display:none
12 Common Issues with Privacy Policies

12 Common Issues with Privacy Policies

by | Apr 1, 2022 | Law for Online Business, Legal, Privacy, Website Terms

12 Common Issues with Privacy Policies

1. Thinking a simple privacy policy template will do the job

For many small business owners, protecting the privacy of personal information just isn’t a priority. There are lots of reasons for that.

  • Not placing any value in a privacy policy or the protection of personal information
  • Not knowing what makes up personal information
  • Not realising when the business is collecting personal information
  • Not understanding what the business is doing with personal data after its collected
  • Thinking that publicly accessible data, like through Facebook or a website, means its ok to collect it
  • Not understanding the difference between privacy and confidentiality, or the importance of privacy
  • Having competing priorities – like the need to make money – that mean privacy always sits on the back burner

A template might work. It might not. If you never read it or attempt to understand it, it probably won’t help your business meet its legal obligations.

I have heard of a company that copied and pasted their privacy policy from a crematorium, without having read it. One of their customers pointed out to them that it was a little weird to read about burial when that wasn’t their business.

Are you prepared to put your credibility at risk?

If you don’t know what your obligations are, how do you know a simple template will protect your business?

2. Copying and pasting a policy from somewhere else

It is easy to check out a friend’s website or a competitor’s website and decide to simply copy and paste what they have done. A friend might even offer it. The problem with getting help from friends like that is that they probably don’t understand their own privacy policy or the legal impact it can have on your business.

I’ve even come across a business spruiking a service of theirs offering advertising through Facebook that simply linked the privacy policy of a random website they did not have any control over, not having read it, understood it or worried about the promises they were making by using that privacy policy and simply seeing it as a ‘hurdle’ to overcome to get their adds showing in as many feeds as possible.  That is potentially misleading and deceptive conduct offending both privacy law and consumer law.

If you haven’t read it or don’t understand it or are looking at a website from outside your country, don’t put your business at risk by copying and pasting a privacy policy from someone else’s website.

3. Thinking a cookie policy covers privacy obligations

Having a cookie policy or a cookie choice pop up on your website doesn’t meet your obligations to protect the privacy of personal information.

Cookies may not be classified as personal information but cookies can be functional (you won’t get full use of the website without them), performance focused (like analytics), focused on personalisation (like advertising based on your search history), or marketing focused.

Internet cookies are little data packets that store enough information to identify you when you return to a site for the purpose of say, pre-filling your username or password, or adjusting the display of a website, or advertising to better reflect your preferences. Cookies have to be matched with other data before they can be used to identify you and the information stored is not generally available for inspection. Cookie data may be collated to create a picture of who you are.

There was a ‘horror’ story that went around some years ago about a pregnant teenager being discovered by her family because her search history meant her parents got served advertising for pregnancy help.  The cookies didn’t identify her, but enable her parents to put two and two together.

Personal information is information about an individual which by itself identifies that individual, or with other information can be used to identify an individual. Types of personal information can include:

  • photo
  • name or alias
  • postal, street or electronic address
  • enrolment in a course
  • testimonial
  • biological samples
  • genetic data

So, a cookie pop up by itself just won’t cut it.

4. Never reading your own privacy policy

If you don’t know what your privacy policy says, how can you possibly be implementing the protections necessary to protect the personal information you are collecting?

How many businesses do you know have a blank page when you click on the privacy policy link in the footer of their website? Clearly they missed checking what was supposed to be written on that page. Your web developer or tech person is not responsible for you meeting your privacy obligations. They probably know marginally more than you do about your privacy obligations, are not lawyers and shouldn’t be uploading just anything for you.

5. Not understanding your own privacy policy

Privacy obligations only apply to information about real people – whether in their personal or business capacity – but do not apply to companies or other entities. Depending on where you are in the world, privacy obligation may also be limited to people who are still alive, and not the deceased.

So, what do you do with the personal information you collect? Unless you use integrated technology, you probably have data about your clients and supplies in a variety of places:

  • your CRM
  • your finance software
  • your email marketing software
  • your email management system
  • a project management tool
  • other software used in your business

Whilst the problem of keeping information consistent across databases is widely acknowledged, the type of protections each of those systems offer, and how you use them, probably isn’t.

For many types of businesses, your privacy obligations mean that you can’t send data overseas without the consent of the person providing it. This is particularly so for financial or health data. Personal trainers, life coaches, psycho-therapy providers all collect health data and probably don’t realise that every email they send pushes personal information overseas.  

I’ve also gone to privacy policy links on websites that don’t cover privacy at all, and in fact display the e-commerce terms of that business instead, which perhaps a throwaway line saying “we respect your privacy and will never sell your personal information.” That is not a privacy policy.

6. Not considering any procedures to support your policy

When you run a small business, the people who work with you, employees or contractors, need to understand your priorities around personal information and what can and cannot be done with it.

Do you allow contractors to keep contact details on their mobile devices outside your systems?

What controls or oversight do you have over what they are doing with their mobile device each day?

How many times have you seen parents hand a mobile device to their child to keep them quiet or entertained? Do you know the personal data of others isn’t being accessed?

