Thursday, 27 February 2014

The new Australian Privacy Principles – Is your organisation compliant?

On 12 March 2014, fundamental changes to Australian privacy laws will take effect. The changes introduce new rules about how organisations collect and store personal information.  With penalties up to $1.7 million enforceable for serious breaches, organisations must act now to ensure compliance. 

As part of the privacy law reform process, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) was introduced to Parliament in May 2012  marking significant changes to the Privacy Act 1988 (Cth) (Privacy Act).

The changes to the Privacy Act include a new set of harmonised privacy principles that regulate the collection and handling of personal information called the Australian Privacy Principles (APPs) applying to most organisations who turn over $3 million or more annually, and to Commonwealth Government agencies.  The APPs will replace the National Privacy Principles that apply to businesses and the Information Privacy Principles that apply to Government agencies.

To some extent, the APPs are based on the existing privacy principles but now impose additional obligations on organisations when dealing with personal information.  In particular, the APPs require organisations to provide additional discloses in their privacy documentation and internal procedures and policies ensuring the protection and ongoing quality of personal information that they use and store. 

APPs are legally binding principles and aim to be the cornerstone of the privacy protection framework in the Privacy Act, by setting out uniform standards for dealing with personal information.  The APPs are structured to reflect the personal information life cycle and are grouped into five parts, including:
  • the consideration of personal information
  • collection of personal information
  • dealing with personal information
  • integrity of personal information, and
  • access to, and correction of personal information. 

Under the Privacy Amendment Act, the Information Commissioner receives new powers to seek civil penalties of up to $1.7 million from organisations who commit serious or repeated breaches of privacy. The Information Commissioner may also conduct ‘own motion’ privacy investigations on organisations without first receiving a privacy complaint from a member of the public.  

The Privacy Amendment Act also implements changes to credit reporting laws, including the introduction of more comprehensive reporting about an individual’s current credit commitments and repayment history information.  The credit reporting changes are also supplemented by a new credit reporting code. 

While the Office of the Australian Information Commissioner has released APP guidelines to assist organisations with the transition to the APPs (which must occur on or before 12 March 2014), it will be interesting to see how and when the Information Commissioner exercises its new powers in relation to privacy compliance.  Under the APPs, it will therefore be important for relevant organisations to consider their existing information policies, review and update their privacy documents and develop internal procedures to ensure compliance by 12 March 2014.

Friday, 14 February 2014

ASIC takes ‘no further action’ on David Jones’ alleged insider trading

Whilst some commentators have intimated the buying of shares by two company directors just three days before the release of price sensitive sales results was on the limits of insider trading laws, ASIC has decided to issue David Jones with a ‘no further action’ letter.  Despite ASIC’s decision to not take further action, the share trading has still resulted in the resignation of the relevant directors.

On 10 January 2014, less than two weeks after ASIC announced its conclusion of the two month investigation, accused directors, Steve Vamos and Leigh Clapham, and David Jones Chairman, Peter Mason, have announced their decision to resign from David Jones as part of a ‘board renewal process’.  This news comes after significant pressure from shareholders to remove the directors, despite the fact ASIC’s investigation yielded no evidence to prove that the trades were made in violation of the insider trading laws. 

The investigation was sparked after criticism emerged following the alleged approval of share trading by two non-executive directors, just three days prior to the release of unexpected positive sales results, and one day following David Jones receiving a scrip merger proposal from industry rival Myer.  The directors, who bought a total of 32,500 shares were said to have made the trades to illustrate their long-term commitment to the company.  This was said to be because CEO, Paul Zahra, had announced his intention to resign earlier that month under suggestion there were disagreements between various board members.

Peter Mason, who allegedly approved the trading, claimed the directors were not privy to any price sensitive information.  Yet his defence became unhinged after both announcements caused share prices to spike significantly, despite the merger announcement also stating the proposal was rejected.  Mason allegedly still claimed the directors did not previously obtain the quarterly sales data and that the merger was not materially price sensitive.  If it was found the directors did not have the quarterly sales information and the merger proposal did not satisfy the definition of materially price sensitive information, the directors would not have violated the insider trading laws (amongst other possible defences).

For ASIC to successfully prosecute an instance of insider trading, investigators must be able to satisfy four key tests, proving: the directors actually possessed the information at the time of trades; the information was inside information that was not generally available; the information was price sensitive; and the suspected directors knew, or ought to have known, the information was material and not publicly available.

While ASIC has not publicly released any information as to why the investigation was dismissed, it is potentially relevant that investigators may not have formed the view that the directors knew the information concerning the quarterly sales and that the merger offer was price sensitive.  While the announcement of the merger did result in an increased share price, the definitions given in the Corporations Act states that, ‘for information to be material, a reasonable person would be taken to expect that the information would, or would be likely to, influence persons decisions in deciding whether or not to acquire shares’.  As this was a ‘merger of equals’ where David Jones would not have received any premium on their share price, the value of the company  and shares arguably would not have increased, making it difficult to prove the information of the merger was, by definition, material.

Regardless of the findings of the ASIC investigation, the resignations of the directors highlights the ever increasing need for appropriate corporate governance and security trading policies.  Particular care should be taken whenever a company is ‘in play’ or pending release of formal results, if management information is available.

Friday, 7 February 2014

ASX to introduce online processing for certain corporate actions

In an effort to streamline the announcement process for certain corporate actions, for listed entities, the ASX is proposing the introduction of an online straight-through processing (STP) facility, replacing the current practice of requiring corporate actions to be completed on ASX forms and uploaded as PDF documents.  The initiative will require a change in process for listed entities for the announcement of certain events such as the announcement of a dividend/distribution or a reorganisation of capital. 

Once a corporate action is submitted, the system will automatically generate a PDF and release the announcement to the market.  With more than 110,000 corporate actions announced each year, it is hoped the STP facility will improve the efficiency and timely release of the relevant company data.

The proposed implementation date for the STP is 14 April 2014 (with a six-month grace period in which ASX will encourage, but not enforce, use of the online forms).  ASX will also offer listed entities a facility to test the new system in January and February 2014.

For further details, please refer to the ASX website.