Franchising Focus – Autumn 2017 edition

Welcome to the Autumn edition of Franchising Focus.

As winter approaches, a few issues continue to burn hot for franchisors. Most relevantly, since our last edition of Franchising Focus was released, legislation has been introduced into Parliament to amend the Fair Work Act - The Fair Work Amendment (Protection of Vulnerable Workers) Bill 2017 (the Bill) - to make parent companies and franchisors liable for the workplace relations breaches of subsidiaries and franchisees in certain circumstances.  Based on the current draft of the legislation, Division 4A will create new liability for “responsible franchisor” entities in relation to franchisee entities, and holding companies in relation to subsidiaries.  Specifically a “responsible franchisor” entity will be liable for breaches by a franchisee entity, subject to a defence that the responsible franchisor entity used reasonable efforts to prevent the breach. 

Norton Rose Fulbright, in conjunction with the Franchise Council of Australia, has been intimately involved with discussions with the Federal Government in respect of the legislation and what its impact will be on the franchise community. Off the back of those discussions, the Senate Education and Employment Legislation Committee has recommend a number of sensible changes to the Bill which, if implemented, should address many of the concerns about legislative overreach and compliance costs.

The Senate Committee has recommended that the Government amend the core definition of "responsible franchisor entity" such that to come within the ambit of the Bill the franchisor is required to have significant influence or control over "workplace relations matters", not just any "affairs". The Senate Committee has also recommended that the Bill be amended to better reflect the intent of the Explanatory Memorandum. This recommendation appears to relate to requested clarifications to the "reasonable steps" defence. This is not a perfect outcome, but it is a significant improvement on the Bill as initially drafted. 

The political situation is still quite fluid, with the Senate not due to debate the Bill until early June. The Minister has said she is open to reasonable amendments, and the Senate Committee recommendations fit that criteria.  We will continue to closely monitor the situation and keep you informed of developments.

On a related matter, Prime Minister Malcolm Turnbull’s 18 April 2017 announcement that the 457 visa program would be wound up in early 2018 took many people by surprise. However, for those networks that use 457 visas in their systems, it is important to note that while the program will be winding up, it is anticipated that sponsors will still need to comply with existing obligations.

Finally, we wanted to briefly mention one of our upcoming seminars, The Internet of People – Beyond Digital Health. The seminar, which will be held in both our Sydney and Melbourne offices, will be of particular interest to those in the health and technology space and will examine the key issues, implications and regulatory challenges in the futuristic world of digital health. Please feel free to contact us for more information.

In this edition of Franchising Focus:

• We discuss the ongoing obligations on sponsors of 457 visa holders, despite the announcement of the winding up of the 457 visa program;

• Jamie Griffin talks about the mandatory data breach notification laws that are due to come into effect in early 2018 and provides advice to franchisors about what they can do now to prepare for these changes; and

• Georgina Hey and Laura Simonds provide some practical guidance on identifying and protecting intellectual property.

Enjoy!

Kind regards

Allison McLeod (Editor, Franchising Focus)

Author Mira Yannicos, Special Counsel
Migration Agent Registration No. 0532134
Accredited Immigration Law Specialist  

Since our last edition of Franchising Focus, there has been a surprising development in respect of 457 visas. Prime Minister Malcolm Turnbull announced on 18 April 2017 that the 457 visa will be abolished and replaced with a new Temporary Skill Shortage (TSS) visa from March 2018.

However, the 457 visa program (with some changes) will remain in effect until March 2018 and existing 457 visa holders will not be affected. 

It is also anticipated that the sponsorship obligations will continue beyond March 2018, albeit with some enhancements in due course. As such, while the end of the 457 visa program may be in sight, for those employers who have employees on 457 visas you still need to be aware of your obligations as it is likely that such obligations will continue even once this program is wound up.

In our previous edition of Franchising Focus we raised the issue of franchisor liability for 457 visa holders. In this edition we will address the sponsorship obligations as they pertain to 457 visa employers.

As the law currently stands, only the direct employers of 457 visa holders are accountable for the employer obligations associated with the 457 visa. The direct employer may be the franchisor or the franchisee.

In most cases, depending on the contractual arrangements between the franchisor and franchisee, it is the franchisee that is subject to the sponsorship obligations in its capacity as the direct employer and an ‘approved standard business sponsor’ under the Migration Act 1958 (Cth).

What are the sponsorship obligations of an employer of a 457 visa holder?

