Artboard 1Icons/Ionic/Social/social-pinterest

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate

Data & Privacy

We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.

Expertise

The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

Experience

Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 

  



Dan Pearce

Dan Pearce

General Counsel

Melbourne

More info
Trent Taylor

Trent Taylor

Partner

Brisbane

More info
Greg Wrobel

Greg Wrobel

Partner

Sydney

More info
Lyn Nicholson

Lyn Nicholson

General Counsel

Sydney

More info
Lisa Fitzgerald

Lisa Fitzgerald

Partner

Melbourne

More info
Andrew Hynd

Andrew Hynd

Partner

Brisbane

More info

Recent Posts

19 August 2019 - Knowledge

HealthEngine: The intersection of privacy and consumer protection

#Competition & Consumer Law, #Data & Privacy

The Australian Competition & Consumer Commission has announced that it had commenced legal proceedings in the Federal Court against the online platform, HealthEngine Pty Ltd alleging that a number of its practices constitute misleading and deceptive conduct in breach of the Australian Consumer Law.

13 August 2019 - Knowledge

Privacy by Design, AI and ethics: The big topics for privacy professionals

#Data & Privacy

Showing we have a strong and engaged privacy community in Sydney, we had an excellent discussion at a well-attended event hosted by Holding Redlich yesterday evening. We wrap up the key issues.

02 August 2019 - Knowledge

The Australian Consumer Data Right is go

#Data & Privacy

Legislation creating the highly anticipated Consumer Data Right has been passed by the Australian Federal Government. Formal commencement is expected to begin in February 2020. Read our overview to understand how you are affected.

01 August 2019 - Knowledge

Facebook just fine following eye-watering privacy penalty?

#Data & Privacy, #Technology, Media & Telecommunications

Following a year-long investigation into Facebook’s role in the Cambridge Analytica privacy saga, the US Federal Trade Commission and Facebook have reached a settlement whereby Facebook will be required to pay US $5.1 billion for violating a previous settlement order with the FTC.

23 July 2019 - Knowledge

Equifax fined – isn’t this old news?

#Data & Privacy

This is a new fine and it is not old news and in fact, this article is the sixth article we have written on various implications of the original September 2017 Equifax data breach.

09 July 2019 - Knowledge

Sky high: Record £183m (AUD$329m) GDPR fine on the horizon for British Airways following data breach

#Data & Privacy, #Technology, Media & Telecommunications

If Australian businesses conducting activities in the EU were not already paying attention to the General Data Protection Regulation introduced in Europe last May, they should be now.

01 July 2019 - Knowledge

Now live: New information security requirements and Board responsibility for financial services entities

#Corporate & Commercial Law, #Data & Privacy, #Competition & Consumer Law

Financial services in Australia are now subject to increased cyber-security and information security regulation.

18 June 2019 - Knowledge

Privacy breaches in the workplace: Why employers need to think twice before diving into the latest technology

#Data & Privacy

A recent case where an employee was dismissed for refusing to give his fingerprint record to his employer has prompted significant debate about privacy issues in the workplace. The dismissal was ultimately found to be unfair and the employer in breach of privacy laws but the case has raised some important privacy issues. We list the key privacy lessons from the case and outline how employers can create a robust privacy and data protection environment.

14 May 2019 - Knowledge

Don’t be in the dark on risks relating to privacy!

#Data & Privacy

Don’t be in the dark on risks relating to privacy! General Counsel Lyn Nicholson recaps the Global Privacy summit and the impact data risk has on businesses globally.

02 April 2019 - Knowledge

ACCC releases draft rules for Consumer Data Right

#Data & Privacy

The ACCC has released the draft rules governing the implementation of Consumer Data Right – you have until 10 May 2019 to have your say.