Artboard 1Icons/Ionic/Social/social-pinterest

Data & Privacy

Data is a crucial part of every business environment. It is imperative that all organisations have systems and procedures in place to manage local and international legal requirements as well as maintaining a social licence to operate

Data & Privacy

We have seen some key changes in the privacy space recently: the Australian Federal Government has introduced new mandatory breach notification laws and the European General Data Protection Regulation (GDPR) will have extraterritorial operation and potentially affect Australian businesses.

Expertise

The local mandatory data breach rules provide a reason for many Australian businesses to reconsider the way they collect, process, store, and share secure personal information. Even if one business is not concerned about its data practices, its business partners are likely to be increasingly persistent about transparency of legal compliance.

Our practice covers data in many forms, including business information, big datasets and personal and sensitive information. While we spend significant time advising on the Privacy Act and the Spam Act, the issues around data often crossover into competition law and complex commercialisation arrangements. We also understand managing data and privacy risk involves a range of stakeholders within an organisation and we often work not only with general counsel but internal executive teams including chief data officers, chief security officers, chief risk officers and the regulatory and communications executives.

We can assist with your privacy and data protection concerns by:

  • reviewing current policies and underlying practices
  • training management and frontline staff
  • preparing and implementing policies, codes of conduct, and internal procedures
  • providing advice in crisis situations – such as breaches
  • preparing compliance plans and privacy impact assessment.

Experience

Information Governance Frameworks

We work with senior managers and boards to develop and implement information governance frameworks. This encompasses risk management strategies and often overlaps with other areas of risk and compliance, including anti-corruption. Our primary concern is Privacy Act compliance as well as relevant international requirements so that group policies can align with all relevant jurisdictions. 

Data Breach planning, investigation and response

We can assist you to develop breach response plans, rehearse and scenario plan, prepare in advance your response and investigation planning methodology and team. We also assist in liaising with the Office of the Australian Information Commissioner.

Data Security

Holding Redlich has experience advising international organisations about the collection and use of various elements of personal information in Australia including the ability to use personal information to create derivative statistical and risk assessment products for use in and out of Australia. We also have experience drafting privacy, right to information and data security provisions for commercial contracts for local, State and Federal government agencies, Government owned corporations and statutory authorities.

Regulator investigations and enquiries

  • acting for both corporations and individuals in regulatory investigations and prosecutions
  • assisting clients in managing regulators’ monitoring and enforcement visits
  • advising on and creating compliance and risk management policies and programs tailored to the particular risks faced by different corporations and individuals
  • advising companies, directors and officers involved in external investigations and prosecutions brought by Commonwealth and state agencies.

Open Data frameworks and information access (FOI)

Holding Redlich acts on behalf of applicants and respondents to Freedom of Information requests. We regularly advise on the validity (or otherwise) of the scope of a request, and assist clients in refusing requests for documents that are either too voluminous or seek only documents that are exempt under the FOI Act. We also assist in the processing of FOI requests, including the review of documentation and assessment for exemption. Once a decision is made, we assist the decision-maker to communicate the basis of their decision. We have also successfully defended appeals and complaints made to the FOI Commissioner in respect of those decisions. 

  



Lisa Fitzgerald

Lisa Fitzgerald

Partner

Melbourne

More info
Dan Pearce

Dan Pearce

General Counsel

Melbourne

More info
Greg Wrobel

Greg Wrobel

Partner

Sydney

More info
Lyn Nicholson

Lyn Nicholson

General Counsel

Sydney

More info
Andrew Hynd

Andrew Hynd

Partner

Brisbane

More info
Trent Taylor

Trent Taylor

Partner

Brisbane

More info

Recent Posts

16 October 2019 - Knowledge

Privacy in 2019: A growing demand for individuals accessing their personal data

#Data & Privacy

Results from the 2019 Privacy Governance Report released by EY and the International Association of Privacy Professionals are telling. We deep dive into the chapter devoted to data subject requests, also known as data subject access requests, and consider what is happening in the US and the EU with individuals seeking access to their data and how it is impacting businesses.

09 October 2019 - Knowledge

Privacy in 2019: Who’s in your privacy team?

#Data & Privacy

In the second of our series on the IAPP EY Privacy Report, we look at the global trends and changing face of privacy management within organisations, and the long-running question of where privacy should, and does, fit within the executive management team.

30 September 2019 - Knowledge

Privacy in 2019: How does your privacy budget compare?

#Data & Privacy, #Technology, Media & Telecommunications

Over the next five weeks, we take a look at key takeaways from the recently released Privacy Governance Report. This week: Why privacy budgets need to increase to respond to the upsurge in regulation.

25 September 2019 - Knowledge

Near monopolies in a fragmented market: ACCC targets ad tech in Digital Platforms Inquiry Report

#Technology, Media & Telecommunications, #Data & Privacy

In its final Digital Platforms Inquiry Report, the ACCC raises significant concerns over a number of competition and privacy issues impacting the ad tech supply chain relating to online advertising.

10 September 2019 - Knowledge

Data breach report shows human error a key risk factor as breach costs predicted to rise to $5 trillion by 2024

#Data & Privacy

The latest quarterly Notifiable Data Breach Report confirms that employees remain the weakest link when it comes to protecting personal information against unauthorised access and disclosure.

19 August 2019 - Knowledge

HealthEngine: The intersection of privacy and consumer protection

#Competition & Consumer Law, #Data & Privacy

The Australian Competition & Consumer Commission has announced that it had commenced legal proceedings in the Federal Court against the online platform, HealthEngine Pty Ltd alleging that a number of its practices constitute misleading and deceptive conduct in breach of the Australian Consumer Law.

13 August 2019 - Knowledge

Privacy by Design, AI and ethics: The big topics for privacy professionals

#Data & Privacy

Showing we have a strong and engaged privacy community in Sydney, we had an excellent discussion at a well-attended event hosted by Holding Redlich yesterday evening. We wrap up the key issues.

02 August 2019 - Knowledge

The Australian Consumer Data Right is go

#Data & Privacy

Legislation creating the highly anticipated Consumer Data Right has been passed by the Australian Federal Government. Formal commencement is expected to begin in February 2020. Read our overview to understand how you are affected.

01 August 2019 - Knowledge

Facebook just fine following eye-watering privacy penalty?

#Data & Privacy, #Technology, Media & Telecommunications

Following a year-long investigation into Facebook’s role in the Cambridge Analytica privacy saga, the US Federal Trade Commission and Facebook have reached a settlement whereby Facebook will be required to pay US $5.1 billion for violating a previous settlement order with the FTC.

23 July 2019 - Knowledge

Equifax fined – isn’t this old news?

#Data & Privacy

This is a new fine and it is not old news and in fact, this article is the sixth article we have written on various implications of the original September 2017 Equifax data breach.

09 July 2019 - Knowledge

Sky high: Record £183m (AUD$329m) GDPR fine on the horizon for British Airways following data breach

#Data & Privacy, #Technology, Media & Telecommunications

If Australian businesses conducting activities in the EU were not already paying attention to the General Data Protection Regulation introduced in Europe last May, they should be now.

01 July 2019 - Knowledge

Now live: New information security requirements and Board responsibility for financial services entities

#Corporate & Commercial Law, #Data & Privacy, #Competition & Consumer Law

Financial services in Australia are now subject to increased cyber-security and information security regulation.