For businesses in Australia which are obliged to comply with the Privacy Act 1988, there are now also mandatory data reporting obligations so that if any data is lost or accessed, it needs to be reported. Leaving a device on public transport can be a reportable event if that device cannot be remotely locked and contains any personal information that is supposed to be controlled by your business.

7. Not knowing where you are collecting data or what you are doing it

We’ve spoken with many small business owners who simply don’t realise how often or in what way they are collecting data.

  • a form filled through a website
  • an email received
  • a video conference recorded
  • a note made of a telephone conversation
  • a voicemail received
  • video feedback recorded and sent by a client
  • patient notes written and yet to be filed

All these examples involve the collection of personal information. Does your business have protocols in place for the destruction of information that is no longer required for the purpose of your business? Privacy law generally requires that you only collect what is necessary, and destroy it after it is no longer required. Interestingly, many large organisations, like banks, appear to keep your information indefinitely.

The GDPR (regarding information about EU residents) now requires that you monitor what you collect, how you collect it, and how long you keep it.

We can help you put together policies to assist people in your workplace to manage how information is collected, stored, used and destroyed.

8. Not updated to match data practices

Laws are changing all the time. If you haven’t looked at your privacy policy for more than two years, it is probably time you did.

Not only that, but if you’ve changed the software or technology you are using recently, that should also prompt a review of not only your privacy policy, but also the privacy policy of your new software or technology provider.

You might be offering a new product or service that means you collect additional information from your clients, more than you did previously.

You might have started working with another business in a joint venture, which means they now have access to some of your personal information, and vice versa.

Take time to review your practices and procedures for managing personal information and privacy, as well as checking that you are legally compliant with your obligations.

9. Doesn’t address all the different people affected – customers, partners, developers, general users

You may or may not treat personal information from different relationships in the same way. By relationships, consider the different people you interact with in your business – your clients and customers, your suppliers, your employees and contractors, volunteers, etc.

Consider: if you still have a business that uses paper forms, you might have collected similar or only slightly different data on different forms. You might scan that information and store it electronically, but then what happens to the paper copy? Is it securely destroyed? Is it stuck in a filing cabinet somewhere? Is that filing cabinet locked? Is any member of staff able to access that filing cabinet?

Do you have forms to be filed sitting on someone’s desk without any security or privacy around that information?

Do you have phone numbers written on a white board that can be seen from outside your office? This happened on a morning TV cross to a bank financial data room.

You might have a list of supplier details stuck on a wall, or a piece of paper near the computer.

If you treat the personal information you collect about different groups of people differently, all those scenarios need to be covered.

10. Hiding the terms

When your business has privacy obligations, you should share how you meet those obligations with the people whose data you collect. So, if you have employees, you should have an employment policy around how you manage their personal information.

With regard to your customers, you should have a policy about how you manage their personal information and what you do with it.

The easiest way to share a privacy policy with customers and suppliers is through your website and the convention is to have a link to that policy in your website footer.

A link to a blank page is not helpful.

11. Wrong laws or no laws

A contract came across my desk the other day between two Queensland, Australia based small businesses. Goodness knows where they got it. The agreement was four years old and mentioned the laws of Ontario, Canada as the governing law. No, no, no, no. Not helpful at all!

If you copy and past a privacy policy from someone else there is a risk that you have inadvertently referred to laws that don’t even apply to your business. Like COPPA, the Children’s Online Privacy Protection Act which is law in the United States. Reference to that law in another country is likely to be inaccurate and potentially misleading, or create obligations in your business that never actually existed until you voluntarily assumed them.

If you’ve copied something from overseas, it is also possible that you’ve not complied with the laws that do apply to your business, putting your business at risk.

Although there are certainly some similarities in obligations in different countries, law is not universal and there are often inconsistencies within countries, particularly federated countries, as well as between countries.

Make sure you are undertaking to comply with the laws that apply to your business.

12. Hard to read – legalese or no whitespace

Lastly, don’t make your privacy policy so hard to understand that people don’t or won’t read it. If you write for the comprehension level of a child of around 12, then most people who read your privacy policy, whether customers, suppliers or staff, will understand it.

You shouldn’t need a post-graduate degree to make sense of what has been written. It doesn’t help your business or anyone else you deal with. Back in 2019 The New York Times did an article about readability and found that Facebook’s then privacy policy was more difficult to read than Stephen Hawking’s ‘A Brief History of Time’. Don’t be that business.

Simply headings like:

  • How we collect your personal information
  • What we do with your personal information
  • Where we store your personal information
  • Your rights regarding the personal information we have collected about you

All make it easier for someone reading your privacy policy to make sense of what it is you do to help protect them. Short sentences, simple words, easy to follow headings, pleading of white space, all aid understanding.

If you are not sure, get a child you know to read your privacy policy out loud and ask questions about anything they don’t understand. If they stumble over a sentence, or have loads of questions, go back to the drawing board.

How can Onyx Legal help you?

If you’d like help reviewing or updating your privacy policy, or perhaps having one tailored to fit your business and your business processes, make an appointment with a link to your policy (if you have one) and let us know what you’d like to achieve.