A summary of some of the 457 visa sponsorship obligations most relevant to the employers of 457 visa holders within the franchise network are as follows:

• Reg 2.79: Obligation to ensure equivalent terms and conditions of employment which are no less favourable than those provided to Australian citizens or permanent residents performing equivalent work in the same workplace and location. This obligation aligns with the Fair Work Act 2009 (Cth).

• Reg 2.84: Obligation to provide information to the Department of Immigration and Border Protection (DIBP) within 28 days of the occurrence of certain events including actual or expected cessation of a sponsored person’s employment, change to work duties/occupation, changes to the employer’s corporate or financial status, payment of return travel costs, etc.

• Reg 2.86: Obligation to ensure that the sponsored person works or participates in a nominated occupation, program or activity for which their nomination has been approved.

• Reg 2.87: Obligation not to recover, transfer or take actions that would result in the sponsored person or their family paying for certain costs even if the sponsored person agrees to accept these costs.

• Reg 2.87B: Obligation to provide training to Australian employees (not sponsored employees) by meeting certain training benchmarks in each 12 months of engaging a 457 sponsored person. A sponsor’s training record is assessed on an annual basis for monitoring purposes in the 12 month period.

• Reg 2.87C: Obligation not to engage in discriminatory recruitment practices which requires employers to give an attestation that they will commit to employing local labour if the required skills are available and must not engage in discriminatory recruitment on the basis of visa or citizenship status.

When do the sponsorship obligations commence and end?

Each of the obligations have a start date and an end date. Most of the above obligations commence on the day the 457 visa, nomination or sponsorship is granted, and end on various occasions including when:

• the visa holder ceases employment with the sponsor;

• another nomination is granted;

• the sponsored person is granted an alternative substantive visa;

• the sponsored person departs Australia and the 457 visa has ceased to be in effect; or

• the sponsor ceases to be an approved sponsor and no longer has sponsored persons.

However, other obligations, such as cooperating with inspectors, keeping records and payment of location and removal costs, only end 2 or 5 years after the visa holder departs Australia or the sponsorship ceases and there are no sponsored persons left.

It is critical that employers understand the nature and extent of these obligations, as failure to comply can lead to sanctions ranging from formal warning letters from the Department of Immigration and Border Protection, cancellation or barring of the sponsorship, civil penalty orders to enforceable undertakings in court and infringement notices.

Strategies for compliance with sponsorship obligations

As noted above, even though the 457 visa program is being wound up, it is likely that those employers with employees on these visas will continue to be bound by their existing obligations and as such, need to ensure that they continue to comply with the laws relating to the 457 visa program. There are a number of strategies and processes that may be considered to ensure that both the franchisee and franchisor are immigration compliant. These include:

• adding clauses into franchise agreements outlining the nature and extent of immigration responsibility;

• agreeing within the franchisee and franchisor contractual arrangements to undertake and report on regular audits of the 457 visa population to ensure legal employment and compliance with immigration laws and sponsorship obligations; and

• reviewing current internal processes and practices including recruitment practices, HR policies, contracts of employment and compliance frameworks in general.

Next Franchising Focus

In part 3 of the of the 457 visa series we will focus on the nature and extent of monitoring compliance with the sponsorship obligations by the immigration and other authorities and the consequences of non-compliance with these obligations in the context of the franchise network. 

Disclaimer

This information is general in nature and does not amount to legal advice. For further details about any of the issues raised in this article, or to discuss any immigration law matters your network may have, please contact Mira Yannicos at Norton Rose Fulbright Australia on +61 3 8686 6524.

On 13 February 2017 the Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Bill) was passed by the Federal Parliament. The Bill received Royal Assent on 22 February 2017 and will take effect from 22 February 2018, unless an earlier commencement date is proclaimed.  The Bill amends the Privacy Act 1988 (Cth) (Privacy Act) to introduce a new obligation for the occurrence of an “eligible data breach” to be notified to the Australian Privacy Commissioner and to affected individuals.

Mandatory data breach notification obligations

Once the provisions of the Bill come into effect, entities that are required to comply with the Privacy Act will become subject to mandatory data breach notification obligations. Entities that must comply with the Privacy Act include private sector organisations with an annual turnover of more than $3 million, so many franchisors will be required to comply with the new data breach notification obligations. If one company in a corporate group has an annual turnover of more than $3 million, then all of the companies in that corporate group are required to comply with the Privacy Act and will become subject to mandatory data breach notification obligations.

