JUMP TO
Recent significant changes in Australia’s privacy and data protection regime, bring our legislation more in line with international standards. As a result, many Australian agencies and organisations are now subject to new compliance obligations under the notifiable data breaches (NDB) scheme and increased scrutiny.
Navigating these obligations, as well as the additional implications of the upcoming European General Data Protection Regulation (GDPR), is a must for any organisation seeking to manage the ongoing and complex privacy and data security issues faced by businesses today.
You are affected by the NDB Scheme if your organisation
In addition, you are subject to GDPR if your Australian business
Have a detailed privacy framework in place that includes a battle-tested data breach response plan, and ensure this is GDPR compliant where applicable.
You would benefit from an assessment of your current privacy framework if you are unsure of the answers to one or more of the questions below.
Identify the ‘critical data assets’ you keep within your organisation, how they are stored and where they are located.
Ensure these include a complaints handling system and a data breach response plan that involves your C-Suite, IT, human resources, legal and public relations departments.
Staff must receive regular training and updates to ensure they are aware of your organisation’s compliance obligations (including the new, more stringent requirements under GDPR).
For organisations subject to the NDB Scheme:
For organisations subject to GDPR:
For government agencies subject to the AGAP Code:
Front-end advice on enterprise-wide privacy compliance, including: managing sensitive information, marketing campaigns and branding activities, surveillance, handling investigations and complaints, review of privacy and credit reporting policies, collection notices, conducting Privacy Impact Assessments and audits, review of vendor contracts and privacy/data breach response clauses, and assessing application of the GDPR.
Help your organisation develop or update its information management and risk framework to manage, protect and enhance data through its full life cycle, as well as in relation to specific projects and campaigns. Includes due diligence, M&A activities, big data analytics and technological developments, NDAs and breach of confidence, developing cyber resilience and data security health checks.
Work with your organisation to develop a comprehensive data breach response plan (including cyber breaches), help allocate roles and responsibilities, and develop processes and checklists that will help you fulfil your obligations in the event of a data breach.
Help organisations in crisis respond to investigations, regulatory action, and data security breaches in a way that protects your business, minimises serious harm to customers, and mitigates financial and reputational damage. Post breach/investigation training and review to ensure your organisation addresses data security and privacy risks going forward.
Ensure your staff are privacy aware through our e-learning courses focusing on privacy, the NDB scheme, and GDPR. Some courses have been specially tailored to apply to Queensland and Victorian government departments.
As a senior member of MinterEllison’s Media and Communications team and leader of the firm's National Privacy Group, my work covers all aspects of content gathering, creation and publication and big data across traditional and new media, including print, broadcasting and digital.
I specialise in resolving complex intellectual property (IP) disputes, particularly in the media and telecommunications sector. This often brings me in contact with IP and regulatory issues arising out of new media platforms; online copyright piracy; and industry licensing schemes and disputes.
As a specialist in intellectual property, technology, privacy and competition law, I advise clients in sectors as diverse as agriculture, energy, higher education, local government, manufacturing and not-for-profit. This comprehensive expertise enables me to understand the full picture and help clients to achieve their commercial goals.
I have wide-ranging expertise which spans strategic and global outsourcing, procurement and supply, technology contracting, licensing and commercialisation, ecommerce, privacy and content regulation, and intellectual property.
As an information law specialist, I assist government, private sector and not-for-profit clients to manage privacy, secrecy compliance and data access issues, including matters related to freedom of information (FOI).
I am best known for helping clients identify and understand cyber risk and how to imbed cyber resilience planning within their organisations.
© 2019 MinterEllison
