04 May 2019

Expired

A characteristically insightful piece by Adele Ferguson in today's SMH, headed ''Really dodgy': Michel's Patisserie faces investigation over expiry date outrage', notes trade practices and health issues.

Ferguson reports
 National bakery chain Michel's Patisserie faces a food safety investigation after deliberately selling batches of chocolate cakes, birthday cakes and edible decorations to customers months after their use-by date. 
In a series of memos, obtained by The Age and The Sydney Morning Herald, the chain's owner, Retail Food Group (RFG), instructed Michel’s franchisees to ignore expiry dates on packaging and adopt a new shelf-life extension date, ranging between two and six months. 
Retail Food Group has been expanding for years, buying one retail food chain after another across Australia. 
The move has caused an uproar among franchisees, who are forced to buy RFG products under the terms of their agreements. Most of the products are delivered frozen and then thawed out and sold to customers. xxx Franchisees complain that sales have tumbled in recent years as the price of products increased and the quality fell when RFG moved to a frozen food model from freshly baked cakes, rolls and pies. 
In one memo, franchisees were told that coloured, edible plaques with a use-by date of January 15, 2019 had been extended to July 15. 
"If you receive coloured plaques from this batch number that still denotes the original January expiry date, please disregard this and ensure staff are aware of the new expiry date," the memo says. 
Other memos extend the use-by date by three months on chocolate cakes, including tortes and birthday cakes. 
Products including vegetable, and spinach and feta scrolls had their best-before date extended by two months on the original packaging. 
The extensions have triggered the NSW Food Authority to refer RFG for investigation to its counterpart in Queensland, where RFG is headquartered.
Questions about franchising were noted here and here.

03 May 2019

Lee v Superior Wood biometrics dispute

In privacy and employment disputes procedure may be profoundly important. One example is Jeremy Lee v Superior Wood Pty Ltd [2019] FWCFB 2946, where the Fair Work Commission Full Bench has upheld the appeal by timberworker Jeremy Lee over his dismissal by Superior Wood regarding Lee's refusal of employee to use biometric fingerprint scanning to record site attendance.

As noted in a practitioner guide chapter that I contributed last year, Lee was dismissed by Superior Wood and took action in the Fair Work Commission on the basis that the dismissal harsh, unjust or unreasonable. Commissioner Hunt on on 1 November 2018 in matter U2018/2253 - Jeremy Lee v Superior Wood Pty Ltd [2018] FWC 4762 - dismissed Lee's application for an unfair dismissal remedy on the basis that his dismissal by Superior Wood  was not harsh, unjust or unreasonable, and therefore not unfair, for the purposes of section 387 of the Fair Work Act 2009 (Cth). The FWC Full Bench has now upheld Lee's appeal from that decision, which is quashed,  determining on a rehearing that the dismissal was unfair.

Superior Wood operates mills in Queensland. Lee was employed as a casual general hand (with a total period of service of approximately 3 ¼ years). He was dismissed for noncompliance with Superior Wood’s Site Attendance Policy by refusing to use newly introduced fingerprint scanners to sign on and off for work at the site. Lee claimed of ownership of the biometric data contained within his fingerprint, arguing that biometric data is sensitive personal information under the Privacy Act 1988 (Cth), that Superior was not entitled to require that information from him, and that his refusal to give the information was not a valid reason for his dismissal.

When the biometric scheme was introduced in 2017 Lee refused to register his fingerprints,  continuing to sign in and out using the site’s sign in/out book. He expressed concern about control of the biometric data and Superior's inability of to guarantee no third party access or use of that data once stored electronically, being told the scanner implementation was proceeding and that “he had a decision to make”.

The FWC Full Bench notes that in November Lee wrote to Superior
setting out his concerns about the use of the scanners and collection of his biometric data. On 22 November 2017, Superior Wood responded in writing and provided a document from the scanner’s supplier, Mitrefinch, explaining the nature of the data collected and stating that it could not be used “for any other purpose other than linking your payroll number to a clock in/out time”. Subsequent meetings were held throughout December 2017, related to Mr Lee’s ongoing refusal to use the scanners to sign in and out of work.
On 21 December 2017, the Policy was introduced and on 2 January 2018, the scanners were formally implemented after a seven week trial period.
On 9 January 2018, Mr Lee was given a verbal warning for refusing to use the scanner. On 11 and 17 January 2018, written warnings were issued to Mr Lee, advising that a continued failure to follow the Policy would result in termination of employment. On 18 January 2018, Mr Lee wrote to Superior Wood seeking to resolve the dispute in a way that would allow him to keep his job, but retain ownership over his biometric data. The issue was again discussed on 24 and 30 January 2018. On 6 February 2018, a show cause letter was issued. Mr Lee’s employment was terminated on 12 February 2018.
In discussing the first instance decision by Commissioner Hunt, the Full Bench states
In the Decision, the Commissioner dealt with the question of whether the Site Attendance Policy was reasonable. In summary, she concluded that the Policy was not unjust or unreasonable because:
1. It improved safety in the event of an emergency by avoiding the need to locate the paper sign in and out book to ascertain attendance on site; 
2. the scanners improved the integrity and efficiency of payroll; 
3. Superior Wood had the right to manage its affairs by requiring employees to comply with the Policy, such that refusal to comply after adequate caution would not render any dismissal invalid. 
The Commissioner also considered whether Superior Wood had complied with the Privacy Act. Our summary of her findings are as follows:
1. Biometric data collected by the scanners was ‘sensitive information’ under the Privacy Act, which applied to Superior Wood and required it not to collect information about a person unless: a. the person consented to the collection of that information; and b. it was reasonably necessary to collect the information for one or more of its functions or activities (Australian Privacy Principle 3.3). 
Reasonably necessary 
2. It was reasonably necessary to introduce the scanners at Superior Wood’s premises after a suitable period of time of duplication between the old and new payroll systems. The Finlayson Group [Superior's parent] wished to consolidate its payroll and do away with manual payroll handling and Superior Wood was the last entity in its group to adopt the scanners. Once a decision was made that scanning had been properly implemented, it was a reasonable course to adopt. 
3. Having Mr Lee as the only employee in a group of either 150 or 400 employees, use an alternative method to sign on would be inefficient, inequitable, and a burden. 
Consent to collection 
4. Employees other than Mr Lee had given their implied consent to the collection of their data by registering their fingerprint for use by the scanners. 
5. Mr Lee did not give express or implied consent to the collection of his sensitive information by the scanners.
The Full Bench states
There may have been a breach of the Privacy Act in the manner in which Superior Wood sought to obtain employee consent. Those were matters for the Australian Information Commissioner and the Privacy Commissioner. 
Australian Privacy Principle 3.5 required sensitive information to be collected by lawful and fair means. There had been no collection of Mr Lee’s biometric data as he did not consent. Superior Wood did not unlawfully press his hand into a scanner to provide a template.  
Notice about collection of personal information 
Superior Wood did not inform its employees that the scanners collected their sensitive information; did not provide a collection notice to employees; and did not discuss its obligations in handling their sensitive information with employees. It merely informed them that the scanners were being introduced and that they would be required to use them. 
Failure to provide a privacy collection notice to employees, prior to obtaining their personal and sensitive information, did not render the Policy unlawful. 
Superior Wood informed Mr Lee that if his consent was not forthcoming, and he failed to comply with the Policy, dismissal was a likely outcome. It failed to inform him of the responsibilities Superior Wood and its associated entities would be required to meet under the Privacy Act. 
The Full Bench states
Even if Superior Wood and its associated entities had provided Mr Lee with a privacy collection notice, he would not have provided his consent under any circumstances. 
It was concerning that Superior Wood did not provide a collection notice to employees about the collection and use of their data and it was disturbing that neither it, nor the [Superior parent], had an appropriate privacy policy, as the Privacy Act had been in force since 2001. 
Mitrefinch, who supplied the scanners to Superior Wood, did not have a relevant privacy policy until May 2018, and its evidence about its own obligations to collect and use personal and sensitive information in accordance with Australian privacy laws was “poor and rather disturbing”. 
AUS IT Services Pty Ltd, an IT company charged with ‘looking after data’ on FTH servers (including data collected by Superior Wood), knew its obligations under the Privacy Act and had given assurances to FTH that it would meet those obligations. 
The Employee records exemption under s.7B(3)  of the Privacy Act applied to employee records once they have been obtained or held. That exemption did not ameliorate Superior's obligation to issue a privacy collection notice to  Lee and other employees.  Superior was not exempt from complying with Australian Privacy Principle 3.3 by reason of the s 7B(3) exemption. It was not entitled to collect Mr Lee’s sensitive information without his consent.