Make an Appointment

Your Quick Legal and Cyber Check on Your Website

Your Quick Legal and Cyber Check on Your Website

by | Feb 7, 2022 | Law for Online Business, Legal, Legal Issues for Small Business, Privacy, Website Terms

Your Quick Legal and Cyber Check on Your Website

Start by completing our quick audit questionnaire to work out what are some legal issues when creating a website. Then read below…

Domain Name Legal Issues

Your domain name is like a post office box. You lease it, you don’t own it. Your registrar is like the post office. They will only talk the person who is authorised as the registrant of the domain name. That might not be you!

If you don’t know where your website is registered – GoDaddy is a commonly known registrant – this could be a problem if you want to sell your online business and cannot transfer the domain name. If you don’t ensure your registration fees are paid regularly, then you could lose your domain name and it is not easy to get them back.

When agencies first started building websites for businesses, a lot of companies registered the domain names to their agency rather than you, their client. This became a problem for people when their small web designer gave up their business, or their web designer held them to ransom, requiring a payment equivalent to purchase before releasing the domain name.

We’ve had a prospective client come to us running a business using a specific domain name, and no part of that domain name was protected by trade mark or copyright. For whatever reason, they let their registration lapse. Of course, the domain name was sold to someone else. That someone else happened to be a local competitor to them. They came to use 2 years after the domain name had lapsed and their competitor was using it and asked us to help them get it back. We told them we couldn’t help. There was no basis for them to claim exclusive ownership, it took them two years to take any action and the time, money and effort required to even attempt to get it back was more than they were willing to invest.

Trade marks are almost the only thing that can give you superior rights to anyone else for registration of a domain name, and even that won’t stop someone using the same domain name in a different industry from using your name. Just try searching ‘Onyx Australia’. We might be the only legal firm with that name, but we are not the only business with that name in the country.

ACTIONS:

  • Identify your registrar and make sure you have login details
  • Confirm the registrant name (hopefully not a company you since closed – it has happened)
  • Make sure you have auto-renewal and up-to-date payment details in place

Our team at Onyx Legal can help you find out who the registrant is and make sure you have control over your domain name.

Hosting & Backup Legal Issues

All of the information that people can watch and read on your website is stored and then accessed via the internet. You pay a hosting provider to store that content and make sure it is available when people look for it online. If you don’t know who your hosting provider is, who can you talk to if your website is ‘down’ and not visible? You might be working through an agency and contact them.

There is a lot of factors that can impact your website hosting including whether your website is on a shared server or an individual server. On a shared server, one website with malware can have every website on the server temporarily shut down. If you site is impacted by malware and taken down, it can impact your results in advertising or search results when clients are looking for you. The responsibility for those things may sit with you, or your agency, or your hosting provider. Check your terms and conditions of hosting.

The type and local of your hosting provider can also impact the speed of data upload to or download from your website. If you don’t have automatic payments set up on your hosting, you might find your website is down and if you don’t know where your website is hosted, any information you collect through your website, like personal data, may be going around the world before it comes to you – which could be an issue in managing your privacy obligations.

Backups are important in reducing your cyber risks.

There are lots of products that enable you to backup your website to the server where it is hosted. This might not be effective if you get hit with ransomware. If you have a separate backup on a system that you know works and can be reinstated quickly, then you have a better chance of a quick recovery from a ransomware attack. Always check that your backups work and your site can be quickly reinstated. Backup regularly.

Like backups, password protection and sensible username application can also make a huge difference in managing the cyber risks to your website and your business.

The team at Onyx Legal can help you find out who your hosting provider is and how to protect your content.

Website relationships and the terms and conditions to manage them

In a high street shop front, everyone is trained in the rules of what is considered appropriate behaviour in stores from a young age, so much so that we take it for granted. Things like – if you break something, you pay for it, if the shop is closed then you can’t come in, you have to pay for what you buy before you leave the store and so on. The common courtesies like don’t disturb other shoppers, if you are asked to leave then leave, and don’t steal are also taken for granted.

Online, you sometimes need to remind people of the rules. You can also set some rules to control your own online space.  Think about the big sites like eBay, Craigslist, Facebook, and Google. If you don’t follow their rules, they can stop you from using their services and there is almost nothing you can do about it.

You have the same ability to control how other people access and use your website and the information you provide. Every different interaction available on your website creates a different relationship that you may need to manage through terms and conditions.

You will normally find a link to terms of use in a website footer. Following that, convention is sensible if you want to argue that your terms and conditions are binding on your website visitors or users.

We’ve had a client who neglected to have terms and conditions on their website and had to pay a $125,000 claim for defective products because they failed to disclose that they were just the importing agent for the manufacturer and set any contractual terms around their supply.

If you are working in any sort of industry that is regulated, either by government or a professional organisation, a disclaimer may help limit the risks to your business. Disclaimers can also provide a great opportunity to remind your clients of their responsibilities

Onyx Legal can help you tailor terms and conditions that fit your business, your industry, and make sense to your customers.

