Audit reveals cyber security weaknesses in two NSW transport agencies

In a report released on 13 July, the NSW Auditor-General found that Transport for NSW and Sydney Trains are failing to manage ‘significant’ cyber security risks. This failure does not appear to be due to a lack of funding, as both agencies received funding approval to implement cyber security plans.

The Auditor-General’s audit, which assessed how effective both agencies identify and manage their cyber security risks, found a disconnect between having the risk mitigation plans and delivering them. The Auditor-General also said her audit uncovered “significant risks” that both agencies had failed to pick up.

The report, which had certain aspects kept confidential to protect the agencies, also touched on culture as an issue. It identified a very low level of basic cyber security training and that neither agency is fostering a culture where cyber security risk management is an important and valued aspect of decision making.

In addition, the report also found three other major failings. Firstly, the processes to identify cyber risks were not identifying all risks. Secondly, the maturity level of the organisations (as measured against well-known standards published by the NSW Cyber Security Policy, which embedded the Australian Cyber Security Centre’s Essential Eight) was known to be low. Lastly, risks that had been identified had not been remediated in a timely way.

One of the key recommendations was to address, as a priority, previously identified vulnerabilities. For the future, the recommendation was to ensure cyber risk reporting to executives and the Audit and Risk Committee.

As this report demonstrates, whatever your role, cyber is an important part of it.

In the media

Sports rorts: Coalition blocking release of Phil Gaetjens’ secret report, citing cabinet exemption

Bridget McKenzie claims the report was prepared mainly for the purposes of cabinet. Submissions from the Department of Prime Minister and Cabinet to the OAIC argue the document is covered by cabinet-in-confidence, exempting it from release through FoI (18 July 2021). More...

Final call for open justice reform submissions

People across NSW are encouraged to have their say about proposed reforms to the laws relating to open justice in courts and tribunals. Attorney General Mark Speakman is calling for submissions into the NSW Law Reform Commission before they close on 2 August 2021 (15 July 2021). More...

Expectations for telcos dealing with vulnerable consumers

The Australian Communications and Media Authority is looking to improve the way the telco sector supports consumers in vulnerable circumstances, with a proposed statement of expectations for the industry released for consultation (14 July 2021). More...

Law Council calls for more clarity about proposed family violence regimes

While the Law Council of Australia strongly supports the intent of the Family Law Amendment (Federal Family Violence Orders) Bill 2021, there are several issues within the legislation that need clarification, how the proposed scheme will actually work and how it would interact with existing state and territory Family Violence Order regimes (14 July 2021). More...

Two men prosecuted for using false documents to obtain work

NSW Fair Trading has successfully prosecuted two persons regarding fraudulent activities in the construction industry (14 July 2021). More...

Cyber security failures at TfNSW, Sydney Trains

TfNSW and Sydney trains both agencies are falling short of standards set out by the NSW Cyber Security Policy. Transport for NSW and Sydney Trains are failing to manage ‘significant’ cyber security risks despite more than $40 million worth of funding, the NSW Auditor General says (14 July 2021). More...

Strengthening Australia’s cyber security regulations and incentives ​​​​

On 13 July 2021, the Australian Government opened consultation on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia’s digital economy. This work forms part of Au​stralia’s Cyber Security Strategy 2020 and also responds to recommendations of the 2020 Cyber Security Strategy Industry Advisory Panel (13 July 2021). More...

Court shows sexual harassment will not be tolerated

The Law Council of Australia acknowledges the statement of the Chief Justice and Chief Judge of the Federal Circuit Court of Australia in relation to two complaints against a Judge of that Court. The Law Council President, commends the Court for its detailed investigations and inquiry process, including the appointment of three independent former judges and a counsel-assisting, which may well be a first in the federal courts (08 July 2021). More...

HRLC: Australia rejects UN call to raise the age of criminal responsibility

The Australian Government has refused to accept the calls of dozens of countries to stop imprisoning children under the age of 14 years old, and to raise the age of criminal responsibility (08 July 2021). More...

HRLC: Australian government ignores key recommendations from major UN human rights review

The Australian government has been criticised for failing to accept critical recommendations from a major UN review into its human rights record (08 July 2021). More...

NSW Education department hit by cyber attack

The NSW Department of Education has suffered a cyber attack just days before the school term resumes and students in Greater Sydney are forced to rely on remote learning. The department is currently working with Cyber Security NSW to restore normal access (08 July 2021). More...