In considering ownership and storage of personal information the FWCFB decision states
Principle 6 of the Australian Privacy Principles provides that if one entity collects personal information from a related body corporate, its primary purpose for collecting the information is deemed to be its’ related body corporate’s primary purpose for collecting that information.  FTH and Superior Wood are related bodies corporate and it matters little who owned the fingerprint scanners or which entity as between FTH and Superior Wood gathered the data from those scanners or owned the servers that held the data, because Principle 6 applies. 
The Commissioner separately made a number of observations and findings which appear to deal generally with whether there was a valid reason for dismissal. We summarise these below: 
Mr Lee had made a concerted effort to identify alternatives to compliance with the Policy and there was no evidence that Superior Wood had taken any steps to evaluate the costs of those alternative data collection methods. 
Other methods of employee identification and attendance verification were available, although some did not provide the same degree of certainty of identity verification or the additional safety benefits derived from access to attendance information on supervisors’ phones. 
It was within Superior Wood’s rights as an employer to install the scanners and create a policy governing and mandating the use of scanners at the workplace. 
Superior Wood made significant efforts to provide additional information about the scanners to Mr Lee and allay his concerns. It may not have grasped the precise nature of those concerns about his biometric information rather than his fingerprint. Even so, it gave him repeated opportunities to explain his objection and made several attempts to indicate to Mr Lee that his continued employment required adherence to the Policy. 
Mr Lee’s concern about his fingerprint being reconstructed from scanned data is ‘incorrect’. 
Mr Lee was entitled to withhold his consent, as he did. However, doing so meant he had failed to meet a reasonable request to implement a fair and reasonable workplace policy. 
In all the circumstances, and having regard to potential breaches of the Privacy Act, there was a valid reason for dismissal. 
Having found a valid reason for dismissal, the Commissioner considered the other criteria in section 387 of the Act, which for the most part sit outside the scope of the identified appeal grounds set out below. 
In relation to section 387(h), the Commissioner made the following additional findings:
1. Mr Lee’s position in relation to the use of his biometric data by the scanners was at odds with his position in relation to the use of other biometric data and his DNA (in connection with drug and alcohol testing); and 
2. Mr Lee’s objection to the use of his biometric data by Superior Wood, FTH and a third party supplier was unreasonable when taking into consideration the purposes of the Policy, improvements to payroll and health and safety and the alternatives that would have been required to be put in place for him. 
The Commissioner concluded at [247] of the Decision that the dismissal was not, in all the circumstances, harsh, unjust or unreasonable and therefore not unfair. She dismissed Mr Lee’s application.
In considering Lee's appeal the FWC Full Bench states
From the Notice of Appeal, we discern nine appeal grounds raised by Mr Lee in relation to the Decision:
  • Ground 1 - The finding that failure to comply with the Policy was a valid reason for dismissal, given potential breaches of the Privacy Act and despite the finding that Mr Lee was entitled to refuse to provide his biometric data. 
  • Ground 2 - The finding that Mr Lee’s dismissal for protecting ownership of his sensitive information was not harsh, unjust and unreasonable in circumstances where he was threatened with dismissal for refusing to allow the collection of his biometric data. 
  • Ground 3- A mistake of fact by finding that the new scanners improved safety.  
  • Ground 4 - A mistake of fact by finding that Mr Lee did not consent to the collection of his biometric data, when he was never asked for his consent.  
  • Ground 5 - The finding that the introduction of biometric scanners was reasonably necessary. 
  • Ground 6 - The finding that employees gave implied consent by registering their fingerprints, instead of finding that biometric data was collected from employees other than Mr Lee by unlawful and unfair means. 
  • Ground 7 - The failure to find that implied consent is not sufficient for the purposes of collecting sensitive information. 
  • Ground 8 - The finding that there was no breach of the Privacy Act with respect to the collection of information from Mr Lee, because his data was never collected. 
  • Ground 9 - The finding that consent is implied by providing a scan, but that a breach of the Privacy Act only arises if a scan is taken, with the result that Superior Wood could never breach Mr Lee’s privacy if no scan was taken.
We now turn to consider these grounds. Grounds 1 and 8 – whether having regard to the Privacy Act, failure to comply with the Policy was a valid reason for dismissal 
It is well established that a valid reason is one that is sound, defensible or well founded, and not capricious, fanciful, spiteful or prejudiced.  The reason must be valid in the context of the employee’s capacity or conduct. Consideration of valid reason must have regard for the practical sphere of the relationship between an employer and an employee, balancing the rights, privileges, duties and obligations conferred and imposed on each to ensure a fair outcome. 
It is not in dispute that Mr Lee was aware of the Policy and its contents. Nor is it in dispute that he refused to comply with the Policy and that his refusal was the reason for his dismissal.  
There is no contention to the effect that the Policy formed part of Mr Lee’s contract of employment,  with the result that he was obliged to comply with its terms. The contract provided as follows:
“2.2 Various policies, procedures and work rules also exist for the safe operation of Superior Wood Businesses and the welfare and interest of those who work for the organization. 
2.3 You are required to comply with the conditions of employment as identified in the Enterprise Agreement, Policies, Procedures and Work Rules at all times. Policies are displayed at various locations throughout the operations: • Superior Wood Intranet • Lunchroom noticeboards 
2.4 A copy of the display policies is also attached.” 
As can be seen, the contract required Mr Lee to comply with the “various policies, procedures and work rules that exist” and that “are displayed at various locations” and that were attached to his contract in November 2014. A strict reading suggests that only those policies, procedures and work rules in place at the time of entry into the contract of employment were within scope of the requirement to comply. 
The Policy came into existence well after he was employed, and there is no evidence that Mr Lee agreed to vary his contract of employment to incorporate the Policy as one of its terms. His refusal to comply with its terms is evidence to the contrary. We are not satisfied that compliance with the Policy was a term of his employment. 
His obligation to comply with the Policy therefore depends on whether the direction to do so, using the scanners to sign in and out of work each day, was a reasonable and lawful direction. 
The Policy 
The Policy provides as follows:
“Site Attendance Policy Due to company Workplace Health and Safety and Payroll requirements it is imperative all employees are accounted for on site. Therefore as at the 2nd January 2018 it is policy that all employees must use the biometric scanners to record attendance on site. It is reinforced that the biometric scanners do not take a finger print. The algorithm data used to record attendance cannot be used to generate a fingerprint. Please ensure you scan in when arriving on site and leaving site at the end of your shift. If you are having issues with scanning please see your supervisor. If you fail to use or attempt to use the biometric scanner then disciplinary action may be taken. Signing the attendance sheets alone is no longer acceptable. The Directors and Superior Wood Leadership would like to thank employees for their assistance and patience during the ‘trial’ period. Ian Swinbourne Manager” 
According to the Policy, all employees must use the scanners to record their attendance on site, both when arriving and leaving the site. Signing attendance sheets alone is no longer acceptable. 
To comply with the Policy, employees must first register their fingerprint for use with the scanners and then use their fingerprint to scan in and out of work each day. The terms of the Privacy Act require consent to the collection of employee biometric information by Superior Wood to be used for the purpose of automated biometric verification or biometric identification.  The Privacy Act  
The Privacy Act commenced on 1 January 1989. Relevantly, it applies to an “APP entity”, including an organisation that is a body corporate. It is common ground that Superior Wood is an APP entity. 
Section 2 sets out the objects of the Privacy Act, which include: (a) To promote the protection of the privacy of individuals; (b) To recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities; and (d) To promote responsible and transparent handling of personal information by entities. 
The Full Federal Court has observed that the Privacy Act reflects the Parliament’s concern to recognise and protect individual privacy within the framework of a complex statutory regime. It is to be construed so as to give effect to Australia’s international obligations, so far as the statutory language permits.  The Privacy Act contains a series of statutory provisions “which protect the privacy of individuals from unlawful or arbitrary interference” but also specify “circumstances (or “exceptions”) which reflect the Parliament’s concern to strike an appropriate balance between competing community interests.” Those exceptions are to be interpreted carefully, with an eye to preserving the balance struck. The Privacy Act does not make paramount the protection of individual privacy. What it does, or seeks to do, is to protect individual privacy from arbitrary or unlawful interference. 
Section 13 of the Privacy Act deals with interferences with privacy. Relevantly, an act or practice of an ‘APP entity’ is an interference with the privacy of an individual if it breaches an Australian Privacy Principle in relation to personal information about the individual. By reason of section 15, acts and practices that breach an Australian Privacy Principle are prohibited. 
