Artboard 1Icon/UI/CalendarIcons/Ionic/Social/social-pinterestIcon/UI/Video-outline

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate

Data & Privacy

We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.


The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

For our latest analysis on the expected changes to Australia’s privacy regulatory landscape over 2020/21, watch our webinar co-hosted with OneTrust DataGuidance here.  


Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 


Recent Posts

24 November 2021 - Knowledge

Security of Critical Infrastructure Act – the past, present and future

#Corporate & Commercial Law, #Data & Privacy

The passage of the Security Legislation Amendment (Critical Infrastructure) Bill 2021 in Parliament this week will see key amendments made to the Security of Critical Infrastructure Act 2018. We consider the likely impact of these changes on owners and operators of relevant critical infrastructure assets.

08 September 2021 - Knowledge

COVID-19 privacy principles for handling personal data

#Data & Privacy, #Technology, Media & Telecommunications, #COVID-19

Australia’s key privacy authorities have jointly issued five privacy principles to guide policymakers and businesses in a universal approach to handling personal information during the pandemic.

24 August 2021 - Knowledge

Peering into Google’s state of mind: Potential penalties in the ACCC’s location data misleading and deceptive conduct case

#Technology, Media & Telecommunications, #Data & Privacy

The Australian Competition & Consumer Commission and Google are contesting the penalties that will be imposed on Google for breaching the Australian Consumer Law in relation to its location data collection practices.

21 July 2021 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

In a report released last week, the NSW Auditor-General found that Transport for NSW and Sydney Trains are not effectively managing their cyber security risks.

17 June 2021 - Knowledge

A final word on privacy

#Data & Privacy, #Government

The Office of the Australian Information Commissioner announced on 26 May 2021 that it is undertaking an assessment of compliance with section 15.1 of the Privacy (Australian Government Agencies – Governance) Code 2017.

17 June 2021 - Knowledge

Data Sovereignty and the Digital Transformation Agency’s Hosting Certification Framework

#Data & Privacy, #Government

The Digital Transformation Agency established a new Hosting Certification Framework in April 2021 which, reflecting Commonwealth Government concerns as to data sovereignty, will be rolled out over the next year to providers of hosting and related data centre services to Commonwealth agencies.

09 June 2021 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

The NSW Information and Privacy Commission has identified common privacy risks across digital projects seeking funding from the Digital Restart Fund in a recent regulatory advice for state government agencies.

26 May 2021 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

The 2021 NSW Cyber Security Strategy will see NSW become a world leader in cyber security, with government agencies tasked to lead by example in best practice and cyber resilience.

12 May 2021 - Knowledge

NSW Government Bulletin

#Government, #Data & Privacy

All NSW government agencies and departments will need to notify the Privacy Commissioner and affected individuals when a data breach is likely to result in serious harm under a new mandatory data breach notification scheme.

06 May 2021 - Knowledge

This Privacy Awareness Week we take a quick look at some of the possible reforms that may come out of Australia’s Privacy Act Review

#Data & Privacy, #Technology, Media & Telecommunications

The Australian Government is currently conducting a comprehensive review of the Privacy Act 1988 (Cth). This Privacy Awareness Week we take a quick look at some of the possible reforms that may be made as a result of this review, and the potential influence of approaches taken in privacy regulation in other jurisdictions.

14 April 2021 - Knowledge

ACCC continues to investigate the Australian ad tech services market while litigation in the United States heats up

#Technology, Media & Telecommunications, #Data & Privacy

With the final stage of the ACCC’s Ad Tech Inquiry underway, Australian ad tech market participants are closely watching developments in international antitrust proceedings against the major digital platforms.

12 April 2021 - Knowledge

What is your ‘vaccination status’? Privacy obligations for employers collecting their employees’ vaccination information

#Data & Privacy, #Workplace Relations & Safety, #COVID-19

We provide an outline of employers’ obligations under the Australian Privacy Principles when collecting, using, storing, and disclosing information about their employee’s vaccination status.