OAIC Incapacity

'The Privacy Commissioner and Own-Motion Investigations Into Serious Data Breaches: A Case of Going Through The Motion?' [PDF] by Jodie Siganto and Mark Burdon in (2015) 38(3) UNSW Law Journal comments

Data breaches resulting from information security failures continue to be an issue of pressing concern. The Office of the Australian Information Commissioner (‘OAIC’) recognises that data security is a major challenge for organisations. Starting in February 2011, the OAIC commenced a series of ‘high profile’ investigations into alleged data breaches. Each of these investigations was commenced by the Privacy Commissioner (the ‘Commissioner’) with reference to the OAIC’s Own Motion Investigation (‘OMI’) powers.  These powers allow the Commissioner to conduct an investigation without any prior complaint being made. 

The Commissioner heralded the use of OMIs and the subsequent publication of reports as a change in its enforcement approach to ‘particularly serious or high profile privacy incidents’. 

All of these incidents related to data breaches. The new strategy was partially developed to increase the transparency of the OAIC’s investigation process and to help organisations and agencies to better understand their privacy responsibilities. 

Surprisingly, the Commissioner’s change in approach has received little scholarly attention given the heightened concern about data breaches and past criticisms of the Commissioner’s failure to pursue a robust enforcement approach. Previous research has focussed on the way the OAIC has used its investigation powers generally,  with only limited consideration of the use of powers in relation to data breach incidents. 

This article fills a gap in the current literature and examines the actual investigatory and decision-making procedures adopted in six data breach-related OMIs undertaken between February 2011 and July 2012. They involve a range of different respondents, different types of security incidents and different findings regarding breaches of privacy principles, with a particular focus on National Privacy Principle (‘NPP’) 4. NPP 4 required entities covered by the Privacy Act 1988 (Cth) (‘Privacy Act’) to implement reasonable security measures in order to protect personal information. 

We examine how these investigations were conducted and the basis for the decisions made, including the publication of final investigation reports. Our framework for examination includes the OAIC’s own published guidance as to how it should undertake investigations and publish reports, and generally recognised principles for the exercise of regulatory powers. Part II provides background to the Commissioner’s investigations and interest in data breach cases and then outlines the methodology adopted. Part III details the reasoning behind the OAIC’s investigatory processes including the reasons for undertaking the OMIs, the process of evidence collection, the decision-making process adopted, and the reasons for the publication of final results in OMI reports. Our findings indicate that the investigation process followed in these six cases could be described as high-level, and lacking in both balance and vigour. Part IV then puts forward reasons for the standard of these investigations by critically questioning whether the OAIC had sufficient powers and resources to adequately conduct the OMIs. We also consider whether the Commissioner pursued these OMIs as a means to further the OAIC’s policy agenda regarding the development of a mandatory data breach notification scheme. 

We conclude that the OAIC’s decision to conduct these OMIs was to highlight and support its policy interests, without having the requisite resources or powers to conduct the investigations effectively. In other words, in the interests of pursuing a data breach policy agenda, the OAIC seems to have been going through the motions in its data breach investigations.

The authors conclude

In terms of the six OMIs reviewed, the selection of the particular cases to investigate (all involving a data breach), the ongoing media engagement highlighting both the investigations being undertaken and the investigation results once available, and the Commissioner’s personal involvement in the decision to publish reports, all suggest that these OMIs were part of a policy imperative to focus on investigating data breach cases. The Commissioner drew the specific link between these investigations and data breach notification in our interview, saying that ‘we are seeing breaches on a large scale’ and that a mandatory reporting scheme was required ‘to give people the ability to know they need to take steps to protect [their personal] information when something goes wrong’. 