Organisations will be required to:

• make an assessment of whether an eligible data breach has occurred within 30 days of becoming aware that there are reasonable grounds to suspect there may have been an eligible data breach; and

• if an organisation is aware that there are reasonable grounds to believe there has been an eligible data breach, prepare a statement that contains:

• the identity and contact details of the organisation;

• a description of the eligible data breach;

• the kinds of information affected; and

• the organisation’s recommendations for the steps that affected individuals should take.

The statement must then be provided to the Australian Privacy Commissioner and notified to each of the individuals to whom the affected information relates or who are at risk from the eligible data breach. If it is not practicable to directly notify the affected individuals, then the statement must be published on the organisation’s website.

What is an eligible data breach?

For the purpose of these notification obligations, an “eligible data breach” occurs where:

• there is unauthorised access to, or unauthorised disclosure of, personal information held by the entity, or personal information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and

• a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

The Bill sets out a range of factors that an organisation is required to have regard to in assessing whether the access or disclosure would be likely to result in serious harm. The factors include the kinds of information affected and its sensitivity, whether a security measure (such as encryption) was applied in relation to that data and the nature of the potential harm.

However, where remedial action has been taken and a reasonable person would conclude that the taking of the remedial action would mean that there is unlikely to be any serious harm to any affected individuals, then the data breach notification obligations in the Bill would not apply.

The Privacy Commissioner

The Privacy Commissioner has the power to require an organisation to comply with and follow the data breach process if the Privacy Commissioner is aware that there are reasonable grounds to believe there has been an eligible data breach in relation to that organisation. The Privacy Commissioner also has the power to declare that an organisation does not have to comply with these notification obligations or extend the time for compliance with those obligations.

Information held outside Australia

The Bill also expands the mandatory data breach notification obligations to some circumstances where the personal information that is the subject of the data breach is held by a service provider outside Australia. Where an organisation in Australia has disclosed personal information to an offshore recipient under a contract (which is permissible under the Privacy Act, provided that the contract contains sufficient privacy protections), an eligible data breach that occurs offshore in relation to that transferred personal information is deemed to be an eligible data breach that affects the organisation in Australia. For example, this would mean that the obligation to notify of a data breach would extend to circumstances where an Australian organisation holds personal information in a cloud computing service that is hosted from outside Australia.

Failure to comply

A failure to notify an eligible data breach (either when required by the relevant provision of the Privacy Act, as amended by the Bill, or when the organisation is directed to do so by the Privacy Commissioner) is deemed to be an interference with the privacy of the individuals affected by the eligible data breach. Under the Privacy Act, this means that a failure to notify affected individuals of an eligible data breach could be the subject of a complaint to the Privacy Commissioner.

Where the failure to notify the eligible data breach amounts to a serious or repeated interference with privacy, the Privacy Commissioner also has the power to seek civil penalty orders of up to $360,000 in the case of individuals and up to $1.8 million in the case of bodies corporate.

Preparing for the introduction of mandatory data breach notification obligations

As the provisions of the Bill will come into effect on 22 February 2018 (unless an earlier commencement date is proclaimed), affected franchisors should begin preparing to comply with these obligations now. In addition, franchisors may wish to consider developing a data breach response plan for wider use across their franchisee network, as the impact of a data breach could have a significant impact on the entire franchise network’s brand and reputation.

Steps that franchisors could take to reduce their risk profile include:

• preparing a data breach response plan that sets out all of the relevant people or teams to be contacted (e.g. legal, public relations, IT and security) and the procedures to be followed in the event of a data breach (including assessing whether the data breach notification obligations would apply);

• reviewing existing contracts with IT suppliers, to ensure that those contracts require the supplier to notify the franchisor if the supplier suffers a data breach, and seeking to amend any contracts that do not sufficiently address privacy and data security issues and risks. Privacy and data security issues should also be a key area for consideration in any new contracts with IT suppliers;

• creating a ‘data map’ of the systems and geographical locations where the franchisor stores or holds its data and using this data map to undertake a risk assessment of the franchisor’s IT systems and any external systems used by the entity to store its data (including highlighting any offshore storage locations);

• reviewing its existing insurance policies and considering whether it might be appropriate to obtain additional cyber liability insurance;

• undertaking training for franchisees about cyber risk issues and good IT security practices, such as implementing virus scanning software and ensuring that IT systems and software are fully patched and up to date; and

• reviewing franchise agreements and operations manuals to ensure that franchisees are obliged to notify the franchisor of the occurrence of a data breach affecting a franchisee and requiring the franchisee to co-ordinate its response with the franchisor, including implementing any network-wide data breach response plan that may have been put into place by the franchisor.

