Cyber Security, Privacy, and Data
Managing enterprise and reputational risk in relation to personal information, digital assets, and corporate data is an increasingly complex challenge with ongoing digitisation, the rise of artificial intelligence (AI), regular regulatory change, and an evolving threat landscape.
As a result of relentless technological advances, including AI-driven innovations, ubiquitous digitisation, increasing cyber threats, and increasing regulatory complexity, having experienced counsel to guide your business through the privacy, AI and cyber landscapes is more important than ever.
Our data protection and cyber security team includes specialists across our IT and privacy, corporate crime and investigations, employment, insurance and risk, litigation and dispute resolution, intellectual property, and corporate practices.
We assist organisations in all sectors, with expertise and experience across the full spectrum of cyber security, privacy, and data risk management, including:
- transactional – structuring, drafting, and negotiating data-centric transactions including those involving AI-driven technologies;
- policy – preparing and implementing internal policy documents and data management frameworks, including staff training on cybersecurity and AI usage;
- risk and governance – planning and prevention, including preparing risk analysis frameworks and advising on directors’ duties and corporate governance obligations;
- advisory – advising on the use of AI, data protection and regulatory compliance, including under State, Territory, and Commonwealth privacy legislation and Australian Consumer Law;
- incident response – handing all aspects of cyber incident response, including assessment, reporting, and engagement of forensic consultancy experts;
- insurance – development and placement of cyber risk insurance via Allegiant IRS;
- litigation and dispute resolution – strategic guidance on litigation strategy and defence of claims involving cyber, data, and AI-related disputes; and
- national security – advising on application of Security of Critical Infrastructure Act 2018 (Cth) (SOCI), including registration, notification, and cooperation obligations.
We regularly advise overseas entities in relation to their Australian privacy and data management obligations and assist to implement practical measures to address those obligations. We are familiar with the challenge of ‘translating’ between Australian and overseas regimes, and are experienced in finding practical solutions to best-fit the requirements of multiple jurisdictions including those impacted by AI regulations.
Experience
Global data breaches
Acting as Australian Counsel on various global data breaches, including widely-publicised personal information security incidents and corporate extortion campaigns. Advising on Australian requirements and cross-jurisdictional strategy, our Digital and IP team provided tailored solutions to navigate complex legal frameworks across multiple jurisdictions, ensuring compliance and minimising risk for our clients.
Data protection and privacy
Regularly advising multinational conglomerates on Australian aspects of global data processing agreements. Recent examples include work for a global pharmaceutical provider on the implementation of its global Group Company Agreements for processing of data worldwide in compliance with EU requirements and advising a global consumer goods brand on its connected devices project.
Cyber attack response
Acting for a community based, not-for-profit organisation who was the victim of a cyber attack resulting in the denotation of BlackCat ransomware. Our Digital and IP, and Litigation teams assisted in in assessing, responding to, and managing the data breach from a legal perspective, including advising the client’s obligations under the Privacy Act 1988 (Cth), as well as crafting the relevant notifications to the Australian regulator and the individuals impacted from the breach.
National & international clients
Advising various national and international clients on business-as-usual privacy compliance, including data subject access requests, security obligations, and usage limitations. Our extensive experience in handling cross-jurisdictional matters allows us to seamlessly navigate the complexities of differing regulatory landscapes, ensuring that our clients remain compliant with both domestic and international privacy laws.
Cryptocurrency disputes
Acting for a cryptocurrency exchange platform in a number of cryptocurrency disputes arising from the alleged theft/loss of digital assets and fiat funds from customer accounts and cryptocurrency wallets by third party scammers. This has involved detailed investigation of fraudulent transactions, tracing of cryptocurrency assets, and recommended strategies for resolution of disputes.
Big 4 Bank
Advising a Big 4 Bank in building methodologies and risk frameworks and undertaking privacy and security impact assessments on all its “big data” projects.