Organisations today are both blessed and cursed with extraordinary amounts of data. The responsibility for information security and data governance starts and ends with the board and senior management. We offer a handbook to help navigate duties and liabilities and a checklist of questions directors should be asking. ...

The final anticipated amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) have been passed in the nick of time, making their way through the Senate in its last sitting before the 2022 Federal Election. These latest amendments introduce new and enhanced obligations for risk management programs and security respectively, and the concept of ‘systems of national significance’. ...

The Department of the Prime Minister and Cabinet is inviting responses to its recently released issues paper (Issues Paper) to inform future digital economy regulation in the areas of automated decision making (ADM) and artificial intelligence (AI). ...

A full bench of the Federal Court has confirmed an earlier ruling that there was a prima facie case Facebook Inc (now Meta Platforms Inc) 'carries on a business' and collects personal information in Australia. With this decision, the Australian Information Commissioner can now proceed with the landmark case against Facebook Inc and Facebook Ireland Ltd in relation to a number of alleged breaches of the Australian Privacy Principles. ...

Cybercrime continued to dominate headlines throughout 2021, with the global cost of cybercrime predicted to reach $10.5 trillion annually by 2025 . As governments continue to navigate how to best deter cyber criminals, organisations must remain vigilant in the face of increasingly sophisticated cybersecurity attacks – arising from within and outside their organisation. We look at the top five cybersecurity trends that defined 2021 and what they mean for Australian businesses in 2022 ...

In this Insight, we look at the changes and comment on what they mean for transactions. The changes to the SOCI Act also have operational implications for many businesses – which we will separately publish on. ...

Determinations issued by the Office of the Australian Information Commissioner (OAIC) following two recent investigations against 7-Eleven and Clearview AI, reinforce a global trend of growing regulatory scrutiny of the use of facial recognition technology by private sector organisations, and follows Facebook's recent decision to shut down its facial recognition system. ...

Data centres, the warehouses underpinning the digital aspects of our working and home lives, have become red hot assets, with investors piling into the sector – and regulators in the West signalling their readiness to closely scrutinise foreign investment (FI). ...

In late October, the Attorney-General's Department released a long-awaited Exposure Draft of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill (Online Privacy Bill) to amend the Privacy Act 1988 (Privacy Act). ...

The Department for Home Affairs has released the Australian Government's Ransomware Action Plan (the Plan). This development forms part of the Government's Cyber Strategy and is the latest in a series of actions taken by the Government to combat the escalating threat of ransomware and extortion. ...