Legislation

Why?

Every organization needs some kind of system for complying with legislation and legal obligations. If you work in a highly-regulated industry or have many interactions with government, the risk of non-compliance with legislation can be quite high and compliance is detailed and perhaps even critical to survival.

You might also find that your organization needs to comply with:

• accreditation standards and principles,
• relevant industry standards,
• regulatory requirements that are not legislation (e.g. policies, rulings, codes of practice, and national standards),
• common law under which you could be vulnerable to litigation. (Compliance with current best practice will strengthen your position.)

You might find that some practices, while not illegal or poor practice in any way, involve unacceptably high levels of risk. You might choose to use your compliance system to minimize or circumvent those risks.

Your business goals

Keep your business goals at the forefront, because your system needs to be effective in meeting your business goals and the specific needs of your organization at its curent and near-future stage of development. It is quite common to find governement bureaucrats who empahsise compliance and ignore business goals.

The purpose is not only to comply with legislation. I have this fantasy of a compliance officer sitting all day in his office chair doing nothing.

The boss comes in and asks what he's doing. He answers: "It's against the law to rob banks. So I've been here all day not robbing any banks. I've done very well. I haven't robbed one all day. It's also against the law to murder people. So tomorrow I plan to spend the whole day not murdering anyone.

Find out the requirements

You need a system of finding out requirements and someone who is responsible for it. In most organizaiton, it isn't difficult or compliacted. It could as simple as using your network or professional associations for advice, and getting onto professional online forums and email lists.

 

Find out what legislative requirements affect you.

Most government offices are willing to give you basic information and a written version in everyday language. Check at all levels (federal, state and local), and look for frameworks as well. You might also find some court cases that set important precedents on how legislation is to be interpreted. See the appendix for a list of common requirements.

 

Find out what other requirements affect you.

You should also identify benchmarks, trends, and best practices. As a point of legal liability, minimal compliance with legislation might be inadequate in court if someone tries to sue you; you could also be liable if you do not follow best practice or national competency standards.

Gather best practice and comparison data, and use it to identify potential areas for improvement. In some industries, organizations like to evaluate themselves using benchmarks and standards. At its worst, the approach is unfortunately little more than ensuring that the organization meets minimum standards. However, if industry averages are published, then organizations can aim to be at least average, and can aim for very competitive positions.

On the upside, benchmarks and minimum standards work well for checking processes, such as due diligence, probity, and fraud prevention. Besides, some better-written standards track achievement towards particular goals.

Compare your organization to the ISO 9000 standard. (Opens new window) What gaps did you find? (Note: Don't forget to interpret the standard in light of your particular organization's context and processes.) See also Standard for Organizational Quality (opens new window)

 

Regularly update your information.

lt can change frequently. If a legal requirement changes, you might have to have to modify your organization’s policy and procedures. You might be authorized do it yourself, or to propose it in a staff meeting, or to write a proposal to your supervisor.

Legal and ethical: What’s the difference?

What’s the difference between being legal and being ethical? In this sense, legal means complying with legislation, and ethical means complying with conscience or the laws of natural justice.

Of course, legislators try to make laws that are ethical. For example stealing, fraud, assault and killing are illegal as well as unethical.

Ethics are often written up as codes of practice by organizations and professional associations. Organizations require their employees to comply, and professional associations require their members to comply. These codes are usually very helpful and often exceed the legal minimums. However, some codes allow actions that other people might consider unethical.

Being legal and being ethical aren’t always the same. Perhaps the best way to see the difference is to look at some examples …

Copyright vs. plagiarism

If you own copyright on something (like a book), copyright law forbids others to copy the exact wording of the original for large blocks of text. So if you copy out a chapter of somebody’s book without permission and try to sell it, you are breaking copyright laws.

Plagiarism means stealing ideas. Let’s say you didn’t copy out the exact wording. But you took the ideas, expressed them in your own words, and said you wrote it. It’s not illegal because you didn’t use the exact wording, but it is unethical because they’re not your thoughts. Every reputable university in the world has rules against plagiarism.