Separately, section 13G is a civil penalty provision dealing with serious and repeated interferences with privacy. It covers serious interferences with the privacy of an individual as well as repeated acts or practices that are an interference with the privacy of one or more individuals. 
There are exceptions to the general obligation to comply with the Australian Privacy Principles. Section 16A sets out some of those exceptions, which relevantly include the collection, use or disclosure of personal information where: 1. it is unreasonable or impracticable to obtain the individual’s consent to that collection, use or disclosure; or 2. there is reason to suspect unlawful activity or serious misconduct and a reasonable belief that such collection, use or disclosure is necessary for the purposes of taking appropriate action. 
It was not contended, and we are not satisfied, that any of the section 16A exemptions applied to the collection of Mr Lee’s fingerprint. 
Section 7B(3) of the Privacy Act also contains an exemption in relation to employee records. An act done, or a practice engaged in, by an employer that is directly related to a current or former employment relationship between the employer and the individual and an employee record held by the organisation and relating to the individual, is exempt from the obligation to comply with the Australian Privacy Principles. 
“Employee record” is a defined term and in relation to an employee, means a record of personal information relating to the employment of the employee. 
The Australian Privacy Principles 
The Australian Privacy Principles are found in Schedule 1 to the Privacy Act. 
Principle 1 provides for open and transparent management of personal information. Among other things, it requires (at 1.3) that entities have a clearly expressed and up to date policy about their management of personal information.  
Principle 3 deals with the collection of solicited personal information that is solicited by an APP entity. It prohibits the collection of sensitive information about an individual, unless that person consents to the collection of the information, and the information is reasonably necessary for one or more of the entity’s functions or activities (at 3.3). ‘Sensitive information’ includes biometric information that is to be used for the purpose of automated biometric verification or biometric identification. It is not in dispute that the collection of fingerprint data by the scanners meets the description of sensitive information. Collection of personal information may only occur by lawful and fair means (at 3.5).  
Principle 5 deals with notification of the collection of personal information. It provides that, at, before or (if that is not practicable) as soon as practicable after the time that an APP entity collects personal information, it must take reasonable steps to notify the individual of certain specified matters, or to otherwise ensure the individual is aware of those matters. That which must be notified to an individual depends on what is reasonable in the circumstances. The specified list of matters includes:
1. The identity and contact details of the APP entity; 
2. If personal information is collected from someone other than the individual, or the person may not be aware that the organisation has collected the personal information, the fact that the APP entity does, or has, collected the information and the circumstances of that collection; 
3. The purposes for which the APP entity collects the personal information; 
4. The main consequences for the individual if all or some of the personal information is not collected by the APP entity; 
5. Any other entity or type of entity to which the APP entity usually discloses personal information of the kind collected; 
6. That the APP entity’s privacy policy has information about how to access one’s personal information and seek its correction; 
7. That the APP entity’s privacy policy has information about how to make complaints about breaches of the Australian Privacy Principles and how complaints will be dealt with by the APP entity; 
8. Whether the APP entity is likely to disclose the personal information to overseas recipients; and 
9. If overseas disclosure is likely, the countries where recipients of personal information are located (if practicable to identify). 
We will refer to the requirement to notify individuals in accordance with Principle 5 as a requirement to issue a ‘privacy collection notice’. 
Principle 8 deals with the cross-border disclosure of personal information. Before an organisation discloses personal information about an individual to an overseas recipient, it must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information. There are some exceptions to Principle 8, but none appear presently relevant. 
Principle 11 deals with the security of personal information. If an organisation holds personal information, it must take such steps as are reasonable in the circumstances to protect the information, and to destroy that information once it is no longer needed in the relevant sense. 
Principles 12 and 13 deal with access to, and correction of personal information. Was the direction lawful? 
As noted above, Mr Lee was directed to consent to the collection of his biometric information by Superior Wood, for use for the purpose of automated biometric verification or biometric identification. He did not consent as required, and his fingerprint was not collected. 
However, in our view, Principle 3 has a broader application than that contended for by Superior Wood. An entity “collects” personal information if they collect that information for inclusion in a record or generally available publication.  Superior Wood did not breach Principle 3 by actually collecting Mr Lee’s sensitive information. Principle 3 also deals with the solicitation of information (see 3.7). An entity “solicits” personal information if it requests another entity to provide the personal information. The express requirement to obtain an individual’s consent would become meaningless if Principle 3 was only enlivened once information had been collected. Construed in context, Principle 3 applies both to the solicitation and collection of sensitive information. It necessarily operates at a time before collection, because an APP entity ‘must not’ collect sensitive information ‘unless’ the individual consents to that collection. Any collection that occurs without first having obtained consent to that collection would be contrary to Principle 3. 
Mr Lee was directed to submit to the collection of his fingerprint data in circumstances where he did not consent to that collection. In our view, the direction was directly inconsistent with Principle 3. The Commissioner was correct to find that Mr Lee was entitled to refuse to provide his biometric data under the Policy. 
The Policy, and the direction, were issued in circumstances where at all relevant times, Superior Wood did not have a privacy policy as required by Principle 1. There is no evidence that it was even aware that one might be required. 
Superior Wood also had not issued a privacy collection notice to Mr Lee (or any other employee) in accordance with Principle 5. That is not to say that Superior Wood failed to give any information to Mr Lee as required by Principle 5. Plainly, he was aware of Superior Wood’s identity and contact details and there is no dispute that he was also informed of the purpose for collecting the information, which was to enhance its payroll system and improve workplace safety. He was informed of the main consequences for him if the information was not collected – that is, he would face disciplinary action and ultimately, termination of employment. 
However, it seems to us that it would also have been reasonable to notify Mr Lee of some of the additional matters set out in Principle 5. That included information about the range of other entities that were likely to have access to his sensitive information, including FTH, Mitrefinch and AUS IT Services. It should also have included information about Superior Wood’s privacy policy (which it was required to have) and information in relation to privacy complaints and how to access his personal information. The fact that Superior Wood did not have a privacy policy does not mean it would not have been reasonable to provide that information, in circumstances where its inability to do so arose from its apparent breach of Principle 1. 
As to the timing of the privacy collection notice, there is no basis for concluding that it was not practicable for Superior Wood to provide this information to Mr Lee, either before or at the time it sought to register his fingerprint for use with the scanners. While it first sought to do so approximately one week after the scanners were announced, formal implementation of the scanners was trialled throughout November and December 2017 and only commenced from early January 2018. Mr Lee was dismissed in February 2018 and the manual sign in and sign out system continued in use on site until it was discontinued in or about June 2018.  There was no shortage of time available to Superior Wood to collate and provide the information described above to Mr Lee. 
Superior Wood submits that despite the absence of a privacy policy and privacy collection notice, it did not breach the Privacy Act because the employee records exemption applied in relation to the fingerprint scanner. We understand the submission to be to the effect that all records generated by an employer, including those that have not yet been created, are within the scope of that exception. We do not agree. It is inconsistent with the plain words of the statute, which are in the present tense and refer to a record “held by” the organisation. An entity “holds” personal information if they have possession or control of a record that contains the personal information.  
Neither the text of section 7B nor the surrounding provisions of the Privacy Act support a wider construction. Section 8 uses the language of an agency that “does not hold that record” or “holds that record”. Section 10 deems certain agencies to hold a record if it is “in the care” or “in the custody” of a different agency. 
In context, it is clear that the wording of section 7B(3) speaks to an act or practice in relation to an actual record held by the organisation that relates to a particular individual. It does not encompass employee records that are yet to be held by an organisation. Nor is the act or practice of generating employee records an act or practice directly related to the relationship between an employer and a particular employee. It is an act or practice in relation to employees generally. 
