If it's encrypted it's secure! The viability of US state-based encryption exemptions

US state-based data breach notification laws have unveiled serious corporate and government failures regarding the security of personal information. These laws require organisations to notify persons who may be affected by an unauthorized acquisition of their personal information. Safe harbours to notification exist if personal information is encrypted. Three types of safe harbour have been identified in the literature: exemptions, rebuttable presumptions and factors. The underlying assumption of exemptions is that encrypted personal information is secure and therefore unauthorized access does not pose a risk. However, the viability of this assumption is questionable when examined against data breaches involving encrypted information and the demanding practical requirements of effective encryption management. Recent recommendations by the Australian Law Reform Commission (ALRC) would amend the Privacy Act 1988 (Cth) to implement a data breach scheme that includes a different type of safe harbour, factor based analysis. The authors examine the potential capability of the ALRC’s proposed encryption safe harbour in relation to the US experience at the state legislature level.

Managing illegal street racing and associated risky driving behaviour : An Australian perspective

Illegal street racing has received increased attention in recent years from the media, governments and road safety professionals. At the same time, there has been a shift from treating illegal street racing as a public nuisance issue to a road safety problem in Australia, as this behaviour now attracts a penalty of increased periods of vehicle impoundment leading to permanent vehicle forfeiture for repeat offences. This severe vehicle sanction is typically applied to repeat drink driving offenders and drivers who breach suspensions and disqualifications in North American jurisdictions, but was first introduced in Australia to deal with illegal street racing and associated risky driving behaviours, grouped together under the label of ‘hooning’ in Australian jurisdictions. This paper describes how Australian jurisdictions are dealing with this issue. The research described in this paper drew on multiple data sources to explore illegal street racing and the management of this issue in Australia. First, the paper reviews the relevant legislation in each Australian state to describe the cross-jurisdictional similarities and differences in approaches. It also describes some results from focus group discussions and a quantitative online survey with drivers who self-report engaging in illegal street racing and associated behaviours in Queensland, Australia. It was found that approaches to dealing with illegal street racing and associated risky driving behaviours in each Australian state are similar, with increasing periods of vehicle impoundment (leading to vehicle forfeiture) applied to repeat hooning offences within prescribed periods. Participants in the focus groups and respondents to the questionnaire generally felt these penalty periods were severe, with perceptions of severity increasing with the length of the penalty period. It was concluded that there is a need for each jurisdiction to objectively evaluate the effectiveness of their vehicle impoundment and forfeiture programs for hooning. These evaluations should compare the relative costs of these programs (e.g., enforcement, unrecovered towing and storage fees, and court costs) to the observed benefits (e.g., reduction in target behaviours, reduction in community complaints, and reduction in the number and severity of associated crashes).

Stakeholder perspectives regarding the mandatory notification of Australian data breaches

The advent of data breach notification laws in the United States (US) has unearthed a significant problem involving the mismanagement of personal information by a range of public and private sector organisations. At present, there is currently no statutory obligation under Australian law requiring public or private sector organisations to report a data breach of personal information to law enforcement agencies or affected persons. However, following a comprehensive review of Australian privacy law, the Australian Law Reform Commission (ALRC) has recommended the introduction of a mandatory data breach notification scheme. The issue of data breach notification has ignited fierce debate amongst stakeholders, especially larger private sector entities. The purpose of this article is to document the perspectives of key industry and government representatives to identify their standpoints regarding an appropriate regulatory approach to data breach notification in Australia.

The mandatory notification of data breaches : issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.