Legal Issues with Website Content

What you publish on your website, whether you put it there or someone else did, is your responsibility. If you have been creative with the truth, copied something from someone else, used a form of software that allows you to ‘snip and spin’ other people’s content and publish it as your own (We were horrified! It was so obviously copyright infringement, and the client thought it was perfectly fine because they paid for the software and assumed the developer was doing the right thing around copyright. Wrong! It slowed their website development down a bit) then that’s on your head – no one elses.

You need to be aware of any regulations applicable to your industry (for example – health services in Australia can’t use testimonials about the health service), stay within the bounds of consumer protection legislation, not infringe the intellectual rights (trademark, copyright etc) of others and protect the privacy of visitors to your website.

Onyx Legal can help assess your level of compliance, where you might have risks and make some recommendations around improving your website from a legal perspective.

How can Onyx Legal help you?

If you scored badly on the website legal and cyber self-audit and would like us to carry out a more comprehensive audit and make some recommendations, make an appointment with the Onyx Legal team now..

Make an Appointment

How to Complete a Quick Legal Audit of Your Business

How to Complete a Quick Legal Audit of Your Business

by | Jan 24, 2022 | Law for Online Business, Legal, Legal Issues for Small Business

How to Complete a Quick Legal Audit of Your Business

Running your own business can be a juggle. So how do you know if you are putting yourself at risk? Consider doing a quick legal audit of your business to find out whether there are any potential cracks that you may need to fix.

We’re going to focus on structure, relationships and risk management.

Start with your Business Structure

When was the last time you thought about what business structure you have and if it still works for you?

Many people start small businesses as sole traders and continue that way until something bad happens, like a threat of court action or an unexpectedly large tax bill. Other people set up multiple companies or trusts and then lose track of them. Some people change the style of delivery of their business and then need to review how everything is done.

Some recent examples for our clients have been:

  • A client selling a business discovered that the business trade mark was registered to a company they had forgotten about. They had moved and hadn’t updated their contact details with the company register. The company had ‘strike- off action in progress’ recorded against it in the register. The quick fix there was to pay outstanding invoices to the register and update contact details.
  • Another client set up a second company in the US and separated its business delivery by area, some under its Australian company and some under the US company. Customers are now able to choose their area before checkout. Taxes had to be accounted for in each different country and in Australia that meant the invoicing had to identify the Australian company and the GST paid, which initially it didn’t. A few technical tweaks in the delivery software fixed the problem.
  • A couple started a business as a hobby as a sole trader under the name of one of them. Twelve months later they came to us asking about asset protection. Initially, it appeared that the structure didn’t need to change because they hadn’t really started generating any income. A little further in the conversation disclosed that one of the partners held shares, an investment property and crypto-currency in their own name and it became clear that a different structure was needed to isolate those assets from any potential risks in the business.

Audit questions for you

  1. What legal structure do I use for my business? Can I find the documentation?
  2. When was the last time I reviewed that structure?
  3. Are my business contact details up to date with all regulators?
  4. Do I know my business identification number (in Australia it is an ABN)?
  5. Are my invoices correctly set out for compliance purposes?

Then Think About All Your Business Relationships

Mind mapping might help you identify all the different types of business relationships you have. Think about your business from the inside out, starting with you and ending with the general public.

You might have relationships with some or all of the following groups:

  • Business partners
  • Investors
  • Employees
  • Contractors
  • Suppliers
  • Affiliates
  • Sponsors
  • Advertisers
  • Joint venture partners
  • Clients
  • Customers
  • Subscribers
  • General public

Each different relationship potentially has different risks, obligations and responsibilities, and those things are much easier to keep track of if they are documented.

Lots of people who come to us have operated their businesses on verbal agreements or exchanges of emails successfully for years. There is nothing wrong with that, but if something goes wrong, your options are likely to be more limited than if you had a written agreement to refer back to when resolving the problem.

Most people can’t remember what they did a week ago. Don’t expect to be able to remember exactly what was agreed with someone months or years ago.

Some recent examples for our clients have been:

  • A business break-up. The parties had not documented their relationship or what would happen if the business came to an end. They had a meeting with their accountant to agree on how to close the business, but then one party decided not to follow that plan, and it hadn’t been documented and agreed in writing on the day, so became a dispute. The simple fix would have been to have a shareholder agreement in place within a short time before or after starting their business, whilst relationships were still good, and the parties were able to speak sensibly and logically to each other.
  • Another client had been operating their business without any hassles for years. The nature of their business meant that there was always a sponsor between them and their end customer. For the first time, a sponsor acted as gatekeeper and stopped the supply of products from our client to the end customer based on their assessment of the quality of the product. Each product was developed by our client’s labour, unique to the client, and our client could not be paid if the products were never put in front of their clients. Difficult situation. We prepare terms and conditions of service between our client and their sponsors to ensure that sponsors who behaved in that way would have to pay our client and amount equivalent to their lost income.

Consider whether you have anything in writing to help you manage all of the relationships in your business. Some examples are as follows:

Business Partners

A business partnership works well when both parties are on the ‘same page’. A clear and transparent agreement will help you quickly resolve any potential issues in the future, regardless of the structure you are using to operate.

Business relationships will be covered to a limited extent in founding documents, like constitutions or trust deeds, but those documents are designed more for setting out the rules of governance of an entity, than managing the relationships of the people involved. For older businesses, governing documents might be completely outdated and no longer compliant with changes in law.

