Privacy awareness week

Yesterday was the first day of Privacy Awareness Week in Canada. I haven't seen the commissioners making a visible fuss out of it, but CAPAPA has issued a release:

CAPAPA supports Canadian’s Right to Know
“Privacy IS Your Business”(Calgary, Alberta)

August 26, 2007 – CAPAPA (Canadian Association of Professional Access and Privacy Administrators) is pleased to support international Privacy Awareness Week, August 26th to September 1st, 2007. Privacy Awareness Week, a campaign first initiated by Privacy Victoria (Australia) in 2001, has for the first time gone international.

As Canada’s leading association serving privacy and access professionals, CAPAPA is spearheading the campaign to promote privacy awareness in Canada. “Identity theft and information security breaches are happening more often than ever,” says CAPAPA National Chair Sharon Polsky. “To reverse that trend, Canadians must recognize the importance of protecting their personal information — at home, in the workplace, and in the consumer marketplace.”

Privacy Awareness Week provides an opportunity for individuals to raise questions about privacy legislation and its impact on how individuals conduct their business and personal lives. Privacy Awareness Week spotlights the need for Canadians to recognize their rights and obligations to maintain the privacy of their personal information. The theme for Privacy Awareness Week 2007 is ‘Privacy is your business'.

Know your Rights and Obligations


Canadian organizations, governments, and government agencies are bound by a variety of wide-reaching privacy laws. Ms. Polsky notes that, “As consumers, each of us is responsible to understand what our rights and responsibilities are under those laws.”

CAPAPA is a key source for helping Canadians recognize their privacy rights and responsibilities, and is the privacy advocate’s source for issues such as the passenger name record exchange, emerging RFID CHIP technology, and CAPAPA's Submission to the Senate on proposed changes to Canada’s Election Act.

More information on these and other Canadian privacy issues is at http://www.capapa.org./ For more information on how you can promote Privacy Awareness Week 2007, visit http://www.capapa.org/ or contact CAPAPA at: info@capapa.org.

Australia: ASIC and market supervision

The date has been set for the transfer to the Australian Securities and Investments Commission of the market supervision role currently performed by the Australian Securities Exchange: 1 August 2010. Further information is available here.

Australia: the ASX Corporate Governance Principles and Recommendations

Earlier this year the Australian Securities Exchange Corporate Governance Council published for consultation proposed changes to the second edition of its Corporate Governance Principles and Recommendations. The submissions have been published (here) along with the Council's response (here, pdf). The majority of submissions provided strong support for the Council's changes, which address, for example, board structure and diversity and the remuneration committee.

A copy of those Principles and Recommendations which have been amended is available here (pdf). A comparative table showing the Principles and Recommendations before and after the changes is available here (pdf). An overview of the changes is available here (pdf).

Australia: derivative actions - who bears the costs?

In a report published in 2006 - available here (pdf) - Prof Ian Ramsay and Benjamin Saunders provided an empirical analysis of the statutory derivation action introduced in Australia by Part 2F.1A of the Corporations Act (2001). The authors noted that "[n]either the statutory provisions, nor the approach of the courts, provide any certainty of litigation funding. The analysis of the cases indicates that courts have been cautious in relation to the issue of costs" (p. 38).

Against this background, a Federal Court decision - Wood v Links Golf Tasmania Pty Ltd [2010] FCA 570 - is of particular interest. At issue was whether a company should be required to meet a shareholder's costs in bringing a derivative action under Part 2F.1A of the Corporations Act (2001). The trial judge, Finkelstein J., held that it should and stated that he was unable to see why the approach taken in Sub Rosa Holdings Pty Ltd v Salsa Sudada Production Pty Ltd [2006] NSWSC 916 - in which, at [49], it was stated that it was "common place for a person given permission to pursue a claim on behalf of a company to be required, in the first instance, to bear the burden of costs" - had been adopted. Finkelstein J. observed (paras. [9] - [11]):

The purpose of permitting a person to bring an action in the name of the company is to prevent conduct which involves some element of harm. In most cases the wrongdoer will be in control of the company. That will be the reason the company itself is not bringing the action. The purpose of the exceptions outlined in Foss v Harbottle [1843] ER 478, as well as the purpose of Part 2F.1A, is to increase the likelihood that someone brings a claim which the company ought to have commenced. In those circumstances, I can think of no good reason why the company should not bear the costs. Put another way, the principle adopted by Marks J [under the old law, in Farrow v Registrar of Building Societies [1991] 2 VR 589: if the shareholder's action “is bona fide to protect the [company] and the [company] will receive the benefit of success, there is no good reason why the expenses should be met out of the private resources of [the] shareholders”] should continue to apply under the statute.