Based on the above, it could be argued that one of the motivations for undertaking these OMIs and publishing investigation reports might have been to provide further support for the introduction of a mandatory data breach notification scheme, or at the very least, to highlight the issue of data breaches in Australia. This would be consistent with the Commissioner’s stated policy position and may explain why the Commissioner has elected to dedicate increasingly scarce resources to the pursuit of these investigations, in preference to other regulatory activity. It may also explain why the investigations themselves lack the rigour that might otherwise be expected. It is possible that the real purpose for these investigations was to raise the profile of data breaches and to highlight the role of the Commissioner in resolving issues as part of a more general policy imperative. If that is indeed the case, then it is not so important that the investigations themselves be conducted in line with the OAIC’s own guidance or in accordance with general principles for the use of regulatory powers, including the principles of transparency, balance and vigour. ... 

Our investigation of the six OMIs suggests that the OAIC’s decisions to commence the investigations were in response to media and were perhaps motivated by an interest in raising the profile of data breaches in Australia to support the introduction of a mandatory notification scheme. Whether this is in fact correct or not, there are clearly issues with the process followed in each investigation. In all of the OMIs, an ‘on the papers’ approach was used, based on written responses to largely generic requests for information. There was virtually no second-round questioning, independent evidence gathering or confirmation of the facts as asserted by the respondents, whether directly or via third-party investigation reports commissioned by the respondents. The decision-making process used is also not clear. The change in the outcome of the Medvet investigation, after the initial outcome was communicated to the respondent, in particular raises issues as to the basis for the OAIC’s decision-making in these cases. 

We assert that these issues arise, in part, as a consequence of the limited powers, skills and resources available to the OAIC at the time. Given the OAIC’s new powers and increased accountability, these issues may be addressed in future Commissioner-initiated investigations. However, without the allocation of significant additional resources, it seems unlikely that there would be any significant change in process. Reliance on third-party investigation reports commissioned by the respondent in a future investigation may not be an appropriate resolution. 

The OAIC is right to emphasise that the problem of data breaches is likely to remain. However, the examination of the six OMIs reveals that the investigatory approach adopted can lead to the situation where the OAIC investigators are simply going through the motions. On that note, given the issues we highlight in this article, the OAIC’s data breach investigations as a body of work are unlikely to be of assistance in regulatory efforts to prevent data breaches, unless significant changes are undertaken. Such changes would herald a major policy shift regarding the role of the OAIC, characterised by the need for a supported, adequately resourced and thus proactive Australian privacy regulator. In that regard, our examination of six relatively recent OMIs sounds a warning not just as to what has happened, but also for the future

Registries

'Of Property and Information' by Abraham Bell and Gideon Parchomovsky in (2015) Columbia Law Review (Forthcoming) comments

The property-information interface is perhaps the most crucial and under-theorized dimension of property law. Information about property can make or break property rights. Information about assets and property rights can dramatically enhance the value of ownership. Conversely, dearth of information can significantly reduce the benefit associated with ownership. It is surprising, therefore, that contemporary property theorists do not engage in sustained analysis of the property-information interface and in particular of registries — the repositories of information about property.

Once, things were different. In the past, discussions of registries used to be a core topic in property classes and a focal point for property scholarship. In recent decades, registries have lost their luster for scholars, and their discussion has been relegated to the innermost pages of property textbooks. The reason for this is that registries are widely considered the domain of legal practitioners, not of theorists.

We argue that nothing could be further from the truth. Registries and the information they contain are, in fact, the formative forces that shape the world of property and no theoretical account of the institution of property can be complete without them. In this Essay, we offer the first in-depth legal-theoretical analysis of the intricate relationship among title information, rights and assets in the domain of property, as mediated by registries.

