Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate
We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.
The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.
Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.
We can assist with your privacy and data protection concerns by:
We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions.
We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.
Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.
Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions.
23 October 2019 - Knowledge
In our last instalment on the IAPP EY 2019 Privacy Governance Report, we look at why enforcement actions don’t catch up with the high number of data breaches.
16 October 2019 - Knowledge
Results from the 2019 Privacy Governance Report released by EY and the International Association of Privacy Professionals are telling. We deep dive into the chapter devoted to data subject requests, also known as data subject access requests, and consider what is happening in the US and the EU with individuals seeking access to their data and how it is impacting businesses.
09 October 2019 - Knowledge
In the second of our series on the IAPP EY Privacy Report, we look at the global trends and changing face of privacy management within organisations, and the long-running question of where privacy should, and does, fit within the executive management team.
30 September 2019 - Knowledge
Over the next five weeks, we take a look at key takeaways from the recently released Privacy Governance Report. This week: Why privacy budgets need to increase to respond to the upsurge in regulation.
25 September 2019 - Knowledge
In its final Digital Platforms Inquiry Report, the ACCC raises significant concerns over a number of competition and privacy issues impacting the ad tech supply chain relating to online advertising.
10 September 2019 - Knowledge
The latest quarterly Notifiable Data Breach Report confirms that employees remain the weakest link when it comes to protecting personal information against unauthorised access and disclosure.
19 August 2019 - Knowledge
The Australian Competition & Consumer Commission has announced that it had commenced legal proceedings in the Federal Court against the online platform, HealthEngine Pty Ltd alleging that a number of its practices constitute misleading and deceptive conduct in breach of the Australian Consumer Law.
13 August 2019 - Knowledge
Showing we have a strong and engaged privacy community in Sydney, we had an excellent discussion at a well-attended event hosted by Holding Redlich yesterday evening. We wrap up the key issues.
02 August 2019 - Knowledge
Legislation creating the highly anticipated Consumer Data Right has been passed by the Australian Federal Government. Formal commencement is expected to begin in February 2020. Read our overview to understand how you are affected.
01 August 2019 - Knowledge
Following a year-long investigation into Facebook’s role in the Cambridge Analytica privacy saga, the US Federal Trade Commission and Facebook have reached a settlement whereby Facebook will be required to pay US $5.1 billion for violating a previous settlement order with the FTC.
09 July 2019 - Knowledge
If Australian businesses conducting activities in the EU were not already paying attention to the General Data Protection Regulation introduced in Europe last May, they should be now.