Data protection, privacy and cyber security
Organisations, whether they are corporates or government agencies, are increasingly realising the value of their data and technology assets. Having technology work for you can be a definite advantage. But there are pitfalls, particularly as the pace of regulation around data protection, privacy and cyber security continues to increase in Australia and globally. HDY understands the regulatory landscape, and we’re plugged in to the next wave of change and how it will impact our clients.
The importance of protecting the data and extracting the maximum value from it, particularly as businesses embrace cloud-based solutions and have less direct control of where and how their data is stored, cannot be overestimated.
Australian data regulation – in line with what is occurring in jurisdictions globally – is evolving. Businesses and government agencies are responding by building in-house capability and seeking expert advice. Our team can help to ensure you are fully compliant with the requirements of regulators, and your data and reputation are protected in the event of a breach. We help our clients to manage reputational and data risks as they arise either during the normal course of business, or as part of interaction with the regulator.
Having been ranked in The Legal 500 Asia Pacific’s TMT: IT and Telecommunications since 2012 and Chambers Asia-Pacific TMT: IT and Telecommunications since 2012, we are recognised leaders in data protection, privacy and cyber security. Our multidisciplinary, solutions-focused team can help you navigate the full spectrum of data protection, privacy, information law and cyber security issues.
Data protection and privacy
- Privacy by design – developing and implementing privacy frameworks, identifying privacy compliance risks and conducting privacy impact assessments
- Compliance and privacy governance – drafting and advising on privacy policies, notices and consents, internal operational manuals and providing privacy training
- Outsourcing and the cloud – advising on contractual arrangements to address privacy issues relating to outsourcing, offshoring and cloud arrangements and the use of mobile and web-based platforms
- Emerging technology – privacy implications of developments in technology and their application to customer-facing products and services
- Marketing and promotion – privacy and other legal issues relating to promotional and marketing campaigns, including direct marketing regulations
- Big data – the commercialisation of data assets, including re-identification risks
- Privacy complaints and access requests - assisting with requests to access personal information, complaints made to clients and regulators, and requests for external review and compensation
- Assessment and evaluation of a breach – response and incident plans and other mitigation strategies, including whether notification of regulatory authorities is appropriate/necessary
- Data breach notification – dealing with regulators and advising on the extent to which they need to be, or ought to be, notified of data breaches or cyber attacks
- Criminal and employment issues – data breaches, including white-collar fraud
- Ending cyber attacks – obtaining urgent interlocutory and final relief through the courts against individuals engaged in illegal conduct including hacking and cyber-squatting
- Data breach claims – claims, injunctions and other court orders against third parties to secure information or assets which have been the subject of a data breach and delivery of documents obtained illegally
- Liability – advising on directors' and officers' liabilities arising from data breaches, particularly in relation to regulatory frameworks
- Insurance – advising on cyber-insurance cover and recoverability
23 Nov 2016
In part 1 of a special series looking into the future of smart contracts, HDY Technology partner Matthew McMillan aims to provide answers to the burning questions: are they smart and are they contracts?
02 Dec 2016
In part 2 of a special series looking into the future of smart contracts, HDY Technology partner Matthew McMillan endeavours to answer the question: are smart contracts legally effective agreements?
08 Dec 2016
In the final installment of a special three-part series looking into the future of smart contracts, HDY Technology partner Matthew McMillan explores the legal and regulatory challenges of smart contracts.
13 Dec 2016
How innovation as a concept is driving different initiatives in the financial services industry.
18 Jan 2016
The focus of this article is on the changes to section 19 of the PPIPA, which concern the disclosure of personal information to persons or bodies outside NSW and to Commonwealth agencies.
17 Aug 2015
The risk of a fatal blow due to the impact of a cyber security attack is real.
02 Apr 2015
The digitisation of financial services continues at a relentless pace but brings with it the challenge of managing customer data and the ever growing cyber security risks.
05 May 2014
The digital age has sparked a data revolution in financial services. With the explosion of internet connected devices and systems, data is being produced and processed in enormous volumes and at rates never seen before.
Our Relevant Experience
Assisting a leading Australian Bank in the establishment of its digital trust and privacy team, including developing privacy risk methodologies and processes from the ground up, conducting privacy impact assessments and providing privacy advice on consumer credit reporting laws and the use of virtual data rooms.
2 new start-up businesses
A group of Australian companies launching 2 new start-up businesses providing online professional networking websites and directories to businesses in the health and disability sectors, including drafting privacy policies, collection notices and advising on agreements with a number of third parties, such as cloud services providers and registered training organisations.
Advising a Global Investment Bank on the impact of reforms to privacy law in Australia on its enterprise-wide operations, including a review of all its client-facing documentation, arrangements with suppliers and policies and procedures. This involved revising internal and external-facing policies, contracts and documentation for compliance with the reforms, and providing recommendations for changes to internal operations and procedures to facilitate such compliance (which recommendations were subsequently implemented).
Global Pharmaceutical Company
Acting for and advising a Global Pharmaceutical Company when faced with illegal conduct by an individual including hacking of the company's website, cyber-squatting and defamatory conduct on social media. Our team sought urgent interlocutory and final relief in the Federal Court and the Internet Corporation for Assigned Names and Numbers (ICANN), including permanent injunctions and damages for misleading or deceptive conduct and injurious falsehood.
Leading Insurance Provider
Advising a Leading Insurance Provider on privacy issues addressing legacy use of government related identifiers and breaches of the Privacy Act, including advising on a public interest determination and seeking an amending regulation under the Privacy Act and liaising with the Privacy Commissioner and the Attorney General's Department. Through that process, the client was able to gauge a full appreciation of the privacy risks associated with its use of government related identifiers and what steps it needed to put in place to mitigate those risks.