Privacy Act review delayed as reforms stall

A significant review of the Privacy Act has been delayed, with a discussion paper still yet to be released 18 months after it was launched, while draft legislation introducing a new penalty scheme for data breaches announced well over two years ago still hasn’t been produced (08 July 2021). More...

Swiss ticket reseller Viagogo being investigated by NSW Fair Trading

NSW Fair Trading is investigating ticket reseller Viagogo as consumer complaints against the company spike in line with the reintroduction of ticketed events (07 July 2021). More...

LCA: Call for tighter reins on powers in an emergency

While on one hand the Act could provide benefit in a time of crisis, it could if not revised, potentially remove or compromise important provisions in the Freedom of Information Act 1982 (Cth), Privacy Act 1988 (Cth), Australian Human Rights Commission Act 1986 (Cth) and Australian Information Commissioner Act 2010 (Cth) impacting on the broader rights of individuals (05 July 2021). More...

In practice and courts

Strengthening Australia’s cyber security regulations and incentives: Discussion paper

Interested stakeholders are invited to provide a submission to the discussion paper, Strengthening Australia’s cyber security regulations and incentives.Submissions on the discussion paper can be made via our submission form before 27 August 2021. Learn more here and here. Read a quick summary and learn more here.

Proposed amendments to the Legal Profession Uniform Conduct (Barristers) Rules 2015

The Australian Bar Association invites comments and submissions on a proposal to amend Rules 123 and 125 of the Legal Profession Uniform Conduct (Barristers) Rules. Submissions should be sent to the Australian Bar Association on or before 2 August 2021. Click here to learn more.

Commonwealth Parliamentary Review now open for submissions and interviews: Sex discrimination

The AHRC is inviting contributions for its Independent Review into Commonwealth Parliamentary Workplaces, accepting written contributions from groups covered by the Review’s Terms of Reference. The Review aim is to ensure all Commonwealth Parliamentary workplaces are safe and respectful and that our national Parliament reflects best practice. View the consultation paper here.

ACMA consultations

Proposal to remake the anti-terrorism standards – consultation 22/2021

The anti-terrorism standards for narrowcast television services are due to sunset on 1 October 2021. We are seeking your views on remaking the standards in a single instrument with only minor changes. Closing date: 21 July 2021. Read more here.

Consumer vulnerability: Expectations for the telco industry – consultation 27/2021

We want to create a statement of expectations for the telco industry to improve outcomes for vulnerable consumers. Closing date: 08 September 2021. Read more here.

Have your say on national child protection framework

People can now contribute to the development of a five-year plan that will help deliver the next National Framework for Protecting Children by ‘having their say’ online. People can get involved in the online consultation by providing feedback through the Australian Government’s Department of Social Services. Engage here. The public consultation closes on 26 July. To have your say click here.

Law Council update

The Law Council produces a fortnightly newsletter which highlights the Law Council's important activities and advocacy, along with any relevant media and events stakeholders would be interested in. Read the 9 July 2021 update.

Law Council of Australia submissions

08 July 2021 – Law Council: National Register of Enduring Powers of Attorney. 08 July 2021 – Law Council: Judicial impartiality: Consultation paper. 06 July 2021 – Law Council: Guaranteeing a minimum return of class action proceeds to class members.

AAT: Translation of fact sheets

12/07/2021 – AAT has translated some fact sheets into selected languages. Learn more here.

AAT Bulletin

The AAT Bulletin is a weekly publication containing a list of recent AAT decisions and information relating to appeals against AAT decisions. Issue No. 14/2021, 12 July 2021.

OAIC: Our FOI disclosure log

The information described in our disclosure log has been released by the OAIC under the Freedom of Information Act 1982: Updated May 2021. Learn more here.

Legal and Constitutional Affairs Legislation Committee

Family Law Amendment (Federal Family Violence Orders) Bill 2021 [Provisions]

On 13 May 2021, the Senate referred the provisions of the Family Law Amendment (Federal Family Violence Orders) Bill 2021 to the Legal and Constitutional Affairs Legislation Committee for inquiry and report by 29 July 2021.

Constitution Alteration (Freedom of Expression and Freedom of the Press) 2019

Status: Accepting submissions. Date referred: 17 June 2021. Submissions close: 20 August 2021. Reporting date: 31 December 2021.