Identifying child sexual abuse within school contexts : policy problems and solutions, and a landmark case

As a strategy to identify child sexual abuse, most Australian States and Territories have enacted legislation requiring teachers to report suspected cases. Some Australian State and non-State educational authorities have also created policy-based obligations to report suspected child sexual abuse. Significantly, these can be wider than non-existent or limited legislative duties, and therefore are a crucial element of the effort to identify sexual abuse. Yet, no research has explored the existence and nature of these policy-based duties. The first purpose of this paper is to report the results of a three-State study into policy-based reporting duties in State and non-State schools in Australia. In an extraordinary coincidence, while conducting the study, a case of failure to comply with reporting policy occurred with tragic consequences. This led to a rare example in Australia (and one of only a few worldwide) of a professional being prosecuted for failure to comply with a legislative duty. It also led to disciplinary proceedings against school staff. The second purpose of this paper is to describe this case and connect it with findings from our policy analysis.

Notification of data breaches under the continuous disclosure regime

Consumer personal information is now a valuable commodity for most corporations. Concomitant with increased value is the expansion of new legal obligations to protect personal information. Mandatory data breach notification laws are an important new development in this regard. Such laws require a corporation that has suffered a data breach, which involves personal information, such as a computer hacking incident, to notify those persons who may have been affected by the breach. Regulators may also need to be notified. Australia currently does not have a mandatory data breach notification law but this may be about to change. The Australian Law Reform Commission has suggested that a data breach notification scheme be implemented through the Privacy Act 1988 (Cth). However, the notification of data breaches may already be required under the continuous disclosure regime stipulated by the Corporations Act 2001 (Cth) and the Australian Stock Exchange (ASX) Listing Rules. Accordingly, this article examines whether the notification of data breaches is a statutory requirement of the existing continuous disclosure regime and whether the ASX should therefore be notified of such incidents.

Government, citizenship and cultural policy : expertise and participation in Australian media policy

The study of institutions and policy processes in the formation of culture have been a major concern of the "cultural policy debate", which has been a major debate in Australian cultural studies in the 1990s (Bennett 1992a; Cunningham 1992; O'Regan 1993; cf. McGuigan 1996). Bennett (1992) argues that culture in modern societies is defined less by a distinct series of artistic and intellectual practices, the ways of life of distinctive communities or social groups, or as a system for the structuring of meaning in a society, but rather in terms of "the specificity of the governmental tasks and programmes in which those practices come to be inscribed." (Bennett 1992a: 397) Within such a framework, policy becomes "not... an optional add-on but... central to the definition and constitution of culture" (Bennett 1992a: 397). This understanding of culture as "intrinsically governmental" has in turn been linked to an increasingly strategic role for discourses of citizenship as a basis for the engagement of cultural studies intellectuals with the political sphere...

Should funds invest in socially responsible investments during downturns?

Purpose: This paper investigates whether Socially Responsible Investment (SRI) is less sensitive to market downturns than conventional investments; the legal implications for fund managers and trustees; and possible legislative reforms to allow conventional funds more scope to invest in SRI. ----- ----- Design/methodology/approach: The paper uses the market model to estimate betas over the past 15 years for SRI funds and conventional investment funds during economic downturns, as distinct from during more ‘normal’ (non-recessionary) economic times. ----- ----- Findings: The beta risk of SRI, both in Australia and internationally, increases more than that of conventional investment during economic downturns. Traditional fund managers and trustees in Australia are therefore likely to breach their fiduciary duties if they go long - or remain long - in SRI funds during economic downturns, unless relevant legislation is reformed. ----- ----- Research limitations/implications: The methodology assumes that alpha and beta in the market model are constant. This is the subject of ongoing research. Second, it categorises the state of the market into ‘normal’ economic conditions and downturns using dummy variables. More sophisticated techniques could be used in future research. ----- ----- Practical implications: The current law would prevent conventional funds from investing in SRI. If SRI is viewed as socially desirable, useful legislative reforms could include explicitly overriding the common law to allow conventional funds to invest in SRI; introducing a 150% tax deduction or investment allowance for SRI; and allowing SRI sub-funds to obtain Deductible Gift Recipient status from the Australian Tax Office and other taxation authorities. ----- ----- Originality/value: The accurate assessment of risk in SRIs is an area which, despite its serious legal implications, is yet to be subjected to rigorous empirical investigation. Keywords - SRI, market model, GARCH, trust fund, fiduciary duties, market downturns, Australia.