Types of documents you may already have in place or like to have in place could include a partnership agreement, or a shareholder’s agreement, or a unitholders agreement. If you’re working with someone on a side gig, you might need a contractor’s agreement or a joint venture agreement.

Employees

Whenever you employ someone, you will have certain information you need to collect and compliance obligations you need to meet, before even considering whether you want to create company policies to help guide your workers.

Consider the following:

  • notices required under regulation (in Australia we are required to give a Fair Work Information Statement to employees before they start work)
  • information that needs to be securely collected and protected, like tax information
  • an employment agreement
  • a position description
  • health and safety information
  • company policies – social media policies and work from home have been important recently

Also think about any insurances you are legally required to have in place for your employees, in Australia that will be Workcover insurance.

Contractors

Engaging a contractor without a written agreement is not an ideal position to be in if something goes wrong. Even if you have a written agreement, sometimes it isn’t sufficiently clear.

The biggest issue we’ve managed for clients when contractor agreements have gone wrong is clearly identifying the required deliverables and whether they were met or not.

If you engage a contractor on their terms and cannot measure what was to be delivered by the end of the month before you pay them, then don’t be surprised if you don’t get what you expected. Be clear before you engage a contractor what you want them to deliver, and if you can’t, at least have the ability to set measurable results you expect on a weekly or monthly basis. If you don’t, make sure you can end the agreement at any time without penalty.

In some industries there are minimum legal requirements for contractor agreements which can include terms of payment including frequency.

Clients

Your clients are an integral part of your business, and it is essential that you have agreements in place with them appropriate to the type of business you operate.

There is an increasing level of awareness of what happens when you hand over personal information and an expectation that it should be protected. Platforms like Facebook and Google require advertisers to have a privacy policy before they can publish any adds. Most importantly, a privacy policy gives you the opportunity to show you clients how you care for their information. Do you have one? Is it on your website or otherwise easily available to your clients?

For online businesses, your agreements are usually contained in the terms and conditions you have published on your website or shopping cart.

If you’re delivering consulting, coaching, mentoring or similar services, you want something documented to ensure you get paid. We usually encourage an element of upfront payment for coaching or consulting services to ensure you don’t deliver services then have to chase to get paid.

Suppliers

If you have credit arrangements with any of your suppliers, you will be purchasing their goods or services under their contract terms. Often people don’t review those terms until they want to end the services and then check the terms to find out how to make that happen.

When was the last time you reviewed your supply agreements? Are you happy with your suppliers, and if not, have you told them? It is possible to change the terms of an agreement in writing between the parties, so that your business relationship can continue, but in a way you are satisfied with, rather than being an unhappy customer.

 

Audit questions for you

  1. Do we know where our founding/ governing documents the establish our business are kept? When did we last look at them?
  2. How many different business relationships do we have?
  3. Are those relationships documented in agreements?
  4. Do we know where our agreements and contracts are?
  5. Do we have written employment agreements or policies?
  6. Do we have a privacy policy on our website?
  7. Do we have a contract register so we know what agreements we have, with who, who on our team is responsible, when the agreements end and where they are?

Now Think About Your Risk Management

Have you thought about what the biggest risks might be for your business? COVID certainly surprised most people. Whilst some businesses were impacted by SARS and thought about adding in ‘pandemic’ as a risk factor in their risk management and business continuity, that was a very limited number of businesses. If you don’t stop occasionally and work out where the risks are to your business, you don’t give yourself the opportunity to lessen the potential impact on your business before they occur.

Even if you have a written business plan, and a written business continuity plan (a set of actions to be taken when events or circumstances have an adverse impact on the business), if you haven’t reviewed them for some time then they might not be relevant.

The key to risk management is thinking about what matters most in your business, how that might be threatened, and what you can put in place to reduce the impact of that potential threat happening.

A great example is considering cyber risk to your business and then having all staff complete training as a result. The training is a way of raising awareness of the potential problems and helping people understand what they can do to reduce the risk. 

If you have a business plan, that may help you identify the main areas of potential risk to your business. Consider –

  • Financials – processing payments; invoicing; paying employees, contractors, suppliers; tax changes; loss through theft or other means etc
  • People – what would happen if anyone in your team was gone for any reason?
  • Key Resources – physical, intellectual, human, network
  • Offering – competitors, changing environment, legal compliance
  • Key activities – what would impact your ability to deliver your product or service to your clients?

Once you’ve identified your risks, then consider the likely chance of it happening, and the likely impact, to calculate a risk score. Typically, businesses identify 4-5 levels of risk for likelihood and impact. So, the likelihood might be from ‘rare’ to ‘almost certain’ and the impact might be from ‘minor’ to ‘catastrophic’. For a large proportion of business, if they’d had the chance to do this exercise with knowledge that COVID was coming, would probably have assessed a pandemic as ‘rare’ and ‘catastrophic’. That may have given it a risk rating in the HIGH range and ensured that measures were in place (like the ability to work remotely) before COVID happened.

Hindsight is a wonderful thing.

