Cyber Security, Privacy and Data

Expert guidance for managing cyber security, privacy and data challenges

Managing enterprise and reputational risk in relation to personal information, digital assets, and corporate data is an increasingly complex challenge, requiring expert legal guidance. With the rise of artificial intelligence (AI), constant technological advances, growing global digitisation and interconnectedness, increasing cyber threats and regulatory complexity, having experienced counsel to guide your business through the privacy, data and cyber security landscapes is more important than ever.

Providing solutions across the full lifecycle of cyber security and data challenges

Our data protection and cyber security team includes specialists across our IT and privacy, corporate crime and investigations, employment, insurance and risk, litigation and dispute resolution, intellectual property, and corporate practices. We work closely with clients in all sectors, with expertise and experience across the full spectrum of cyber security, privacy, and data risk management, including:

transactional – structuring, drafting, and negotiating data-centric transactions including those involving AI-driven technologies;
policy – preparing and implementing internal policy documents and data management frameworks, including staff training on cyber security and AI usage;
risk and governance – planning and prevention, including preparing risk analysis frameworks and advising on directors’ duties and corporate governance obligations;
strategy and advisory – advising on the use of AI, data protection and regulatory compliance to extract maximum commercial value while balancing compliance and regulatory risks, including under State, Territory, and Commonwealth privacy legislation and Australian Consumer Law; and
national security – advising on application of Security of Critical Infrastructure Act 2018 (Cth) (SOCI), including registration, notification, and cooperation obligations, and the Cyber Security Act 2024 (Cth).

Mitigating cyber security risks, breaches and ensuring rapid incident response

When it comes to cyber security, we provide end-to-end support, from commercial strategy, risk planning and governance to incident response. Whether managing cyber threats or responding to breaches, we offer strategic guidance on assessing, reporting, and engaging forensic experts. Our team also advises on cyber risk insurance and the placement of coverage to help mitigate financial risks. In addition, we offer strategic litigation advice, defending claims involving cyber, data, and AI-related disputes.

Navigating international privacy obligations and AI regulations

We regularly advise overseas entities in relation to their Australian privacy and data management obligations and assist to implement practical measures to ensure compliance. Cross-border data transfer presents unique challenges, as businesses must navigate differing regulatory frameworks while safeguarding sensitive information. Our team is skilled in addressing these complexities, offering solutions that maintain data security and align with jurisdictional requirements. With extensive experience in ‘translating’ between Australian and international privacy regimes, we can you to achieve compliance across multiple jurisdictions, including those impacted by AI regulations.

Whether developing data transfer frameworks, implementing data localisation strategies, or navigating the complexities of emerging international laws, we provide pragmatic advice to support your global operations.

For genuine experts who always deliver trusted commercial advice backed by experience, contact Alex Hutchens.

Global data breaches

Acting as Australian Counsel on various global data breaches, including widely-publicised personal information security incidents and corporate extortion campaigns. Advising on Australian requirements and cross-jurisdictional strategy, our Digital and IP team provided tailored solutions to navigate complex legal frameworks across multiple jurisdictions, ensuring compliance and minimising risk for our clients.

Data protection and privacy

Regularly advising multinational conglomerates on Australian aspects of global data processing agreements. Recent examples include work for a global pharmaceutical provider on the implementation of its global Group Company Agreements for processing of data worldwide in compliance with EU requirements and advising a global consumer goods brand on its connected devices project.

Cyber attack response

Acting for a community based, not-for-profit organisation who was the victim of a cyber attack resulting in the denotation of BlackCat ransomware. Our Digital and IP, and Litigation teams assisted in in assessing, responding to, and managing the data breach from a legal perspective, including advising the client’s obligations under the Privacy Act 1988 (Cth), as well as crafting the relevant notifications to the Australian regulator and the individuals impacted from the breach.

National & international clients

Advising various national and international clients on business-as-usual privacy compliance, including data subject access requests, security obligations, and usage limitations. Our extensive experience in handling cross-jurisdictional matters allows us to seamlessly navigate the complexities of differing regulatory landscapes, ensuring that our clients remain compliant with both domestic and international privacy laws.

Cryptocurrency disputes

Acting for a cryptocurrency exchange platform in a number of cryptocurrency disputes arising from the alleged theft/loss of digital assets and fiat funds from customer accounts and cryptocurrency wallets by third party scammers. This has involved detailed investigation of fraudulent transactions, tracing of cryptocurrency assets, and recommended strategies for resolution of disputes.

Big 4 Bank

Advising a Big 4 Bank in building methodologies and risk frameworks and undertaking privacy and security impact assessments on all its “big data” projects.