Icons/Ionic/Social/social-pinterest

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate

Data & Privacy

We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the upcoming European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.

Expertise

The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

Experience

Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 

Dan Pearce

Dan Pearce

Partner

Melbourne

More info
Trent Taylor

Trent Taylor

Partner

Brisbane

More info
Greg Wrobel

Greg Wrobel

Partner

Sydney

More info
Paul Venus

Paul Venus

Managing Partner

Brisbane

More info
Lyn Nicholson

Lyn Nicholson

General Counsel

Sydney

More info

Recent Posts

08 August 2018 - Knowledge

NSW Government Bulletin - 8 August 2018

#Government, #Data & Privacy

While the discussion about opting out of MyHealth record at a Federal level centres on issues relating to cybersecurity, a reported data breach in NSW last week indicates that paper health records may not be more secure.

01 August 2018 - Knowledge

The second Quarterly Data Breach Report is in and the numbers are up!

#Data & Privacy

On 31st of July 2018 the Office of the Australian Information Commissioner (OAIC) released the second Notifiable Data Breaches Quarterly Statistics Report, recording 242 breach notifications.

16 May 2018 - Knowledge

Privacy in the Facebook age: is your business ready for the GDPR?

#Data & Privacy

The Facebook Cambridge Analytica scandal dominated headlines for weeks. Public concern over digital privacy and data security is growing with every high profile data security breach. Businesses are being forced to adapt to an environment where individuals are aware that their personal data is valuable, vulnerable and, in many cases, commercially exploited by social media platforms and third parties.

09 May 2018 - Knowledge

CBA data breach: The law is the law but does transparency matter more?

#Data & Privacy

We look at a case that illustrates that while it may not be a foregone conclusion for businesses to notify when faced with a data breach, they do have a legal obligation to assess a suspected data breach and then assess if there is real risk of serious harm.

30 April 2018 - Knowledge

Impact of the Children Legislation Amendment (Information Sharing) Act 2018

#Data & Privacy

The Children Legislation Amendment (Information Sharing) Act 2018 (Vic) (the Act) was assented to on the 10 April 2018, establishing the child wellbeing and safety information-sharing scheme.

24 April 2018 - Knowledge

Could you be fined for failing to train staff in using Excel correctly? A recent UK decision provides a salutary lesson

#Data & Privacy

A recent decision of the UK Information Commissioner has highlighted the risks for businesses who share information using Excel spreadsheets.

03 April 2018 - Knowledge

Mandatory notification under Australia's new Notifiable Data Breach regime has commenced

#Data & Privacy

New data breach reporting obligations commenced on 22 February 2018. On and from that date entities subject to the Privacy Act 1988 (Cth) (the Privacy Act) will have a mandatory obligation to report...

03 April 2018 - Knowledge

Data sharing and analytics: Two new privacy guides launched

#Data & Privacy

The privacy regulator, the Office of the Australian Information Commissioner (OAIC), has issued two new guides that will be useful for any business considering data sharing and analytics.

28 March 2018 - Knowledge

Opinion: What does the Facebook Cambridge Analytica scandal mean for Australian businesses?

#Data & Privacy

If you are following the Facebook Cambridge Analytica scandal, you will be reading many comments about what it means for social media, for data analytics, for businesses in general and there are many ...

21 March 2018 - Knowledge

ACCC takes action on false and misleading representations and unconscionable conduct

#Data & Privacy

On 16 March 2018 the ACCC announced that it was taking proceedings in the Federal Court against the credit reporting body Equifax Pty Limited. The actions were alleging breaches...

05 March 2018 - Knowledge

Counting down to Europe's new data protection laws, and why Australian businesses need to comply

#Data & Privacy

The European Union's General Data Protection Regulation (GDPR) is one of the most comprehensive overhauls of privacy regulation in recent history, and represents a significant expansion...

14 February 2018 - Knowledge

New privacy laws to hit next week - are you prepared?

#Data & Privacy

The new Notifiable Data Breach laws come into effect on 22 February. Outlined below are some tips to help get you up to speed.1. Are you complying with your current obligations as set out in the Australian Privacy Principles (APPs)?