 

Audit questions for you

  1. Have we ever considered risks to our business?
  2. Do we know whether we have compliance obligations in our industry?
  3. Do we understand risk management?
  4. Do we have a risk register?
  5. Do we have risk mitigation in place for identified risks?
  6. What insurances do we have in place?
  7. Have we scheduled staff training to help identify and manage risks?

Is it time for a refresh?

If you’ve read through the audit questions and think it sounds all to hard, consider the future of your business. If at any time you want to apply for finance, look for an investor or sell your business, all these things will need to be sorted out to get the best value.

If it seems overwhelming, consider working with us to help prioritise what is most important to support your future objectives, and then to work through the process with someone in your team to help you get organised and on top of everything.

Onyx Legal offers cost effective day rate services to help you get on top of big projects that support the future value of your business. Let us know if you’d like a hand with identifying and understanding your structure, contracts or risk management. Make an appointment now

How can Onyx Legal help you?

Book an appointment to talk with one of our team about your business structure and whether it is still the most appropriate structure for what you are doing and what you’d like to achieve.

Make an Appointment

Business & COVID Queensland

Business & COVID Queensland

by | Nov 28, 2021 | Law for Online Business, Legal

Business & COVID Queensland

Business and COVID – 17 December 2021

 

This article offers a resource for business coming out of the RDA Moreton Bay presentation for business at the North Lakes Sports Club on 24 November 2021. Thank you to RDA Moreton Bay for the opportunity to be involved.

Businesses to be affected

Hospitality, vulnerable settings (aged care, health, prisons etc), indoor entertainment, outdoor entertainment, festivals, weddings, government galleries, museums and libraries, etc.

Retail, public transport, places of worship etc are referred to as not subject to vaccination restrictions.

Where to start?

  1. Official government websites – there are links to all Federal, State and Territory official sites here – https://www.australia.gov.au/
  2. Understand that State and Territory requirements and directions are all different. You will need advice relevant to each. The following information is for QUEENSLAND

Check out the FAQs in response to questions from business.

Regarding the Qld Health Direction expected on 17 December 2021

Public Health and Social Measures linked to vaccination status – A Plan for 80% and Beyond

This is currently a plan without legal effect, it will become a binding Public Health Direction as soon as it is published online.

EmployeesCustomers/ Suppliers

register for the Qld Check-in App and clearly display the QR Code at each entrance

display the COVID Safe Checklist at your premises

maintain social distancing – 1 person per 2 square metres (capacity) and 1.5m (proximity)

display the vaccination rules at your business premises (download)

promote the requirement on your website and social media channels

  • ask employees to link their vaccination certificates to their Qld Check-in App
  • remind customers when they make a booking
  • notify suppliers of requirements
  • consult with staff
  • ask staff to provide proof of vaccination status consult with staff about impact
  • consider the circumstances of each employee
  • consider alternatives such as social distancing, mask wearing, working from home etc
  • seek legal advice for ability to mandate vaccinations
  • seek legal advice before dismissing an employee on the basis of vaccination status
  • Check the FWO website for detail guidance on vaccinations in the workplace
  • If the Health Direction reflects the current direction for health services, employers may be liable to be fined up to around $13,700.00
  • ask for proof of vaccination from your customers/ suppliers at the time of check-in
    • the Check-in App should show a white tick on a green background if a valid vaccination certificate is linked, or a red question mark if not
    • a customer can show you a copy of their immunisation history statement or COVID-19 digital certificate
  • request customers/ suppliers not enter the premises if unable to provide proof of vaccination
  • provide training to staff on how to manage objectors effectively and without violence
  • if a person refuses to provide evidence of vaccination, you may call police who have the ability to issue a fine of $1,378.50
  • A person affected by administration of a COVID vaccine who is hospitalised for at least one night may make a claim under the no fault COVID-19 Vaccine Claims Scheme
  • get legal advice if you are concerned about your legal obligations
  • you may also require HR and workplace health and safety advice

 

Where do the laws come from?

FREE RESOURCE DOWNLOAD

Download our PDF of this article including active links for your use.

ONYX LEGAL Business and COVID information sheet for business effective 17 December 2021

How can Onyx Legal help you?

Book a short advice session and send us details about your business. We can provide a brief email confirmation of our advice for your records, or a full written advice if required for Board or management consideration. 
Make an Appointment

Australia Consumer Law: How Does it Affect Your Business?

Australia Consumer Law: How Does it Affect Your Business?

by | Nov 11, 2021 | Consumer Law, Law for Online Business, Legal

Australia Consumer Law: How Does it Affect Your Business?

australian consumer law: how does it affect your business?

From 1 July 2021 the monetary limit that applies to consumer goods or services under the Australian Consumer Law increased from $40,000 to $100,000. So, what does that mean for you?

Let’s start by looking at who is a consumer.

Who is a consumer under the Australian Consumer Law (ACL)?

Since 1 July 2021, a consumer can be any person or entity that purchases goods or services from you, where those goods or services –

  • are purchased for $100,000 or less;
  • or are ordinarily acquired for personal, domestic or household use,
  • or are a vehicle or trailer used for transporting goods on public roads (more than personal use).

