COVID-19, Litigation and Dispute Resolution

Criminal admissions in the Fair Work Commission: are they admissible?

22 January, 2017

COVID-19 represents an unprecedented challenge to business. Most of corporate Australia is now operating remotely in line with ‘work from home procedures’ and a business continuity plan. However, with remote working comes inherent cybersecurity risks and potential data breaches. Below we outline some steps you can take today to safely navigate your company through this time.

Cyber risks are increasing

Cybersecurity incidents affect approximately 1 in 3 Australians and cost businesses $29 billion per year.1

With the advent of COVID-19, cybercriminals have been capitalising on public fear surrounding the pandemic in a number of phishing scams. The scams have been using trusted brands such as the World Health Organization (WHO), the Australian Government Department of Health, and the U.S. Center for Disease Control & Prevention (CDC) to send ‘phishing lures’ in emails and online messaging platforms.

In light of these increased risks, timely consideration needs to be given to the strategies a company has in place to mitigate cybersecurity threats.

Does your organisation have an Incident Response Plan that is fit for purpose?

Robust cybersecurity resilience is more than just an IT issue – it requires a multi-disciplinary approach aimed at preventing a breach and preparing for when one occurs. The board will bear ultimate responsibility for how well or poorly an organisation achieves this.

The Australian Cyber Security Centre, a branch of the Australian Signals Directorate, has published useful guidance on  mitigating cybersecurity incidents and incident response plans.

An incident response plan entails having protocols in place to enable your organisation to:

  • determine the scope of the attack;
  • contain the attack;
  • deploy forensic analysis procedures to gather the material facts (including the source of the attack if possible);
  • conduct an impact assessment to understand disruption to business and facilitate cyber insurance claims in due course;
  • report to the board and other internal stakeholders; and
  • produce a fact-based report that provides an independent and impartial view of relevant events for all other appropriate stakeholders (ASX, OAIC, ASD, ASIC, APRA, Insurer, Customers, Suppliers, etc). Directors should especially note their disclosure obligations under the Notifiable Data Breach scheme if a breach involves personal data, and section 675(1)(b) of the Corporations Act 2001 (Cth) if the breach involves information which materially affects the value of the entity

Does your organisation have appropriate internal policies and procedures to protect its data?

With burgeoning threats posed to companies from external and internal factors, it is important to implement appropriate internal mitigation strategies such as:

  • mandatory two-factor authentication and VPN systems for remote working;
  • appropriate IT infrastructure in proportion to the size of your business;
  • responsible use of IT policies and confidentiality clauses into all employment contracts;
  • conducting periodic cybersecurity health checks to determine whether further safeguards are required and how best to implement them;
  • conducting a cyber tabletop exercise to test your organisation’s ability to implement its incident response plan and learn from mistakes; and
  • investigating cyber insurance quotations for the organisation.

Company directors should also ensure that they document and catalogue all decisions made/steps taken in investing in ICT infrastructure or investigating/dealing with a breach, to prevent any breach of directors duties claims. Whilst this is relatively unchartered territory in corporate litigation, cybersecurity issues do pose a reasonably foreseeable risk to companies and should be taken seriously by a board.

Key takeaways

  1. Before a cyber-attack occurs:
    1. have a robust ICT governance framework;
    2. ensure that there are sufficient resources to help prevent an attack proportionate to the size of the business or sensitivity of the data held by a business; and
    3. have policies relating to employee use of technology or general procedures for preventing cyberattacks (i.e. using encryption software, changing passwords, two-factor authentication, mandatory VPN use etc).
  2. During the event:
    1. take the steps set out in the incident response plan to respond to the attack; and
    2. make relevant disclosures (i.e. to the individual pursuant to the notifiable data breach scheme or to the market under continuous disclosure obligations).
  3. After the event:
    1. audit ICT security systems to enhance performance; and
    2. improve internal policies.

Service offerings

McCabes provides a number of service offerings to bolster your company’s response to issues arising from COVID-19 including:

  • Cyber risk and response health assessment checks.
  • Drafting and advice in relation to internal company policies and employment contracts.
  • Incident management advice and training.
  • Litigation arising from cybersecurity breaches.