This is not to suggest that a costs order will be made in all cases ... If a costs order is made and at any later time it turns out the claim is unmeritorious, the costs order can be recalled".

French officials warned about Blackberry eavesdropping

This appears to be a non-story as messages using the Blackberry Enterprise Server are encrypted end-to-end, but who knows?

The fact that your employer can read the messages much more easily than the NSA may give pause for thought.

France warns officials on BlackBerry use - Yahoo! News

By JOHN LEICESTER, Associated Press Writer Wed Jun 20, 5:04 PM ET

PARIS - BlackBerry handhelds have been called addictive, invasive, wonderful — and now, a threat to French state secrets.

That, at least, is the fear of French government defense experts, who have advised against their use by officials in France's corridors of power, reportedly to avoid snooping by U.S. intelligence agencies.

"It's not a question of trust," French lawmaker Pierre Lasbordes told The Associated Press. "We are friends with the Americans, the Anglo-Saxons, but it's economic war."

Le Monde newspaper, which broke the story, described BlackBerry withdrawal among those who have given them up. "We feel that we are wasting huge amounts of time, having to relearn how to work in the old way," the daily quoted a ministry office director as saying.

E-mails sent from "Le BlackBerry" pass through servers in the United States and Britain, and France fears that makes the system vulnerable to snooping by the U.S. National Security Agency, Le Monde reported. The company that makes BlackBerrys, however, denies such spying is possible.

Lasbordes, who was commissioned in 2005 by then-Prime Minister Dominique de Villepin to look into such issues, said he alerted the government to this "weakness" months ago. He said he met with BlackBerry maker Research In Motion Ltd. to discuss the problem in the course of preparing his report on the security of French information systems.

The Canadian company "admitted that there was a certain fragility in the protection of information when you use the e-mail system" and promised it would be resolved, said Lasbordes, adding: "That was more than a year ago."

BlackBerrys pose "a problem with the protection of information" and "the risks of interception are real," Alain Juillet, in charge of economic intelligence for the government, told Le Monde.

Research In Motion insisted that BlackBerry e-mails cannot be read by the NSA or other organizations. The e-mails are more heavily encrypted than online banking Web sites, Research In Motion said in a statement.

"No one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution," the company said.

The BlackBerry system has been accredited by security agencies in the United States, Australia, New Zealand, Austria and Canada, Research in Motion said, adding that a certification process is under way in the Netherlands and Germany.

In France, the circular on BlackBerries from the General Secretariat for National Defense applies in theory to all ministries, and "it's up to everyone to be responsible," Lasbordes said.

Another official in a major ministry who got rid of his BlackBerry following the order said authorities are looking at other types of hand-held computers to use instead.

The prime minister's office would not confirm that it and the presidential palace were included in the circular, as Le Monde reported. But a spokesman, Severin Naudet, cited the General Secretariat for National Defense as saying that no type of hand-held computer is risk-free.

"It's not a problem if you're writing to your mother-in-law," Lasbordes said. But "one can imagine a minister coming from a meeting of the G-8 or G-7, et cetera, or a meeting in Brussels, and he sends information to his colleagues. It goes via Canada and the United States and that's it, game over."

Suspicion goes both ways. At a Group of Eight summit in Germany this month, White House aides were instructed to leave their wireless e-mail devices behind, apparently for fear of Russian eavesdropping.

Australia: ASIC's power to continue civil proceedings

The Federal Court of Australia has given judgment in Carey v Australian Securities and Investments Commission (ASIC) [2008] FCA 963, an interesting decision concerning ASIC's powers under Section 50 of the Australian Securities and Investments Commission Act (2001). The case concerned ASIC's decision to take over proceedings for breach of directors' duites commenced by a liquidator. One of the directors against whom proceedings had been brought, Mr Carey, argued that ASIC did not have the power to continue the action under Section 50. The Federal Court agreed, however, as Finkelstein J. observed (para. 6):

...in the circumstances of this case, the answer is somewhat academic. The parties accept that if Mr Carey’s view prevails ASIC can and will simply begin new proceedings in the name of each plaintiff. Moreover, I have pointed out to the parties that in such event, I would, most likely, make an order deeming each step taken in the existing proceedings to have been taken in the new proceedings"

This said, as Prof. Ian Ramsay has noted, there is a clear case for considering whether ASIC should be permitted to take over some proceedings, not least because of the likely cost savings. 