For anything purchased up to 30 June 2021, the value was $40,000. This is the first uplift in that value since 1986 and aims to protect a broader group of consumers. Whether your customer is a person, or a company or any other type of entity is irrelevant is the goods or services purchased were under $100,000. So, if you deal B2B, your business still has to meet consumer law obligations.

Similar rules apply to the provision of financial services under the Australian Securities Investment Commission (ASIC) legislation, and the monetary limit of financial services has also been lifted.

What protections apply to consumers?

As soon as a purchaser is classified a consumer, the ACL consumer guarantees apply. Consumer guarantees are automatic and apply in addition to any warranties you might offer.

A warranty and a guarantee are similar things. They are both promises that you make about your business goods or services. It might be helpful to consider them from an ‘active’ and ‘passive’ perspective. Consumer guarantees are automatic. A business doesn’t have to actively do anything, they just exist. A warranty is a voluntary promise, something you offer in addition to consumer guarantees. So, a ’30 day money back guarantee’ is actually an express warranty. Go figure.

There are nine consumer guarantees for goods, and three for services.

 

ProductsServices
  • Will receive clear title
  • Will have undisturbed possession
  • No undisclosed security over the goods
  • Acceptable quality
  • Fit for purpose
  • Match description
  • Match sample or demo
  • Repairs and spare parts are available
  • Express warranties will be met
  • Acceptable care and skill
  • Fit for purpose
  • Delivered within a reasonable time

Clear title and undisturbed possession just mean that when you purchase it, the buyer knows that there is not another owner or some other costs in the background. An example might be a business or relationship break up where one person sells something second hand and it actually belonged to the other partner. The person who really owned it can argue that the person who sold it did not have the right to do so and claim it back. Equally, a customer might want to pick something up from customs only to discover there are fees owed before they can take away the goods.

Undisclosed security is where money is owed. For example, if you want to buy a piece of machinery and there is finance owed on it and a PPSR registration against it, so the lender has priority over your claim and can sell the machinery to recover the debt, even though you bought it in good faith.

Many of the consumer guarantees are straight forward, but acceptable quality will depend on the value and quality of the goods. If you pay $100 for something that is advertised as an outdoor marquee, you might expect it to last at least a day, but you wouldn’t expect it to last for years and you wouldn’t expect it to last through high winds. On the other hand, you would expect a $1200 marquee to be more robust.    

For something to be fit for purpose, the consumer has to let you know what purpose is important to them. So, if a customer says it is important to them that the office chair they are buying can recline, but not fall over with someone who weighs 110kg in the seat, then the office chair needs to be able to meet that specification to be fit for purpose.

The availability of spare parts is important because it can affect what people are prepared to pay for an item. A consumer might be prepared to buy something that will last for a limited period without repair if it is cheap (consider home printers), but not pay for a large office copier without the ability to rely on regular service and repairs.     

What happens if you do not meet a Consumer Guarantee?

If you don’t meet a consumer guarantee, the purchaser has rights to remedies which can include repair, replacement, refund and may also include damages and consequential losses.

Depending on how the failure to meet consumer guarantees came about, you may also be liable for penalties for breaching a prohibition on making false or misleading representations, another provision of the Australian Consumer Law.

The type of remedy will depend on the problem with the product or service. If it is capable of being fixed, it is probably a minor problem and will need to be repaired or replaced. Depending on the value of the product, you also have the option of providing a refund, or the customer may have the option of requesting a refund.  

Consider large retail chains which will refund or replace most items without question simply because it is more efficient than arguing with customers or sending items off for assessment or repair. It also ensures a loyal customer base. Not every business has the same scale to do that.

If it is a major problem and cannot be fixed, then it is the customers choice about replacement or refund and the supplier must provide that replacement or refund and may also have to pay damages for any foreseeable loss resulting from the failure. In considering whether or not something is a major failure, you need to consider whether a reasonable consumer fully acquainted with the nature and extent of the failure would still have purchased the item for the amount that it was sold.

Consider how you might feel in the same position. 

For example

ACCC v Jayco Corporation Pty Ltd [2020]

As most people would know, Jayco is a brand of caravans and recreational vehicles (RVs). Jayco is a manufacturer that sells through dealerships.

The ACCC took action against Jayco to determine whether 4 RVs were of acceptable quality (a consumer guarantee), fit for purpose (a consumer guarantee) and whether the manufacturer was compliant with its express warranties. There was also a claim of misleading and deceptive conduct.

The first RV was a camper trailer. The issues it had were mainly a collection of relatively small poor finishes, but there was also a problem with the alignment of the chassis and a strut that failed in lifting the tent, causing further damage. The Court said –

At that price point ($27,000+), a reasonable consumer was entitled to expect a commensurate level of quality, including fit and finish. That expectation is consistent with the brochure that Jayco Corp published, and which Consumer read, which was calculated to convey the impression that a Jayco camper trailer was a durable, quality product. The combination of defects with the RV had the cumulative effect that the RV as a whole was not acceptable in appearance and finish, and its presentation was not consistent with the impression conveyed by the Jayco brochure…. In consequence, Consumer was entitled in April 2014 to reject the RV on the ground that the failure to comply with the guarantee of acceptable quality was a major failure…. As a result of the failure of the strut for the tent section on the second occasion, the RV was substantially unfit for purpose.”