Our analysis gives rise to several new insights. First, we highlight the triple role that registries perform for property owners. They simultaneously perform a facilitative role by streamlining transactions between willing sellers and buyers, an obstructive rule by hindering non-consensual encroachments and takings of assets, and an enabling role by allowing owners to locate and use their own lost assets. Second, going against the accepted lore, we posit that perfect registries, even if they were possible, are socially undesirable on account on what we call “the information/asset paradox.” Perfect information about assets and legal rights may result in the destruction, dismembering and mutilation of the asset by non-consensual takers in an attempt to make the asset unrecognizable, as exemplified by millions of stolen cars and jewelry, or, conversely, to attempts to engage in “identity theft” in order to give thieves the benefit of the registered rights. Third, we argue that the registries are socially desirable when it is impossible or difficult to alter the defining characteristic of the underlying asset. This insight explains why there are registries for non-transformable assets, such as land and unique artworks, but not for transformable assets that include mass production goods and many natural resources. Finally, we address the question of which rights should be covered by registries and how much legal deference should be given to them. The framework we provide is significant not only for theoretical reasons, but also for practical ones. For example, it can inform policymakers in deciding whether to establish new registries for smart-phones and personal computers in order to combat theft of such devices. Similarly, our analysis sounds a cautionary note about the ability of registries of copyrighted works to curb unlawful appropriation and distribution. Per our analysis, such assets are infinitely malleable and, worse yet, information concerning ownership in such works can be easily effaced or altered in the digital age. We also discuss how considerations of costs and privacy affect the comprehensiveness and integrity of registries. At the end of the day, our analysis exposes the promise and the limitations of registries, as well as the ways in which they can be improved by the state.

Vetting

The Canberra Times reports "A former Soviet soldier has pleaded guilty to using restricted federal police databases to stalk an ex-girlfriend who left him over his marriage to a Russian woman". Privacy aspects aside, the reporting is interesting for indications of vetting failures at the Australian Federal Police.

In June the CT reported that "A former Australian Federal Police counter-terrorism member managed to hide two foreign passports, a Russian bride with a seemingly forged ID, his chequered past with NSW police, and Bulgarian property interests from his employer, a court has heard." Roman Eiginson reportedly entered Australia in 1991 using a Soviet Union passport, having worked as a soldier and police officer. "He became an Australian Protective Service officer in 2001, and was absorbed into the AFP, where he worked in the counter-terrorism area and, most recently, the treasury section."

 Eiginson attracted attention earlier this year when his now ex-girlfriend accused him of stalking. 

Investigations later revealed that Eiginson had allegedly accessed protected AFP information from a police database to help track down his ex-lover's new partner in an apparent attempt to split them up. He was arrested and charged ... 

The court heard police, upon raiding his house, had found a passport that pictured Eiginson's wife but under a different name. The AFP, who require employees to tell them of relationships with foreign nationals, say they had no knowledge of Eiginson's Russian wife or her potentially fake passport. A federal agent said there were fears that Eiginson himself may be able to get access to fake passports. Police say they have also found a Kazakh passport, a Ukrainian passport, and know of an Australian passport, all in Eiginson's name. 

The AFP said they had no idea about the existence of the Ukrainian passport or the Kazakh passport, which has expired, while Eiginson was employed with them. 

The raid also uncovered NSW police uniforms, and the AFP later found out that Eiginson had been a recruit with NSW police. 

But it emerged he was not offered a spot in the force due to allegations he plagiarised from another student. The AFP, again, was not aware of that information during Eiginson's employment.

Oops

His bail hearing noted

when he was arrested, Mr Eiginson had in his possession a police warrant card and a badge, neither of which items had been issued to him.

The CT goes on to comment

Eiginson, police say, had also neglected to tell the AFP that he was in a de-facto relationship with the ex-partner who has now accused him of stalking. 

He is facing six charges, including stalking, divulging prescribed information, and unauthorised access of prescribed information. 

The court heard a number of "sensitive" investigations are ongoing, and that the Department of Immigration and Border Protection were also looking into the matter.

Students

'Who’s Distressed? Not Only Law Students: Psychological Distress Levels in University Students Across Diverse Fields of Study' by Wendy Larcombe, Sue Finch and Rachel Sore in (2015) 37(2) Sydney Law Review 243 comments

Empirical studies consistently find that law students report high levels of psychological distress. But are law students at heightened risk among their university peers? The few available comparative studies suggest that law students may experience higher levels of psychological distress than their counterparts in medical degrees. However, data are scarce that compare the distress levels of students in law with students in non-medical programs. The study reported here addressed that gap by comparing the prevalence of psychological distress among law students and non-law students undertaking diverse academic programs at both undergraduate and graduate levels. The findings show that a significant proportion of students in diverse fields and at all levels of study reported high levels of psychological distress. Moreover, the law students’ odds of reporting severe symptoms of psychological distress were not the highest on any of the measures used. Overall, the findings suggest that law students are not alone among university students in experiencing high levels of psychological distress. We discuss the implications of this finding for current efforts to address student wellbeing in legal education.