It follows that we agree with the Commissioner’s finding that the employee records exemption applies to records obtained and held by an organisation. A record is not held if it has not yet been created or is not yet in the possession or control of the organisation. The exemption does not apply to a thing that does not exist or to the creation of future records. 
The significance of that finding is that the Australian Privacy Principles applied to Superior Wood in connection with the solicitation and collection of sensitive information from employees, up to the point of collection. Once collected, the employee records exemption was enlivened and the Privacy Act no longer regulated its use or disclosure. 
For the reasons set out above, we consider the direction to Mr Lee to submit to the collection of his fingerprint data, in circumstances where he did not consent to that collection, was not a lawful direction. Moreover we consider that any “consent” that he might have given once told that he faced discipline or dismissal would likely have been vitiated by the threat. It would not have been genuine consent. Given this finding, it is not necessary to consider whether the direction was reasonable. Nonetheless had it been necessary to do so we conclude the direction was unreasonable. A necessary counterpart to a right to consent to a thing is a right to refuse it. A direction to a person to give consent does not vest in that person a meaningful right at all. Such a direction is in the circumstances of this case, unreasonable. It was not a valid reason for dismissal. 
We uphold Grounds 1 and 8 of the appeal. Given our findings, it is not necessary to deal further with Ground 9 of the appeal. 
Ground 2 - finding that Mr Lee’s dismissal for protecting ownership of his sensitive information was not harsh, unjust and unreasonable in circumstances where he was threatened with dismissal for refusing to allow the collection of his biometric data 
For the reasons we set out above, Superior Wood did not have a valid reason for dismissal arising from Mr Lee’s refusal to comply with its Policy. That reason was the sole reason for dismissal, and no other separate matter that might give rise to a valid reason for dismissal is apparent on the materials or submissions in this case. 
The Commissioner properly considered each of the factors relevant to whether a dismissal is harsh, unjust or unreasonable within the meaning of section 387 of the Act. For the most part, those findings are not challenged in this appeal. However, her findings in relation to section 387(h) do have a bearing on the matters raised in this appeal. 
Firstly, the finding that Mr Lee’s position in relation to the use of his biometric data by the scanners was at odds with his position in relation to DNA in connection with drug and alcohol testing had its origins in questions raised independently of the parties by the Commissioner.  
The evidence of Mr Lee on the matter was to the following effect: • he had never been the subject of drug and alcohol testing at work; • there was a company policy requiring urine testing under certain circumstances; • if required under that policy, he would undertake a urine test; • his concerns about a third party provider holding his information from a urine test were different to his concerns about third party providers holding his biometric data, because he didn’t think they would be getting DNA or any kind of biometric data; and • that he did not know how drug and alcohol testing worked; • he would be okay with a hypothetical scenario involving a drug and alcohol test required by Superior Wood, but carried out by a third party, which then took a DNA sample to a laboratory for further testing. 
In our view, this evidence was of limited probative value in relation to matters the Commissioner was required to determine. There was no evidence in the proceeding of any actual testing, or testing procedure. There was no evidence of what the company policy was in relation to drug and alcohol testing, other than Mr Lee’s evidence above and induction material which refers simply to a “process” that “Superior Wood conducts” (although it is not clear that this material was in existence at any time prior to Mr Lee’s dismissal). There was no detail as to the actual method of collection or holding of DNA, or whether those functions might be outsourced to a third party. To the extent that the Commissioner relied on Mr Lee’s evidence in this respect and weighed it against a finding of unfair dismissal, we consider she was in error. 
Secondly, the Commissioner held that Mr Lee’s objection to the use of his biometric data by Superior Wood, FTH and a third party supplier was unreasonable when taking into consideration the purposes of the Policy, improvements to payroll and health and safety and the costly alternatives that would have been required to be put in place for him. Her conclusion in this regard is likely to have been informed by her earlier conclusion that there was a valid reason for dismissal. In our view, this conclusion constituted an error which tainted the approach to weighing up the various factors relevant to whether the dismissal was harsh, unjust or unreasonable. 
We uphold this ground of appeal. Ground 3 - mistaking the facts in finding that the new scanners improved safety 
This appeal ground raises for consideration the Commissioner’s findings at paragraph [198] and [229] of the Decision, as follows:
“[198] It is entirely reasonable for the employer to improve upon an inherently unsafe obligation to run to the front administration office in the event of an emergency, locate a paper sign-on sheet and attempt to ascertain who is at work over a site of significant size. On the evidence before the Commission, supervisors can immediately see who from their area of work is present in the workplace using the information collected through their adherence to the Site Attendance Policy and displayed on a supervisor’s phone. … 
[229] Further, I note that the scanners allowed for additional safety benefits beyond simple attendance verification, such as reviewing site attendance on supervisors’ phones. The other methods identified by Mr Lee do not provide such additional benefits.” 
Mr Lee contends that the evidence did not establish that the scanners improved safety. In support of this contention, he claimed that a fire alarm did sound after the introduction of the scanners and rather than rely on information gleaned from the scanners, Superior Wood relied on the manual sign in and out sheets to verify attendance on site. 
We agree with Mr Lee as to the effect of the evidence in relation to the fire alarm in January 2018. The timing coincides with the scanners having been formally implemented after a trial period. However, despite its formal implementation, both the scanners and the manual sign in and out sheets remained in use. 
In our view, the primary purpose for introducing the scanners was to address payroll issues across the Finlayson Group. However, we accept that the potential for improved safety was also a reason for its introduction. The Mitrefinch Proposal put forward the prospect of safety improvements. From its initial communication with employees in 2 November 2017, Superior Wood consistently referred to its perceived benefit of helping to keep track of people on site. It appears to us that prima facie, this makes logical common sense. 
We do not necessarily agree that it was “inherently unsafe” to have to run from the front office in the event of an emergency to locate the sign in and out sheets. However, we are satisfied that there was a sufficient evidentiary basis for the Commissioner to find that the scanners, through their capacity to display attendance records on supervisor’s phones, offered safety benefits, even though the main function was clearly to improve its payroll operation. 
We reject this ground of appeal. Ground 4 - mistaking the facts in finding that Mr Lee did not consent to the collection of his biometric data, when he was never asked for his consent 
In our view this ground of appeal is misconceived. We accept that Superior Wood’s request for Mr Lee’s biometric data was expressed in the form of a direction, rather than a choice. It was nevertheless a request for his consent. It thereafter erroneously sought to negate his choice by threatening him with disciplinary action. 
Mr Lee’s correspondence to Superior Wood on 7 November 2017 expressly stated that he was “unwilling to consent to having his fingerprints scanned” because he regarded his biometric data as personal and private. 
According to Mr Lee, on 24 January 2018 Skene Finlayson, Director of Superior Wood, asked him if he would use the scanner, and he said no.  This plainly amounted to a request, albeit one which he refused. 
Accordingly, this ground of appeal is rejected. Ground 5 - finding that the introduction of biometric scanners was reasonably necessary 
This ground of appeal raises for consideration the Commissioner’s findings at paragraphs [203], [204] and [215] of the Decision. 
The relevant findings are as follows:
“[203] Having regard to the issue of whether the introduction of biometric scanners at the Superior Wood premises is ‘reasonably necessary’, I have no hesitation in so finding. For the same reasons stated earlier, the Finlayson Group wished to consolidate its payroll. Superior Wood was the last entity to have the scanners introduced, and after a suitable period of time where there was duplication, it was a reasonable course for the employer to then remove the paper payroll system to join in with its parent entity activities. Once Superior Wood and the Finlayson Group was satisfied the biometric scanning was properly implemented, the entities wished to do away with all manual payroll handling. Once that decision was made, I do then consider the collection of the biometric information to be reasonably necessary for its functions or activities. 
[204] On a fairness and reasonableness consideration, I am minded to side with the views of management of Superior Wood that having Mr Lee use some alternative method such as a swipe pass or continue to use a paper sign-on would be inefficient, inequitable, and a burden. Requiring a manual pay run to be implemented for a single employee, as against either 150 employees or 400 employees in the group would be an onerous obligation. … 
[215] At this point in time I am satisfied that the collection of the private and sensitive information was for a function or activity that was reasonably necessary. I am disturbed that none of the organisations, except the IT provider has in place a privacy policy, and I am concerned that there was a failure by Superior Wood to issue a collection notice.” 
