Jurisdiction - Australia
Australia – Online TMT News.

17 June, 2014


Legal News & Analysis – Asia Pacific – Australia – TMT


Company Fined For Not Securing Information System

The Australian Energy Regulator (AER) has issued an infringement penalty of AUD 20k to Lumo Energy for breaches of the National Electricity Rules (Rules) relating to its failure to meet information system security standards relating to the online wholesale electricity trading system. Under the Rules, registered participants must comply with the Australian Energy Market Operator’s Market Management System Access Procedures when accessing its systems.

The breaches related to Market Settlement and Transfer Solution (MSATS), a system that forms part of the National Electricity Market (NEM), which is the wholesale electricity market for the five states of Australia. The system enables customer transfers and settlement processes and holds data on each connection point in the NEM.

Lumo Energy updated its IT network to allow third party service providers to access MSATS through a password protected site that was limited to certain IP addresses. The company also changed its firewall settings following access problems experienced by service providers. The AER found these actions were in breach of the Rules as Lumo Energy allowed unauthorised IP addresses to be exposed to the MSATS system and unencrypted MSATS data to be transmitted publicly over the internet. Importantly, the AER found that access to Lumo Energy’s market systems webpage being password protected was not in itself secure and did not mean that access was “restricted to secured, dedicated servers” as required.

In determining the appropriate response the AER considered the potential negative impact that the alleged breaches could have had, particularly on the integrity and security of the market systems and the data contained within the systems.


  • A link to the AER’s investigation report can be found here


ASIC Releases Report On Handling Of Confidential Information

On 27 May 2014, the Australian Securities and Investment Commission (ASIC) released Handling of confidential information: Briefings and unannounced corporate transactions, which reviews the handling of confidential information by companies and its advisers in analyst briefings and unannounced transactions.


Among ASIC’s key recommendations were:


  • Listed entities must vigilantly manage their confidential information and mitigate the risks of the disclosure of sensitive information. 
  • Companies should disseminate their policies and practices regarding the handling of confidential information within the organisation as well as promoting organisation-wide awareness of these policies. 
  • Board members and officers should be aware of the relevant guidelines. 
  • Listed entities should avoid practices of “massaging” the market through allowing broad access to investor briefings and having compliance systems in place to appropriately handle confidential, market-sensitive information. 


  • A link to ASIC’s media release can be found here

Using Competitor’s Trade Mark In Google AdWords Not Infringement

The High Court of New Zealand has held that the use of a competitor’s trade mark as a Google AdWords keyword does not amount to trade mark infringement: InterCity Group (NZ) Limited v Nakedbus NZ Limited [2014] NZHC 124. The plaintiff, InterCity Group (ICG) an operator of long-haul coach services sued its competitor, Nakedbus NZ Limited (Nakedbus) after determining that Google searches of the term “inter city” generated Nakedbus sponsored advertisements, which contained the words “inter city” and linked to the Nakedbus website.

ICG failed in its argument that the use of “inter city” and other variations on the phrase in Google AdWords constituted trade mark infringement. The Court held that, as the keywords used for Google AdWords are invisible to everyone except Google and the advertiser this could not be taken to be “used in a manner likely to be taken as being use as a trade mark”, a necessary component of a finding of trade mark infringement under New Zealand law. However, the plaintiff was successful in its argument that the use of “inter city” in the text of its Google advertisements and on its website amounted to trade mark infringement and breach of the Fair Trading Act 1986 (NZ). This case indicates that trade mark owners may face difficulties where competitors use their trade mark in Google AdWords and keywords but not on a website or advertisement.


  • A link to the decision can be found here


US Federal Trade Commission Has Authority To Police Cybersecurity Breaches Through Unfair Trading Laws

A US Court has found that the Federal Trade Commission (FTC) has the authority to regulate cybersecurity: Federal Trade Commission v Wyndham Worldwide Corporation (ES, Civil Action No. 13-1887, 7 April 2014). The FTC brought an action under Federal Trade Commission Act 15 U.S.C. § 45(a) (the Act) against Wyndham Worldwide Corporation corporate group (Wyndham), alleging that the hotel and resort chain violated the provisions that prohibit “acts or practices in or affecting commerce” that are “unfair” or “deceptive” (an unfairness claim).

The FTC argued that Wyndham had failed to provide appropriate security for the personal information of customers after unauthorised parties had gained access to Wyndham’s computer network on three separate occasions and accessed customer’s personal information and payment details. The failures the FTC pointed to included failures to use security measures such as complex user IDs and passwords, firewalls and network segmentation between the hotels and the corporate network. As well, Wyndham had improper software configurations that stored payment information in clear readable text.


The Court denied Wyndham’s motion to dismiss. The Court found that the FTC had the authority to bring an unfairness claim involving data security under the Act. Additionally, Wyndham’s cybersecurity policies were deceptive as they claimed to protect customer information. District Judge Salas emphasised that “this decision does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked”. However, this case is important as data privacy becomes a significant concern for the hotel industry, and businesses that hold and maintain sensitive customer information should ensure the security of their systems is effective.


  • A link to the decision can be found here


Ashurst Logo


For further information, please contact:


Gordon Hughes, Partner, Ashurst
[email protected]


Ashurst TMT Practice Profile in Australia


Comments are closed.