Data Governance, Data Services, Privacy & Cyber

Our Data Governance, Data Services, Privacy & Cyber legal team regularly publishes articles and updates – the full list of publications appears below. If you'd like to be notified when we add new Data Governance, Data Services, Privacy & Cyber publications to the site, please go to our subscription page sign up for email alerts or, alternatively, you can subscribe to our RSS feed.

Read about our experience in Data Governance, Data Services, Privacy & Cyber law.

Data Governance, Data Services, Privacy & Cyber Publications

  • Client Update: ACCC releases draft Consumer Data Right Rules for consultation

    15 April 2019

    In preparation for the implementation of the first phase of the Consumer Data Right on 1 July 2019, the ACCC has released draft CDR Rules for consultation. The draft rules detail how the CDR will function across all designated sectors in practice, including how data is to be shared, the criteria for accreditation, dispute resolution requirements and privacy safeguards. They also contain rules that are specific to the banking sector. This article provides an overview of the draft rules, the key changes made since the release of the Rules Framework in October 2018 and the Rules Outline in December 2018 and the key issues left open for further consideration.

    Read More
  • Client Update: Government proposes major changes to privacy law

    9 April 2019

    The Federal Government has proposed radically increased financial penalties and new powers for the Office of the Australian Information Commissioner, in the wake of increased scrutiny of social media platforms and a growing consensus that Australia's privacy legislation has fallen behind global norms. The Technology, Media & Telecommunications team reports.

    Read More
  • Trend Watch: What the top ten 2018 cybersecurity trends mean for your business

    16 January 2019

    Last year was a big year for cybersecurity. Organisations were forced to grapple with an increasingly complex regulatory environment as governments across the globe continued to navigate how to best protect personal information in the face of increasingly sophisticated cybersecurity threats. We look at the top ten cybersecurity trends that defined 2018 and what they mean for Australian businesses in 2019.

    Read More
  • Client Update: Controversial encryption legislation passed

    10 December 2018

    The Government's highly controversial encryption legislation was hastily passed through Parliament last week, making it the first legislation of its kind globally. Partner Valeska Bloch and Paralegal Sophie Peach report.

    Read More
  • Focus: New APRA prudential standard raises bar for information security obligations and incident notification requirements

    15 November 2018

    As companies and regulators across the world grapple with ever-increasing cyber security threats, Australia's financial services regulator, APRA, has released the final form of a new prudential standard. It will require APRA-regulated entities to establish and maintain information security controls to protect customer data, and to notify APRA of information security incidents that have, or may have, a material effect on customers' interests. This will have significant implications both for regulated entities and for their boards of directors. Partners Gavin Smith and Simun Soljo and Lawyer James Higgins report.

    Read More
  • Client Update: Vietnam - draft cybersecurity regulation released

    13 November 2018

    Following the passing of the controversial Cybersecurity Law in June, the Ministry of Public Security recently released for public consultation a draft decree providing detailed guidance on this law. The draft contains a number of important clarifications of the localisation requirements applicable to foreign service providers. Partner Linh Bui and Associate Hien Nguyen report on the key issues that could affect businesses.

    Read More
  • Pulse: Cyber security

    17 October 2018

    In this bulletin, we offer a practical guide for navigating cyber security risks in M&A transactions; examine the obstacles that data breach class actions face in Australia and lessons learned from high profile class actions overseas; explore the prevalence of data breaches in the healthcare sector; track the ongoing effects of Yahoo's 2014 data breach; and consider the debate at home and abroad about whether 'hacking back' against cyber criminals is a viable (and legal) option.

    Read More
  • Update: Consumer Data Right

    12 October 2018

    With the Consumer Data Right going live for the banking sector in July 2019, we take an in-depth look at the main issues and practical considerations arising from the Rules Framework (which contains new information about how the regime will function) and from the revised draft legislation giving effect to the CDR.

    Read More
  • Update: Consumer Data Right

    10 September 2018

    In this publication we untangle the complex web that is the proposed Consumer Data Right framework - reflecting on the drivers that have led to this reform, the regulatory framework, the key players responsible for administering the regime, the consequences of non-compliance and what you need to do to get ready.

    Read More
  • Video Update: UN's Big Data-Open Data consultation process: insights from Professor Joseph Cannataci, UN Special Rapporteur on the Right to Privacy

    27 August 2018

    We recently had the privilege of catching up with Prof. Joseph Cannataci, the UN Special Rapporteur on the Right to Privacy, to discuss the UN's Big Data - Open Data consultation process. Watch the video for his insights on the rapidly changing global privacy landscape.

