Super Alert – 24 May 2019

This week’s Super Alert notes a report from the OAIC regarding the Notifiable Data Breaches Scheme after its first year of operation, as well as a list of lapsed Bills which may be re-introduced following the election, and an APRA information paper on governance.

OAIC Insights Report into Notifiable Data Breaches Scheme

On 13 May 2019, the Office of the Australian Information Commissioner (OAIC) issued the “Notifiable Data Breaches Scheme 12-month Insights Report” (Report). The Report analyses the results from the previous 12 months of the operation of the notifiable data breaches scheme under the Privacy Act 1988 (Cth).
According to the Report:

• The finance and health industries reported the most data breaches which “is a likely reflection of the high-volume data holdings in these industries”;
• There were 964 data breach notifications, most of these being in the form of contact information or financial details being compromised;
• 60% of the notified data breaches arose from criminal attacks while 35% resulted from human error; and
• The OAIC notes that APRA has introduced Prudential Standard CPS 234 Information Security “to help ensure regulated entities in the finance sector are resilient to information security incidents”.

Please click here to read more.

Lapsed superannuation Bills may be reinstated

On 18 May 2019, the Hon. Scott Morrison MP was re-elected as Prime Minister. Accordingly, the following superannuation Bills which had lapsed at the calling of the Federal Election, may be re-introduced to Parliament when it resumes:

• Superannuation (Objective) Bill 2016 – this Bill proposed to define an overarching objective for the superannuation system;
• Superannuation Laws Amendment (Strengthening Trustee Arrangements) Bill 2017 – this Bill proposed to set a minimum number of independent directors on trustee boards;
• Treasury Laws Amendment (2018 Superannuation Measures No 1) Bill 2018 – this Bill was the SG amnesty Bill;
• Treasury Laws Amendment (Improving Accountability and Member Outcomes in Superannuation Measures No. 2) Bill 2017 – this Bill proposed to make various amendments to SG laws such as providing that salary scarified amounts do not reduce an employer’s SG contributions;
• Treasury Laws Amendment (Putting Members’ Interests First) Bill 2019 – this Bill proposed to make the remaining “Protecting Your Super” insurance changes such as requiring insurance to be opt-in for members under age 25; and
• Treasury Laws Amendment (Registries Modernisation and Other Measures) Bill 2019 – this bill proposed to introduce identification numbers for directors.

APRA releases findings from governance self-assessment reviews

On 22 May 2019, APRA released an information paper entitled “Self-assessments of governance, accountability and culture” which sets out the results of the self-assessments of 36 APRA regulated entities in relation to whether any issues highlighted in the Royal Commission’s Final Report and the CBA Final Report, are applicable to those entities.
According to APRA, the self-assessment results indicate the following “common themes”:

• “Non-financial risk management requires improvement”;
• “Accountabilities are not always clear, cascaded and effectively enforced”;
• “Acknowledged weaknesses are well-known and some have been long-standing”; and
• “Risk culture is not well understood, and therefore may not be reinforcing the desired behaviours”.

APRA has explained that it will provide feedback to these entities and outline APRA’s expectations for addressing any material issues.

Please click here to read more

This alert was written by Natalie Cambrell, Partner, Damian Tarulli, Special Counsel and Sanela Osmanovic, Associate.​