1 Australia’s 2020 Cyber Security Strategy published by the Department of Home Affairs

published by

Recent Insights

View all
Litigation and Dispute Resolution

Canadian Court elevates thumbs-up emoji to signature status

In June 2023, a Canadian Court in South-West Terminal Ltd v Achter Land and Cattle Ltd, 2023 SKKB 116, held that the "thumbs-up" emoji carried enough weight to constitute acceptance of contractual terms, analogous to that of a "signature", to establish a legally binding contract.   Facts This case involved a contractual dispute between two parties namely South-West Terminal ("SWT"), a grain and crop inputs company; and Achter Land & Cattle Ltd ("ALC"), a farming corporation. SWT sought to purchase several tonnes of flax at a price of $17 per bushel, and in March 2021, Mr Mickleborough, SWT's Farm Marketing Representative, sent a "blast" text message to several sellers indicating this intention. Following this text message, Mr Mickleborough spoke with Mr Achter, owner of ALC, whereby both parties verbally agreed by phone that ALC would supply 86 metric tonnes of flax to SWT at a price of $17 per bushel, in November 2021. After the phone call, Mr Mickleborough applied his ink signature to the contract, took a photo of it on his mobile phone and texted it to Mr Archter with the text message, "please confirm flax contract". Mr Archter responded by texting back a "thumbs-up" emoji, but ultimately did not deliver the 87 metric tonnes of flax as agreed.   Issues The parties did not dispute the facts, but rather, "disagreed as to whether there was a formal meeting of the minds" and intention to enter into a legally binding agreement. The primary issue that the Court was tasked with deciding was whether Mr Achter's use of the thumbs-up emoji carried the same weight as a signature to signify acceptance of the terms of the alleged contract. Mr Mickleborough put forward the argument that the emoji sent by Mr Achter conveyed acceptance of the terms of the agreement, however Mr Achter disagreed arguing that his use of the emoji was his way of confirming receipt of the text message. By way of affidavit, Mr Achter stated "I deny that he accepted the thumbs-up emoji as a digital signature of the incomplete contract"; and "I did not have time to review the Flax agreement and merely wanted to indicate that I did receive his text message." Consensus Ad Idem In deciding this issue, the Court needed to determine whether there had been a "formal meeting of the minds". At paragraph [18], Justice Keene considered the reasonable bystander test: " The court is to look at “how each party’s conduct would appear to a reasonable person in the position of the other party” (Aga at para 35). The test for agreement to a contract for legal purposes is whether the parties have indicated to the outside world, in the form of the objective reasonable bystander, their intention to contract and the terms of such contract (Aga at para 36). The question is not what the parties subjectively had in mind, but rather whether their conduct was such that a reasonable person would conclude that they had intended to be bound (Aga at para 37)."   Justice Keene considered several factors including: The nature of the business relationship, notably that Mr Achter had a long-standing business relationship with SWT going back to at least 2015 when Mr Mickleborough started with SWT; and   The consistency in the manner by which the parties conducted their business by way of verbal conversation either in person or over the phone to come to an agreement on price and volume of grain, which would be followed by Mr Mickleborough drafting a contract and sending it to Mr Achter. Mr Mickleborough stated, "I have done approximately fifteen to twenty contracts with Achter"; and   The fact that the parties had both clearly understood responses by Mr Achter such as "looks good", "ok" or "yup" to mean confirmation of the contract and "not a mere acknowledgment of the receipt of the contract" by Mr Achter.   