The authors state

Empirical studies in the United States and Australia have consistently found that law students experience high levels of psychological distress. While results from the various studies are generally not directly comparable, the consistency in findings seems to indicate that there are common factors in legal education that contribute to student distress, notwithstanding wide variations in teaching practices, learning environments and regulatory frameworks across institutions and countries. Factors ‘typical’ of legal education posited to undermine students’ mental wellbeing include: the competitive academic environment in law schools, exacerbated by normative grading and heavily weighted exams; high-stakes prizes for achievement (narrowly defined) and the shrinking legal job market; an emphasis on analytical, adversarial argumentation at the expense of experiential and value-driven thinking; high student–teacher ratios and traditional or Socratic teaching methods that further preclude students’ formation of meaningful interpersonal relationships with teachers and classmates; a highly constrained curriculum (driven by admission to practice requirements) that limits students’ exploration of established or emerging interests; high workloads, especially reading requirements, coupled with the conceptual challenges involved in learning to ‘think like a lawyer’; and the self-selection into law of certain ‘personality’ types who may tend to be driven, perfectionistic or achievement-oriented.  

In an effort to redress and minimise such stressors, law schools in Australia have introduced a range of initiatives and reforms in recent years. Many of these have been informed by a branch of psychology called ‘Self-Determination Theory’ (SDT), especially as it has been applied to legal education by Kennon Sheldon and Lawrence Krieger in the US. SDT posits that there are ‘basic’, universal psychological needs that must be consistently met — across the different domains of life — to sustain intrinsic motivation and psychological wellbeing. Applied to legal education, SDT-informed research and practice concentrates on students’ needs for relatedness, or meaningful connections with others, competence and autonomy and the ways in which these needs may be supported (or undermined) by conditions and practices in specific learning and institutional environments. Assessment practices, curriculum design, cohort interactions, law school culture, and strategies to build competence in ‘threshold’ discipline skills are often the focus of SDT-informed work in legal education. Insights from Positive Psychology have also been drawn on in more student-centred wellbeing initiatives. These typically aim to build students’ psychological literacy and resilience, self-management and relationship skills, and develop cognitive strategies to manage uncertainty, change and adversity. Such initiatives are likely to have multiple benefits for law students, during and beyond law school. However, their impacts on students’ levels of psychological distress have not been empirically assessed to date. Moreover, the impact of law schools’ efforts to improve student wellbeing will be limited or even undermined if external or environmental causes of law student distress are not also addressed.  

An important, but as yet unanswered, research question is whether it is legal education that is particularly stressful for students. There is some evidence to suggest that university students in general experience high levels of psychological distress. These findings are supported by data from university health and counselling services who report increased demand from students, and also increasing numbers of students experiencing severe mental health difficulties. Some United Kingdom (UK) commentators suggest that the pressures on university students have increased in recent years as a result of reductions in government allowances, widening participation agendas and more limited job prospects for graduates — factors common to other national contexts. Australian research highlights changes in the university ‘student experience’ as students spend less time on university campuses and more time in paid employment. Moreover, when on campus, increases in student intakes and class sizes make it more difficult for contemporary students to feel they are known by university staff members and to make friends in classes. The extent to which such factors may be prompting psychological distress among university students is not yet known.  

