Artboard 1Icon/UI/CalendarIcons/Ionic/Social/social-pinterestIcon/UI/Video-outline

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining the confidence of all stakeholders as to their data practices

Data & Privacy

Data and privacy regulation in Australia in 2024 is in a state of flux. The legislative response to the Privacy Act Review will introduce significant changes and there are ongoing moves towards better regulation of social media and the digital platforms.


Your data is an asset

Our lawyers understand that how your business handles data, including both personal and non-personal information, is critical to its success. We understand that the regulation of data extends to the various technologies used to deploy it and how it is shared with third parties.

Our practice covers data in many forms, including business information, big data sets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law, technology and complex commercialisation arrangements.

Increasingly, customers and contractual counterparties are demanding transparency into data practices and robust data governance practices are being required of businesses at all levels.

We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security and technology officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying data practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and conducting privacy impact assessments.

Read our chapter in the latest Global Data Review Insight Handbook to learn more about Australia's privacy laws and recent developments that could affect you.


Information and data governance frameworks

We work with boards and senior managers to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions.

Harmonising compliance

Many organisations operate under GDPR and need to streamline their Australian compliance practices with their international processes and procedures. We have experience in undertaking these reviews and assisting in drafting both internal and client facing documentation to support and enable this.

Consumer Data Right (CDR)

We have experience advising participants in the CDR system in relation to the Privacy Safeguards and the relevant documentation to support various compliance obligations.

Digitising business

We have advised many clients as they take their businesses into the digital age, finding new ways to leverage their data assets, embracing new technologies and collaborating with third parties to provide and develop new services. We can assist in ensuring contractual obligations supporting these offerings are compliant with privacy and other laws.

Data breach planning, investigation and response

How you respond to a data breach can be critical to your continued success and survival. We can assist you to develop breach response plans, rehearse and scenario plan and prepare in advance your response and investigation planning methodology and team. We also assist in responding to privacy complaints, access requests and liaising with the Office of the Australian Information Commissioner.

Data insights

We have extensive experience advising organisations about the collection and use of various elements of personal information in Australia, including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia.

Data security and critical infrastructure

We have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities. If you are impacted by the critical infrastructure rules, we can advise you in relation to data processing and storage and notification obligations.

Regulator investigations and enquiries

We have experience:

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open data frameworks and information access (FOI)

We regularly act on behalf of applicants and respondents to Freedom of Information (FOI) requests. We advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions.

Secrecy advice

We advise Commonwealth and State governments (and contractors) on the application of secrecy provisions in agency-specific legislation such as the Health Insurance Act.

Privacy impact assessments (PIAs)

We have experience in preparing PIAs for government agencies and private organisations. We understand a PIA covers not only strict privacy compliance but often related government policy issues and requires consideration and involvement of affected stakeholders.

Recent Posts

07 May 2024 - Knowledge

I spy: Can employers monitor their employee’s use of company property?

#Workplace Relations & Safety, #Data & Privacy

This Privacy Awareness Week, we take a look at a recent decision which considers an employer’s right to monitor an employee’s use of company property and an employer’s obligations under the Privacy Act 1988 (Cth).

11 April 2024 - Knowledge

Eyewear retailer should have taken a closer look at their marketing settings

#Corporate & Commercial Law, #Data & Privacy

We look at recent action taken by ACMA against eyewear retailer Luxottica for breaching Australian Spam laws and highlight simple errors businesses should be aware of to avoid large fines.

25 March 2024 - Knowledge

Doxxing reform: New statutory tort proposed

#Data & Privacy

New legislation addressing doxxing has been proposed by the Australian Government, marking a significant shift in privacy law.

05 March 2024 - Knowledge

I’ve been hacked – what are my legal obligations?

#Data & Privacy

When crisis strikes and a myriad of tasks jostle for priority, mandated messaging to regulators, key suppliers and customers remains an ongoing obligation.

15 February 2024 - Knowledge

NSW Government Bulletin: Taking reasonable steps to protect privacy

#Government, #Data & Privacy

Current privacy laws require agencies to adopt ‘reasonable’ safeguards against unauthorised access, use or disclosure of personal information. What is considered ‘reasonable’ and how can agencies ensure they have sufficient protections in place?

13 February 2024 - Knowledge

Time to revisit your marketing settings? Recent penalties for breaching Spam law

#Data & Privacy, #Corporate & Commercial Law

A business that sent over 83,000 marketing messages was fined $302,500 for breaches in the Spam Act 2003. What are the key takeaways and lessons to be learnt?

24 January 2024 - Knowledge

NSW Government Bulletin summer edition: The more things change

#Government, #Data & Privacy, #Property, Planning & Development, #Workplace Relations & Safety

At the beginning of a new year of challenges, we refresh key concepts and skills to arm government lawyers for the year ahead.

14 December 2023 - Knowledge

Top five trends for Australian Government legal practice in 2024

#Government, #Data & Privacy, #Technology, Media & Telecommunications

With 2024 just around the corner, we look at emerging trends for Australian Government legal practice for the year ahead.

12 December 2023 - Knowledge

Queensland Government Bulletin: Information Privacy Act amendments passed

#Data & Privacy, #Government

On 29 November, the Information Privacy and Other Legislation Amendment Act 2023 was passed, bringing a new regime to public sector privacy in Queensland.

22 November 2023 - Knowledge

ASIC sets out basic practices for companies to manage cyber security

#Data & Privacy

ASIC's new report sets baseline expectations for companies around cyber security, making it a must-read for boards and senior management. The report comes as Government releases national Cyber Security Strategy.

15 November 2023 - Knowledge

Renewed focus on enforcing the Privacy Act 1988 (Cth)

#Data & Privacy, #Corporate & Commercial Law

The Australian Information Commissioner’s Federal Court proceedings against Australian Clinical Labs Limited demonstrate a shift towards a more proactive approach by the privacy regulator following recent major data breaches.

18 October 2023 - Knowledge

Privacy law changes – now is the time to prepare

#Data & Privacy

The Federal Government’s response to the Privacy Act Review Report confirms changes that will affect organisations’ data practices. Now is the time to prepare.