Judgment At paragraph [36], Keene J said: "I am satisfied on the balance of probabilities that Chris okayed or approved the contract just like he had done before except this time he used a thumbs-up emoji. In my opinion, when considering all of the circumstances that meant approval of the flax contract and not simply that he had received the contract and was going to think about it. In my view a reasonable bystander knowing all of the background would come to the objective understanding that the parties had reached consensus ad item – a meeting of the minds – just like they had done on numerous other occasions." The court satisfied that the use of the thumbs-up emoji paralleled the prior abbreviated texts that the parties had used to confirm agreement ("looks good", "yup" and "ok"). This approach had become the established way the parties conducted their business relationship.   Significance of the Thumbs-Up Emoji Justice Keene acknowledged the significance of a thumbs-up emoji as something analogous to a signature at paragraph [63]: "This court readily acknowledges that a thumbs-up emoji is a non-traditional means to "sign" a document but nevertheless under these circumstances this was a valid way to convey the two purposes of a "signature" – to identify the signator… and… to convey Achter's acceptance of the flax contract." In support of this, Justice Keene cited the dictionary.com definition of the thumbs-up emoji: "used to express assent, approval or encouragement in digital communications, especially in western cultures", confirming that the thumbs-up emoji is an "action in an electronic form" that can be used to allow express acceptance as contemplated under the Canadian Electronic Information and Documents Act 2000. Justice Keene dismissed the concerns raised by the defence that accepting the thumbs up emoji as a sign of agreement would "open the flood gates" to new interpretations of other emojis, such as the 'fist bump' and 'handshake'. Significantly, the Court held, "I agree this case is novel (at least in Skatchewan), but nevertheless this Court cannot (nor should it) attempt to stem the tide of technology and common usage." Ultimately the Court found in favour of SWT, holding that there was a valid contract between the parties and that the defendant breached by failing to deliver the flax. Keene J made a judgment against ALC for damages in the amount of $82,200.21 payable to SWT plus interest.   What does this mean for Australia? This is a Canadian decision meaning that it is not precedent in Australia. However, an Australian court is well within its rights to consider this judgment when dealing with matters that come before it with similar circumstances. This judgment is a reminder that the common law of contract has and will continue to evolve to meet the everchanging realities and challenges of our day-to-day lives. As time has progressed, we have seen the courts transition from sole acceptance of the traditional "wet ink" signature, to electronic signatures. Electronic signatures are legally recognised in Australia and are provided for by the Electronic Transactions Act 1999 and the Electronic Transactions Regulations 2020. Companies are also now able to execute certain documents via electronic means under s 127 of the Corporations Act. We have also seen the rise of electronic platforms such as "DocuSign" used in commercial relationships to facilitate the efficient signing of contracts. Furthermore, this case highlights how courts will interpret the element of "intention" when determining whether a valid contract has been formed, confirming the long-standing principle that it is to be assessed objectively from the perspective of a reasonable and objective bystander who is aware of all the relevant facts. Overall, this is an interesting development for parties engaging in commerce via electronic means and an important reminder to all to be conscious of the fact that contracts have the potential to be agreed to by use of an emoji in today's digital age.

