Privacy and Data Protection

MinterEllison's data protection and cyber security team understands that information (including data and commercially confidential and personal information) is a key asset for organisations. We understand the reputational, regulatory and other risks that can arise when information is not managed and protected appropriately or is subject to an attack. We have an established and internationally recognised privacy, data protection and cyber security team, which provides support to clients across all industry and government sectors on local and international privacy, data protection and cyber security risks and issues.

Our international team of more than 20 lawyers is interdisciplinary, and includes technology, media, telecommunications, privacy, intellectual property, insurance and corporate risk, regulatory and litigation experts. We understand the importance of information security. We take a pragmatic, risk management approach to advising clients on protecting and managing their information throughout its lifecycle, balancing a range of business, strategic, operational, customer, legal and reputational issues.

We advise on the full range of privacy, data protection and cyber security issues, from compliance to operational issues to breaches. This includes:

• helping to develop and deliver privacy compliance tools and privacy by design through the conduct of privacy audits and privacy impact assessments and the delivery of privacy training
• reviewing and developing privacy and data security policies and procedures, website terms and conditions, collection statements and tailored consents
• helping organisations respond to and manage privacy complaints, regulatory investigations and their outcomes
• advising in relation to the full range of privacy, data protection and cyber-related legal and commercial issues (including trans-border data flows, the cloud, big data and analytics, surveillance and data sharing)
• advising on the requirements of the new positive credit reporting regime
• helping clients to put in place contractual arrangements to cover their privacy, cyber security and data protection risks and commercial objectives
• advising on marketing and promotional campaigns and strategies (including spam, do not call and other direct marketing regulations and industry standards)
• planning for, responding to, and rebuilding from, a data breach or cyber attack (including developing response protocols; providing emergency advice in the immediate aftermath of a breach event; appointing third party vendors to provide data retention and recovery, forensic accounting and reputational management services; managing breach notices and communications with regulators, affected data subjects and other relevant stakeholders; and implementing procedures to reduce the risk of future breaches)
• handling privacy and breach of confidence litigation, including urgent injunctive proceedings
• advising on cyber insurance issues (including assisting insurers, brokers and insureds with strategic advice across the full spectrum of cyber risk issues; policy drafting advice; coverage issues; and the strategic management of notifications and claims arising from cyber risk losses).