    Read More
  • Focus: Breaking - Australian Government releases draft decryption legislation

    15 August 2018

    The Australian Government has released draft legislation to provide national security and law enforcement agencies with means to access encrypted communications and devices. The draft legislation aims to respond to the increasingly widespread use of encryption by Australian consumers and the challenges this poses for investigative and counter-terrorism activities. The legislation is subject to public consultation until 10 September 2018.

    Read More
  • Client Update: Vietnam issues a stringent new cybersecurity law

    22 June 2018

    A new law in Vietnam enabling state control of cyber data will have wide-ranging implications for business costs and compliance. The powers it gives to the Government are extensive, and its coverage is unprecedented. Partner Linh Bui and Associates Hien Nguyen and Khanh Nguyen report on the key issues.

    Read More
  • Focus: Federal Government's bold vision for data availability and use

    4 May 2018

    The Federal Government's response to the Productivity Commission's report on data availability and use, released this week, outlines a bold vision but has a surprising lack of detail, suggesting implementation is likely to be some way off. If legislation is introduced, the new regime will result in a fundamental change to the way Australian consumers, businesses and government agencies interact with and think about data. Partner Gavin Smith, Senior Associate Jessica Selby and Lawyer Claudia Hall predict the key impacts.

    Read More
  • Pulse: Cyber security

    3 May 2018

    In this bulletin, we give you the rundown on proposed reforms to encryption laws; offer a practical guide to cyber insurance; look at APRA's proposal for a cross-industry framework for information security; give tips for fostering a culture of cyber awareness; examine the key findings from the OAIC's first quarterly report under the new Notifiable Data Breaches Scheme; and look at the steps that governments at home and abroad are taking to combat the growing risk of cyber attacks on critical infrastructure.

    Read More
  • Focus: Undertaking data analytics without breaking the law

    20 April 2018

    Guidance highlighting the necessity of being transparent when undertaking data analytics on personal information, as well as other matters that organisations should consider so as to better manage compliance risk when undertaking data analytics, has been released. Partner Michael Morris, Lawyer Jaclyn Webb and Lawyer Amy Detheridge report on some of the key messages.

    Read More
  • Video Update: Australia's growing cyber insurance industry: insights from Chris Mackinnon, Lloyd's

    19 April 2018

    Cyber insurance has emerged as a multibillion-dollar global industry, safeguarding businesses against financial losses from the explosion of cyber risk. We caught up with Chris Mackinnon, head of Lloyd's in Australia, to discuss the state of the cyber insurance market in Australia, the challenges of understanding risk exposure, and why responsibility for cyber security should rest with boards.

    Read More
  • Focus: Move to require big banks' participation in comprehensive credit reporting

    23 February 2018

    The Federal Government has introduced draft legislation to establish a long-awaited mandatory comprehensive credit reporting regime for the major banks from 1 July 2018. Partner Gavin Smith, Senior Associate Emily Cravigan and Lawyer Dougald Coulson report.

    Read More
  • Pulse: Cyber security

    21 February 2018

    In this bulletin, we shine a light on the incoming Notifiable Data Breaches Scheme. We assume that with the scheme taking effect this week, you're now across the basics (if not, you can read about them here and here). So, this issue highlights the things you didn't know that you need to know, how to deal with data breaches involving multiple organisations, the key takeaways from the Office of the Australian Information Commissioner's just-published Data breach preparation and response guide and our quick reference guides to preparing a data breach response plan, determining when you've suffered an eligible data breach and how to notify when you have.

    Read More
  • Pulse: Cyber security

    22 January 2018

    In this issue, we shine a light on ransomware - what it is, how it works, how much it costs, the continuing effects of recent attacks, and the key considerations to keep in mind when deciding whether to concede to a ransomware hacker's demands. We also look at how data breaches might trigger a listed company's continuous disclosure obligations, the OAIC's investigation into Precedent Communications, and the Australian Cyber Security Centre's 2017 Threat Report.

    Read More
  • Allens insights: The Privacy, Data Protection and Cybersecurity Law Review - Edition 4

    19 January 2018

    Allens Partner Michael Morris authored the Australia chapter of The Privacy, Data Protection and Cybersecurity Law Review. The year ahead is likely to bring increased attention to connected devices, autonomous vehicles, artificial intelligence, machine learning, big-data analytics and predictive algorithms.

