Australia: The legal risks arising from electronic storage of work information in the construction industry

The transformation of the contemporary workplace through electronic practices and information technology has led to new challenges for employers and employees, courts and legislatures, policy makers and government. These challenges are extensive and varied. In this article we survey the state of the law relating to the legal risks arising from the electronic storage of work information, particularly in the context of the construction industry.


It is common for principal contractors in the construction industry to use technology to collate and manage information about the workforce on site, particularly in large remote projects. Technology has certainly presented opportunities to gather and manage information in a way that was difficult to achieve previously. Electronic storage of records and documents means that those documents can be retrieved instantly and multiple people can view documents at the same time allowing for better organisation and accessibility.

Often the information stored on those systems relates not only to the employees of the principal contractor, but also the employees of subcontractors on site as well as former workers and sometimes potential workers. The risks of such systems are well outweighed in most cases by the benefits in using such systems particularly in areas such as co-ordinating flights, accommodation, transport and other services. In many instances an organisation may unknowingly violate the employees' right to privacy which may open up the organisation to risks. There are a number of legal issues that need to be considered including:

  • issues in relation to the privacy of that information;
  • the possibility of adverse action claims being commenced against an organisation; and/or
  • the possibility of defamation proceedings being commenced against an organisation.

Electronic communication expansion

The workplace landscape has changed dramatically in the past decade as a result of the proliferation of computer-based communication technologies and the advancement in technology and storage of information. These advances have enabled the worldwide exchange of information, in an increasingly international landscape with more and more Australian organisations, in a number of different industry areas, merging with overseas organisations. The advances in technology mean that there is a full mobility of resources with real time data flows and centralised information access.

It has been said that technology, particularly information and communication technology, is both a significant driver of modern economy and potentially one of its weakest links. 12 The International Risk Governance Council (IRGC) has stated that "a significant problem for owners, managers and regulators is that the public and many officials in government have limited knowledge of the vulnerabilities of these systems and of the risk factors that have increased during the past several decades". 13 Organisations must be proactive in managing the potential risks in this area.

One of the problems with the electronic storage of information is that organisations may not be aware of the risks associated with the storage of that information as electronic communications are permanent and searchable and leave a digital trail of information thereby eliminating conceivable deniability.

Many organisations are harnessing modern technology and putting it to the best use in their workplaces. The issue is what the use of that modern technology by organisations will mean for legal and employment regulation. There is an ever growing sense of concern of how the advances in technology will impact on an employee's right to privacy.

Issues in relation to Privacy

The relevant legislation
Organisations have to be aware of their obligations under a variety of privacy related legislation depending on which jurisdiction is applicable. This article focuses on the Federal legislation.

Privacy Act 1988 (Cth)
The Privacy Act 1988 (Cth) (Privacy Act) broadly regulates the collection of personal information. Personal information is any information that relates to an identifiable individual. If a private organisation collects personal information, it is bound by the National Privacy Principles (NPPs). Private organisations must have an approved privacy code, or in its absence, comply with the NPPs. The NPPs describe how an organisation may collect and use information about individuals and entitles individuals to access and correct any information held about them. There are some exceptions, the most relevant here being the employee record exemption.

The employee record exception
Section 7B(3) of the Privacy Act grants employers exception from the Privacy Act in certain circumstances. Three elements must be established in order for the exception to apply:

the organisation must be acting in the capacity of a current or former employer;

the dealings with the data must be directly related to that employee/ employer relationship; and

the dealings with the data must be directly related to that employee's employee record held by the employer.

Element 1 – Acting in the capacity of a current or former employer
In the case of principal contractors, often there is not an employment relationship which exists between the contractor and the workers on site. In which case, the employee records exemption will not apply to the records held by a principal contractor in respect of those workers.

In addition, this requirement means that information collected regarding a prospective employee is excluded from the exception. All the data collected would not be covered by the exemption and would fall within the scope of the Privacy Act.

In these circumstances it will therefore be important to ensure compliance with the NPPs or any applicable privacy code.

Element 2 – Related to the employee/employer relationship
If an employer does something with the employee's data that is not related to the employment relationship, the employer is not protected by the employee record exception. Care must be taken to ensure that the data stored electronically relates to the employee / employer relationship.

