Data protection, privacy and cyber security - Henry Davis York

Data protection, privacy and cyber security

Spacer Panel

Organisations, whether they are corporates or government agencies, are increasingly realising the value of their data and technology assets. Having technology work for you can be a definite advantage. But there are pitfalls, particularly as the pace of regulation around data protection, privacy and cyber security continues to increase in Australia and globally. HDY understands the regulatory landscape, and we’re plugged in to the next wave of change and how it will impact our clients.

The importance of protecting the data and extracting the maximum value from it, particularly as businesses embrace cloud-based solutions and have less direct control of where and how their data is stored, cannot be overestimated.

Australian data regulation – in line with what is occurring in jurisdictions globally – is evolving. Businesses and government agencies are responding by building in-house capability and seeking expert advice. Our team can help to ensure you are fully compliant with the requirements of regulators, and your data and reputation are protected in the event of a breach. We help our clients to manage reputational and data risks as they arise either during the normal course of business, or as part of interaction with the regulator.

Having been ranked in The Legal 500 Asia Pacific’s TMT: IT and Telecommunications since 2012 and Chambers Asia-Pacific TMT: IT and Telecommunications since 2012, we are recognised leaders in data protection, privacy and cyber security. Our multidisciplinary, solutions-focused team can help you navigate the full spectrum of data protection, privacy, information law and cyber security issues.

Data protection and privacy

  • Privacy by design – developing and implementing privacy frameworks, identifying privacy compliance risks and conducting privacy impact assessments
  • Compliance and privacy governance – drafting and advising on privacy policies, notices and consents, internal operational manuals and providing privacy training
  • Outsourcing and the cloud – advising on contractual arrangements to address privacy issues relating to outsourcing, offshoring and cloud arrangements and the use of mobile and web-based platforms
  • Emerging technology – privacy implications of developments in technology and their application to customer-facing products and services
  • Marketing and promotion – privacy and other legal issues relating to promotional and marketing campaigns, including direct marketing regulations
  • Big data – the commercialisation of data assets, including re-identification risks
  • Privacy complaints and access requests - assisting with requests to access personal information, complaints made to clients and regulators, and requests for external review and compensation

Cyber security

  • Assessment and evaluation of a breach – response and incident plans and other mitigation strategies, including whether notification of regulatory authorities is appropriate/necessary
  • Data breach notification – dealing with regulators and advising on the extent to which they need to be, or ought to be, notified of data breaches or cyber attacks
  • Criminal and employment issues – data breaches, including white-collar fraud
  • Ending cyber attacks – obtaining urgent interlocutory and final relief through the courts against individuals engaged in illegal conduct including hacking and cyber-squatting
  • Data breach claims – claims, injunctions and other court orders against third parties to secure information or assets which have been the subject of a data breach and delivery of documents obtained illegally
  • Liability – advising on directors' and officers' liabilities arising from data breaches, particularly in relation to regulatory frameworks
  • Insurance – advising on cyber-insurance cover and recoverability

Smart contracts

Our publications

Our Relevant Experience

  • Australian Bank

    Assisting a leading Australian Bank in the establishment of its digital trust and privacy team, including developing privacy risk methodologies and processes from the ground up, conducting privacy impact assessments and providing privacy advice on consumer credit reporting laws and the use of virtual data rooms.

  • 2 new start-up businesses

    A group of Australian companies launching 2 new start-up businesses providing online professional networking websites and directories to businesses in the health and disability sectors, including drafting privacy policies, collection notices and advising on agreements with a number of third parties, such as cloud services providers and registered training organisations.

  • Global Investment Bank

    Advising a Global Investment Bank on the impact of reforms to privacy law in Australia on its enterprise-wide operations, including a review of all its client-facing documentation, arrangements with suppliers and policies and procedures. This involved revising internal and external-facing policies, contracts and documentation for compliance with the reforms, and providing recommendations for changes to internal operations and procedures to facilitate such compliance (which recommendations were subsequently implemented).

  • Global Pharmaceutical Company

    Acting for and advising a Global Pharmaceutical Company when faced with illegal conduct by an individual including hacking of the company's website, cyber-squatting and defamatory conduct on social media. Our team sought urgent interlocutory and final relief in the Federal Court and the Internet Corporation for Assigned Names and Numbers (ICANN), including permanent injunctions and damages for misleading or deceptive conduct and injurious falsehood.

  • Leading Insurance Provider

    Advising a Leading Insurance Provider on privacy issues addressing legacy use of government related identifiers and breaches of the Privacy Act, including advising on a public interest determination and seeking an amending regulation under the Privacy Act and liaising with the Privacy Commissioner and the Attorney General's Department. Through that process, the client was able to gauge a full appreciation of the privacy risks associated with its use of government related identifiers and what steps it needed to put in place to mitigate those risks.

Donna Short


61 417 211 808

61 2 9947 6585

Matthew McMillan


61 437 571 910

61 2 9947 6727

Hazel McDwyer

Special Counsel

61 2 9947 6391

Angela Tan

Special Counsel

61 2 9947 6099

Ken Wong

Senior Associate

61 2 9947 6599