For further information see:

Background | The judgment | ASIC | Federal Court of Australia | 

Australia: the Corporations Amendment (No 1) Bill 2010 - draft published

The Treasury has published a draft of the Corporations Amendment (No 1) Bill 2010: see here. The Bill contains, amongst other things, provisions dealing with access to the register of members, the size of fines imposed for insider dealing and the powers of ASIC.

Australia: shareholder engagement and participation

On June 23, Australia's Parliamentary Joint Committee on Corporations and Financial Services published a report titled Better shareholders – Better company: Shareholder engagement and participation in Australia. The Committee considered several issues including the barriers to effective engagement by shareholders in the governance of companies, the engagement of institutional shareholders and the selection of directors. The report makes many recommendations including:

• ASIC should establish best practice guidelines for company annual general meetings and for clear and concise company reporting.
• The government should investigate an alternative regulatory framework for small incorporated companies and not-for-profit organisations.
• The government should investigate the most appropriate regulatory framework for ensuring that stock lenders retain the voting rights attached to the lent shares.
• The government should amend the Corporations Act to exclude shareholder directors from voting on their own remuneration packages either directly or by directing proxies

The Australian Government has welcomed the report: see here.

Australia: directors' guidance - CAMAC report published

Last year the Corporations and Markets Advisory Committee was asked by the Government (see here, pdf) to undertake a project concerning directors' role and responsibilities. CAMAC was asked to examine, amongst other things, whether directors' performance would be enhanced by the introduction of guidance for directors, through, for example, a code of conduct or best practice guidance, by a relevant regulator, and if so what form that guidance should take.

CAMAC published its findings and report this week: see here (pdf). The Committee rejected the case for a new code of conduct for directors but nevertheless stated that efforts to assist directors to understand their role and responsibilities should be pursued. The Committee also recommended that the Australian Securities Exchange should review its corporate governance principles and recommendations in the light of international developments.

It should be noted that CAMAC did not undertake empirical research to assess whether directors in Australia understand their role and responsibilities.

Australia: corporate governance disclosure in annual reports

The Australian Securities Exchange (ASX) has published its yearly analysis of corporate governance disclosure in respect of companies' 2007 annual reports.  ASX reviewed the annual reports of over 1,200 listed companies and found:

Overall reporting levels – the aggregate of adoption of recommended practices and of ‘if not, why not’ reporting – rose slightly in 2007 to 90.5%, up from 90% last year. This is the highest level since ASX began the annual review in 2004. For the top-500 listed entities the overall reporting level was 94%. The overall reporting level for listed trusts was 93%, up from 85% last year".

For an overview click here and for the full report click here.

Hong Kong Privacy official jailed for fiddling expenses

Anthony Lam Wing-hong has been sentenced to nine months in jail for "flddling" travel expenses:

The Standard - Hong Kong's First FREE English Newspaper

Privacy official jailed for fiddling expenses

Former deputy privacy commissioner Anthony Lam Wing-hong was yesterday jailed for nine months for fiddling his travel expenses to Australia involving more than HK$100,000.

For some background, see: Canadian Privacy Law Blog: Hong Kong ex-privacy boss found guilty in dishonest expense claims

Australia: financial services regulation - major changes proposed

The Australian Government has published a green paper titled Financial Services and Credit Reform: Improving, Simplifying and Standardising Financial Services and Credit Regulation. This sets out important and wide-ranging changes to the regulatory structure governing financial services. Changes are also proposed concerning the regulation of debentures and trustee corporations.

Australia: Large cap companies' corporate governance compliance

The 2008 BDO Kendalls large-cap corporate governance survey has been published. Amongst the findings are the following (to quote from BDO Kendalls' press release):

Australia’s largest publicly listed companies generally meet all aspects of best practice guidelines for corporate governance; however full independence still remains a key issue for some major companies.

Areas highlighted included some companies having audit, remuneration or nomination committees that were either not made up of all independent directors or the chair was not independent. The survey findings are based on the 2007 annual report disclosures of the 20 largest Australian listed companies by market capitalisation as at 13 March, 2008.

Several companies (15%) were also found to be paying a high proportion of non-audit fees to their statutory auditors. News Corporation and Newmont Mining were the only companies not to have a formal Share Trade Policy. Also, 40% of the top 20 companies did not have a dedicated Risk Management Committee.