Private Sector Information Sheet 12, published by the Australian Information Commissioner 14 , provides that the employee records exemption does not cover contractors and subcontractors when they handle the personal information of the employees of another organisation, notwithstanding those contractual arrangements. In many circumstances, the employee records exemption may not apply to organisations that provide recruitment, human resource management services, medical, training or superannuation services under a contract to an employer.

An organisation that collects employee records about a person from the organisation employing that person will have to comply with the notice requirements of NPP 1.

Element 3 – Related to that employee's record held by the employer
This exemption only applies as long as the record is held by the employer. As discussed above, given that there is often not an employment relationship between the principal contractor and the workers on site, if employee information is disclosed from the employer to the principal contractor, the exception from the Privacy Act no longer applies to the information held by the principal contractor.

What is an employee record?
Section 6(1) of the Privacy Act sets out a non-exhaustive list of the types of information that is included in the definition of 'employee record'. Employee record, in relation to an employee, means a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all or any of the following:

  1. the engagement, training, disciplining or resignation of the employee;
  2. the termination of the employment of the employee;
  3. the terms and conditions of employment of the employee;
  4. the employee's personal and emergency contact details;
  5. the employee's performance or conduct;
  6. the employee's hours of employment;
  7. the employee's salary or wages;
  8. the employee's membership of a professional or trade association;
  9. the employee's trade union membership;
  10. the employee's recreation, long service, sick, personal, maternity, paternity or other leave; and
  11. the employee's taxation, banking or superannuation affairs.

Taking into account the nature of these examples, it is clear that information, such as, the content of employees' private emails and the details of what web-sites an employee has visited do not fall within the exemption for employee records, and, therefore, the Privacy Act applies to that information. The Federal Privacy Commissioner has expressly stated that logs of staff web-browsing activities are subject to the provisions of the Privacy Act.15

National Privacy Principles
Where the data is personal information and is not covered by the employee record exception, the Privacy Act applies to the collection and use of that information. The NPPs set out ten principles that private organisations must adhere to when collecting personal information. In summary, these ten principles are as follows:

  1. NPP 1 describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.
  2. NPP 2 outlines how organisations may use and disclose individuals' personal information. If certain conditions are met, an organisation does not always need an individual's consent to use and disclose personal information.
  3. NPPs 3 and 4 provide that an organisation must take steps to ensure the personal information it holds is accurate and up-todate and is kept secure from unauthorised use or access.
  4. NPP 5 provides that an organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.
  5. NPP 6 gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-ofdate.
  6. NPP 7 generally prevents an organisation from adopting an Australian Government identifier for an individual as its own.
  7. NPP 8 provides that, where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.
  8. NPP 9 outlines how organisations should protect personal information that they transfer outside Australia.
  9. NPP 10 deals with sensitive information which includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information.

Outsourcing management of employment data
The outsourcing of the management of employment data and information is increasingly occurring with the advancement of technology. Where an organisation outsources the hosting or management of employment data, the organisation will be responsible for ensuring the host partner also complies with the relevant requirements. Where the host partner is Australian based, that host will also be required to comply with the NPPs, however, this does not discharge the organisation's primary obligations under the Privacy Act.

Where the host partner is located overseas, it will not be subject to the Privacy Act. The Privacy Act regulates handling of personal information in Australia and originating from Australia. Under NPP 9, if an organisation's overseas activity is required by the law of the foreign country, then it does not interfere with the privacy of an individual under Australian law.

An organisation may transfer personal information overseas provided that one of the following conditions is satisfied:

  • the individual has consented to the transfer of the information;
  • it is impracticable to obtain the individual's consent, however, it is likely that consent would be given and the transfer is for the benefit of the individual;
  • there is a contract between the individual and the organisation that requires the transfer or where there is a contract between a third party and the organisation in the interest of the individual;
  • the organisation reasonably believes a contract or law applies at the destination which delivers privacy standards substantially similar to the NPPs; or
  • the organisation has taken reasonable steps to ensure that the information will not be used, disclosed or held by its recipient in a way that is consistent with the NPPs.