Privacy vs. confidentiality

Australian privacy laws forbid organizations to release personal information to people who are not authorized to have it. But organizations can generally make the information available to staff within their organization.

Confidentiality rules are often much more stringent. They also restrict the way information is made available to staff within the organization.

Double payment

Getting paid in full twice for the same work is usually unethical, but seldom illegal. For example:

• A university recruiter levies the fee on both the university and the recruited student.
• A designer charges a client full fees for designing an item, but keeps copyright on the design as a condition of the contract. He then sells the same design to other clients at full fee.
• A college provides unpaid practicum students to employers to do profit-making work, then levies the fee on both the employers and the students.

This can be tricky. It would be more ethical as follows:

• A university recruiter levies half the fee on the university and half on the recruited student, and informs each side about the other.
• A computer programmer writes software and retains copyright. He sells licensed copies to clients at a fair market rate. He doesn’t charge each software buyer the full fee for the development of the software.

Reporting

You might not be legally required to report something (e.g. child abuse) but it would unethical to fail to take action.

Promises

You promise something but don't do it. It's unethical but seldom illegal.

However, the courts can recognize it as a civil liability:

• In a few cases, one could sue for breach of an oral contract. (An oral contract is still legally binding but much harder to enforce than a written one.)
• Some countries now have provisions for people to sue for breach of promise.

Unethical but legal relationships

Some relationships are often considered unethical:

• a man and a woman being alone in an enclosed workspace for extended periods.
• an older man taking great personal interest in an underage girl.

Ethical but illegal

It can go the other way too. Something can be ethical but still illegal. For example:

• A company’s marketing division might be very effective, but its operations division might be struggling badly. Both divisions could be totally ethical, but the total effect is illegal. The company is taking orders for goods that it can’t provide.
• Some countries have unethical trade practice laws and laws supporting racial discrimination. Conflict of interest, insider share trading, and people-smuggling are legal in many countries.

Compliance systems

Organizations can and should build legislation compliance into their systems, so that they can be sure they actually meet their obligations.

Policies, procedures, and administrative systems

The best (and simplest) way is simply to write all your organization's policies, procedures, and administrative systems to comply, so that staff will always follow the law if they follow them. It is also much easier to get all your staff to comply. As the board sets policy, the governance system then oversees compliance. It is obviously advisable to write procedures that suit your organization's particular needs.

Staff who follow policies and procedures correctly should not need to know much about the legislation behind them, although some (and all managers) will want to know why the procedures are written as they are. In other words, they will benefit from knowing what laws are behind their procedures.

Policy-based software

Use policy-based software, that is, software that will reject non-compliant data and deficient data sets, and alert supervisors when a required task is not done.

Your quality system

The same goes for your quality system. It is better to build the procedures of your internal quality assurance system based on the quality standard. Again, staff then simply have to follow your procedures.

You might have to comply with several different quality standards, but your staff should not have to try to figure out the standards and intentionally comply with them. They only need your system. You can't even presume that staff will interpret them accurately and consistently.

Auditing or checking implementation

Many organizations have a system of auditing or checking implementation. This can be a compliance checks, full internal audits, external audits, performance evaluations, or management audits. A management audit checks that everything that happens in to the organization has a line of authorization up to the board.

Checking new policies and procedures

As your organization genrates new policies and procedures, somebody needs to check that they comply with legislation and any other requirements.

Compiling a register

This task will be a lot of work and your administrators should appreciate you for it. It will help prevent you and your organization from being vulnerable to prosecution or civil action. As it is effectively the compilation of a legislation register for your organization, your organization would be wise to adopt it if it does not have something similar in place already.

Compile (or update) your organization's list of legislation, regulatory requirements, codes of practice, and national standards with which it has to comply. (You should omit anything that does not apply to your organization.) Keep it simple, easy to navigate, and useful.

