Artboard 1Icons/Ionic/Social/social-pinterest

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate 

Data & Privacy

We’re proud to be a supporter of this year’s Privacy Awareness Week (PAW). PAW 2020 is about sharing information and practical tips that empower people to take control of their personal information. Running from 4 to 10 May, the theme ‘Reboot your privacy’ focuses on the steps we can all take to lock down our privacy settings and strengthen our passwords and other security controls.


About PAW

PAW encourages organisations and agencies across Australia like Holding Redlich to check our privacy controls and systems and consider the privacy alternatives as part of our efforts to keep personal information secure.

Your privacy is valuable to us, which is why we are a PAW 2020 supporter.

You can get involved in PAW by discussing how to exercise more control over your personal information with the people around you. Here are some tips you can use today:

  1. Protect your identity by checking your privacy controls and settings and using strong and different passwords across your accounts
  2. Think before you share or check-in on social, and be careful posting your photos and location
  3. Your mobile phone and apps can track your online activity and your physical location, so consider when to switch off tracking
  4. Connected devices around the home like home assistants, toys, appliances and even your car can collect your personal information — check device settings and disconnect if you don’t need it to be online
  5. Watch out for online scams including phishing attacks — a key cause of personal data breaches — and don’t click on links in suspicious emails or texts


The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

For our latest analysis on the expected changes to Australia’s privacy regulatory landscape over 2020/21, watch our webinar co-hosted with OneTrust DataGuidance here.  


Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 


Recent Posts

24 June 2020 - Knowledge

Venue privacy obligations following COVID-19 re-openings

#Data & Privacy, #COVID-19

As businesses re-open across the country, many venues are collecting customers’ personal data to assist COVID-19 tracing efforts. How should this information be handled to avoid breaching privacy laws?

20 May 2020 - Knowledge

Liability for breaches of Australia’s Privacy Act to increase but class actions unlikely to be supported

#Data & Privacy, #COVID-19

The Australian Privacy Commissioner has signalled an intent to increase regulatory action and the Government is likely in the short term to introduce reforms to increase the penalties under Australia’s privacy legislation, though it is unlikely those reforms will result in an increase in class actions.

13 May 2020 - Knowledge

Your data questions answered

#Data & Privacy, #Technology, Media & Telecommunications

Our data & privacy team set out a comprehensive Q&A that answers common questions relating to Australia’s national privacy regulatory framework and data-related issues.

13 May 2020 - Knowledge

Virtual Governance and Risk Management Forum 2020 – regulatory efforts in response to COVID-19

#Data & Privacy, #COVID-19

We highlight key insights from the forum, including how regulatory bodies like the ASX can ensure flexibility in regulatory obligations while maintaining the integrity of the system during the pandemic.

08 May 2020 - Knowledge

PAW 2020: Are you being smart about privacy?

#Data & Privacy, #COVID-19

The Office of the Information Commissioner Queensland (OICQ) has released a number of resources and activities to help raise awareness of privacy rights and responsibilities in Queensland during the 2020 Privacy Awareness Week (PAW) which runs from 4 to 10 May 2020.

08 May 2020 - Knowledge

PAW 2020: Privacy and pivots – be aware of original purpose of collection

#Data & Privacy, #COVID-19

As Privacy Awareness Week occurs this year in the midst of the COVID-19 pandemic, it is opportune to remember the key privacy principle of using personal information for the purposes for which it was collected.

08 May 2020 - Knowledge

Data deletion policies – do you have one?

#Data & Privacy

The Privacy Act requires that organisations take all reasonable steps to destroy or de-identify personal information when it is no longer necessary – does your organisation?

29 April 2020 - Knowledge

Privacy update: OAIC guidance on managing employee and visitor health information during COVID-19

#Corporate & Commercial Law, #Data & Privacy, #COVID-19

Many organisations have been implementing or expanding remote working arrangements for employees as a response to COVID-19. However, organisations must continue to manage personal information in accordance with legal requirements relating to privacy.

25 March 2020 - Knowledge

Privacy of employees and others in 2020

#Data & Privacy

Public health concerns have heightened awareness of sharing important information, but what are the limits?

25 March 2020 - Knowledge

Discussion: The future of privacy regulation in Australia

#Data & Privacy

Tune into our latest analysis on the expected changes to Australia’s privacy regulatory landscape over 2020/21 in this webinar presented by partner Angela Flannery and senior associate Sarah Cass.

11 March 2020 - Knowledge

Australian Information Commissioner takes Federal Court action against Facebook

#Data & Privacy

The Australian Information Commissioner has taken Facebook to court for difficult to use settings that consumers could not easily use that enabled a third party app to harvest personal information of both the users of the app and their Facebook friends.

03 March 2020 - Knowledge

Next regulatory steps taken for Australia’s consumer data right

#Data & Privacy

The OAIC issued its CDR Privacy Safeguard Guidelines on 24 February 2020, which is one more regulatory step forward in the implementation of the Consumer Data Right.