Within days of Optus revealing it had suffered a major cyber incident, two major plaintiff class actions firms announced investigations into potential class action claims. ...

Increased regulatory scrutiny and enforcement action, including in Australia, is also contributing to the steadily rising cost of cyber risk management and cyber incident response. In this first instalment of our Cyber Insurance Handbook Series, we look at the key trends in the cyber insurance market and how your business should respond. ...

Software is increasingly being used as a medical device and in medical devices. It is crucial that businesses understand the regulations that can apply to software-based medical devices, the IP considerations if they wish to protect such devices and the privacy-related risks associated with the collection and use of data from such devices. This Insight explores each of these issues in turn. ...

The recently released consultation paper on Queensland's privacy and right to information framework outlines significant proposed reforms. This Insight explains the key suggested changes and their potential impacts. ...

The Federal Court handed down its judgment in proceedings brought by ASIC against RI Advice on 5 May 20221. It found that, as result of its failure to manage cyber security risks and cyber resilience, RI Advice breached its obligations to do all things necessary to ensure that the financial services covered by the licence were provided efficiently and fairly, and to have adequate risk management systems in place. ...

Organisations today are both blessed and cursed with extraordinary amounts of data. The responsibility for information security and data governance starts and ends with the board and senior management. We offer a handbook to help navigate duties and liabilities and a checklist of questions directors should be asking. ...

The final anticipated amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) have been passed in the nick of time, making their way through the Senate in its last sitting before the 2022 Federal Election. These latest amendments introduce new and enhanced obligations for risk management programs and security respectively, and the concept of ‘systems of national significance’. ...

APRA and AUSTRAC provide risk-management guidance in relation to crypto-assets ...

The Federal Government is seeking feedback on a proposed new licensing regime for crypto asset secondary service providers (CASSPrs) and new requirements regulating custody of crypto assets. The new regime would potentially sit alongside the existing AFS licensing regime, with possible overlap and inconsistency in treatment of service providers. The Government is also seeking early views on how crypto assets should be defined and categorised as part of a 'crypto mapping' exercise. The consultation period runs until 27 May 2022. ...

A full bench of the Federal Court has confirmed an earlier ruling that there was a prima facie case Facebook Inc (now Meta Platforms Inc) 'carries on a business' and collects personal information in Australia. With this decision, the Australian Information Commissioner can now proceed with the landmark case against Facebook Inc and Facebook Ireland Ltd in relation to a number of alleged breaches of the Australian Privacy Principles. ...