Welcome to the October 2025 edition of CBP Focus, where our lawyers share key insights from across the practice.
In this edition, our feature article “From warning to wallet – first civil penalties for privacy breach” examines how Australian Clinical Labs Limited was ordered to pay $5.8 million in penalties following a major data breach, the first civil penalty under the Privacy Act, highlighting the importance of strong cyber security and timely breach notification.
We trust you will find this edition of CBP Focus informative. As always, please contact our authors with any questions.
Don’t sleep on this: Understanding the new legal framework for infant sleep safety
Mandatory standards for infant sleep products set strict safety, design and information requirements, with substantial penalties for non-compliance. Enforcement begins 19 January 2026.
New look, same backbone - inside the AS 4000:2025 overhaul
They didn’t reinvent the wheel, but they did realign it. AS 4000:2025 keeps the bones of the 1997 standard but brings the language, structure and compliance into the modern age. Here's what to watch for and some tips for maximising the opportunity the refresh presents.
Central Coast Strategic Conservation Plan: A preview of regional coordinated biodiversity assessment
In this article we explore how the draft Central Coast Strategic Conservation Plan (CCSCP) foreshadows the anticipated direction of upcoming reforms to the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act).
What Director Penalty Notices (DPNs) mean for directors. Are you liable?
The Australian Taxation Office (ATO) is increasing its use of DPNs, which can make company directors personally liable for unpaid tax debts, with limited options for relief depending on the type of notice issued.
From warning to wallet - first civil penalties for privacy breach
The Federal Court has imposed the first civil penalty under the Privacy Act 1988 (Cth), ordering Australian Clinical Labs Limited to pay $5.8 million plus $400,000 in costs following a February 2022 data breach. This marks the first civil penalty proceeding brought by the Australian Information Commissioner (Commissioner).
