Data Protection, Privacy & Cyber Security

Organisations, whether they are corporates or government agencies, are increasingly realising the value of their data and technology assets. Having technology work for you can be a definite advantage. But there are pitfalls, particularly as the pace of regulation around data protection, privacy and cyber security continues to increase in Australia and globally. HDY understands the regulatory landscape, and we’re plugged in to the next wave of change and how it will impact our clients.

The importance of protecting the data and extracting the maximum value from it, particularly as businesses embrace cloud-based solutions and have less direct control of where and how their data is stored, cannot be overestimated.

Australian data regulation – in line with what is occurring in jurisdictions globally – is evolving. Businesses and government agencies are responding by building in-house capability and seeking expert advice. Our team can help to ensure you are fully compliant with the requirements of regulators, and your data and reputation are protected in the event of a breach. We help our clients to manage reputational and data risks as they arise either during the normal course of business, or as part of interaction with the regulator.

Having been ranked in The Legal 500 Asia Pacific’s TMT: IT and Telecommunications since 2012 and Chambers Asia-Pacific TMT: IT and Telecommunications since 2012, we are recognised leaders in data protection, privacy and cyber security. Our multidisciplinary, solutions-focused team can help you navigate the full spectrum of data protection, privacy, information law and cyber security issues.

Data protection and privacy

  • Privacy by design – developing and implementing privacy frameworks, identifying privacy compliance risks and conducting privacy impact assessments
  • Compliance and privacy governance – drafting and advising on privacy policies, notices and consents, internal operational manuals and providing privacy training
  • Outsourcing and the cloud – advising on contractual arrangements to address privacy issues relating to outsourcing, offshoring and cloud arrangements and the use of mobile and web-based platforms
  • Emerging technology – privacy implications of developments in technology and their application to customer-facing products and services
  • Marketing and promotion – privacy and other legal issues relating to promotional and marketing campaigns, including direct marketing regulations
  • Big data – the commercialisation of data assets, including re-identification risks
  • Privacy complaints and access requests – assisting with requests to access personal information, complaints made to clients and regulators, and requests for external review and compensation.

Cyber security

  • Assessment and evaluation of a breach – response and incident plans and other mitigation strategies, including whether notification of regulatory authorities is appropriate/necessary
  • Data breach notification – dealing with regulators and advising on the extent to which they need to be, or ought to be, notified of data breaches or cyber attacks
  • Criminal and employment issues – data breaches, including white-collar fraud
  • Ending cyber attacks – obtaining urgent interlocutory and final relief through the courts against individuals engaged in illegal conduct including hacking and cyber-squatting
  • Data breach claims – claims, injunctions and other court orders against third parties to secure information or assets which have been the subject of a data breach and delivery of documents obtained illegally
  • Liability – advising on directors' and officers' liabilities arising from data breaches, particularly in relation to regulatory frameworks
  • Insurance – advising on cyber-insurance cover and recoverability.
Matthew McMillan

I am about delivering excellence and what matters most to our clients. I am not constrained by traditional ways of thinking.

Meet some of our team

Our Data Protection, Privacy & Cyber Security Experience

2 new start-up businesses

A group of Australian companies launching 2 new start-up businesses providing online professional networking websites and directories to businesses in the health and disability sectors, including drafting privacy policies, collection notices and advising on agreements with a number of third parties, such as cloud services providers and registered training organisations.

Australian Bank

Assisting a leading Australian Bank in the establishment of its digital trust and privacy team, including developing privacy risk methodologies and processes from the ground up, conducting privacy impact assessments and providing privacy advice on consumer credit reporting laws and the use of virtual data rooms.

Global Investment Bank

Advised on the establishment of a digital investment platform. Our assistance included reviewing and signing off on the distribution arrangements as well as on the regulatory compliance in relation to the platform, and various offering documents. This culminated in the successful launch of the platform and the achievement of the targeted objective of leveraging technology to access the customer base in new and innovative ways.

Global Pharmaceutical Company

Acting for and advising a Global Pharmaceutical Company when faced with illegal conduct by an individual including hacking of the company's website, cyber-squatting and defamatory conduct on social media. Our team sought urgent interlocutory and final relief in the Federal Court and the Internet Corporation for Assigned Names and Numbers (ICANN), including permanent injunctions and damages for misleading or deceptive conduct and injurious falsehood.

Leading Insurance Provider

Advising a Leading Insurance Provider on privacy issues addressing legacy use of government related identifiers and breaches of the Privacy Act, including advising on a public interest determination and seeking an amending regulation under the Privacy Act and liaising with the Privacy Commissioner and the Attorney General's Department. Through that process, the client was able to gauge a full appreciation of the privacy risks associated with its use of government related identifiers and what steps it needed to put in place to mitigate those risks.