Courts and Tribunals Legislation Amendment (2021 Measures No. 1) Bill 2021

Status: Accepting submissions. Date referred: 24 June 2021. Submissions close: 15 July 2021. Reporting date: 13 August 2021.

Select Committee on Foreign Interference through Social Media

Select Committee on Foreign Interference through Social Media to inquire into and report on the risk posed to Australia’s democracy by foreign interference through social media. The committee is to present its final report on or before the second sitting day of May 2022. The closing date for submissions is 31 October 2021.

NSW

Court and tribunal information: Access, disclosure and publication

The NSW Law Reform Commission has released draft proposals ahead of its final report on Court and tribunal information access, disclosure and publication. The proposals focus on the operation of suppression and non-publication orders and access to information in NSW courts and tribunals. Submissions have been invited (closing date 2 August 2021).

Drug Misuse and Trafficking Regulation 2021

The NSW Department of Communities and Justice is seeking comments on the consultation draft of the Drug Misuse and Trafficking Regulation 2021 and Regulatory Impact Statement. There are two documents that you can read to understand the proposed changes: Proposed Drug and Misuse and Trafficking Regulation 2021 and Regulatory Impact Statement. The closing date for submissions was 16 July 2021.

Costs disputes – uniform law – indexed amounts

Sections 291, 292 and 293 of the Legal Profession Uniform Law (NSW) relate to costs disputes. The amounts have again been indexed for the financial year 1/7/2021 – 30/6/2022. The Legal Profession Uniform Law (Indexed Amounts) Notice 2021 has been published and is available here.

Personal Injury Commission – hearings during COVID-19

The President of the Personal Injury Commission has advised the NSW Bar Association that the PIC will continue to apply Procedural Direction 10 until further notice. Procedural Direction 10 provides that, during the currency of the COVID-19 pandemic and until further notice, the Commission will, list matters for hearing by audio link or audio-visual link. Procedural Direction 10 is available here.

Artificial Intelligence (AI)

The NSW Government believes that the NSW Government can use AI to benefit the community and is taking actions to ensure that AI is used safely, ethically and effectively. We have an AI Strategy that outlines our vision for the use of AI, and ensures transparency, fairness and accountability. Have your say until 31 December 2021.

NSW Law Society: Applications open for the Access to Justice Innovation Fund

The $1 million fund from the State Government supports innovative ideas to improve or enhance access to justice in NSW. Grants of between $50,000 and $250,000 are available for low cost, high impact projects that make a difference for those who need it most. Applicants will be advised of the outcome of their application by late May 2021. Find out more.

Published – articles, papers, reports

Annual Audit Work Program 2021–22

ANAO: 6 July 2021. The annual audit work program (AAWP) is designed to reflect the ANAO’s audit strategy and inform the Parliament, government entities and the public of the planned audit coverage for the Australian Government sector. The AAWP is also designed to anticipate and respond to current and emerging risks and challenges impacting on public administration. Read the Annual Audit Work Program 2021–22.

Cases

Mario Christodoulou and Department of the Prime Minister and Cabinet (Freedom of information) [2021] AICmr 36

Freedom of information – whether documents subject to legal professional privilege – whether disclosure of personal information unreasonable – whether disclosure would have substantial adverse effect on the proper and efficient conduct of the operations of the agency – whether disclosure would unreasonably affect an organisation in respect of its lawful business affairs – whether contrary to the public interest to release conditionally exempt documents – (CTH) Freedom of Information Act 1982 ss 42, 47F, 47E and 47G.

'XN' and Australian Federal Police (Freedom of information) [2021] AICmr 35

Freedom of information – whether documents subject to legal professional privilege – whether documents contain deliberative matter prepared for a deliberative process – whether disclosure would have a substantial adverse effect on the management of personnel – whether disclosure of personal information unreasonable – whether contrary to the public interest to release conditionally exempt documents – (CTH) Freedom of Information Act 1982 ss 42, 47C, 47E(c), 47F and 11A(5).

Josh Taylor and Minister for Foreign Affairs (Freedom of information) [2021] AICmr 33

Freedom of information – whether reasonable steps taken to find documents – (CTH) Freedom of Information Act 1982 s 24A.

Rex Patrick and Services Australia (Freedom of information) [2021] AICmr 32

Freedom of information – whether document was brought into existence for the dominant purpose of submission for consideration by Cabinet – (CTH) Freedom of Information Act 1982 – ss 34(1)(a) and 34(3).

