Two recent decisions of the Federal Court have engaged with the interface of privacy rights arising pursuant to legislation and dealing with creditor personal information as required by the Corporations Act 2001 (Cth).
Background
Personal information protected under the Privacy Act 1988 (Cth) includes information about an identified individual, or an individual who is reasonably identifiable. Subject to certain exceptions, Australian Privacy Principle 6 (APP 6) Use or Disclosure of Personal Information, prohibits the use or disclosure of personal information for any reason other than the particular purpose for which it was collected. Relevantly, this prohibition does not apply where the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order: see APP 6.2(b).
Chapter 5 of the Corporations Act proceeds on the basis that creditor information, including the personal information of individual creditors, is publicly available.
Creditor details (at least the "record of persons present" as well as the value of their claims as lodged and as admitted) are required to be included in attendance records and included with the minutes of meetings of creditors lodged with ASIC and made publicly available pursuant to Insolvency Practice Rules (Corporations) (IPRC) section 75-145.
The Report on Company Activities and Property (ROCAP) to be completed by directors of a company in receivership, administration or liquidation pursuant to sections 421A, 438B and 475 of the Corporations Act is required (at Part A) to identify the company's creditors and provide prescribed details about them and their claims. Part A of the ROCAP must be lodged with ASIC and can be obtained (for a fee) from ASIC. Part B of the ROCAP is not to be lodged with ASIC, and the notes accompanying the ROCAP form on the ASIC website specifically state that this is because Part B may contain confidential information provided by the director and may result in a breach of the Privacy Act.
The Insolvency Law Reform Act 2016 (Cth) introduced enhanced information rights for creditors in external administrations, specifically pursuant to Insolvency Practice Schedule (Corporations) (IPSC) sections 70-40 and section 70-45, which permit requests of external administrators for information, reports or production of documents. Requests for information can be resisted by the external administrator on the basis that:
- the material requested is irrelevant,
- compliance with the request would involve a breach of duty, or
- it is not reasonable for the external administrator to comply with the request.
In turn, the IPRC provide, at section 70-10, bases on which it is not reasonable for an external administrator to comply with an information request, including on the basis that the disclosure would found an action by a person for breach of confidence. However, section 70-10 of the IPRC does not expressly reference privacy obligations as being a basis to resist an information request. Indeed, the Explanatory Statement for the IPRC states in relation to section 70-10 and the privacy of creditor information that:
"A key impact of these new rules is that external administrators will be required to provide a creditor list to creditors when requested. There has been some concern from industry participants that the operation of the Privacy Act may prohibit the publication or provision of creditor lists to creditors. The abilities of creditors to have an awareness of who other creditors are and how much they are owed, is critical to the operation of creditor empowerment as 'creditor rights' to monitor and influence the conduct of an administration are often linked to the number and/or value of creditors support a request."
This last statement is a reference to the various provisions of the IPSC that provide for steps to be taken where a certain percentage of creditors request them (for example, an external administrator must convene a meeting of creditors where at least 25% in value of creditors direct the external administrator to do so, with cascading provisions for where less than 25% of creditors in value make a direction: IPSC s75-15). This empowerment of creditors in external administrations necessitates access to creditor names and contact information in order to be effective.
The Explanatory Statement for the IPRC goes on to note that it is not necessary to state that the provision of creditor lists will always be an authorised purpose under the Privacy Act, given such disclosures are clearly authorised under an Australian law for the purpose of APP 6.2(b) of the Privacy Act.
The position taken in the Explanatory Statement for the IPRC (and indeed in s70-10 of the IPRC itself) is also consistent with creditor information generally being able to be obtained (for a fee) from ASIC, insofar as it is contained in ROCAPs or minutes of creditor meetings (the latter also being available for inspection at the external administrator's office by creditors or contributories of the company).
Anecdotally, we understand that external administrators will, on occasion, redact creditor personal information, particularly in relation to employee creditors, and flag with ASIC that they have done so.
Godfrey's
In the case of Crosbie (administrator), in the matter of Godfreys Group Pty Ltd (administrators appointed) [2024] FCA 60 (Godfreys), Craig Crosbie, Daniel Walley and Robert Ditrich of PwC were appointed administrators of Australian vacuum cleaner retailer Godfrey's on 30 January 2024. The administrators promptly sought orders from the Federal Court extending the convening period.