Sensitive information
If a person visits certain websites on the employer's equipment, the web-address data recorded may reveal information about their religion, sexual preference, ethnic origin or membership of a union or political organisation. As such, a person's web and email usage data could easily contain information that is defined under the Privacy Act as 'sensitive information' which is defined in section 6 of the Privacy Act. Collection of this form of data attracts increased regulation from the Privacy Act.

Consequences of breach of NPPs
An organisation that is found to have breached privacy laws may find itself in a position where it not only has to pay the aggrieved party a significant amount of damages, but also suffers irreparable harm due to negative publicity and the public's loss of confidence in its ability to properly deal with and maintain their personal and private information.16

The Australian Information Commissioner has the power under the Privacy Act to investigate a complaint by an individual regarding an alleged breach of a NPP and if the Australian Information Commissioner finds the complaint substantiated the Australian Information Commissioner can make a determination. That determination can include one or more of the following:

  1. a declaration that an organisation must not repeat or continue such conduct;
  2. a declaration that a respondent perform any reasonable act or course of conduct to redress any loss or damage suffered by an individual; and/or
  3. a declaration that the complainant is entitled to a specific amount of damages. Damages can include an amount of loss and damage for injury to a complainant's feelings or humiliation suffered by a complainant.

Should an organisation fail to comply with the determination of the Australian Information Commissioner, an individual or the Australian Information Commissioner can commence proceedings in the Federal Court or the Federal Magistrates Court for an order to enforce the determination. A Court may, in circumstances where they consider an organisation has interfered with the privacy of an individual, make any order that they consider fit.

An individual may also seek injunctive relief from the Federal Court or the Federal Magistrates Court to enforce his or her rights of access and correction under the Privacy Act. In Smallbone v New South Wales Bar Association [2011] FCA 1145, a barrister was successful in gaining access to certain information about him that the Bar Association had collected in relation to his application for appointment as Senior Counsel. The Court made orders restraining the Bar Association from making any adverse determination of Smallbone's application until the expiry of seven days after the barrister had completed inspecting the information.

Breach of privacy obligations can also be costly for organisations if an award of compensation is awarded against the organisation and the costs involved in defending such proceedings can be significant. For example, the Administrative Appeals Tribunal in Rummery and Federal Privacy Commissioner [2004] AATA 1221 granted an $8,000 award of compensation to a worker for breach of privacy laws.

In addition, if proceedings are commenced against an organisation for breach of privacy obligations, this can have a substantial negative impact on the organisation's business as a result of the negative publicity associated with such proceedings.

Adequacy of Australia's online Privacy Framework
Due to the development of web 2.0 technologies that allow greater online interaction in respect of user generated content, it has become possible to store, share and upload large quantities of personal data onto the web. In addition, it has become easier for website operators to send personal data overseas which, as a result, means that Australian regulators have less control over the manner in which personal data relating to Australians is captured, stored and handled.

There have been questions raised about the effectiveness of the Privacy Act in light of advances in technology. 17 The Privacy Act has been subject to detailed recommendations by the Australian Law Reform Commission (ALRC). Some of these recommendations have been adopted by the Australian Government in its first stage response. The second stage response will consider recommendations in relation to proposals to clarify or remove certain exemptions from the Privacy Act such as the exemptions for employee records.

Status of employee records exemption
The existence of this exemption has meant that in practice, privacy compliance polices and strategies have not had to address the handling of employee records. This situation may change in light of the recommendations contained in the ALRC report into privacy in Australia (Report 108).18

The ALRC noted that the employee records exemption was inserted at a time when the legislature envisaged that workplace relations law, rather than privacy, would be more appropriate for addressing privacy as a private sector employment issue. The intended statutory protections in workplace relations legislation never materialised.

The ALRC's final report, released in August 2008, ultimately recommended that the employee records exemption in s 7B(3) of the Privacy Act be repealed and the Office of the Federal Privacy Commissioner should publish guidelines on the application of the model Unified Privacy Principles, which was a key recommendation of the ALRC, to employee records.

The Australian Government issued the first stage of its response to Report 108 on 14 October 2009 (First Stage Response). The Government is still finalising the first stage reforms that came out of Report 108. Once that has been finalised, the Government will consider the remaining 98 recommendations from Report 108 which includes whether the employee records exemption should be removed.