Published by Foez Dewan
29 August, 2023
Government

Venues NSW ats Kerri Kane: Venues NSW successful in overturning a District Court decision

The McCabes Government team are pleased to have assisted Venues NSW in successfully overturning a District Court decision holding it liable in negligence for injuries sustained by a patron who slipped and fell down a set of steps at a sports stadium; Venues NSW v Kane [2023] NSWCA 192 Principles The NSW Court of Appeal has reaffirmed the principles regarding the interpretation of the matters to be considered under sections5B of the Civil Liability Act 2002 (NSW). There is no obligation in negligence for an occupier to ensure that handrails are applied to all sets of steps in its premises. An occupier will not automatically be liable in negligence if its premises are not compliant with the Building Code of Australia (BCA). Background The plaintiff commenced proceedings in the District Court of NSW against Venues NSW (VNSW) alleging she suffered injuries when she fell down a set of steps at McDonald Jones Stadium in Newcastle on 6 July 2019. The plaintiff attended the Stadium with her husband and friend to watch an NRL rugby league match. It was raining heavily on the day. The plaintiff alleged she slipped and fell while descending a stepped aisle which comprised of concrete steps between rows of seating. The plaintiff sued VNSW in negligence alleging the stepped aisle constituted a "stairwell" under the BCA and therefore ought to have had a handrail. The plaintiff also alleged that the chamfered edge of the steps exceeded the allowed tolerance of 5mm. The Decision at Trial In finding in favour of the plaintiff, Norton DCJ found that: the steps constituted a "stairwell" and therefore were in breach of the BCA due to the absence of a handrail and the presence of a chamfered edge exceeding 5mm in length. even if handrails were not required, the use of them would have been good and reasonable practice given the stadium was open during periods of darkness, inclement weather, and used by a persons of varying levels of physical agility. VNSW ought to have arranged a risk assessment of the entire stadium, particularly the areas which provided access along stepped surfaces. installation of a handrail (or building stairs with the required chamfered edge) would not impose a serious burden on VNSW, even if required on other similar steps. Issues on Appeal VNSW appealed the decision of Norton DCJ. The primary challenge was to the trial judge's finding that VNSW was in breach of its duty of care in failing to install a handrail. In addition, VNSW challenged the findings that the steps met the definition of a 'stairwell' under the BCA as well as the trial judge's assessment of damages. Decision on Appeal The Court of Appeal found that primary judge's finding of breach of duty on the part of VNSW could not stand for multiple reasons, including that it proceeded on an erroneous construction of s5B of the Civil Liability Act 2002 and the obvious nature of the danger presented by the steps. As to the determination of breach of duty, the Court stressed that the trial judge was wrong to proceed on the basis that the Court simply has regard to each of the seven matters raised in ss 5B and 5C of the CLA and then express a conclusion as to breach. Instead, the Court emphasised that s 5B(1)(c) is a gateway, such that a plaintiff who fails to satisfy that provision cannot succeed, with the matters raised in s 5B(2) being mandatory considerations to be borne in mind when determining s 5B(1)(c). Ultimately, regarding the primary question of breach of duty, the Court found that: The stadium contained hazards which were utterly familiar and obvious to any spectator, namely, steps which needed to be navigated to get to and to leave from the tiered seating. While the trial judge considered the mandatory requirements required by s5B(2) of the CLA, those matters are not exhaustive and the trial judge failed to pay proper to attention to the fact that: the stadium had been certified as BCA compliant eight years before the incident; there was no evidence of previous falls resulting in injury despite the stairs being used by millions of spectators over the previous eight years; and the horizontal surfaces of the steps were highly slip resistant when wet. In light of the above, the Court of Appeal did not accept a reasonable person in the position of VNSW would not have installed a handrail along the stepped aisle. The burden of taking the complained of precautions includes to address similar risks of harm throughout the stadium, i.e. installing handrails on the other stepped aisles. This was a mandatory consideration under s5C(a) which was not properly taken into account. As to the question of BCA compliance, the Court of Appeal did not consider it necessary to make a firm conclusion of this issue given it did not find a breach of duty.  The Court did however indicated it did not consider the stepped aisle would constitute a "stairway" under the BCA. The Court of Appeal also found that there was nothing in the trial judge's reasons explicitly connecting the risk assessment she considered VNSW ought to have carried out, with the installation of handrails on any of the aisles in the stadium and therefore could not lead to any findings regarding breach or causation. As to quantum, the Court of Appeal accepted that the trial judge erred in awarding the plaintiff a "buffer" of $10,000 for past economic loss in circumstances where there was no evidence of any loss of income. The Court of Appeal set aside the orders of the District Court and entered judgment for VNSW with costs. Why this case is important? The case confirms there is no obligation in negligence for owners and operators of public or private venues in NSW to have a handrail on every set of steps. It is also a welcome affirmation of the principles surrounding the assessment of breach of duty under s 5B and s 5C of the CLA, particularly in assessing whether precautions are required to be taken in response to hazards which are familiar and obvious to a reasonable person.

Published by Leighton Hawkes
18 August, 2023
Litigation and Dispute Resolution

Expert evidence – The letter of instruction and involvement of lawyers

The recent decision in New Aim Pty Ltd v Leung [2023] FCAFC 67 (New Aim) has provided some useful guidance in relation to briefing experts in litigation.