On 5 February 2024, Justice Beach made orders extended the convening period, and various other orders including an order that:
Pursuant to section 90-15 of the IPSC, in complying with any requests for information pursuant to sections 70-40 or 70-45 of the IPSC and/or in discharging any other obligation to disclose names or contact information of any creditors or potential creditors of the Companies (including owners and lessors of property occupied by or in possession of the Companies) the [administrators] may:
(a) redact from any document the names or contact information of any creditors or potential creditors of the Companies; and
(b) withhold the names or contact information of any creditors or potential creditors of the Companies.
[emphasis added]
While, no doubt, the order was concerned primarily with information requests being made of the administrators under the IPSC, it extends beyond this and would appear to allow redaction of creditor details (not limited to individual creditors) in lodgements of any creditor information by the administrators with ASIC.
Justice Beach does not speak to this order in his reasons. Accordingly, it is not clear what evidence was led, or what submissions were made, to support the making of an order in these terms which potentially cut across various statutory obligations to provide this information in ASIC lodgements and to creditors and contributories.
Philipsen v Astora
Jodie Philipsen was the named applicant in a class action commenced in the Federal Court against Astora Women's Health, LLC (Astora), a US entity, alleging loss arising from the use of vaginal mesh sold by Astora (Phillipsen Proceeding). In 2022 Astora filed for chapter 11 bankruptcy in the Bankruptcy Court of the Southern District together with 75 other companies constituting the Endo Group.
In September 2022, Mark Bradley as the foreign representative of Astora obtained from Justice Halley in the Federal Court interim recognition of the Astora chapter 11 case in the Federal Court pursuant to the UNCITRAL Model Law on Cross Border Insolvency (Model Law), enacted in Australia pursuant to the Cross-Border Insolvency Act (Cth) 2005: Bradley, in the matter of Astora Women’s Health, LLC v Astora Women’s Health, LLC [2022] FCA 1195. Recognition in Australia of the Astora chapter 11 case on a final basis was ordered by Justice Lee on 26 October 2022: Bradley, in the matter of Astora Women's Health, LLC v Astora Women's Health, LLC (No 2) [2022] FCA 1268.
An issue arose before Justice Halley about "noticing" the Australian mesh claimants in the Astora chapter 11 case about the chapter 11, given that the information about them had been obtained by Astora in the course of the Phillipsen Proceeding pursuant to class action procedures including opt-out notices, as well as pursuant to subpoenas issued to some 78 health care services. Provision of this information by Astora and its Australian solicitors to Astora's US noticing agent, Kroll, would have involved a breach of the implied undertaking in Hearne v Street [2008] HCA 36 not to use information obtain in litigation for purposes other than the litigation.
Justice Halley was persuaded that it was appropriate that Astora be released from the implied undertaking in order that the company could "notice" the Australian mesh claimants about their rights in the chapter 11 case: Bradley, in the matter of Astora Women’s Health, LLC v Astora Women’s Health, LLC [2022] FCA 1196.
Justice Halley also considered the operation of the Privacy Act, as well as comparable state legislation dealing with "health information", and the risk that in providing information to Astora in the US and its "noticing agent" Kroll, Astora or its Australian solicitors (as its agents) would be in breach. He did this in circumstances where the US Bankruptcy Code (Title 11 USC at section 521) requires that the debtor company file with the Bankruptcy Court a list of creditors, but where Astora had sought (but not yet obtained) "First Day Orders" that it was justified in redacting certain creditor information from the list of creditors filed.
Justice Halley ultimately held that Article 25 of the Model Law, which provides for co-operation between courts in cross border insolvency cases – gave him power to specifically order the provision of information relating to potential claimants against Astora, such that APP 6.2(b) would apply to allow the proposed disclosure of personal information. However, he did so for the limited "Permitted Purpose" of "noticing" the claimants in the chapter 11 case, and on the basis that the personal information of the claimants would be redacted in publicly available filings. Justice Halley also specifically excluded date of birth, height, weight and Medicare details from the creditor information he permitted to be disclosed only to the Bankruptcy Court, the US Trustee and the Unsecured Creditors Committee, specifically noting in respect of date of birth that he did so, given the associated risk of inadvertent or unauthorised disclosure and identity theft.