Stefania Maurizi and Department of Foreign Affairs and Trade (Freedom of information) [2021] AICmr 31

Freedom of information – whether disclosure would cause damage to international relations of the Commonwealth – whether disclosure would divulge information communicated in confidence by a foreign government – whether disclosure would have a substantial adverse effect on the proper and efficient conduct of the operations of an agency – whether disclosure of personal information is unreasonable – whether contrary to the public interest to release conditionally exempt documents – (CTH) Freedom of Information Act 1982 ss 11A(5), 33(a)(iii), 33(b), 47E(d) and 47F.

'XM' and Australian Financial Security Authority (Freedom of information) [2021] AICmr 30

Freedom of information – whether reasonable steps taken to locate documents – (CTH) Freedom of Information Act 1982 s 24A.

'XL' and Comcare (Privacy) [2021] AICmr 29

Privacy – Privacy Act 1988 (Cth) – Australian Privacy Principles – APP 10 – APP 13 – inaccuracies in an Independent Medical Expert report for tribunal proceedings – whether reasonable steps taken to ensure accuracy – whether failure to respond to correction request within statutory timeframe – breach of APP 13.5 – complaint otherwise dismissed – acknowledgement of interference with privacy – inappropriate for any further action to be taken.

Application by the Attorney General of NSW [2021] NSWSC 857

CIVIL LAW – order for evidence to be taken on commission – request by foreign court – no question of principle. The Court notes that the right of Civi Corp Pty Limited to apply to the Court to make any objection, based on any privilege or otherwise, to production pursuant to the Subpoena to Produce, is preserved.

Wojciechowska v Commissioner of Police [2021] NSWCATAD 210

ADMINISTRATIVE LAW – government information – access application – information not held – reasonableness of searches – redacted information – information out of scope. ADMINISTRATIVE LAW – jurisdiction of tribunal – matter between a State and resident of another State – whether tribunal exercising judicial power.

Egan v Commissioner for Fair Trading, Department Of Customer Service [2021] NSWCATAD 209

ADMINISTRATIVE LAW – building and construction – licence – home building – experience – instrument. Administrative Decisions Review Act 1997.

Hooper v Willoughby City Council [2021] NSWCATAD 208

ADMINISTRATIVE LAW – merits review – access to government information – adequacy of search – information for which there is a conclusive public interest against disclosure (excluded information and privileged information) – information for which there is an overriding public interest against disclosure (cl 1(d) and (f), cl 3(a) and (b) and cl 6(1) of the table to s 14(2) of the Government Information (Public Access) Act 2009) – processing charge.

Snape v Commissioner of Police [2021] NSWCATAD 206

ADMINISTRATIVE LAW – freedom of information – personal information – Government Information (Public Access) Act 2009 – disclosure.

Sydney Trains v Batshon [2021] NSWCA 143

ADMINISTRATIVE LAW – workers compensation – examination by approved medical specialist – request for re-examination by appeal panel refused – primary judge held that request not considered by appeal panel – appeal panel in fact considered request – adequacy of reasons of appeal panel – whether denial of procedural fairness by primary judge – whether any denial could be material in light of the right of appeal by way of rehearing – whether other judicially reviewable errors in appeal panel’s decision – consideration of differences in assessment regimes under workers compensation and motor accident legislation – appeal allowed and decision of appeal panel reinstated. COSTS – whether reason to depart from rule that costs should follow event – inclusion by appellant of voluminous irrelevant pages in appeal materials – where error by primary judge could have been corrected without need for appeal.

ERI v Commissioner for Fair Trading [2021] NSWCATOD 95

ADMINISTRATIVE REVIEW – tattoo parlours – tattoo operator licence – adverse security determination – fit and proper person – public interest.

DYH v NSW Trustee and Guardian [2021] NSWCATAD 200

ADMINISTRATIVE LAW – administrative review – applicant seeking review of decisions made by respondent – application by respondent for dismissal – whether decisions in fact made by respondent in the exercise of its functions as financial manager.