It is also unknown whether law students are presently at heightened risk of experiencing psychological distress among their university peers. Most of the research with general university student populations has not collected data on students’ field of study or academic discipline. However, for legal educators, the question of whether law students experience higher rates of psychological distress than students in other academic disciplines is of considerable importance, particularly in guiding work to support student mental wellbeing. In short, knowing whether law students are at increased risk relative to other cohorts of university students can tell us where and how to direct attention and resources. In particular, such knowledge would afford legal educators some insight into the extent to which law-specific curricula or ‘personality’ factors may be contributing to the high levels of distress reported by law students. Similarly, knowledge of relative risk would afford insight into the extent to which study in other disciplines contributes to student distress. Given that many law students in Australia undertake ‘combined’ degrees — combining study in law with another Bachelor program — it is particularly important to know whether efforts to support law student mental wellbeing may be more effective if designed in collaboration across disciplines. In this way, studies of student psychological wellbeing that investigate academic discipline (or field of study) can contribute to evidence-based, good practice in supporting university student mental health.  

Data are scarce that compare the mental wellbeing of students in law with students in other fields of academic study. Moreover, almost all the limited existing research has compared the mental health of medical and law students, on the basis that both programs are academically challenging, entry-to-profession degrees with demanding workloads. Medical educators, like legal educators, have been concerned for decades about the impacts on future practitioners of forms of professional training that appear to produce or trigger very high levels of psychological distress. And, while medical training has long been considered ‘high pressure’, studies comparing medical and law students’ distress levels have often found that the law students report even higher levels of psychological distress (on a range of measures) than their counterparts in medical degrees. While this suggests that law students are exposed to particularly high levels of psychological stress, the assumption that law and medicine are inherently more stressful than other academic courses — professional or general — should not remain untested. Particularly when medical graduates have almost unparalleled job security, they may not be the closest comparator for contemporary law students. Research is needed that investigates whether law students are at heightened risk of experiencing psychological distress when compared with university students studying in different types of academic programs — professional and general. The study reported here addressed that need by investigating the prevalence and severity of symptoms of psychological distress among law students and nonlaw students enrolled in diverse fields of study at both undergraduate (Bachelors) and postgraduate (Masters) levels. The analysis draws on data collected in a study of student wellbeing conducted in 2013 at The University of Melbourne, a large metropolitan university in Victoria, Australia.  As detailed below, more than 4,700 students from six faculties/schools participated in the study by completing an anonymous, online questionnaire that included the DASS-21 — a short version of the Depression, Anxiety and Stress Scales. This article reports the DASS results for the law student sample and places those results in the context of published DASS results for other law students and general population samples. The law and non-law students’ results from the study are then compared in terms of the mean DASS scores for each scale and the odds of reporting severe or extremely severe DASS scores.  

Our law students’ DASS scores support earlier research that suggests a substantial proportion of law students experience high levels of psychological distress. However, our comparative analyses indicate that, when law students’ levels of psychological distress are taken as the baseline, there are few statistically significant differences in the results of non-law student cohorts. These findings suggest that law students are not alone among university students in experiencing high levels of psychological distress. Indeed, law students may not be at highest risk among their university peers.  

The article is organised as follows. Part II reviews published research that compares the psychological distress levels of law students with those of other cohorts of university students. Part III outlines the methodology used and the participant sample in the 2013 study. Part IV reports the law students’ DASS results in relation to other law student samples, as well as normative community samples. Part V compares the DASS results of the law students and the non-law students in the 2013 study. Finally, in Part VI we discuss the implications of the reported findings for work currently being undertaken in law schools to better support student mental wellbeing. Suggestions for further research are also offered.

Helicoptergate

The Prime Minister has announced an inquiry into 'an independent parliamentary entitlements system' as a response to ongoing revelations about problematical claims by former Speaker Bronwyn Bishop.

The media release indicates that  David Tune AO PSM and  John Conde AO will co-chair a committee to "develop and propose models to deliver an independent parliamentary entitlements system", with a report in the first half of next year.

The Government believes an independent framework should be created to set and monitor parliamentary entitlements so that the system is more transparent and accountable.