    Read More
  • Pulse: Cyber security

    16 October 2017

    In this issue we look at how to create a cyber resilient supply chain, ASIC's renewed focus on cyber resilience, how the incoming GDPR could affect you, medical device cyber security and patient safety, lessons learnt from Yahoo's data breach disaster and Australia and the EU's new cyber security plans.

    Read More
  • Pulse: Cyber security

    5 September 2017

    In our first issue we look at the outcome of the OAIC's investigation into the Australian Red Cross data breach, lessons learnt from one of the largest cyber attacks in history, directors' liability in relation to cyber resilience, the incoming mandatory data breach notification regime, the NSW Government's recent $11.4 million investment to help tackle critical technology challenges including cyber security, and the Federal Government's new mission to decode cyber vernacular

    Read More
  • Client Update: Finkel Review - Data: Critical data needs in the national electricity market

    5 July 2017

    In the fourth of our series analysing the Finkel Review, we look at Dr Finkel's assessment of the critical data needs in the National Electricity Market (NEM), including a key recommendation that by the end of 2018, the proposed Energy Security Board, in collaboration with the Australian Energy Regulator (AER), should develop a data strategy for the NEM. As new technology continues to develop and consumers are placed at the centre of the NEM, it is not surprising that considerable focus has been given to the collection and increased transparency of data. Partner Michael Park and Associate Jessica McCarthy report.

    Read More
  • Client Update: Ransomware attacks on the rise

    29 June 2017

    With an upward trend in large-scale ransomware attacks and the number of data breaches reported globally, mandatory data breach notification will become law in Australia in February 2018. This will place privacy compliance and cyber security in sharp focus. Partner Michael Park, Lawyer Samantha Naylor Brown and Head Paralegal Hope Williams report on recent global attacks and what they mean for you.

    Read More
  • Focus: Shakeup to EU data protection regulations - impact on Australian businesses

    23 June 2017

    Australian businesses that offer goods and services to individuals within the European Union will be affected by new EU data protection regulations that offer the 'biggest shakeup' to European privacy law for 20 years. Partner Michael Park, Senior Associate Alice Williams and Paralegals Phoebe St John and Natalie Czapski explain the impact and what businesses should do to ensure they comply with the new regulation.

    Read More
  • Focus: OAIC releases guidance on meaning of 'personal information'

    21 June 2017

    Uncertainty as to what information constitutes 'personal information' under the Privacy Act will be clarified following the release of guidance from the Office of the Australian Information Commissioner. The guide provides insight into how a complaint may be determined and offers key questions for entities to consider. Partner Michael Park, Senior Associate Alice Williams, Lawyer Leah Wickman and Paralegal Natalie Czapski report.

    Read More
  • Client Update: Mandatory data breach notification scheme passed

    13 February 2017

    The Federal Parliament has today passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 which will amend the Privacy Act 1988 (Cth) to introduce a mandatory data breach notification scheme.

    Read More
  • Focus: Landmark Productivity Commission report on data availability and use

    24 November 2016

    The Productivity Commission has released a landmark draft report on the ability of individuals, businesses and government to access and use data in Australia. The report criticises Australia's historically conservative approach to data use and proposes a 'fundamental and systematic change' to the way that data is made available and linked. Partner Gavin Smith, Managing Associate Valeska Bloch, Associate Tom Griffin and Lawyer Claudia Hall report.

    Read More
  • Focus: Worth the wait? Release of draft mandatory data breach notification laws

    25 October 2016

    Following a period of industry consultation, the Federal Government has introduced updated legislation that will introduce a mandatory data breach notification scheme. The new Bill will amend the Privacy Act 1988 (Cth) when it comes into force and will apply to all Australian companies currently subject to the Privacy Act. Partner Gavin Smith, Senior Associate Alice Williams, Associate Tom Griffin and Lawyer Leah Wickman report.

    Read More
  • Special Report: Understanding the opportunities and navigating the legal frameworks of distributed ledger technology and blockchain

    17 June 2016

    Authored by a multidisciplinary team from Allens, Blockchain Reaction is designed to assist business stakeholders, decision makers and in-house counsel across a variety of sectors to understand the technology and how it is being used, as well as navigate the regulatory and legal opportunities and challenges.

    Read More
  • Focus: NSW to go it alone on a tort of privacy?