Norton Rose Fulbright has substantial experience in developing data breach response plans and advising on cyber risk issues. Norton Rose Fulbright has developed two fixed price cyber-risk management packages to address these issues.

In addition, Norton Rose Fulbright offers a global 24/7 incident response service for cyber-incidents (including data breach and network interruption). As ‘breach coach’, we work with you to provide a streamlined response by assessing the size and nature of the incident, taking steps to contain it, and co-ordinating our panel of carefully selected third party vendors of remedial and protective services, all the while managing stakeholders’ interests and advising on mitigation of potential losses.

For further information on any of the above matters, please contact Jamie Griffin directly or any other member of our National Franchise Team.

Franchising is, in essence, a business model built on intellectual property (IP) - it provides a useful forum for commercialising IP. Franchisors gain by sharing use of their IP (including trade marks, patents, designs, copyright materials, know-how and/or confidential information) in return for a fee, and franchisees benefit by obtaining the benefit of an established brand to kick start their own business.

Consequently, franchisors should keep their IP continuously front and centre of their business activities to ensure their IP is protected and the value of their franchise offering is maximised.

Step 1: Identify and value your IP

Businesses typically undervalue their IP because they do not accurately assess what IP they have, or how it may be protected. This can harm the IP value in the long term. For example, if a franchisor has failed to adequately assess and protect its brand(s), and its trade marks are unregistered or found to be unenforceable, the franchise parties may find that the brand value is suddenly impacted. This can even lead to the need to re-brand at a significant cost, and expose the franchisor to claims by franchisees.

This situation is not dissimilar to the events in Winnebago Industries, Inc. v Knott Investments Pty Ltd. Knott Investment’s Pty Ltd (Knott) had used the Winnebago brand in Australia for thirty years to sell a motor home of its own design and manufacture. However, despite only operating overseas and only having a US trade mark, at first instance the Federal Court determined that Winnebago Industries Inc (Winnebago) had acquired sufficient reputation in the Australian marketplace prior to Knott utilising the Winnebago brand. Consequently, Knott was found to have engaged in passing off and misleading and deceptive conduct by using the Winnebago marks and was instructed to re-brand. Luckily for Knott and its dealers, the Full Federal Court overturned the restraint of the Winnebago marks on appeal, but only because of Winnebago’s thirty year delay in bringing the action.  Knott was able to continue using the marks, but only with a disclaimer.

Had Winnebago understood the value of its IP from the first use of its mark in 1959, it could have taken steps to register its trade mark. Further, had Winnebago understood the limited boundary of its US trade mark, which was registered in 1973, Winnebago could have sought trade marks in other jurisdictions (including Australia) to identify and bring proceedings against Knott and its dealers much earlier.

The importance of identifying and protecting your IP early is of particularly high importance for trade-secrets and confidential information. This is because the value of these rights will be lost if they enter the public domain. Disputes relating to these rights typically involve an ex-employee or collaborator company using information gained during the course of their employment or collaboration in a competitor business. An example of such conduct was seen in Zomojo Pty Ltd v Hurd (No 2), where a former director used confidential information from Zomojo to develop high speed trading devices that were sold by his companies. In that case, the Federal Court required all profits from the sales of the device be paid to Zomojo.

What can you do?

Have your IP properly assessed from the outset and continue to discuss what IP might be emerging in your business. This identification process is about ensuring that IP of value is documented and captured. Continual documentation and review should cover all areas of IP, although typically know-how, trademarks and copyrights will be the primary focus in a franchise business.

Following this identification process, franchisors should check their template franchise agreement to ensure that it details the aspects of the franchisor’s IP that are available for use by franchisees. Failure to adequately articulate the IP permitted for use by franchisees creates uncertainty, but perhaps more importantly, may cause franchisees to question the IP value, which could in turn decrease investment interest in the franchise network.

Step 2: Protecting your IP

Another common issue for franchisors is the failure to promptly protect and register their IP. This typically manifests as an issue when the franchisor is looking to sell its business or seeks to expand its network geographically, for example, because third party rights block access to markets.