Any change to the employee records exemption may have significant implications for employers. Administrative costs of complying with privacy protection for some aspects of employee records could be substantial. Some employers may find that even limited reform, such as entitling employees to correct records on their personnel file, would adversely affect how employees manage work performance and termination issues.19

Cross-border data flows
The First Stage Response recommended that the Privacy Act be amended so that a company will be treated as having an Australian link (and thereby caught by the Privacy Act) where it collects information from Australia. There will be no need for the company to be incorporated in Australia or otherwise have any other link to Australia (besides the fact that it collects information).

In respect of cloud computing, the First Stage Response recommended that the Privacy Act be amended so that all Australian organisations transferring personal data offshore are required to be fully accountable in respect of the protection of the privacy of the personal data.

Further, the First Stage Response recommended that the Government consider whether such provisions are enforceable and, if required, strengthen the Privacy Commissioner's powers to enforce provisions related to offshore data transfer.

Possible statutory cause of action for serious invasion of privacy
Statutory and common law causes of action for breach of privacy are found in many other jurisdictions, including the United Kingdom, the United States and New Zealand.

On 23 September 2011, the Minister for Privacy and Freedom of Information, the Honourable Brendan O'Connor, released an Issues Paper titled "A Commonwealth Statutory Cause of Action for Serious Invasion of Privacy". The Issues paper discusses the recommendations by the ALRC in relation to the introduction of a statutory cause of action for serious invasions of privacy. In his media release, Mr O'Connor stated:

"Rapid advances in technology have led to profound changes to the ways in which people store personal information, and how they share that information with family, friends, organisations and government. We need to make sure that our privacy laws and protections are keeping pace with the changes."

Responses to the Issues Paper were requested to be provided by 4 November 2011. If such a statutory cause of action is introduced, this will presumably have a significant impact on the operation of organisations in relation to the electronic storage of information.

In light of the recent News of the World telephone hacking scandal in the United Kingdom, there will no doubt be increased support for this statutory cause of action in Australia.

Other sources of privacy rights – common law breach of confidence
Common law breach of confidence may also give rise to actions against an employer. Although not well defined in the area of employment law, the three elements of an action could conceivably be fulfilled in an employment context. The elements that form the tort are that:

  1. the information disclosed is inherently confidential or expressly stated to be confidential;
  2. it was imparted in circumstances which created an obligation of confidence either expressly or impliedly; and
  3. the employer has threatened or has actually disclosed the information without the employee's authority:

Coco v A N Clark (Engineers) Ltd [1976] RPC 41 at 47.

The possibility of a cause of action being utilised by an individual should also be borne in mind by organisations when electronically storing workplace information.

Legal issues in relation to surveillance
While the employee record exemption may be of assistance to employers, as discussed above, there are definite gaps in the protection particularly in the context of the construction industry. This particularly extends to organisations that conduct electronic surveillance of individuals and keep an electronic record of that information.

Organisations need to consider the regulation of surveillance that is applicable in order to ensure that they are not in breach in conducting surveillance. Problems may arise for organisations where a record of that surveillance is stored electronically and then accessible by the individual in accordance with the NPPs. This may give the individual the evidence to commence action against the organisation.

Workplace surveillance is still a matter that falls within the jurisdiction of the states and territories. There are 11 Acts in operation in Australia that regulate surveillance:

Jurisdiction Legislation
Commonwealth Surveillance Devices Act 2004 Telecommunications (Interception and Access) Act 1979
ACT Workplace Privacy Act 2011
New South Wales Workplace Surveillance Act 2005
Northern Territory Surveillance Devices Act 2007
Queensland Invasion of Privacy Act 1971

Jurisdiction Legislation
South Australia Listening and Surveillance Devices Act 1972
Tasmania Listening Devices Act 1991
Victoria Surveillance Devices (Workplace Privacy) Act 2006
Western Australia Surveillance Devices Act 1998

A number of States have enacted legislation specifically dealing with surveillance in the workplace:

  • ACT – On 24 February 2011, the Workplace Privacy Act 2011 (ACT) commenced. The Act recognises a right to privacy for workers in the workplace, and requires that employers must inform workers when their right to privacy will be limited through use of surveillance and the reason for the limitation. It seeks to do this in such a fashion that balances a worker's right to privacy with a business owner's right to take reasonable steps to protect their business and monitor their employees.
  • NSW – The Workplace Surveillance Act 2005 (NSW) sets out the requirements that an employer must fulfil in order to monitor employees' computer usage (among other things).
  • Victoria – In 2005, the Victorian Law Reform Commission made recommendations regarding policies for electronic workplace surveillance, genetic testing in the workplace and drug and alcohol testing in the workplace. To date, the only response has been the Surveillance Devices (Workplace Privacy) Act 2006 (Vic), which prohibits the placement of video surveillance in change rooms and bathrooms.
  • WA – The Surveillance Devices Act 1998 (WA) makes it an offence for employers (or employees) to use, install or maintain listening devises to record a private conversation; optical surveillance devices to record visually or to observe private activity; and tracking devices to determine the geographical location of a person. There is no provision for restrictions on computer surveillance.
  • Queensland, SA, Tasmania and the NT – These states and territory have no specific workplace surveillance legislation.

There is certainly a trend emerging of States and Territories enacting surveillance legislation specific to the workplace. In addition, surveillance laws in some states started to consider and regulate electronic surveillance, for example, in New South Wales, email and internet usage surveillance is regulated. Organisations need to be aware of the regulation of surveillance in the particular applicable jurisdiction.

Adverse Action Risks

Adverse action prohibition
As is now well-known the Fair Work Act 2009 (Cth) (FW Act) prohibits adverse action against a person for an unlawful reason. In particular, those reasons arise on the basis of workplace rights, industrial activities or for a discriminatory reason. Adverse action includes conduct such as termination of an employee's employment or a contractor's contract of engagement or refusing to employ a potential employee.

Prospective employees covered
It is important to note that prospective employees, employees and contractors are taken to have workplace rights pursuant to section 341(3) of the FW Act. This means that to the extent that information is stored on a database which is then subsequently relied on by a prospective employer, a principal contractor or subcontractors in determining whether or not to engage an employee or subcontractor or to renew a contract, such conduct could amount to adverse action and the information that is stored in the system would be available to the worker under the terms of the NPPs.

The use of the internet to obtain information about current employees and job applicants creates risks for employers. These searches can result in incorrect or false information that might lead to overreactions and adverse employment decisions harmful to both the individual and the employer or contractor.

An organisation's knowledge or possession of cyber-based information may constitute material evidence for a claim of unlawful discrimination, violations of privacy, or infringements upon legal rights to engage in certain protected activities.

Reverse onus of proof
A reverse onus of proof will apply in proceedings alleging breach of the general protections except an application for an injunction. What this means is that if an employee or prospective employee or contractor or prospective contractor alleges that an employer's or contractor's conduct was taken for a particular reason or intent in breach of the provisions, a court will presume that the conduct was taken for that reason or intent unless the employer or contractor satisfies the court, on the balance of probabilities, that the conduct was not taken for that reason or intent.

Consequences of breach
A court may make an order it considers appropriate if it is satisfied the general protections have been breached. The orders a court may make include:

  • An injunction, or interim injunction, to prevent, stop or remedy the effects of the breach;
  • Awarding compensation for the loss suffered because of the breach (noting that there is no cap on the amount of compensation that can be awarded);
  • An order for reinstatement; and/or
  • Imposing a maximum penalty for each breach of $33,000 for an incorporated employer or $6,600 for an unincorporated employer.

Therefore in managing such information systems it is important to ensure that only current and relevant information is stored and not otherwise irrelevant information such as union membership, race or cultural origins.

Risk of defamation proceedings

Electronic storage of work information means that information can be accessed in an instant and if that information is defamatory, that could expose the organisation that published that information to a potential action being brought against it for defamation. If a report (whether verbal or written) includes defamatory material, the publisher may be liable for an action in defamation.

Vicarious liability
Where an employee acting within the scope of his/her employment publishes a defamatory matter, an employer may prima-facie be liable. Ultimately, liability will be determined by reference to the question as to whether there is a close connection between the employment and the publication, whether it be authorised or not.20

Elements of defamation
Four threshold conditions must be met by the person alleging defamation:

  • the matter complained of is capable of being defamatory of that person;
  • the defamatory meaning is in fact conveyed by the words used;
  • the matter complained of was published by the organisation; and
  • the matter complained of was published of and concerning that person.