    11 March 2016

    A New South Wales legislative committee has released a report following an inquiry into remedies for serious invasions of privacy in New South Wales. In an unexpected and controversial move, the report recommends that the NSW Government 'take the lead' by introducing a statutory cause of action for serious invasions of privacy. Partner Gavin Smith and Lawyers William Coote and Laura Bereicua look at the controversial report which, if it were to be enacted, will allow individuals to sue companies for invasions of privacy.

    Read More
  • Focus: Clarification on the meaning of 'personal information'

    1 February 2016

    The Administrative Appeals Tribunal has overturned the Grubb determination of the Commonwealth Privacy Commissioner and found that mobile network data from an individual's phone activity does not constitute 'personal information' under the Privacy Act 1988 (Cth). Partners Michael Pattison and Gavin Smith and Associates Priyanka Nair and Tom Kavanagh report on this important decision that provides further guidance on the requirement for personal information to be information 'about an individual'.

    Read More
  • Focus: Release of exposure draft of mandatory data breach notification laws

    8 December 2015

    The Federal Government has taken the first step in fulfilling its promise to introduce a mandatory data breach notification scheme. Under an exposure draft of the proposed legislation companies will be required to notify the Office of the Australian Information Commission and affected individuals of serious data breaches. Companies will need to determine quickly whether a data breach has occurred and the costs associated with complying with this proposed legislation may be significant. Partner Michael Pattison, Senior Associate Alice Williams and Lawyer Leah Wickman report.

    Read More
  • Focus: Government rejigs electronic health records system with opt-out approach

    21 October 2015

    The Federal Government's electronic health records system may have a new lease on life following the introduction of a new Bill that attempts to improve the system's effectiveness with key changes such as the transition to an 'opt-out' approach. Partner Ian McGill, Senior Associate Phil O'Sullivan and Associate Emily Cravigan report.

    Read More
  • Focus: Ashley Madison - litigation risks exposed

    15 September 2015

    The recent hacking of website has exposed the website's parent companies to lawsuits in the US and Canada and has attracted the attention of the Australian Privacy Commissioner. The Ashley Madison hack will undoubtedly fuel the perception that threats to privacy are growing in the digital age. Partner Gavin Smith, Senior Associate Aleisha Brown and Law Graduate Shelley Drenth examine the litigation risks that stem from incidents of cyber-attack or data breach.

    Read More
  • Focus: Privacy Awareness Week Update

    14 May 2015

    To coincide with Privacy Awareness Week, the Office of the Australian Information Commissioner has released a number of business resources, a Privacy Management Framework to assist businesses to comply with their obligations under the Australian Privacy Principles, and the results of its audit of the online privacy policies of 20 Australian and international organisations. The OAIC has also made some announcements regarding its next areas of focus. Partner Gavin Smith, Senior Associate Valeska Bloch and Lawyer Tom Kavanagh report on these updates and how they might affect your business.

    Read More
  • Focus: Your 'Metadata' as Personal Information

    7 May 2015

    In a decision published this week, the Australian Privacy Commissioner has clarified that 'metadata' may be personal information, when an organisation has the capacity and resources to link that information to an individual. Partner Michael Pattison, Associate Priyanka Nair and Law Graduate Leah Wickman report on the Commissioner's determination, which found that Telstra breached the Privacy Act by failing to provide an individual with access to his metadata.

    Read More
  • Focus: Federal Government passes wide-ranging data retention laws

    8 April 2015

    Telecommunications and internet service providers will incur significant new compliance costs under the Federal Government's controversial new data retention laws. Following a wave of criticism of the Government's original proposals, a number of important changes were made to the original Bill during its passage through Parliament, including the introduction of safeguards on access to the retained data by government agencies and concessions made to protect journalists' confidential sources. Partner Gavin Smith, Lawyer Brydon Wang, and Law Graduate Leah Wickman report on what the new regime means for the telecommunications industry.

    Read More
  • Client Update: ASIC highlights importance of cyber resilience

    1 April 2015

    Key cyber risks faced by ASIC's 'regulated population', as well as the legal and compliance obligations to manage those risks, are highlighted in a new ASIC report. ASIC also identifies steps entities can take to address the risks. The report marks a growing focus on cyber security issues by ASIC, which is consistent with an increased focus on this area by regulators globally. Partner Michael Morris and Senior Associate Simun Soljo report.