Taco Bell and Burger King are US based companies that famously ran into this issue in Australia. These companies sought to expand their successful franchise businesses into Australia, however, both companies found that their names were already in use in Australia, despite having registered US trade marks. Neither company could show that it had established a sufficient reputation or sufficient goodwill in Australia, nor had they registered trade marks here.  Consequently, Taco Bell and Burger King were initially limited in their expansion into Australia because of earlier Australian trade mark rights. Indeed the Burger King brand still trades under the name Hungry Jack’s in Australia. The moral to this story, as businesses’ global footprints continually expand, is to protect your brands in new jurisdictions early, and as soon as there is any real intention to move into the new market. Don’t wait for the move itself.

In addition to access to markets, another issue that will arise from a failure to protect IP across jurisdictions, is the inability to prevent third party copycat businesses. The wider your portfolio of identified and documented IP rights, including both registered and unregistered rights, the greater the scope to enforce those rights against allegedly infringing third party use.

What can you do?

Make sure any IP of value is protected, paying particular attention to the brands in use, where they are currently in use and where you would like to expand use, so that any trade marks that are important to the business offering are registered. Any valuable trade marks, designs and inventions can be registered. This should not be seen as a static exercise, but should be integral to any marketing activities so new brands are not overlooked. New brands could be in the form of an updated logo, a new slogan or even a hashtag like #cokecanpics.

Continually documenting the development of copyright materials and know-how will also be critical both so that the business knows when these are created and so that they can put in place suitable protection mechanisms. This will provide piece of mind to franchisees investing in the franchise network and ultimately increase the overall franchise value.

Step 3: Monitor and regulate use

A franchisor’s failure to document and register (where possible) its IP can leave the door open to third parties, including franchisees, who may seek to exploit that IP for their own purposes.

Luckily for Heart Attack Grill in the U.S, operator of Arizona’s infamous medically themed restaurant, when license negotiations broke down and a potential licensee opened Heart Stoppers Sports Grill (complete with hospital design), Heart Attack Grill was able to pursue proceedings because it had 6 registered trade marks including, A TASTE WORTH DYING FOR, HEART ATTACK GRILL and DOUBLE BYPASS BURGER. However, not all franchisors are as prepared.

There are some risks particular to franchise businesses. One such risk issue is the potential negative impact on brand value when franchisors do not strictly enforce the rebranding of franchisees’ businesses upon termination. A particular risk is involved if the ex-franchise business operating under the brand was terminated for complaints, fraud or poor quality goods /services. In these circumstances, the reputation and goodwill in the franchise brand can be quickly damaged.

Where pure third party infringing use of IP occurs, franchisees also want to see action taken to demonstrate their valuable access to rights that are not otherwise available for competitor use.

Testel Australia Pty Ltd is one such company which was aware of its IP and brand value and included provisions that remained in force after the expiry of its franchise agreements. Consequently, in Testel Australia Pty Ltd v Krg Electrics the court was able to rely on Testel’s franchise agreement and its trade mark registration in finding that an ex-franchisee had, among other things: engaged in a substantially similar electrical testing business to that of Testel; had used confidential information; and had used and applied Testel’s mark in connection with electrical testing. Testel was entitled to $25,176 in damages and was also successful in obtaining an injunction which restrained the ex-franchisee from using the “Testel” mark in the future.

What can you do?

Keep an eye on the market so you know what is happening that could impact your business. From an IP perspective, watches can be put in place to assist with this, including register watches for your key brands, general internet and domain name watches, or even competitor watches. The key is to be aware of where the value in your business lies and its IP, and making sure you focus your attention on monitoring these areas.

Additionally, seeking help early will provide an opportunity to find any overlooked IP, minimise risks and put protections in place.

Where terminated franchisees are involved, try and take action early. Before you permit them to leave the business, physically check to make sure that they have completely rebranded and don’t leave it up to them to self-report on this issue. Also be prepared to enforce against ongoing infringing use of IP rights to protect the value in the business’ IP. Other legitimate franchisees will want to see their stake in the business protected. In addition, failure to do so can impact the brand’s goodwill.

Conclusion

The basis of a franchise model is to enable a franchisor to licence a tried and tested brand and business model, with a recognised reputation and a known market, based on its valued IP.

A strong franchise will actively assess and monitor its IP on an ongoing basis to ensure these valuable rights are maintained and recorded. For a franchise to continue to be of value to both franchisor and franchisee, a franchisor must actively manage and appropriately protect its IP. Finally, franchisors must monitor the market to ensure breaches are quickly identified and can be dealt with as soon as possible because, if they are not, the perceived value of the franchised business can be quickly eroded and questioned by existing or potential franchisees.