The evidence in relation to alternatives to fingerprint scanners was limited. The Mitrefinch proposal to FTH confirms that it offered data capture alternatives to fingerprint scanners, including key fobs and swipe cards.  Other options set out in that proposal included computer and mobile login systems, as well as SMS and email options. The Commissioner concluded at paragraph [227] of the Decision that there was no evidence of any evaluation of the costs of alternative options by Superior Wood. In our view, there was no evidence that it even considered those alternatives. 
It was established that for many months after Mr Lee was dismissed, and notwithstanding the formal introduction of the scanners from 2 January 2018, manual sign in and out sheets continued to be used at the site.  The timing of the decision to dismiss Mr Lee in February 2018 is therefore difficult to explain. Mr Finlayson gave evidence that Mr Lee would not have been able to be paid through the payroll system if he did not use the scanners, and yet there does not seem to be any controversy that he was in fact paid after the scanners were formally introduced. 
Both Mr Finlayson and Mr Swinbourne gave evidence that Superior Wood could not allow Mr Lee to continue to sign in and out manually because it left Superior Wood open to time recording inaccuracy and fraud; they would not know where he was in case of emergency; the costs of an alternative mechanism were too high; and for reasons of consistency with other employees. 
No evidence was introduced to establish that Mr Lee posed a risk to Superior Wood in relation to inaccurate time recording or fraud. Rather, the evidence tends to the contrary view. 
In our view, the notion that Superior Wood would not know where Mr Lee was in case of an emergency was, in the present case, somewhat overstated. Whether Mr Lee used the manual sign in and out sheets or the scanners, the data then recorded would not have allowed it to locate him at a particular place during work on what was described by Mr Finlayson as a very large site. On the one occasion where there was evidence of having to verify attendance due to an emergency (that is, the fire alarm in January 2018), the manual records were relied upon rather than the scanners. Both systems remained in use well after his dismissal. 
We have dealt above with the purported costs of an alternative to the scanners. That contention takes the matter no further. 
Overall, the evidentiary basis for concluding that collection of Mr Lee’s fingerprint data was reasonably necessary for Superior Wood’s functions or activities was not compelling. It is clear that Superior Wood’s introduction of the scanners was administratively convenient for FTH, who operated the payroll system on its behalf. We also accept that had the direction to Mr Lee been lawful, it might also have been reasonable to decline to make an exception for him in circumstances where he was the only one of approximately 400 employees seeking a different method. However, neither of those matters establish that it was ‘reasonably necessary’ for Superior Wood to proceed with the collection of Mr Lee’s fingerprint, particularly in circumstances where other options had been identified and had not yet been considered. 
For these reasons, we uphold this ground of appeal. Grounds 6 and 7 - finding that employees gave implied consent by registering their fingerprints instead of finding that biometric data was collected from employees other than Mr Lee by unlawful and unfair means; and failing to find that implied consent is not sufficient for the purposes of collecting sensitive information 
Mr Lee submits that the Decision is in error because it did not make findings at large about whether breaches of the Privacy Act effectively vitiated the consent of all other employees (which might otherwise be implied by their cooperation with the Policy). He also submits that a higher standard of consent is required in the collection of sensitive information, and the Commissioner was in error in not finding to that effect. 
In our view, neither of those matters are findings the Commissioner was required to make. Her task was to consider the circumstances relevant to Mr Lee’s dismissal by Superior Wood. Her finding that other employees gave implied consent by registering their fingerprints were made in response to the case put by Mr Lee. We discern no error in her finding, at least on a prima facie basis, that employees gave implied consent by registering their fingerprints. 
As to whether a higher standard of consent is required in relation to sensitive information, that ground is not made out and nor is it apparent that it is a matter that falls for resolution by the Commission. Grounds 6 and 7 of the appeal are rejected. 
For the foregoing reasons we have decided to uphold the appeal in C2018/6600 and quash the Decision.
In relation to the rehearing the Rull Bench states
We have decided to rehear the application. Section 387(a) - was there a valid reason for the dismissal related to capacity or conduct? 
For the reasons set out above, we find that there was no valid reason for the dismissal. 
Section 387(b) and (c) - notice of reason for dismissal and opportunity to respond  
There is no dispute that Mr Lee was given notice of the reason for dismissal on the numerous occasions outlined earlier in this decision and prior to his eventual dismissal. On each occasion, he was given the opportunity to respond to Superior Wood’s concerns and he took up that opportunity as he saw fit. These matters weigh against a finding of unfair dismissal. Section 387(d) - any unreasonable refusal to allow a support person to assist in discussions relating to the dismissal 
There is no evidence of any refusal to allow a support person to participate in discussions relating to the dismissal. It is a neutral consideration in this case. 
Section 387(e) - warnings 
Mr Lee was warned on multiple occasions that his failure to comply with the Policy may result in further disciplinary action including termination of employment. This weighs in favour of a finding of unfair dismissal given our findings as to the direction to comply with the Policy. Section 387(f) and (g) - size of the employer’s business and access to dedicated human resources management specialists or expertise 
Superior Wood is a business of reasonable size. There is no evidence that it employed dedicated human resources specialists or experts at, or prior to the time of dismissal, but nor is there any evidence that it did not have the means to access specialist advice had it wished to do so. It should have been, but was not, aware of and compliant with its obligations under the Privacy Act well before the introduction of the scanners. Its failure in this regard contributed substantially to a dismissal without valid reason. 
To the extent that the size of Superior Wood’s enterprise would likely have impacted on the procedure adopted to effect Mr Lee’s dismissal, it was in Superior Wood’s failure to be aware of its obligations under the Privacy Act. In the circumstances this weighs in favour of a finding that Mr Lee’s dismissal was unfair. 
As we have already noted, there is no evidence that Superior Wood had any dedicated human resources management specialists or expertise. As this consideration is concerned with the degree to which the absence of dedicated human resources management specialists or expertise would be likely to impact on the procedures Superior Wood followed in effecting the dismissal, the absence of any evidence one way or the other means that this matter is not able to be assessed and therefore weighs neutrally. 
Section 387(h) - other relevant matters 
We accept Mr Lee’s submission that once biometric information is digitised, it may be very difficult to contain its use by third parties, including for commercial purposes. In this case, various organisations required access to data obtained by the biometric scanners. Mitrefinch captured the data derived from the features of tissue lying beneath the skin and on the skin surface. Those features were converted into a template unique to the individual, using an embedded algorithm owned by another entity, ‘Lumidigm’. The template was stored on one or more of the site readers installed at FTH and Superior Wood sites. It was also stored on servers owned by FTH, which were accessible remotely by at least FTH, Mitrefinch and AUS IT Services, who operated the servers.  
The data was used by ‘Ironbark’ to operate the FTH payroll system and by FTH to process the payroll for FTH and Superior Wood. 
There is no evidence that any of these entities had, at the relevant time, any actual mechanism in place to protect and manage information collected by Superior Wood, consistent with its obligations under the Privacy Act (other than the warranty of AUS IT Services that it would comply with the Privacy Act; a warranty which FTH also gave to it). In the circumstances, the concerns expressed by Mr Lee were not, in our view, devoid of merit. It is a matter that weighs in favour of unfair dismissal.  
There was a dispute between Mr Lee and Superior Wood about whether the data captured by the scanners could be reproduced in the form of a fingerprint, which appears to us to be a matter of form rather than substance. Superior Wood’s rejection of Mr Lee’s concerns on this basis was misplaced. Whether the data was captured in pictorial or numerical form, it was data unique to the individual and derived from that individual’s biometric characteristics, above and beneath the skin. It was data that Mr Lee was entitled to seek to protect. Plainly, the parties have not addressed the question of an appropriate remedy, given this conclusion of the Full Bench.
The Full Bench concludes
It is apparent from the above that Superior Wood did not have a valid reason for the dismissal which related to Mr Lee’s capacity or conduct. This is a significant factor in the circumstances of this case. As we have also concluded, some relevant matters weigh neutrally, some weigh against a finding that dismissal was unfair and others weigh in favour of such a conclusion. However the procedural fairness matters do not weigh so heavily in favour of a finding that the dismissal was not unfair as to outweigh the significance of an absence of valid reason. After all, Superior Wood was procedurally fair in effecting the dismissal for a reason that was not valid and in contravention of its obligations under the Privacy Act. Therefore for the reasons set out above, on balance we find that Mr Lee’s dismissal was unjust. It was unjust because Mr Lee was not guilty of the conduct alleged. As the direction was unlawful he was entitled to refuse to follow it. Mr Lee was unfairly dismissed. 

