Artboard 1Icon/UI/CalendarIcons/Ionic/Social/social-pinterest

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate

Data & Privacy

We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.


The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

For our latest analysis on the expected changes to Australia’s privacy regulatory landscape over 2020/21, watch our webinar co-hosted with OneTrust DataGuidance here.  


Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 


Recent Posts

14 October 2020 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

How is trust in NSW government? Better than you may expect according to the results from the Information and Privacy Commission’s latest community attitudes survey on data sharing, information access and agency assistance.

29 September 2020 - Knowledge

Personal data fears: Companies lose consumer trust

#Data & Privacy

Australians have lost trust in companies’ handling of personal data, according to a recent Office of the Australian Information Commissioner survey.

15 September 2020 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

Service NSW supports small business in their COVID-19 safety plans by upgrading its app to manage visitor registrations.

31 August 2020 - Knowledge

COVID-19 identified who was essential but cyber security will determine who is critical

#Data & Privacy

The Department of Home Affairs has issued a consultation paper on critical infrastructure and systems of national significance to revisit the critical sectors in the post-pandemic world, and how to protect them.

12 August 2020 - Knowledge

‘Your explicit consent’ – what it means and why the ACCC is taking Google to court (again)

#Technology, Media & Telecommunications, #Competition & Consumer Law, #Data & Privacy

We discuss why the ACCC thinks Google misled consumers to agree to a 2016 privacy policy change that allows a more extensive collection of personal information, and what implications this might have for all businesses.

07 July 2020 - Knowledge

The importance of a crisis-proof strategy

#Data & Privacy

The old saying “never waste a good crisis” has never been as relevant as it is now. Many organisations are facing business issues in circumstances they never expected and are needing to respond in agile ways.

07 July 2020 - Knowledge

The importance of compliance with the Spam Act

#Data & Privacy

In light of recent action taken against Woolworths and Optus for breaches of the Spam Act, businesses should ensure they have processes and procedures in place to comply with this legislation.

24 June 2020 - Knowledge

Venue privacy obligations following COVID-19 re-openings

#Data & Privacy, #COVID-19

As businesses re-open across the country, many venues are collecting customers’ personal data to assist COVID-19 tracing efforts. How should this information be handled to avoid breaching privacy laws?

20 May 2020 - Knowledge

Liability for breaches of Australia’s Privacy Act to increase but class actions unlikely to be supported

#Data & Privacy, #COVID-19

The Australian Privacy Commissioner has signalled an intent to increase regulatory action and the Government is likely in the short term to introduce reforms to increase the penalties under Australia’s privacy legislation, though it is unlikely those reforms will result in an increase in class actions.

13 May 2020 - Knowledge

Your data questions answered

#Data & Privacy, #Technology, Media & Telecommunications

Our data & privacy team set out a comprehensive Q&A that answers common questions relating to Australia’s national privacy regulatory framework and data-related issues.

13 May 2020 - Knowledge

Virtual Governance and Risk Management Forum 2020 – regulatory efforts in response to COVID-19

#Data & Privacy, #COVID-19

We highlight key insights from the forum, including how regulatory bodies like the ASX can ensure flexibility in regulatory obligations while maintaining the integrity of the system during the pandemic.

08 May 2020 - Knowledge

PAW 2020: Are you being smart about privacy?

#Data & Privacy, #COVID-19

The Office of the Information Commissioner Queensland (OICQ) has released a number of resources and activities to help raise awareness of privacy rights and responsibilities in Queensland during the 2020 Privacy Awareness Week (PAW) which runs from 4 to 10 May 2020.