Write a summary, which should include:

• Things that you and your staff or clients must do or must not do
• Rights and responsibilities that they have
• For legislation, include the year, title of the act or, name of the state (for state or territory legislation) or Cwlth for federal legislation.
• For other regulatory requirements, mention the full title of the policy or document, the year, name of the state (for state or territory regulations) or Cwlth for federal regulations.

Example

Affecting Childcare Only
Community Services Regulations: Child Care and Outside School Hours Care .

Childcare students who are to prepare food in child care for children aged 0-6 years are required to complete a special course approved by the Director General of the Department for Community Development.

Hint list

1. Your summary should not be so long and complicated that it is hard to use. It should be clear enough to orient new staff so that they can comply with it, with no other information. It should also provide a quick reference for existing staff. State all requirements in full sentences, not just a list of points.
2. You might find it helpful to categorize items under headings such as "Nature of organization", "For employees", "Industry-specific".
3. Some items of legislation are very similar, such as the anti-discrimination laws, and state and Commonwealth laws that are nearly the same. In these cases, it is most practical to lump them together.

Various legal and ethical requirements

Business entity	The laws under which your organization is incorporated Legislation relevant to operation as a business entity (e.g. company law, Australian Securities Commission, incorporation, licensing, business name) Building standards, and permits or zoning for use as a business
Legal system	The legal system (as it affects what you do) Relevant legislation in the sector and jurisdictions, especially if you operate across state or national boundaries Kinds of law: International, federal, state, cocal, common law. Civil action, criminal code, infringements, contracts Any relevant contract law Administrative processes: e.g. tribunals, freedom of information
Financial management	Annual and other reports Audit processes Insurance Relevant awards Taxation: ABN, income tax, BAS reporting, PAYG, payroll tax Superannuation Acquittal of funds
Basic human rights	Privacy laws, including electronic technology and security of information Copyright and intellectual property Anti-discrimination and harassment (e.g. equal opportunity, race, and disability) Consumer rights Other rights, e.g. privacy, confidentiality, dignity, freedom of association, informed choice, to lodge a complaint, right to express ideas and opinions, to an agreed standard of care, access to services. These might be further detailed in: Industry and organizational service standards Industry and organizational Codes of Conduct, Practice and Ethics International and National Charters, e.g. International conventions on the rights of children and young people Principles and practices for upholding the rights of clients, especially children and young people
Ethics	Code of ethics Principles and practices of confidentiality Definitions and explanations of the terms 'ethics, ethical thinking and morality' Importance of ethics in practice Distinction between ethical and legal problems Principles of ethical decision making Strategies for addressing common ethical issues
Abuse	Kinds of abuse experienced by client (including systems abuse) Strategies for managing abuse of a client Reporting mechanisms for suspected abuse of a client Role and responsibilities of legal guardians
Common legal issues	Criminal damage Consent Assault and battery Bailment Negligence Defamation Citizen's arrest
Employment laws	Rights and responsibilities of employers Rights and responsibilities of workers Workplace relations Industry and workplace requirements Industrial relations law (staff conditions and entitlements, Industrial awards, enterprise contracts)
Occupational health and safety	Industry-specific frameworks Duty of care under common law Regulations and approved codes of practice relating to hazards in work area Requirements for establishing consultative arrangements (e.g. OHS representatives, OHS committees) Requirements for effective management of hazards Requirements for providing information and training, including training in safe operating procedures, procedures for workplace hazards, hazard identification, risk assessment and risk control and emergency and evacuation procedures Requirements for the maintenance and confidentiality of records of occupational injury and disease
Industry-specific regulations and standards	Licensing and registration Any relevant environmental legislation Strategies for contributing to the review and development of policies and protocols (e.g. consultation) Industry and organizational service standards, including managing complaints International and national standards Industry-specific codes of practice Quality and accreditation standards Organizational policy, procedures and program standards Professional standards