Possible defences
The defences that may be relevant in relation to an action for defamation commenced as a result of the electronic storage of work related information include:

  • Justification: where the publication is substantially true;
  • Qualified interest: for example, where an investigation is conducted in relation to an employee's conduct, where the recipient of the information has an interest in receiving the defamatory material, and the organisation's conduct is reasonable. What is reasonable depends on the circumstances, including by having regard to the public interest, the seriousness of the defamation, whether it is suspicion or proven fact and whether the defamed person was provided with natural justice; and
  • Honest opinion: where the statement is opinion (as opposed to fact), is in the public interest and based on proper material.

Consequences of breach
Compensatory damages can be awarded by a Court if an action for defamation is established and there are no available defences. It is therefore important to ensure that the information held in any database is accurate and not defamatory.

Limiting risks
Although the electronic storage of information may open organisations to a number of risks, as discussed above, organisations can take steps to limit their potential liability. There are a number of steps that can be taken by organisations. This article is limited to discussing three key steps.

Limit collection of personal information
Employers should ensure that the information they collect about their employees contains a minimum of personal information and that the collection of sensitive personal information is avoided wherever possible.

Limit disclosure of employee personal information
Only authorised personnel should have access to the personal information of employees. Safeguards, such as passwords or encryption should be used to limit access to electronic records. Consent should be obtained before disclosing employmentrelated information to third parties. Appropriate processes should be used to properly dispose of computer equipment or documents containing personal information.

Implement workplace privacy polices
Informing people about the personal information that is collected, held and what is done with it is an important NPP. The Australian Information Commissioner encourages organisations to develop in consultation with staff, a clear privacy policy in relation to staff use of computer networks, particularly with regard to the use of email and the internet.

Workplace privacy and data protection policies should expressly prohibit employees from accessing the personal information of others unless they have authorisation and a legitimate business purpose to do so. The policies should warn employees that they may be subject to disciplinary action, up to and including termination of employment, for violating the policies.

If an organisation currently had a workplace privacy policy in place, it should review the policy to ensure that it is up to date with modern technology.

Training should be provided to ensure employees understand: how the employer may collect, use, and disclose their personal information, the nature and scope of workplace monitoring, their obligations to safeguard the privacy of others and the consequences of violating polices and the privacy of others.


Whilst the advances in modern technology have led to substantial benefits for organisations, organisations need to be aware of the potential risks in relation to the electronic storage of work information. Even though the legal risks associated with the electronic storage of work information are vast, organisations can implement a number of practices and procedures in order to avoid and mitigate the organisation's potential exposure to those risks. Prudent business practice suggests that organisations should undergo regular audits in order to ensure compliance with the applicable laws as discussed above.


12 N Wilson, 'Regulating the information age – How will we cope with technological change?' (2010) 22 Australian Bar Review 119 at 120.
13 International Risk Governance Council, Managing and Reducing Social Vulnerabilities from Coupled Critical Infrastructures, White Paper No. 3, 2006, n3, p 12.
14 On 1 November 2010 all of the powers of the Privacy Commissioner under the Privacy Act were conferred on the Australian Information Commissioner.
15 Office of the Federal Privacy Commission Guidelines on Workplace E-mail, Web Browsing and Privacy (30 March 2000).
16 Dr Dan Svantesson, "Privacy in the e-workplace – employers beware!", Privacy Law Bulletin (2009) at 18 – 21.
17 Australian Law Reform Commission, Review of Privacy, Issues Paper No. 31 (2006).
18 Australian Law Reform Commission Report 108: For Your Information: Australian Privacy Law and Practice.
19 Dianne Banks and Michelle Rowland, Statuts of the "employee records exemption" under the Privacy Act 1988 (Cth), Privacy Law Bulletin (2009) May, 85 – 86.
20 Colonial Mutual life Assurance Society Ltd v The Producers and Citizens Co-operative Assurance Co of Australia (1931) 46 CLR 41.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Mondaq Advice Centre (MACs)
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.