Animal Cruelty and Sentience

The Sentencing Advisory Council of Victoria report Animal Cruelty Offences in Victoria is described as
the first ever report on how animal cruelty is sentenced in the state. It identifies the animal cruelty offences people and corporations were sentenced for between 2008 and 2017, the sentences imposed for those offences and other offences sentenced alongside animal cruelty. It also examines prior and subsequent offending committed by animal cruelty offenders and animal cruelty offences committed in the context of family violence. 
The report states
Criminal proceedings involving animal cruelty offences tend to attract considerable attention from both the media and the general community. To date, however, very little research has been published on the sentencing outcomes of those offences in Victoria, or in Australia generally. 
This report aims to fill that gap by providing an overview of sentencing outcomes for animal cruelty offences heard in Victorian courts in the 10 years from 2008 to 2017 (inclusive), using data provided by courts and prosecuting agencies. 
In doing so, this report includes an analysis of which animal cruelty offences people and corporations were sentenced for, the sentences that were imposed for those offences and who committed those offences. This report also identifies whether animal cruelty offenders were sentenced for other offences in the same case (co-sentenced offences), whether their offending occurred in the context of family violence and whether those offenders were sentenced for other offending in the four years before and after their sentence for animal cruelty (prior and subsequent offending). 
Prevalence of animal cruelty offences 
Each year between 2011 and 2017 in Victoria, an average of over 11,000 animal cruelty complaints were made, nearly 900 charges were laid and nearly 400 charges were sentenced. The number of charges sentenced therefore represents approximately 3.5% of complaints made in that same time period. However, a number of legitimate reasons exist for why a complaint of animal cruelty will not result in a sentenced offence. For example, after investigation many complaints are found to be unsubstantiated and do not warrant further action. Further, RSPCA Victoria, which receives the vast majority of complaints, emphasised during consultation that their primary goal is to promote the welfare of animals, and that this is often best achieved through providing assistance and education, rather than employing a criminal justice response. 
In total, 2,960 animal cruelty charges were sentenced in 1,115 cases between 2008 and 2017. The agencies that prosecuted the highest proportion of animal cruelty cases were RSPCA Victoria (53%) and Victoria Police (31%). The three most commonly sentenced animal cruelty offences were:
• aggravated cruelty, contrary to section 10(1) of the Prevention of Cruelty to Animals Act 1986 (Vic) (the ‘POCTA Act’) (25%); 
• failing to provide treatment to a sick or injured animal, contrary to section 9(1)(i) of the POCTA Act (24%); and 
• failing to provide sufficient food, drink or shelter to an animal, contrary to section 9(1)(f) of the POCTA Act (19%). 
Overall, neglect-related offending – offenders omitting to adequately provide and care for animals –was far more prevalent than more deliberate and malicious acts of cruelty. 
Sentencing outcomes 
The majority of animal cruelty charges received a fine (60% or 1,786 charges). This is slightly higher than the overall rate for fines imposed for all offences sentenced in the Magistrates’ Court (55%). Of the 1,786 fines, 87% were part of an aggregate fine covering multiple charges (1,547 fines). For the fines that were not part of an aggregate sentence (239 fines), the average fine was $1,355, and the value of fines ranged from $100 to $20,000. 
Between 2012 and 2017, 121 community correction orders (CCOs) were imposed on animal cruelty offenders (some CCOs covered multiple charges). The most common conditions attached to these CCOs were unpaid community work (73%), participation in a treatment and rehabilitation program (71%) and supervision by Corrections Victoria (53%). This is consistent with previous findings about the rate at which these same conditions are attached to all CCOs in Victoria. 
A term of imprisonment was imposed in 8% of animal cruelty cases (86 cases) and on 4% of animal cruelty charges (126 charges). Of those charges, 88 were part of an aggregate sentence. For imprisonment terms that were not part of an aggregate sentence (38 charges), the average duration was three months’ imprisonment. A substantial proportion of offender appeals against a sentence of imprisonment were successful; of the 83 cases in which an animal cruelty offender was originally sentenced to imprisonment in the Magistrates’ Court, the sentence was successfully appealed in 17% of cases (14 cases), and those offenders either had the duration of imprisonment reduced (five cases) or had the sentence converted into an entirely non-custodial disposition (nine cases). 
Courts also frequently imposed control orders on animal cruelty offenders. These are ancillary orders that may be imposed if an offender has been sentenced for an offence under the POCTA Act. A control order places conditions on if, and how, an animal cruelty offender may own or be in charge of animals. A control order was imposed in 20% of animal cruelty cases (228 cases), though almost none were imposed in cases prosecuted by Victoria Police (less than 1% or 3 of 330 cases). Dogs were the animal most likely to be subject to cruelty in cases in which a control order was imposed and the type of animal could be identified (54% or 116 of 216 cases). Further, in cases specifying which animal(s) the control order applied to, 38% of control orders restricted the offender from owning or being in charge of any animals (87 of 226 control orders). 
Offender profiles 
Information relating to the age and gender of offenders was available in 1,019 cases (998 unique offenders). Approximately three-quarters of those offenders were male (743 offenders), approximately one-quarter were female (250 offenders) and five offenders were corporations. The average age of the 993 offenders who were natural persons was 38 years, but ages ranged from 11 years to 83 years. 
There were three key differences between male and female animal cruelty offenders. 
First, 7% of male animal cruelty offenders were aged under 18 years (51 offenders), but less than 1% of female animal cruelty offenders were in that same age group (two offenders). Second, 16% of male animal cruelty offenders were 60 years or older (120 offenders), but just 6% of female animal cruelty offenders were in that same age group. Third, male animal cruelty offenders were three times more likely than female animal cruelty offenders to be sentenced for both deliberate cruelty and aggravated cruelty, contrary to sections 9(1)(a) and 10(1) of the POCTA Act, representing 10% (deliberate cruelty) and 30% (aggravated cruelty) of animal cruelty offences committed by men, compared with 3% and 9% of offences committed by women. 
In contrast, female animal cruelty offenders were more likely than male animal cruelty offenders to be sentenced for neglect-related offences contrary to sections 9(1)(f) and 9(1)(i) of the POCTA Act, representing 26% (failure to provide food, drink or shelter) and 41% (failure to provide treatment) of animal cruelty offences committed by women, compared with 17% and 18% of offences committed by men. 
Co-sentenced offences 
The Magistrates’ Court dealt with 95% of animal cruelty cases between 2008 and 2017 (the reference period). The most common offence types sentenced alongside a charge of animal cruelty in the Magistrates’ Court were additional animal cruelty offences (38% of cases), other animal-related offences (16%) and acts intended to cause injury (11%). In comparison, the most common offence types sentenced alongside a charge of animal cruelty in the Children’s Court were theft and related offences (51% of cases), criminal damage (35%) and public order offences (33%). Although only a small number of animal cruelty cases were sentenced in the Children’s Court (58 cases), this suggests that young animal cruelty offenders were more generalist in their overall offending, while older offenders were more likely to be sentenced exclusively for animal cruelty or other animal-related offending (such as failing to register a cat or dog). 
A similar trend was observed when comparing male and female animal cruelty offenders. Male animal cruelty offenders were more generalist in their overall offending behaviour than female animal cruelty offenders and were more likely to be co-sentenced for almost every category of offence (except for animal-related offences). For example, male animal cruelty offenders were twice as likely to be co-sentenced for a violent offence (13% of cases for male animal cruelty offenders versus 6% for female animal cruelty offenders), three times more likely to be co-sentenced for criminal damage (12% versus 4%), five times more likely to be co-sentenced for theft and related offences (11% versus 2%) and 11 times more likely to be co-sentenced for offences involving weapons or explosives (7.6% versus 0.7%). 
Family violence 
Approximately 15% of animal cruelty cases sentenced in the Magistrates’ Court in 2016 and 2017 were flagged as having occurred in the context of family violence (35 of 231 cases). Almost all offenders in those cases were male (33 of 35 cases). The most common offences in those cases were acts intended to cause injury (57 charges), bail-related offences (44 charges) and breaches of intervention orders (44 charges). In cases flagged as family violence, animal cruelty offenders were much more likely to receive serious sentencing outcomes than all animal cruelty offenders generally: 43% of those family violence offenders were sentenced to imprisonment (compared with 11% of non-family violence offenders in 2016 and 2017) and another 43% were sentenced to a CCO (compared with 9% of non-family violence offenders in 2016 and 2017). 
Prior and subsequent offending 
Prior and subsequent offending was measured in this report by first identifying offenders sentenced for animal cruelty in 2012 and 2013, and then examining any prior or subsequent sentences in the four years before and the four years after their index sentence. Of the 271 offenders sentenced for animal cruelty in those two years, more than half (57%) were not sentenced for any other offending in the four years before or after their index sentence. The remaining 43% were, however, sentenced on at least one other occasion. 
In terms of prior offending, 14% of the 271 offenders had been sentenced for other offending in the 12 months before being sentenced for animal cruelty, and 30% had been sentenced at least once in the four years before being sentenced for animal cruelty. In terms of subsequent offending, 15% had been sentenced for other offending in the 12 months after being sentenced for animal cruelty, and 32% had been sentenced at least once in the four years following their sentence for animal cruelty. This suggests that animal cruelty offenders were slightly less likely than all sentenced offenders to reoffend within four years (prior Council research shows a 34% reoffending rate for all sentenced offenders after four years). However, a subgroup of animal cruelty offenders – those who were sentenced for deliberate animal cruelty contrary to section 9(1)(a) of the POCTA Act – were more likely to be sentenced for both prior (44%) and subsequent (46%) offending. 
In addition, during the reference period very few animal cruelty offenders were sentenced for animal cruelty offending on multiple occasions. Less than 3% of animal cruelty offenders in the Magistrates’ Court (whose identity was discernible) were sentenced for animal cruelty on more than one occasion (22 of 953 offenders).
The Council concludes
The report has a number of key findings:
• most sentenced animal cruelty offending is neglect-related, involving failing to provide food, drink, shelter or treatment to an animal (43%); 
• at least 15% of animal cruelty offending occurred in the context of family violence; 
• the majority of animal cruelty charges were sentenced to a fine (60%), and 4% were sentenced to imprisonment; 
• an ancillary control order was imposed in 20% of cases, placing restrictions on if, and how, offenders can own or be in charge of animals; 
• the majority of animal cruelty offenders were male (75%); 
• young offenders sentenced for animal cruelty in the Children’s Court tended to be more generalist in their offending – they were co-sentenced for other offences in 84% of cases – than offenders sentenced in the Magistrates’ Court (41%); 
• similarly, male animal cruelty offenders tended to be more generalist in their offending – they were co-sentenced for other offences in 49% of cases – than female animal cruelty offenders (29%); and 
• just under one-third of animal cruelty offenders were sentenced for other offending both in the four years before being sentenced for animal cruelty (30%) and in the four years after being sentenced for animal cruelty (32%). 
Arising out of these key findings, and from discussions with stakeholders, were three key issues that may warrant further consideration: the high rate of fines for animal cruelty offending, the importance of control orders in animal cruelty proceedings and the need to develop guidance on how animal cruelty should be sentenced, with subsequent judicial education about that guidance. 
High rate of fines 
During consultation, some stakeholders indicated that fines may be appropriate in some cases of animal cruelty. However, the finding in this report that fines represented more than half of all sentences imposed for animal cruelty offending was cause for concern. If the offender is a farmer who is struggling financially and, as a result, has been unable to water, feed or medicate their livestock, it would seem incongruous to further burden them with a monetary penalty payable to the state. Further, the harm and culpability inherent in deliberate acts of cruelty would tend to indicate that some form of offender rehabilitation is needed, rather than what one animal welfare researcher has described as a ‘regulatory’ response in the form of a fine. 
In addition, the Council has previously found that, of all fines imposed on individuals for all offences over a nine-year period, only 53% of fines were completely paid, 7% were partly paid and 40% were not paid at all. A criminal prosecution resulting in the imposition of a fine (and possibly conviction) may demonstrate the court’s (and the community’s) denunciation of the offender’s conduct, but it is difficult to see which of the other purposes of sentencing are achieved if the fine remains unpaid. 
Control orders 
One of the common themes in consultation with stakeholders was the importance of control orders in sentencing animal cruelty offending. These ancillary orders can prohibit offenders from owning or being in charge of animals, or place conditions and restrictions on their ownership and oversight of animals. Some prosecutors said that the imposition of a control order was the most appropriate outcome in many proceedings. 
Of the 1,115 cases involving animal cruelty sentenced during the reference period, a control order was imposed in 20% of cases (228), particularly in cases prosecuted by RSPCA Victoria and DEDJTR and DELWP.  ...
Many of the stakeholders consulted for this report considered that a level of inconsistency exists in how courts sentence animal cruelty offences in Victoria, in terms of both sentencing outcomes and the factors taken into account in determining sentence. The Council could not test this assertion, however, because sentencing remarks are not available for cases heard in the Magistrates’ Court. There is also limited case law in Victoria on the sentencing of animal cruelty offences. 
Stakeholders did, however, suggest that some form of guidance for judicial officers (especially magistrates) about sentencing animal cruelty would be helpful in this regard.
In the ACT the Legislative Assembly is considering the Animal Welfare Legislation Amendment Bill 2019, based on a 2018 Bill.

