The Health Complaints Commissioner has power under the Act to:
  • investigate complaints about the provision of 'health services', including by:
    • unregistered practitioners
    • registered practitioners providing health services outside the scope of their professional registration
    • formerly registered practitioners
  • conduct own motion investigations where no specific complaint has been received
  • accept complaints from affected individuals and third parties, including carers, health practitioners or other healthcare providers
  • make prohibition orders to prevent unsafe or unethical services or products 
  • enter and search premises, order the production of documents, and call persons to give evidence at an investigation hearing before the Commissioner 
  • set penalties for failing to comply with investigation hearing notices and interim prohibition orders of the Commissioner (including up to two years' imprisonment)
  • ban unregulated healthcare providers from providing health services in Victoria where they are prohibited from practising in other states
  • publish public health warnings and publicly name providers
The new Health Complaints Act is a welcome step to fill the regulatory gap that existed between unregistered healthcare providers and registered health practitioners to ensure better protection for the health and wellbeing of the public.

Links
Health Complaints Commissioner
Code of conduct

Joanne Kummrow
Special Counsel
03 8684 0462

Andrew Field
Managing Principal Solicitor
03 8684 0889

Michele Rowland
Principal Solicitor
03 8684 0413

This blog was prepared with the assistance of Mary Quinn, Solicitor, and Milli Allan, Trainee Lawyer.