41-50 of 145 results
Privacy Act changes raise the bar
A number of high profile data breaches and cyber attacks have occurred over the last month. The Government's immediate response is increase the penalties associated with serious breaches of the Privacy Act and provide the OAIC with enhanced enforcement and information gathering and sharing powers. ...
Continuous disclosure obligations in the evolving age of cyberattacks
This Insight examines the growing need for boards and senior management to consider disclosure obligations in the event of an actual or suspected cyber incident—regardless of their significance—as well as the need to apply an ESG lens to cyber resilience. ...
Get your data retention and destruction program up and running
This Insight outlines the regulatory, operational and technical complexities at issue, and summarises the six steps you can take now to accelerate (or initiate) a data retention and destruction program. ...
A step into the breach – will the Optus incident give rise to more data breach class actions?
Within days of Optus revealing it had suffered a major cyber incident, two major plaintiff class actions firms announced investigations into potential class action claims. ...
Backing up the backups: cyber insurance in a hardening market
Increased regulatory scrutiny and enforcement action, including in Australia, is also contributing to the steadily rising cost of cyber risk management and cyber incident response. In this first instalment of our Cyber Insurance Handbook Series, we look at the key trends in the cyber insurance market and how your business should respond. ...
Software-based medical devices: key regulatory requirements, IP considerations and data privacy implications
Software is increasingly being used as a medical device and in medical devices. It is crucial that businesses understand the regulations that can apply to software-based medical devices, the IP considerations if they wish to protect such devices and the privacy-related risks associated with the collection and use of data from such devices. This Insight explores each of these issues in turn. ...
Consultation sought on Queensland's privacy and right to information reforms
The recently released consultation paper on Queensland's privacy and right to information framework outlines significant proposed reforms. This Insight explains the key suggested changes and their potential impacts. ...
Federal Court finds cyber risk management is a critical obligation for financial services firms
The Federal Court handed down its judgment in proceedings brought by ASIC against RI Advice on 5 May 20221. It found that, as result of its failure to manage cyber security risks and cyber resilience, RI Advice breached its obligations to do all things necessary to ensure that the financial services covered by the licence were provided efficiently and fairly, and to have adequate risk management systems in place. ...
Everything you need to know about cyber risks, resilience and responsibilities
Organisations today are both blessed and cursed with extraordinary amounts of data. The responsibility for information security and data governance starts and ends with the board and senior management. We offer a handbook to help navigate duties and liabilities and a checklist of questions directors should be asking. ...
Just in time: the full spectrum of amendments to the Security of Critical Infrastructure regime now passed
The final anticipated amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) have been passed in the nick of time, making their way through the Senate in its last sitting before the 2022 Federal Election. These latest amendments introduce new and enhanced obligations for risk management programs and security respectively, and the concept of ‘systems of national significance’. ...