The new Objects provisions are
4A Objects of Act 
(1) The main objects of this Act are to recognise that—
(a) animals are sentient beings that are able to subjectively feel and perceive the world around them; and 
(b) animals have intrinsic value and deserve to be treated with compassion and have a quality of life that reflects their intrinsic value; and 
(c) people have a duty to care for the physical and mental welfare of animals. 
(2) This is to be achieved particularly by— 
(a) promoting and protecting the welfare of animals; and 
(b) providing for the proper and humane care, management and treatment of animals; and 
(c) deterring and preventing animal cruelty and the abuse and neglect of animals; and 
(d) enforcing laws about the matters mentioned in paragraphs (a), (b) and (c).
The Explanatory Statement comments
This clause substitutes the current objects of the Act, with a new set of objects to ensure that animals are recognised as sentient beings (meaning they can subjectively feel and perceive the world around them), have intrinsic value and deserve to be shown compassion and have an acceptable quality of life, and to reflect the community’s expectations around animal welfare and the proper treatment of all animals. 
Importantly, this clause reflects the five freedoms of animals and that animals have a right to both mental and physical wellbeing. 
This clause also states that an objective of the Bill is to recognise that people have a duty to care for the physical and mental welfare of animals. This includes, for example, providing opportunities for a dog to exercise and experience enjoyment and behaviours that are natural to the animal. ;
Section 6B deals with Failure to provide appropriate care
 (1) A person in charge of an animal commits an offence if the person fails to give the animal— 
(a) appropriate food; or 
(b) appropriate water; or 
(c) appropriate treatment for illness, disease or injury; or 
(d) appropriate shelter or accommodation; or 
(e) a clean and hygienic living environment; or 
(f) appropriate grooming and maintenance; or 
(g) appropriate exercise; or 
(h) appropriate opportunities to display behaviour that is normal for the animal; or 
(i) care that is appropriate for the animal’s wellbeing. 
Maximum penalty: 100 penalty units, imprisonment for 1 year or both. 
(3) In this section:
appropriate, in relation to an animal, means suitable for the needs of the animal having regard to the species, environment and circumstances of the animal. 
treatment includes veterinary treatment, including preventative treatment, if a reasonable person would expect veterinary treatment to be sought in the circumstances.
The Explanatory Statement indicates
In summary, the Bill provides amendments to the Animal Welfare Act 1992 to:
a) update the objects of the Act to reflect contemporary views on animal welfare, including recognition of animals as sentient beings. 
b) amend the governance framework for the Animal Welfare Advisory Committee (AWAC) so that the AWAC can provide advice to the Animal Welfare Authority in addition to the Minister. The Animal Welfare Authority was setup when the Act was introduced to administer the legislation, and is a Government appointed role responsible for animal welfare. 
c) set out a high-level framework for regulating pet business, and specifically pet shops and boarding kennels, to assure animal welfare outcomes. This provides the ability for the Animal Welfare Authority to impose conditions on a pet business licence. These conditions could restrict things such as the source and sale of certain types of animals, for example only dogs or cats sourced from shelters, pounds or foster organisations, as needed. 
d) set out a high level regulatory framework for assistance animals in the ACT that provides for the recognition, regulation and rights of access of assistance animals in the Territory, that is consistent with Commonwealth and ACT discrimination law. The Government will work with the assistance dog industry and key stakeholders to develop standards to support the new scheme, which will come into effect six months after the notification day. 
e) improve the regulatory framework for the Animal Welfare Authority so that: a. the Authority can impose an interim prohibition order on a person owning or caring for animals of up to six months where there are serious concerns for the welfare of an animal or animals. This will be an appealable decision; b. the Authority can seize, retain and/or sell or rehome an animal where appropriate, similar to powers under the Domestic Animals Act 2000; and c. the Authority can impound an animal at a premises other than a Government pound (for example, keeping seized puppies with an animal rescue organisation). 
f) introduce a new offence category for minor duty-of-care or cruelty offences where warnings and fines can be issued where appropriate (for example, where a person does not leave out water for their dog or kicks a dog in anger). The existing serious offences that attract significant financial and court penalties will remain and still be available. 
g) make a number of amendments to introduce new or amend current offences in the Act. These include: 
a. requiring a person to report the injury of an animal that is a mammal within 2 hours, rather than the current 24 hours in the Act in section 10 (for example, where a car collides with kangaroo or a dog and the animal needs urgent veterinary treatment). Existing duty of care obligations remain for a person to take reasonable steps to alleviate pain and/or suffering for all animals, including non-mammals. For example, a person who hits a bird with their car and the bird is injured is required to take reasonable steps to alleviate pain and/or suffering; 
b. introducing provisions that expressly address dog fighting and allow for effective enforcement of dog fighting offences; and 
c. clarify provisions around violent animal activities and ensure the prohibition of pig-dogging and other similar activities where an animal is used to intentionally injure and/or kill another animal, or where live baiting takes place, are captured. This will not prevent hunting activities more generally, the owning of hunting dogs or participation in accredited dog sporting activities. 
h) increase maximum court imposed penalties for cruelty and aggravated cruelty offences. 
i) expressly make it an offence for a person to leave an animal in a hot car or in other circumstances where a dog is in serious danger, and providing appropriate provision for an authorised officer or person to break into a car to rescue an animal only in reasonable and exceptional circumstances where all reasonable steps have been taken by that person and the animal’s life is in danger. 
j) amend a number of existing offences to make these offences strict liability and to update penalty amounts and infringement notices where appropriate. 
k) ensure provisions capture not appropriately restraining a dog in a moving vehicle. 
l) provide for a regulation making power to support the operation of the Act. 
m) make other minor changes to support the practical implementation and enforcement of the Act.

02 May 2019

Big Law and the Susskind Thesis

'New technology, the death of the BigLaw monopoly and the evolution of the computer professional' by Michael Guihot in (2019) 20(3) North Carolina Journal of Law and Technology 405-469 comments
Much has been written recently about new technology disrupting the traditional law firm model of providing legal services. Susskind and Susskind predicted the failure of professions, including the legal profession, due in large part to the external pressure of disruptive technology. However, concentrating blame on the technology is misguided; it blames the tool used to disrupt rather than the root causes of the disruption. In short, computers do not kill lawyers. Neither is the disruption aimed at the profession as such, but rather at the business models of modern day legal practices that have developed under the auspices of the profession. Under the guise of a profession, the legal profession has established the barriers to entry that have allowed lawyers to hold a monopoly on providing legal services. The monopoly has allowed law firms to develop business models through which they have been able to charge high, sometimes extravagant, prices for their services. It has also produced barriers to innovation. Clients have begun to react to perceived consistent overcharging and inefficient services of the BigLaw firms that benefit from the monopoly at the same time that technologies are becoming more powerful and effective. Meanwhile, new and hungry legal service providers who provide alternative business models to law firms are also using new technologies to open access to law and erode the monopoly. Lawyers are facing increasing competition that is set to destroy the BigLaw firm model. The disruption, though, will not be limited to BigLaw, and will also impact smaller law firms and sole practitioners.

