Data protection and privacy

Data collection, management and use

Our team advises clients on all aspects of the collection, use, management, storage, and disclosure of data and personal information.

We work with our clients to assess their risk profile and to help them develop appropriate policies to manage their data and information. We also assist our clients to develop practical and sustainable privacy and data collection policies, tailored to suit their business. We develop cost-effective processes that comply with internal policies (often across multiple business lines), as well as all applicable legislation.

We advise on laws regulating the collection, management and use of personal information, sensitive information and secret information such as the Commonwealth Privacy Act, State privacy laws, the Do Not Call Register Act, the Spam Act, and secrecy provisions in legislation.

We frequently assist with:
  • the development of privacy and data management policies
  • the development of policies to comply with privacy and usage audits
  • the development of practical document retention policies
  • employment and workplace privacy issues, including advising on permissible monitoring and workplace surveillance
  • employee conduct, communications and social media use, and background checks
  • the development of regulatory compliant social media and email procedures and “bring your own device” policies

Cyber security prevention and responding to cyber incidents

We frequently advise and assist our clients on issues around data protection, including protecting confidential information and trade secrets. This includes working with our clients to identify risks and implement strategies to prevent the unauthorised access, disclosure or loss of data or information.

Sometimes it involves us assisting our clients in responding to actual or suspected unauthorised data access. In managing this, we often work with outside professionals such as public relations consultancies and forensic technology specialists, as well as coordinate with law enforcement authorities where appropriate.

We also assist our clients to prepare business continuity, disaster recovery, and cyber security plans to mitigate the impact of security breaches and to help comply with legislation.

We are experienced in seeking and obtaining urgent court orders in the event of actual or threatened data security incidents.

Our key services offerings include:
  • developing policies to address data security and cyber security incidents
  • developing strategies and responses to actual or suspected unauthorised data access
  • advising on cybercrime laws
  • creating data loss policies to deal with unauthorised third-party access to business or user data
  • developing strategies to mitigate security breaches
  • managing inquiries into data loss incidents
  • seeking and obtaining urgent court orders
  • ongoing litigation related to privacy and information security breaches