Cyber Security, Privacy and Data
Managing enterprise and reputational risk in relation to personal information, digital assets and corporate data is an increasingly complex challenge with ongoing digitisation, regular regulatory change, and an evolving threat landscape.
As a result of relentless technological advances, ubiquitous digitisation, increasing cyber threats and increasing regulatory complexity, having experienced counsel to guide your business through the privacy and cyber landscapes is more important than ever.
Our data protection and cyber security team includes specialists across our IT and privacy, corporate crime and investigations, employment, insurance and risk, litigation and dispute resolution, intellectual property and corporate practices.
We assist organisations in all sectors, with expertise and experience across the full spectrum of cyber security, privacy and data risk management, including:
- transactional – structuring, drafting and negotiating data-centric transactions
- policy – preparing and implementing internal policy documents and data management frameworks, including staff training
- risk and governance – planning and prevention, including preparing risk analysis frameworks and advising on directors’ duties and corporate governance obligations
- advisory – advising on data protection and regulatory compliance, including under State, Territory and Commonwealth privacy legislation and Australian Consumer Law
- incident response – handing all aspects of cyber incident response, including assessment, reporting and engagement of forensic consultancy experts
- insurance – development and placement of cyber risk insurance via Allegiant IRS
- litigation and dispute resolution – strategic guidance on litigation strategy and defence of claims
- national security – advising on application of Security of Critical Infrastructure Act 2018 (Cth), including registration, notification and cooperation obligations
We regularly advise overseas entities in relation to their Australian privacy and data management obligations and assist to implement practical measures to address those obligations. We are familiar with the challenge of ‘translating’ between Australian and overseas regimes, and are experienced in finding practical solutions to best-fit the requirements of multiple jurisdictions.
Global Data Breaches
Acting as Australian Counsel on various global data breaches, including advising on Australian requirements and cross-jurisdictional strategy.
Acting for a cryptocurrency exchange platform in a number of cryptocurrency disputes arising from the alleged theft/loss of digital assets and fiat funds from customer accounts and cryptocurrency wallets by third party scammers. This has involved detailed investigation of fraudulent transactions, tracing of cryptocurrency assets, and recommended strategies for resolution of disputes.
Data Protection and Privacy
Regularly advise multinational conglomerates on Australian aspects of global data processing agreements. Recent examples include work for a global pharmaceutical provider on the implementation of its global Group Company Agreements for processing of data worldwide in compliance with EU requirements, and advising a global consumer goods brand on its connected devices project.
National & International Clients
Advising various national and international clients on business-as-usual privacy compliance, including data subject access requests, security obligations and usage limitations.
Cyber attack response
Our Digital and IP, and Litigation teams acted for a community based, not-for-profit organisation who was the victim of a cyber attack resulting in the denotation of BlackCat ransomware.
We assisted in assessing, responding to and managing the data breach from a legal perspective, including advising the client’s obligations under the Privacy Act 1988 (Cth), as well as crafting the relevant notifications to the Australian regulator and the individuals impacted from the breach.
Big 4 Bank
Advising a Big 4 Bank in building methodologies and risk frameworks and undertaking privacy and security impact assessments on all its “big data” projects.