    Read More
  • Focus: First enforceable undertaking under new privacy laws

    31 March 2015

    Optus has become the first organisation to enter into an enforceable undertaking with the Privacy Commissioner since reforms to the Privacy Act took effect in March 2014. Partner Michael Pattison and Associate Byron Frost examine the circumstances surrounding Optus's voluntary data breach notifications, the terms of the undertaking and its significance.

    Read More
  • Client Update: Data deal - mandatory data breach notification laws to be introduced as trade-off for controversial metadata retention regime

    5 March 2015

    The Federal Government, in a surprising and highly significant move for companies in Australia, has committed to enacting a mandatory data breach notification scheme before the end of 2015, which will apply to all Australian companies currently subject to the Privacy Act. The proposal is not limited to telecommunications service providers and will represent a significant new compliance burden and increase the overall cost to companies of handling data security incidents. Partner Gavin Smith, Senior Associate Valeska Bloch and Lawyer Isabelle Guyot report.

    Read More
  • Focus: Privacy Commissioner reports on Department of Immigration and Border Protection's data breach

    13 November 2014

    The Australian Privacy Commissioner has released a report into the Department of Immigration and Border Protection having breached the privacy of asylum seekers in February 2014. Partner Michael Pattison and Associate Priyanka Nair report on the Commissioner's findings and the lessons for all organisations on taking 'reasonable steps' to protect the personal information which they hold.

    Read More
  • Focus: ALRC Final Report: 'Serious Invasions of Privacy in the Digital Era'

    10 September 2014

    The Australian Law Reform Commission has released its long-anticipated final report on serious invasions of privacy. The report proposes that a new statutory cause of action be implemented in a new stand-alone Commonwealth Act. If adopted, the proposal would have far reaching ramifications for investigative journalism in Australia and could also raise the spectre of class actions being brought against companies that have deliberately or recklessly mishandled their customers' personal information. Partner Gavin Smith, and Lawyers William Coote and Brydon Wang assess the proposal and its consequences.

    Read More
  • Focus: Final piece of privacy reform jigsaw

    28 January 2014

    In important news for any Australian business that provides goods or services to individuals on deferred payment terms, the long-awaited Credit Reporting Privacy Code has been registered. Partner Michael Pattison and Senior Associate Matt Vitins report on the implications of the credit reporting reforms for businesses generally, and give an update on the status of the related Privacy Act reforms that are soon to take effect.

    Read More
  • Focus: Major privacy reforms passed

    30 November 2012

    The Federal Parliament has passed much anticipated reforms that will have a significant impact on the way companies and government agencies collect and deal with various forms of personal information. Partners Michael Pattison and Gavin Smith, Senior Associate Nathan Shepherd and Lawyers Amy Dobbin and Ishwar Singh report.

    Read More
  • Focus: The new cybercrime regime

    27 November 2012

    The Federal Government has introduced amendments to Australia's telecommunications regulatory regime that will facilitate Australia's accession to the Council of Europe Convention on Cybercrime. Partner Ian McGill, Senior Associate Valeska Bloch and Lawyer Matthew Tracey examine the impact of these amendments.

    Read More
  • Focus: Major changes to privacy law endorsed

    3 October 2012

    A Senate Committee has endorsed changes to privacy law that will have significant implications for most companies and federal agencies. Partners Michael Pattison, Gavin Smith, Senior Associate Nathan Shepherd and Lawyer Ishwar Singh report.

    Read More
  • Focus: More nations ease sanctions against Myanmar

    23 August 2012

    We recently reported on the easing of US sanctions against Myanmar. In this follow up article, we report on changes to the Australian, EU and Canadian sanctions against Myanmar. Allens Partner Anthony Patten, Linklaters Partner Satindar Dogra and Allens Law Graduate Laura Bellamy provide a brief overview of the changes to these sanctions regimes.

    Read More
  • Focus: Privacy Commissioner reports on Telstra data breaches

    9 July 2012

    The Australian Privacy Commissioner has released a report into Telstra having breached customer privacy in 2011. Partner Michael Pattison and Lawyer Margaret Walsh report on the Privacy Commissioner's findings, Telstra's response to the data breaches, and what the matter can teach us about taking 'reasonable steps' to comply with the national privacy regime.

    Read More
  • Client Update: Personally Controlled Electronic Health Records Bill passed

    25 June 2012

    After a rocky journey, federal legislation providing a platform for the creation of an online register of electronic health records has been passed. Senior Associate Michael Morris and Lawyer Andy Gian report

    Read More