Schmitt, Redlich and Buber

'The Mysterious Meeting between Carl Schmitt and Josef Redlich' by Or Bassok comments
In 1934, Carl Schmitt, then the crown jurist of the Third Reich, writes in an essay titled National Socialist Legal Thought about “[a] conversation with a world-famous, world travelled, experienced scholar of more than seventy years of age from the United States [which] belongs to the major experiences and encounters I have had as a jurist in the service of National Socialism.” Schmitt never revealed the identity of the scholar whom he met. Based on Schmitt’s diaries, I reveal that the scholar whom Schmitt met was Josef Redlich. Born to a Jewish family in 1869, Redlich was the Fairchild Professor of Comparative Public Law at Harvard Law School at the time he met Schmitt in 1931. According to Schmitt’s 1934 essay, the conversation focused on insights relating to the indeterminacy of legal norms as well as on a nihilist understanding of the era. Yet Schmitt drew conclusions from the encounter which hardly correspond to Redlich’s views. My essay first puts the ideas that Schmitt adopted from his encounter with the “American scholar” in the context of the era. Second, I examine Schmitt’s diaries as well as other relevant materials in order to prove that Redlich is the scholar whom Schmitt met. In the process, I exclude Roscoe Pound, the Dean of Harvard Law School at that time, who was the previous “prime suspect” for this encounter with Schmitt. Even after my discovery of the identity of the scholar to whom Schmitt refers in his essay, the story of Schmitt and Redlich’s encounter remains mysterious: the ideas of a scholar of Jewish decent, who believed in an Austrian multi-national, federal state, inspired and played a profound role in the formulation of a blatantly antisemitic essay promoting National Socialist legal thought by the crown jurist of the Nazi regime. After examining the contradictions between Redlich and Schmitt’s positions, I offer an explanation for why Schmitt viewed this encounter as so influential on his road to National Socialism.
'Theopolitics Contra Political Theology: Martin Buber’s Biblical Critique of Carl Schmitt' by Charles H T Lesch in (2019) 113(1) American Political Science Review 195-208 comments
This article recovers Martin Buber’s important but neglected critique of Carl Schmitt’s political theology. Because Buber is known primarily as an ethicist and scholar of Judaism, his attack on Schmitt has been largely overlooked. Yet as I reveal through a close reading of his Biblical commentaries, a concern about the dangers of political theology threads through decades of his work. Divine sovereignty, Buber argues, is absolute and inimitable; no human ruler can claim the legitimate power reserved to God. Buber’s response is to uncover what he sees as Judaism’s earliest political theory: a “theopolitics,” where human beings, mutually subject to divine kingship, practice non-domination. But Buber, I show, did not seek to directly revive this religious vision. Instead, he sought to incorporate the spirit of theopolitics, as embodied by Israel’s prophets, into modern society. The result is a new and significant perspective on liberal democracy and political theology. 
'Leo Strauss, Carl Schmitt and the search for the 'Order of Things'' by Alberto Ghibellini in (2019) 40(1) History of Political Thought 138 comments
Leo Strauss's 'Notes on Carl Schmitt, The Concept of the Political' are extremely important to understanding both authors. Schmitt, referring to this review essay, once described Strauss as the interpreter who 'had ex-rayed [him] as nobody else had done'. Strauss underlined its importance by calling it the 'first expression' of a 'change of orientation' that radically affected his approach, leading him towards the rediscovery of the classics. This article investigates the key points of Strauss's critique, explaining why he could surprisingly see Schmitt's position as a 'liberalism with opposite polarity' and what precisely the cornerstone of his 'change of orientation' is.

UK Internet of Things Safety

The UK Government Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation on 'Secure By Design' regulatory proposals regarding consumer Internet of Things (IoT) security, promoted as ensuring that 'millions of household items that are connected to the internet are better protected from cyber attacks.

The Government states
Options that the Government will be consulting on include a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means that retailers will only be able to sell products with an Internet of Things (IoT) security label.
The Government will be consulting on options including a mandatory new labelling scheme. The label would tell consumers how secure their products such as ‘smart’ TVs, toys and appliances are. The move means retailers will only be able to sell items with an Internet of Things (IoT) security label. 
The consultation focuses on mandating the top three security requirements that are set out in the current ‘Secure by Design’ code of practice. These include that:
  • IoT device passwords must be unique and not resettable to any universal factory setting. 
  • Manufacturers of IoT products provide a public point of contact as part of a vulnerability disclosure policy. 
  • Manufacturers explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
Following the consultation, the security label will initially be launched as a voluntary scheme to help consumers identify products that have basic security features and those that don’t.
The Consultation Document states
As the technological advances of the 21st century continue to accelerate, consumers are bringing more and more ‘smart’ devices (i.e. consumer IoT products) into their homes, such as smart TVs, internet connected toys, smart speakers and smart washing machines. The Internet of Things (IoT, also known as ‘internet-connected’ or ‘smart’ products) is already being used across a range of industries and it is delivering significant benefits to the lives of its users.
In the future, we expect an ever increasing number of more developed consumer Internet of Things products and services. These devices will be able to anticipate and meet their users’ needs and will be able to tailor information specifically to them across everything from home energy to security. This will offer users the opportunity to live more fulfilling lives; saving time, effort and money.
As with all new technologies, there are risks. Right now, there are a large number of consumer IoT devices sold to consumers that lack even basic cyber security provisions. This situation is untenable. Often these vulnerable devices become the weakest point in an individual’s network, and can undermine a user’s privacy and personal safety. Compromised devices at scale can also pose a risk for the wider economy through distributed denial of service (DDOS) attacks such as Mirai Botnet in October 2016.
The UK Government takes the issue of consumer IoT security very seriously. We recognise the urgent need to move the expectation away from consumers securing their own devices and instead ensure that strong cyber security is built into these products by design.
We have previously stated our preferred an approach whereby industry self-regulate to address these issues, but that we would consider regulation where necessary. In October 2018 we published a Code of Practice for IoT Security, alongside accompanying guidance, to help industry implement good security practices for consumer IoT.
Despite providing industry with these tools to help address these issues, we continue to see significant shortcomings in many products on the market.
We recognise that security is an important consideration for consumers. A recent survey of 6,482 consumers has shown that when purchasing a new consumer IoT product, ‘security’ is the third most important information category (higher than privacy or design) and among those who didn’t rank ‘security’ as a top-four consideration, 72% said that they expected security to already be built into devices that were already on the market1. It’s clear that there is currently a lack of transparency between what consumers think they are buying and what they are actually buying.
Our ambition is therefore to restore transparency within the market, and to ensure manufacturers are clear and transparent with consumers by sharing important information about the cyber security of a device, meaning users can make more informed purchasing decisions.
Having worked with stakeholders, experts and the National Cyber Security Centre (NCSC), we are now consulting on proposals for new mandatory industry requirements to ensure consumer smart devices adhere to a basic level of security. The proposals set out in this document seek to better protect consumers’ privacy and online security which can be put at risk by insecure devices.
We are mindful of the risk of dampening innovation and applying a strong burden on manufacturers of all shapes and sizes. This is why we have worked to define what baseline security looks like, in line with the ‘top three’ guidelines of the Code of Practice. Our ambition is for the following security requirements to be made mandatory in the UK. These are:

  • All IoT device passwords shall be unique and shall not be resettable to any universal factory default value 

  • The manufacturer shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues 

  • Manufacturers will explicitly state the minimum length of time for which the product will receive security updates.
Meeting these practical and implementable measures would protect consumers from the most significant risks (such as the Mirai attack in 2016). This would also restore transparency in the sector and allow consumers to identify products that will meet their needs over the lifespan of the product. In addition, mandating vulnerability disclosure policies will enable an effective feedback mechanism to operate, between the security research community and manufacturers.
One of the core aims of the consultation is to listen to feedback on the various implementation options we have developed in partnership with industry and stakeholders. These include the following three options:
● Option A: Mandate retailers to only sell consumer IoT products that have the IoT security label, with manufacturers to self declare and implement a security label on their consumer IoT products 
● Option B: Mandate retailers to only sell consumer IoT products that adhere to the top three guidelines, with the burden on manufacturers to self declare that their consumer IoT products adhere to the top three guidelines of the Code of Practice for IoT Security and the ETSI TS 103 645 
● Option C: Mandate that retailers only sell consumer IoT products with a label that evidences compliance with all 13 guidelines of the Code of Practice, with manufacturers expected to self declare and to ensure that the label is on the appropriate packaging
Later this year, the security label will initially be run on a voluntary basis until regulation comes into force and the government will make a decision on which measures to take forward into legislation following analysis of the responses received through this consultation. We recognise that any regulation will need to mature over time, and additional information for this approach is within the consultation stage impact assessment ‘mandating security requirements for consumer IoT products’