The Government acknowledges that the ad hoc and piecemeal reforms adopted by successive governments mean the system is complex, ambiguous and out of step with community expectations. Rather than another series of changes that merely tinker at the edges of the system, it is time for fundamental reform aimed at inserting independence into the system that sets and monitors the use of parliamentary entitlements.

The objective will be to establish a workable system for authorising potentially contentious expenditure before it has occurred.

The committee will provide options for the creation of an independent parliamentary entitlements system. In developing options for independent oversight, the committee will consider:

• Reducing ambiguity in what constitutes official business; 

• Providing clarity to members of Parliament and their staff about their entitlements and how to use them appropriately; 

• Improving transparency of the rules and entitlement usage; 

• Acknowledging the role of party business in parliamentary business; 

• How to deal more effectively with alleged misuse of entitlements; and 

• How best to support and enable Members of Parliament to conduct their varied duties within clearly defined rules.

In considering this framework, the committee should also examine whether other senior officials, subject to Remuneration Tribunal determinations on salary and entitlements should also fall under a new independent system.

The committee will consider and present options to implement an independent parliamentary entitlements system.

In so doing, it will consider the operation and interaction of the current Remuneration Tribunal determinations and relevant Acts, Regulations, Ministerial determinations and Department of Finance rules and guidelines. It will give due consideration to the diverse nature of Australia’s federal constituencies and the different activities of Members and Senators.

The committee will look at international best practice across comparable parliamentary systems and will call for submissions from interested parties. This committee will be supported by a Secretariat in the Department of the Prime Minister and Cabinet.

PNR

The European Parliament’s Civil Liberties Committee has approved the EU Passenger Name Record (PNR) Directive, which provides for mandatory provision and retention on a central searchable database of information about passengers booked on flights originating outside the EU or leaving the EU.

The information will only be accessed "if a serious crime is suspected, such as human and drug trafficking, child sexual exploitation or money laundering as well as terrorism". Data will be stored on a central database for 30 days, before deidentification. Data will be retained for up to five years and can be “unmasked” after a request by authorities.

The data collected will be drawn from airline bookings, potentially could include the passenger’s contact information, travel routes, computer IP address, hotel bookings, credit card details and dietary preferences.

The Cameron Government is reported as being keen to extend the Directive to all airline flights within Europe (i.e. domestic travel).

In 2011 the Article 29 Working Party commented [PDF] -

The Working Party considers that the fight against terrorism and organised crime is necessary and legitimate and personal data, and in particular some passenger data, might be valuable in assessing risks and preventing and combating terrorism and organised crime. However, in the case of a European PNR system the limitation of fundamental rights and freedoms has to be well justified and its necessity clearly demonstrated so as to be able to strike the right balance between demands for the protection of public security and the restriction of privacy rights. 

The Working Party has consistently questioned the necessity and proportionality of PNR systems and continues to do so with the 2011 proposal. While we appreciate the extra detail provided in the impact assessment, we consider that it does not provide a proper evaluation of the use of PNR and does not demonstrate the necessity of what is being proposed. The proposal should be clear about whether the aim is to fight serious (transnational) crime, which includes terrorism; or whether the aim is to fight terrorism and terrorism-related crimes only. 

Chapter 3.2 of the impact assessment “Respect of fundamental rights” merely states that the Fundamental Rights Check List has been used, but there is no further information about this assessment to justify its conclusions. In addition, this chapter provides circular reasoning for the interference with privacy rights under Article 8 of the European Convention of Human Rights, and Articles 7 and 8 of the Charter on Fundamental Rights of the European Union. The legal precondition for interfering with these rights is that it is “necessary in the interest of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others” as well as being "necessary in a democratic society” and “subject to the principle of proportionality”. The fact that the purpose of the proposal is the prevention of terrorism and serious crime does not mean it clearly complies with these requirements; the necessity and proportionality have still to be proven. 

