Organisations today are both blessed and cursed with extraordinary amounts of data. The responsibility for information security and data governance starts and ends with the board and senior management. We offer a handbook to help navigate duties and liabilities and a checklist of questions directors should be asking. ...

The final anticipated amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) have been passed in the nick of time, making their way through the Senate in its last sitting before the 2022 Federal Election. These latest amendments introduce new and enhanced obligations for risk management programs and security respectively, and the concept of ‘systems of national significance’. ...

On Tuesday 20 February the Office of the Australian Information Commissioner OAIC published a comprehensive new guide to the Notifiable Data Breaches NDB Scheme The Data breach preparation and response guide consolidates information from the OAICs Data breach notification - A guide to handling ...

The Department of the Prime Minister and Cabinet is inviting responses to its recently released issues paper (Issues Paper) to inform future digital economy regulation in the areas of automated decision making (ADM) and artificial intelligence (AI). ...

A full bench of the Federal Court has confirmed an earlier ruling that there was a prima facie case Facebook Inc (now Meta Platforms Inc) 'carries on a business' and collects personal information in Australia. With this decision, the Australian Information Commissioner can now proceed with the landmark case against Facebook Inc and Facebook Ireland Ltd in relation to a number of alleged breaches of the Australian Privacy Principles. ...

Cybercrime continued to dominate headlines throughout 2021, with the global cost of cybercrime predicted to reach $10.5 trillion annually by 2025 . As governments continue to navigate how to best deter cyber criminals, organisations must remain vigilant in the face of increasingly sophisticated cybersecurity attacks – arising from within and outside their organisation. We look at the top five cybersecurity trends that defined 2021 and what they mean for Australian businesses in 2022 ...

Following a period of industry consultation the Federal Government has introduced updated legislation that will introduce a mandatory data breach notification scheme The new Bill will amend the Privacy Act 1988 Cth when it comes into force and will apply to all Australian companies currently subject ...

In this Insight, we look at the changes and comment on what they mean for transactions. The changes to the SOCI Act also have operational implications for many businesses – which we will separately publish on. ...

Determinations issued by the Office of the Australian Information Commissioner (OAIC) following two recent investigations against 7-Eleven and Clearview AI, reinforce a global trend of growing regulatory scrutiny of the use of facial recognition technology by private sector organisations, and follows Facebook's recent decision to shut down its facial recognition system. ...

Data centres, the warehouses underpinning the digital aspects of our working and home lives, have become red hot assets, with investors piling into the sector – and regulators in the West signalling their readiness to closely scrutinise foreign investment (FI). ...