Standardisation and patent ambush : potential liability under Australian competition law

This article examines the problem of patent ambush in standard setting, where patent owners are sometimes able to capture industry standards in order to secure monopoly power and windfall profits. Because standardisation generally introduces high switching costs, patent ambush can impose significant costs on downstream manufacturers and consumers and drastically reduce the efficiency gains of standardisation.This article considers how Australian competition law is likely to apply to patent ambush both in the development of a standard (through misrepresenting the existence of an essential patent) and after a standard is implemented (through refusing to license an essential patented technology either at all or on reasonable and non-discriminatory (RAND) terms). This article suggests that non-disclosure of patent interests is unlikely to restrained by Part IV of the Trade Practices Act (TPA), and refusals to license are only likely to be restrained if the refusal involves leveraging or exclusive dealing. By contrast, Standard Setting Organisations (SSOs) which seek to limit this behaviour through private ordering may face considerable scrutiny under the new cartel provisions of the TPA. This article concludes that SSOs may be best advised to implement administrative measures to prevent patent hold-up, such as reviewing which patents are essential for the implementation of a standard, asking patent holders to make their licence conditions public to promote transparency, and establishing forums where patent licensees can complain about licence terms that they consider to be unreasonable or discriminatory. Additionally, the ACCC may play a role in authorising SSO policies that could otherwise breach the new cartel provisions, but which have the practical effect of promoting competition in the standards setting environment.

Order supported by law : the enforcement of norms in virtual communities

As online social spaces continue to grow in importance, the complex relationship between users and the private providers of the platforms continues to raise increasingly difficult questions about legitimacy in online governance. This article examines two issues that go to the core of egitimate governance in online communities: how are rules enforced and punishments imposed, and how should the law support legitimate governance and protect participants from the illegitimate exercise of power? Because the rules of online communities are generally ultimately backed by contractual terms of service, the imposition of punishment for the breach of internal rules exists in a difficult conceptual gap between criminal law and the predominantly compensatory remedies of contractual doctrine. When theorists have addressed the need for the rules of virtual communities to be enforced, a dichotomy has generally emerged between the appropriate role of criminal law for 'real' crimes, and the private, internal resolution of 'virtual' or 'fantasy' crimes. In this structure, the punitive effect of internal measures is downplayed and the harm that can be caused to participants by internal sanctions is systemically undervalued.

Less but more : weaving disparate disciplines together for learners to construct their own knowledge

This paper reports on a Professional Learning Program conducted in China with 140 general technology teachers. It aimed to integrate robotics technology across and within the disciplines of science, technology, engineering and mathematics. With the help of university facilitators teachers developed General Technology lessons that seamlessly integrated with rich learning content across disciplines. Teachers engaged in seminars and workshops, which provided the opportunities for them to actively couch sound principles of learning in their daily work. They gained first-hand experience in applying an aligned system of assessments, standards and quality learning experiences geared to the needs of each student. Teachers worked collaboratively in teams to create inquiry, design and collaborative learning activities that aligned with their curriculum and which dealt with real world problems, issues and challenges. They continually discussed and reflected deeply on the activities and shared the newly developed resources online with teachers across the entire country. It is evident from the preliminary analysis of data that teachers are beginning to apply rich pedagogical practices and are becoming ‘adaptive’ in their approach when using LEGO® robotic tools to design, redesign, create and re-create learning activities for their students.

An attack on Iran: the legal basis, or lack thereof

Talk of a possible Israeli strike on Iran’s nuclear facilities has re-ignited debate over the right of self-defence under international law. Some academics, including Anthony D'Amato and Alan Dershowitz, have claimed that an attack on Iran would be a permissible act of self-defence. Others, such as Kevin Jon Heller, argue that such action would be a clear breach of international law. So, who is correct? Would military action against Iran be legal or illegal?

