Bain v International Capital Markets Pty Ltd (No 4)

This case arose in a Federal Court class action, but the judgment was not about whether the respondents were liable. It dealt with a narrower procedural question about how potential group members should be notified of their right to opt out.

The underlying proceeding concerns claims brought on behalf of people, other than institutional investors, who entered into or acquired an interest in contracts for difference issued by International Capital Markets Pty Ltd and allegedly suffered loss or damage. For this application, the parties agreed that an opt out notice should be sent. They also agreed that it should be sent by email through a third-party mailing house and displayed on the applicants' solicitors' website until the opt out deadline.

The dispute was about how much customer information should be used for that process. The applicants wanted a highly personalised notice and a detailed potential group member list. They sought names, email addresses, account numbers, account opening and closing dates, base currency, opening and closing balances, and total deposits and withdrawals. They also wanted the list provided to their solicitors.

The respondents said that went too far. They argued that only the client's full name, email address and client ID were needed for the purpose of an opt out notice. They said the extra information was private, confidential and sensitive, and they objected to handing the list to the applicants because there was no evidence about the security measures that would protect the information after disclosure.

The Court was dealing with orders under sections 33J, 33X and 33Y of the Federal Court of Australia Act 1976 (Cth). Those provisions deal with opt out dates and notices in representative proceedings. The Court had to approve the form and content of the notice and specify who would give it and how it would be given.

The key legal question was not whether the applicants' proposed information might be useful at some later stage of the case. The Court focused on the immediate purpose of an opt out notice. That purpose is to ensure potential group members are accurately informed of the commencement of the proceeding and their right to opt out before the court-fixed date, so they can make an informed decision.

That meant the real issues were necessity and proportionality. Was the extra account and transaction information necessary for this notice to do its job? Was it appropriate to require disclosure of that information now? And if the list were to be handed to the applicants' solicitors, what evidence was there about security and confidentiality controls?

Justice Neskovcin was not persuaded that the potential group member list and opt out notice should include the level of detail proposed by the applicants. The Court held that the more limited information proposed by the respondents was sufficient to achieve the principal purpose of the notice.

Importantly, the Court's reasoning was procedural. It did not decide the merits of the class action. It did not rule that detailed customer information could never be relevant in the proceeding. Instead, it held that for this application, which concerned approval of an opt out notice and its mode of distribution, it was not necessary or appropriate to go further.

The Court accepted the respondents' submission that the information sought by the applicants, including account and transaction details, was information that ICM's clients would regard as private, confidential and sensitive. The Court also accepted that potential group members would be concerned to see that information in an opt out notice when they might not even know a group proceeding existed, let alone expect their information to be sent to the applicants' solicitors.

The Court found that the respondents' proposed contents for the notice and list were enough to ensure potential group members were accurately informed of their right to opt out and could make an informed decision. It also accepted that the applicants' solicitors, being familiar with the proceeding, could still engage meaningfully with group members about their rights because potential group members could provide assistance about their own individual position.

On the scam point, the Court was not persuaded that the applicants' proposed personalisation would materially reduce the risk that the email might be treated as a scam. The judge said that risk exists in every class action where documents are sent unilaterally by email. Rather than approving extensive personalisation, the Court directed the parties to confer about the contents of the covering email and an appropriate subject heading.

The Court also gave weight to the absence of evidence from the applicants about security measures. Although the applicants' solicitors obviously deal with confidential information, there was no evidence about who at the firm would have access to the list or what measures were in place to keep it secure and confidential. On that basis, the Court was not persuaded that the list should be provided to the applicants.

This judgment is best read as a practical example of data minimisation and purpose limitation in litigation. The Court did not say that customer data can never be used in legal notices. It said the information used should match the immediate purpose of the communication. Here, that purpose was to tell potential group members about the proceeding and their right to opt out. Because that purpose could be achieved with less information, the Court did not approve the broader disclosure sought.

That is useful well beyond class actions. Businesses often need to send notices about disputes, complaints, recalls, incidents, debt recovery, policy changes or legal rights. In each situation, there can be pressure to include extra customer information to make the message look legitimate or more tailored. This case shows that more detail is not automatically better. If the information is sensitive, the question becomes whether it is necessary and proportionate for the specific step being taken.

The judgment also shows that privacy objections are stronger when they are tied to practical concerns. The respondents did not rely on privacy in the abstract. They pointed to the sensitivity of the data, the existence of domestic and international privacy obligations, and the lack of evidence about the receiving party's security controls. That combination mattered.

Another practical point is that the Court separated authenticity from data volume. The applicants argued that a highly personalised email would be less likely to be mistaken for a scam. The Court was not convinced. Instead, it directed attention to the covering email and subject line. For businesses, that is a reminder that legitimacy can often be improved through sender identity, wording, contact channels and process design rather than by inserting more account-level data into the message.

The judgment gives a useful checklist for businesses that hold customer data and become involved in litigation or formal notice processes.

First, define the exact purpose of the communication. In this case, the purpose was limited: informing potential group members of the commencement of the proceeding and their right to opt out. Once that purpose was fixed, the Court assessed what information was actually needed to achieve it.

Second, review each proposed data field separately. A name and email address may be enough. A client ID may also be justified. But account numbers, balances, deposits and withdrawals are a different category. They are more intrusive and may be seen as private, confidential and sensitive.

Third, if you are resisting disclosure, support the objection with concrete evidence. The respondents relied on evidence about privacy obligations under the Privacy Act 1988 (Cth), international obligations including the GDPR in the European Union and the United Kingdom, and internal policy obligations reflected in product disclosure statements. The applicants did not challenge that evidence.

Fourth, if you are seeking disclosure of customer data, do not assume the Court will infer that your systems are secure. In this case, the applicants failed to provide information about what security measures were in place or would be put in place, who at the law firm would have access to the list, and how confidentiality would be maintained. That gap mattered.

Fifth, think carefully about email design. If the concern is that recipients may think the message is a scam, consider the sender details, subject line, covering email, website confirmation and contact channels. The Court specifically directed the parties to confer about the covering email and subject heading as a way to mitigate that risk.

The judgment was delivered on 2 September 2025 by Justice Neskovcin in the Federal Court of Australia. The hearing took place on 26 August 2025. The Court ordered that by 4.00 pm on 5 September 2025 the parties were to submit proposed orders in relation to the opt out notice.

The reasons make clear that the Court intended the orders concerning the opt out notice to be substantially in the form sought by the respondents. The judgment itself is a procedural ruling and should not be read as deciding the substantive allegations in the class action.

This page is based on the Federal Court judgment in Bain v International Capital Markets Pty Ltd (No 4) [2025] FCA 1060. The judgment clearly sets out the parties' competing positions, the legal principles governing opt out notices, the Court's reasoning on necessity, proportionality, privacy and security, and the direction for proposed orders.

The judgment gives only a short summary of the underlying claims and refers to Bain v International Capital Markets Pty Ltd (No 3) [2025] FCA 599 for fuller background. For that reason, this page focuses on the procedural issues actually decided here and does not overstate the broader merits of the class action.