The second RV was pop-top caravan that leaked, which was something the Consumer specifically asked about before purchase. Over a 15-month period it was in for repair on approximately 10 occasions. The Court considered the inability to provide shelter from the weather (the leaking soaked mattresses) “went to the heart of one of its purposes” and that “a reasonable consumer, fully acquainted with the defects and what was involved in attempting to repair them, would not have acquired the RV, and therefore there was a major failure” which entitled the Consumer to a replacement or refund.

There was also discussion around the fact that Jayco promoted their products as suitable for a relaxing family holiday, and a leaking roof and chassis would make it unfit for that purpose.

In all cases, Jayco had not provided a replacement or refund of the purchase price of the RVs and in one case was found to have led the consumer to believe that the only remedy available was repair. The court found those representations to be misleading or deceptive (s.18 of the ACL) and false and misleading (s.29 of the ACL). As a result, Jayco was required to pay a penalty of $75,000. It then had to deal with the owners of the RVs.

How to manage your risk of a consumer plan

We can help you to review your terms and conditions of supply of goods or services, whether you make them available online through your website or otherwise.

There are provisions that can be written into terms and conditions to provide you with a level of certainty around what you must do to meet consumer guarantees. For example, with consulting services it might be easiest for you to simply provide the services again rather than offering a refund. This will depend on how amicable the relationship remains with your customer, but may be more attractive that having to refund the consulting fee.

The ACL does require specific wording in terms and conditions depending on the goods, services or warranties you offer.

Once we have your terms worked out, then we can look at your processes with you and how information is shared within your business so that you and your employees understand how best to respond to and deal with requests for replacement or refund.

How can Onyx Legal help you?

Your terms and conditions of supply are important documents for managing your risk. Understanding your risks and having a clear understanding of how to respond to and deal with consumer complaints also makes a big difference. Book at time to discuss your situation with one of our team.

Make an Appointment

Online Learning: Protecting Your Business Online

Online Learning: Protecting Your Business Online

by | Jul 19, 2021 | Law for Online Business, Legal, Training, Video

Online Learning: Protecting Your Business Online

Consumer Protection Laws in Business

Did you know that all businesses must comply with consumer protection laws? So, it is important you understand how consumer rights affect your business. In this video, we give you example of a variety of topics that form part of consumer protection law, and therefore your obligations as a business owner.
 
Quick Guide to Consumer Protection Law – Video Table of Contents
2:00 Looking at Consumer Guarantees that Affect Your Business
2:35 What are Consumer Guarantees for Products – Maximum value now $100,000 up from $40,000
7:41 What are Consumer Guarantees for Services – Maximum value now $100,000 up from $40,000
10:42 Check out the ACCC Small Business Education Program link
11:22 What is Misleading and Deceptive Conduct
14:50 Examples of Misleading and Deceptive Conduct
17:43 What are Fair Payment Terms for Sellers and Is it Illegal to say “No Refunds”?
20:45 How Important is it for Your Business to Display Prices?
23:32 What about Selling Below Cost?
25:02 Do You have Unfair Contract Terms and How do Unfair Contract Terms apply B2B?
27:07 Why it is Important to Have Clear and Simply Contracts
29:50 Do You Have to Comply with Product Safety Standards
31:33 How to Contact Onyx Legal – NEW booking page link here

PRIVACY FOR SMALL BUSINESSES

All business owners must understand their obligations under Australian Privacy Laws.
 
To ensure your business stays on the right side of the law, watch our video to see our Principal Lawyer, Jeanette Jifkins, explain Privacy Law in Australia in more detail.
 

 

TERMS AND CONDITIONS

Terms and conditions help protect you and your consumer. So what do you need to include on your website?

 

 
 
Watch our video to see our Principal Lawyer, Jeanette Jifkins, explain.

 

website ownership basics

Who owns your website and what does that mean?
 
Did you know there is a difference between your domain name and what people see on your website?
 
Watch our video to see our Principal Lawyer, Jeanette Jifkins, discuss website ownership.

 

understanding copyright law

Watch the full video on Understanding Copyright Law below.

 

managing testimonials, comments, and reviews

Let’s talk testimonials and no, you can’t make them up.
 
How do you manage them? Are you allowed to use testimonials for advertising? Can you edit them?
 
Watch our video to see our Principal Lawyer, Jeanette Jifkins, answer all these questions.

 

anti-spam

Spam is an electronic commercial message that can include email, phone and even online chat platforms.
 
When done incorrectly it can be easy to create marketing that your audience may categorise as spam.
 
If you want to avoid this we recommend watching our below video to see our Principal Lawyer, Jeanette Jifkins, explain anti-spam in more detail.

 

How can Onyx Legal help you?

As a Small Business Owner it is sometimes hard to know where to start and scary not knowing what is important for your business from a legal perspective. Book your chance to get some quick, practical legal answers from the Onyx Legal team here and clarify your Next Steps in Business.   

Find out more

preload imagepreload image