High court determines that it cannot be assumed that hot chips are only eaten at lunch

In Strong v Woolworth Ltd (t/as Big W) (2012) 285 ALR 420 the appellant was injured when she fell at a shopping centre outside the respondent’s premises. The appellant was disabled, having had her right leg amputated above the knee and therefore walked with crutches. One of the crutches came into contact with a hot potato chip which was on the floor, causing the crutch to slip and the appellant to fall. The appellant sued in negligence, alleging that the respondent was in breach of its duty of care by failing to institute and maintain a cleaning system to detect spillages and foreign objects within its sidewalk sales area. The issue before the High Court was whether it could be established on the balance of probabilities as to when the hot chip had fallen onto the ground so as to prove causation in fact...

Investigating the dynamics of the psychological contract : how and why individuals' contract beliefs change

The overall objective of this thesis is to explore how and why the content of individuals' psychological contracts changes over time. The contract is generally understood as "individual beliefs, shaped by the organisation, regarding the terms of an exchange agreement between individuals and their organisation" (Rousseau, 1995, p. 9). With an overall study sampling frame of 320 graduate organisational newcomers, a mixed method longitudinal research design comprised of three sequential, inter-related studies is employed in order to capture the change process. From the 15 semi-structured interviews conducted in Study 1, the key findings included identifying a relatively high degree of mutuality between employees' and their managers' reciprocal contract beliefs around the time of organisational entry. Also, at this time, individuals had developed specific components of their contract content through a mix of social network information (regarding broader employment expectations) and perceptions of various elements of their particular organisation's reputation (for more firm-specific expectations). Study 2 utilised a four-wave survey approach (available to the full sampling frame) over the 14 months following organisational entry to explore the 'shape' of individuals' contract change trajectories and the role of four theorised change predictors in driving these trajectories. The predictors represented an organisational-level informational cue (perceptions of corporate reputation), a dyadic-level informational cue (perceptions of manager-employee relationship quality) and two individual difference variables (affect and hardiness). Through the use of individual growth modelling, the findings showed differences in the general change patterns across contract content components of perceived employer (exhibiting generally quadratic change patterns) and employee (exhibiting generally no-change patterns) obligations. Further, individuals differentially used the predictor variables to construct beliefs about specific contract content. While both organisational- and dyadic-level cues were focused upon to construct employer obligation beliefs, organisational-level cues and individual difference variables were focused upon to construct employee obligation beliefs. Through undertaking 26 semi-structured interviews, Study 3 focused upon gaining a richer understanding of why participants' contracts changed, or otherwise, over the study period, with a particular focus upon the roles of breach and violation. Breach refers to an employee's perception that an employer obligation has not been met and violation refers to the negative and affective employee reactions which may ensue following a breach. The main contribution of these findings was identifying that subsequent to a breach or violation event a range of 'remediation effects' could be activated by employees which, depending upon their effectiveness, served to instigate either breach or contract repair or both. These effects mostly instigated broader contract repair and were generally cognitive strategies enacted by an individual to re-evaluate the breach situation and re-focus upon other positive aspects of the employment relationship. As such, the findings offered new evidence for a clear distinction between remedial effects which serve to only repair the breach (and thus the contract) and effects which only repair the contract more broadly; however, when effective, both resulted in individuals again viewing their employment relationships positively. Overall, in response to the overarching research question of this thesis, how and why individuals' psychological contract beliefs change, individuals do indeed draw upon various information sources, particularly at the organisational-level, as cues or guides in shaping their contract content. Further, the 'shapes' of the changes in beliefs about employer and employee obligations generally follow different, and not necessarily linear, trajectories over time. Finally, both breach and violation and also remedial actions, which address these occurrences either by remedying the breach itself (and thus the contract) or the contract only, play central roles in guiding individuals' contract changes to greater or lesser degrees. The findings from the thesis provide both academics and practitioners with greater insights into how employees construct their contract beliefs over time, the salient informational cues used to do this and how the effects of breach and violation can be mitigated through creating an environment which facilitates the use of effective remediation strategies.