SafeWork NSW v Solveco Pty Ltd; SafeWork NSW v Brent Martin Lawson; SafeWork NSW v Tiberiu Orden; (No. 1) [2021] NSWDC 298

(1) Grant leave to the prosecutor to amend the Summons in the manner proposed in the annexures to the affidavit of Mr O’Connell dated 22 June 2021. CRIMINAL PROCEDURE – leave to amend summons – factors relevant to exercise of discretion – consideration of width of prosecution case by reference to Summons and Statement of Facts. STATUTORY INTERPRETATION – meaning of “indictment” in s 20 of the Criminal Procedure Act 1986 (NSW).

DQV v University of New England [2021] NSWCATAP 208

APPEALS – privacy – where respondent collected personal information of prospective overseas students and their sponsors for the purpose of making a pre-visa assessment to be provided to a Commonwealth entity – whether respondent’s purpose of collection was directly related to a function or activity of the respondent – whether leave should be granted where error of fact established – whether appellant entitled to appeal in respect of finding about the personal information of his brother, a co-applicant, where brother had not appealed – whether Tribunal had erred by making findings in reliance upon a policy which had not been published at relevant times.

Commissioner of the Australian Federal Police v Revell-Reade [2021] NSWSC 812

PRIVATE INTERNTATIONAL LAW – assistance to foreign countries in criminal matters – defendant convicted for conspiracy to defraud in UK – foreign restraining orders and foreign pecuniary penalty orders registered under the Mutual Assistance in Criminal Matters Act 1987 (Cth) – application for partial discharge of registered foreign pecuniary penalty order from property in custody and control of the Official Trustee – interests of third parties – order made subject to protection of interests of lien holder.

Kirkman v Minister Administering the Crown Lands Act (No. 3) [2021] NSWSC 730

ADMINISTRATIVE LAW – the applicant seeks judicial review of a 2017 decision made by the Minister Administering the Crown Lands Act 1989, the first respondent – the Court published a judgment on 30 October 2020 resolving a number of issues raised by the plaintiff – the Court invited further submissions from the Minister and submissions in reply from the applicant on two outstanding issues – the first issue being whether the applicant and second defendant’s enclosure permits remained in conflict over a disputed portion of Crown road at the time of the 2017 decision – and if the enclosure permits are in conflict, whether that conflict requires resolution – the second issue being whether the Crown road is now enclosed, such that the enclosure permits can be lawfully cancelled.

Legislation

Commonwealth

Regulations

National Redress Scheme for Institutional Child Sexual Abuse Amendment (2021 Measures No. 1) Rules 2021

15/07/2021 – this instrument amends the National Redress Scheme for Institutional Child Sexual Abuse Rules 2018 to prescribe that certain entities are or are not State or Territory institutions for the purposes of the Scheme and to establish the Scheme’s brand as a protected symbol.

Foreign Evidence (Application of Amendments) Regulations 2021

12/07/2021 – this instrument lists States and Territories which have elected to opt-in to certain amendments made to the Foreign Evidence Act 1994 by the Foreign Evidence Amendment Act 2010. The regulations repeal and replace the Foreign Evidence (Application of Amendments) Regulations 2011, which are scheduled to sunset on 1 October 2021.

Fair Work Amendment (Respect at Work) Regulations 2021

09/07/2021 – this instrument amends the Fair Work Regulations 2009 to give effect to recommendation 31 of the [email protected]: National Inquiry into Sexual Harassment in the Workplace by adding sexual harassment to the list of conduct falling within the definition of ‘serious misconduct’ and supports amendments that would be made by the Sex Discrimination and Fair Work (Respect at Work) Amendment Bill 2021 to include ‘sexual harassment’ in the existing stop-bullying jurisdiction.

Commonwealth Electoral (Authorisation of Voter Communication) Determination 2021

06/07/2021 – this instrument gives effect to the Electoral Commissioner's power at subsection 321D(7) of the Commonwealth Electoral Act 1918 to make a legislative instrument which further determines exceptions to communications or circumstances for electoral and referendum matter, and to also determine further requirements in relation to the particulars which are to be notified as part of the authorisation across a number of pieces of legislation.

NSW

Regulations and other miscellaneous instruments

Electronic Transactions (ECM Courts) Amendment (Digital Case File Application) Order 2021 (2021–398) –published LW 16 July 2021. Electronic Transactions Amendment (DDT and IRC) Regulation 2021 (2021–382) – published LW 16 July 2021. Local Government (General) Amendment Regulation 2021 (2021–371) – published LW 9 July 2021.

For the full text of Bills, and details on the passage of Bills, see Bills.