Penalty unit increase for breaches of Commonwealth Acts
From 1 July 2017, the Federal Government increased its penalty units from $180 to $210 per unit. Penalty units are the method that the Government uses to calculate monetary fines for breaches of Commonwealth legislation. This includes legislation such as the Privacy Act, Spam Act and Do Not Call Register Act. Where penalty units are applied to a corporation, the amount is 5 times as much unless the relevant penalty is specific to corporations. As the maximum civil penalty for serious or repeated interference with privacy under the Privacy Act is 2,000 penalty units, this is now up to $420,000 (in the case of an individual) or $2.1 million for a corporation.
The Federal Government is also considering increases to penalties expressed in dollar values under the Australian Consumer Law, which would be effective from 1 July 2018.
The increase in penalty units, and the proposed increases under the Australian Consumer Law, demonstrates the importance that the Commonwealth Government is placing on consumer’s rights and the handling of personal information.
*For a body corporate with a prior record committing 2 or more contraventions of the Spam Act on a particular day
“Special K” – is it a breakfast cereal or a sports star?
Adelaide tennis star Thanasi Kokkinakis lodged an application to trade mark ‘SPECIAL K’ in the goods and services classes for clothing, sporting goods and sports services. Pursuant to s52 of the Trade Marks Act 1995, Kellogg Company opposed the trade mark on the grounds that they have long standing trade mark registrations for ‘SPECIAL K’ and hold the reputation in Australia for that name, acquired after 50 years of use [Kellogg Company v TJ Kokkinakis Pty Ltd [2017] ATMO 58].
Kellogg argued that if the trade mark application was granted, it would likely deceive or cause confusion to consumers. It should be noted, however, that Kellogg’s trade mark is registered in Class 30 (breakfast foods and breakfast cereals). Kellogg submitted evidence that the SPECIAL K trade mark had been used to promote wellbeing and fitness products and sponsorship of sporting events, arguing a relationship with sporting goods and sports services.
The Hearing Officer rejected Kellogg’s argument, stating that he did not think that confusion would be likely and that the opponent had failed to establish grounds for opposition. The matter is now subject to an appeal.
Red Cross Blood Service data breach investigation provides important lessons for organisations
The Australian Red Cross Blood Service has avoided penalties over its October 2016 data breach which exposed the data of 550,000 donors. The data contained people’s names, genders, email and physical addresses, phone numbers, date and country of birth and other sensitive information. The Blood Service’s website partner, Precedent, inadvertently saved a back up of the data to a publicly accessible part of a web server. An anonymous person discovered the data file and reported it to AusCERT.
After a 10 month investigation, the Office of the Australian Information Commissioner (OAIC) found that the Blood Service was not directly responsible for the breach but did contribute to it. Whilst the OAIC found that the Blood Service breached Australian Privacy Principles by not ensuring information held by third parties was properly protected, it did commend the organisation on its incident response procedures and its transparent communication to the donors affected by the breach. The Privacy Commissioner, Timothy Pilgrim, said “The Commissioner considers that the community can have confidence in the Australian Red Cross Blood Service’s commitment to the security of their personal information.”
This is an important lesson for organisations to review their privacy obligations and have incident response plans in place in the event of a similar data breach.
The report can be viewed here.