However, despite some of the largest caps needing to improve in certain areas, the broad finding for Australia’s biggest listed companies is that their corporate governance structures are robust and in most areas meet best practice guidelines.

For further information click here. For further information about corporate governance in Australia, see here. For BDO Kendalls 2007 mid-cap corporate governance report, see here.

Australia: listed company directors - disqualification and deterrence

Last week, in Australian Securities & Investments Commission v Soust (No 2) [2010] FCA 388, the Federal Court ordered that a director should be disqualified from managing corporations for a period of 10 years under Section 206C of the Corporations Act (2001). In doing so the trial judge stressed the importance of deterrence in determining the period of disqualification and made these observations concerning the trust reposed in the directors of listed companies (at para. [71]):

I am satisfied that a significant period of disqualification is required and justified in the present circumstances. In particular there is a significant role for personal deterrence to play for the reasons to which I have referred. It is also important that there be a general deterrence component of the period of disqualification as it is necessary to make it clear to directors and other persons in the commercial community that personal dishonesty in acting as a director of a corporation will not be condoned by the Court and will be visited with severe sanctions. Directors of corporations and, particularly, directors of listed public corporations must realise that they have a considerable amount of trust committed to them not only by the shareholders in their company but also by the company’s creditors, the commercial community and the public generally. They occupy a position of trust which, if misplaced, in appropriate cases should disqualify them from further participation in the management of such corporations for significant periods".

Australia: Corporate Governance Principles and Recommendations - proposed amendments

The Australian Securities Exchange Corporate Governance Council has published an exposure draft containing proposed amendments to the Corporate Governance Principles and Recommendations (2007): see here (pdf).

Many of the proposed changes concern diversity at board level and throughout the company. For example, proposed recommendation 3.2 provides that "Companies should establish a policy concerning diversity and disclose the policy or a summary of that policy" and that this policy "should include measurable objectives for achieving gender diversity". In this regard, diversity includes gender, age, ethnicity and cultural background.

Australia: Productivity Commission report on executive remuneration

The Productivity Commission has announced that it has submitted its final report on executive remuneration to the Government. The Government will decide when the report is published. 

Update (4 Jan 2010): the report has been released: see here. 

Australia: Government provides very strong support for Productivity Commission remuneration recommendations

The Productivity Commission published its report on executive remuneration last year (see here, pdf - 2.6MB). The report rejected the introduction of a cap on executive pay and a binding shareholder vote on remuneration. Instead it contained 17 recommendations designed to strengthen the corporate governance framework, including the requirement that where a company’s remuneration report receives a ‘no’ vote of 25 per cent or more of eligible votes cast at an AGM, the board should be required to explain in its subsequent report how shareholder concerns were addressed and, if they have not been, the reasons why; where the subsequent remuneration report receives a 'no' vote of 25 per cent or more of eligible votes cast at the next AGM, a resolution should be put that the elected directors who signed the directors’ report for that meeting stand for re-election at an extraordinary general meeting.

The Government's response to the Commission's report has been published - see here (pdf) - and it supports the vast majority of the Commission's recommendations.

For further information about the Productivity Commission's report see: overview (including key points) (pdf) | recommendations and findings (pdf) | Productivity Commission remuneration enquiry site | submissions | public hearing transcripts |

Australia: ASX Corporate Governance Principles and Recommendations - proposed changes

The Australian Stock Exchange has published a communique in which it sets out a proposal to amend the Corporate Governance Principles and Recommendations to require listed companies, on a comply or explain basis, to adopt and disclose a diversity policy which includes measurable objectives relating to gender. This will require, inter alia, companies to disclose the number of women employees in the whole company, in senior management and on the board. 

Austrialian Commissioner seeks comments on draft breach notification guidelines

The Australian Privacy Commissioner has issued draft breach notification guidelines and is seeking comments by June 16, 2008. See: Voluntary Information Security Breach Notification Guide - Consultation Draft (April 2008).

Australian Court awards damages for breach of privacy

This is an interesting development.

An Australian court has awarded damages for breach of privacy following the revelation by the Australian Broadcasting Corporation of the identity of a rape victim. This is important to Australia, but may also have a secondary effect here in the great white north, as Canadian courts are relatively open in citing and following other common law decisions. For the full scoop, check out Open and Shut: Victorian Court awards damages for breach of privacy.