Privacy and Data

We use innovative solutions to ensure compliance, manage privacy risks and maximise data for a competitive advantage throughout the data life cycle.

How we can help

We understand how important data is to your business and its impact in the current wave of technology innovation. Getting privacy right is non-negotiable.

Our comprehensive guidance on privacy and data regulatory regimes helps simplify an increasingly complex data economy with increasingly stringent laws. This covers data management and governance, privacy by design, privacy impact assessments, and triaging and responding to data and cyber breaches.

We have extensive experience in resolving complex privacy issues, data commercialisation contracts, risk management, cyber resilience, data ethics, AI compliance and resolving sensitive data disputes.

Our clients are data-centric businesses that manage complex, often sensitive, data assets in highly regulated sectors, covering the data life cycle: generation, protection, commercialisation, compliance, valuation and divestment.

For them, it’s our holistic perspective that sets us apart. We bring years of commercial expertise to the table, considering privacy and data compliance within an overall commercial and regulatory framework. By understanding the interplay between confidentiality, privacy, intellectual property, contracts, and regulation we provide comprehensive, pragmatic and proactive advice.

Services

Partnering with you to offer expert guidance on the entire life cycle management of data, so you operate at the cutting edge and stay compliant.

Compliance and regulatory advice

We advise on standalone privacy advice and broader areas of regulatory advice for data and emerging law.

Data breach and incident response

We advise on data breach, incident response and mandatory data breach reporting in all regulatory spheres.

Data commercialisation and governance

We provide transactional support for commercialisation of data and data licensing.

Digital identity

We help clients in both private and public sectors navigate the complexities of verification, authentication and data protection.

Privacy impact assessments

We advise on privacy impact assessments from start to finish for compliance with evolving regulations.

Privacy and Data experience

Various NSW government agencies

On privacy compliance issues for a new service initiative to allow online identity verification for working with children check clearance applications.

A transport sector client

On the privacy and surveillance law impacts of an internally developed analytics monitoring system for insider risk.

Microsoft

On regulatory reforms concerning data protection, security and data management, including security of critical infrastructure, online safety, government surveillance and privacy.

Audi and Volkswagen

On the privacy, surveillance and regulatory compliance aspects of connected cars.

NSW Health, Breast Cancer Institute

On complex regulatory advice on the privacy and data aspects of an AI solution for scanning mammogram images and diagnosis of breast cancer.

A private equity client

On the interaction of the Consumer Data Right regime and Part IIIA of the Privacy Act regarding the potential acquisition of a credit reporting body.

Department of Home Affairs, Comcover

On a large representative complaint under the Privacy Act. This was one of the first representative complaints to be run in Australia under the Act.

Various clients

Across the full range of critical assets in relation to their breach response plans.

A global technology provider

On liaising and managing its response to a request for information from the OAIC regarding a large third-party data breach.

A listed global platform provider

ASX announcements, compliance with contracts, regulatory notifications and managing foreign legal advisors for global compliance following a malicious attack.

An ASX-listed entity

On its data breach response, including disclosure obligations analysis and preparing notifications to those affected and the OAIC.

A healthcare client

On regulatory obligations under the Privacy Act 1988 (Cth) and assisting in responding to OAIC inquiries, as well as customer complaints following a data breach.

A private equity client

On their data commercialisation aspirations regarding the potential acquisition of a credit reporting body.

Westpac

On complex data commercialisation work regarding its DataX business, associated contractual frameworks and data governance models.

Microsoft

On Australia’s critical infrastructure laws. Including statutory interpretation, technical expertise, cybersecurity regulations and  international standards.

A loyalty rewards program

On the data commercialisation and data due diligence aspects of the proposed sale of its equity stake.

Two Australian big four banks

Separately, on data usage and commercialisation projects and options to protect the value-add data generated as part of the clients’ businesses.

Telstra

On its ground-breaking data and AI joint venture with Quantium.

Various NSW Government agencies

On the introduction of new digital identity and document verification services, supporting an NSW Government initiative to develop a trusted digital identity ecosystem.

ConnectID and Australian Payments Plus

On establishing a market-leading national digital identity exchange, forming the national backbone digital ID network across public and private sectors in Australia.

BPAY

On the interaction between the Consumer Data Right regime and potential digital identity systems, including the emerging legislative regime on digital identity.

Various financial institutions

On the new national digital identity scheme and system.

A major professional services firm

On data-related matters, including conducting privacy impact assessments, revising privacy policies and customer consents, and sharing data with international offices.

An Australian company

On the preparation and delivery of a privacy impact assessment concerning the proposed use of travel data as part of the ECTMS project.

A big four bank

On its new data sharing platforms and associated legal frameworks and data / privacy impact assessments.

Various NSW Government agencies

On completing privacy impact assessments for different phases of a new service program.

Australian Payments Plus

On the privacy impact assessment of establishing a national digital identity exchange.

An emergency services sector agency

On the privacy impact assessment of the crucial platform for emergency responses.

Testimonials

Client first thinking

Deep subject matter expertise that is easily translated into our organisational and market risk profile. The team have provided guidance on complex legislation and risk management that has been received well.

The Legal 500 Asia Pacific

Awards

Band 1 in IT & Telecommunications

Chambers Asia-Pacific 2024

Tier 1 in Data Protection

The Legal 500 Asia Pacific

Explore Insights

Related insights

Key Contacts

People who perform

A rigorous process of pushing boundaries and uncovering insights.

Melissa Fai

Partner
Sydney

Simon Burns

Partner
Sydney

Michael Caplan

Partner
Melbourne

Tim Gole

Partner
Sydney

Andrew Hii

Partner
Sydney