The Working Party goes on to comment

Under the proposal, a huge amount of personal in formation on all passengers flying into and out of the EU will be collected, regardless of whether or not they are suspects. Collecting and processing PNR data for the fight against terrorism and serious crime should not enable mass tracking and surveillance of all travellers. The Working Party considers it disproportionate and therefore not in line with Article 8 of the Charter of Fundamental Rights to collect and retain all data on all travellers on all flights. As previously mentioned above, the impact assessment does not include convincing evidence in this respect. EU-level proposals should be specific and targeted to address a particular issue and in this context the focus of any proposal should be on the risks posed by terrorism and serious crime. 

The Working Party has serious doubts about the proportionality of the systematic matching of all passengers against some pre-determined criteria and unspecified “relevant databases”. It is not clear how these pre-determined criteria and relevant databases are to be defined, whether PNR data will be used to create or update the criteria, and to what extent all matches will automatically become subject to additional investigations. The Working Party would also like to recall that in some Member States similar methods of policing are only constitutional and therefore available to the police on judicial approval and under specific circumstances, such as a specific threat. The proposed PNR system would render this exceptional method an ordinary instrument for police work. Measures put in place that cannot provide for the protection of the rights and freedoms of travellers are only proportionate when introduced as a temporary measure for a specific threat, which is not the case for this proposal. The invasion of privacy of travellers must be proportionate to the benefits as regards fighting terrorism and serious crime. The Working Party has yet to see any statistics showing the ratio between the number of innocent travellers whose PNR data was collected to the number of law enforcement outcomes resulting from that PNR data.

Influence

'McCloy v New South Wales: Developer Donations and Banning the Buying of Influence' by Anne Twomey in  (2015) 37 Sydney Law Review 275  states

McCloy v New South Wales involves a challenge to the capping of political donations and the imposition of a ban on both indirect donations and donations from property developers in relation to New South Wales elections. If the challenge is successful, it would seriously damage the ability of state governments to take measures to prevent the risk and perception of corruption and undue influence arising from the unfettered making of political donations. While it is likely that the provisions capping donations and banning indirect donations will survive scrutiny by the High Court, the provisions most vulnerable to attack are those that single out property developers, banning them from making any donation at all.

Twomey comments

In McCloy v New South Wales (High Court of Australia, Case No S211/2014’), the High Court of Australia will face the question of whether to bring down the whole edifice of election campaign finance law in New South Wales (NSW) on the ground that it unduly burdens the implied freedom of political communication by limiting the funds available to pay for that communication. ... 

The challenge was brought by Mr Jeff McCloy, a property developer and then Lord Mayor of Newcastle, after hearings by the Independent Commission Against Corruption (‘ICAC’) revealed that he had made donations in excess of $31 500 to, and for the benefit of, candidates in connection with the NSW election of March 2011. In addition, one of his companies paid $9975 in remuneration to a person who was working on the campaign staff of an election candidate, amounting to an indirect campaign donation. These donations occurred at a time when political donations in relation to the NSW election were capped at $5000, indirect donations were banned and political donations by property developers were also banned. On 28 July 2014, McCloy commenced proceedings in the High Court of Australia challenging the validity of s 96GA of the Election Funding, Expenditure and Disclosures Act 1981 (NSW) (‘EFED Act’), contending that it breached the implied freedom of political communication. This provision prohibits certain persons and corporations, including property developers, from making political donations. No challenge was initially made to other provisions of the Act. The scope of the challenge was later expanded, as it appeared from the facts that McCloy may also have breached provisions that imposed a cap on donations and prohibited the making of indirect donations. Accordingly, the proceedings now also challenge:

• the validity of the scheme for imposing caps on donations (EFED Act pt 6 div 2A); 

• the banning of indirect donations (EFED Act s 96E); and

• the banning of donations from all categories of prohibited donors (EFED Act pt 6 div 4A).

No challenge has been brought to the cap on electoral communications expenditure or the disclosure regime in the EFED Act. However, if the cap on political donations is held invalid, the cap on expenditure would inevitably fall in the future, as it imposes a more direct limitation upon political communication. Hence, all that would be likely to survive, if McCloy were fully successful in his challenge, would be the disclosure regime.