Cyber, Privacy and Data Protection

With cybercrime on the rise globally, businesses are increasingly vulnerable to targeted and sophisticated cyberattacks.

These attacks can result in ransomware events and data breaches, which compromise privacy and confidential information, and require a rapid response to minimise legal and reputational damage to an organisation. They can also cause significant business interruption.

With the growing prevalence of cybercrime in Australia and globally, companies and individuals are at risk of a range of legal risks and harms resulting from cyber incidents. 

How we can help

Our team of specialist cyber and privacy lawyers are at the forefront of the rapidly changing legal practice area. We assist clients of all sizes with different types of cyber, privacy and data protection law matters. This includes responding to cyber incidents (and engaging appropriate vendors), advising on the full range of privacy compliance obligations, responding to regulatory investigations, managing cyber insurance claims and assisting with cyber related disputes (direct actions, recovery actions or class actions). 

Our market-leading team has collectively handled over a thousand cyber, privacy and data protection incidents. This includes some of the largest and most complex incidents in Australia and other jurisdictions. 

In addition to cyber incident response work, we provide pre or post incident cyber advisory services to executives, boards, and other key individuals within organisations. Our cyber advisory services include cyber simulations (such as table tops), training and workshops, assessments, reviews and preparation of policies, and building out whole-of-business plans to mitigate cyber risk.

The team includes leading front end privacy and data protection lawyers. We have a wealth of experience advising private and public sector clients on compliance and best practice with the constantly evolving Australian privacy and data protection legal framework. We also collaborate with legal counsel in other jurisdictions to provide assistance to our clients managing the application of international privacy laws, including the General Data Protection Regulation (GDPR).

‘There are few firms at the forefront of the explosion of issues surrounding cyber protection, cyber insurance and changes to the privacy landscape. Hall & Wilcox have been able to provide sound and timely advice consistently, whilst understanding our business needs and proactively sending advice/bulletins to help us keep ahead.’ 

Legal 500 Asia Pacific 2024

Cyber

Our cyber team works with ASX listed entities, corporates, SMEs, insurers and others to provide legal advice in relation to cyber risk. 

We offer a comprehensive cyber incident management solution covering the whole life-cycle of a cyber incident, including:

  • providing a cyber incident response hotline that operates 24/7/365 to ensure we promptly respond when a client requires assistance in relation to a cyber incident;
  • providing legal advice, incident management and guidance regarding privacy, other regulatory obligations and third-party risk; 
  • assisting with notifications to regulators and individuals in accordance with applicable privacy obligations in connection with cyber incidents;
  • vendor co-ordination and management in relation to each aspect of responding to a cyber incident;
  • global coordination of cyber incidents affecting entities operating or providing services in various jurisdictions;
  • handling disputes and regulatory investigations relating to cyber incidents, including class actions, recovery actions or insurance disputes; 
  • cyber insurance coverage advice; and
  • pre or post incident cyber advisory and readiness services. 

We have the expertise to handle all aspects of a cyber security incident or data breach, including in relation to privacy, ASX disclosure, AFSL conditions, APRA requirements, security of critical infrastructure and directors’ duties. We have an established and expert vendor network and are happy to work with our clients’ preferred vendors.

Privacy and data protection

We advise on all privacy and data protection issues, including regulatory and compliance obligations, advice on protections in cloud and outsourcing arrangements, conducting privacy impact assessments, and assisting with complaints for breaches of privacy.

Specifically, we:

  • develop and implement privacy policies, collection and consent notices, data retention policies, and compliance programs, including management and employee training programs;
  • advise on legal compliance obligations under the Privacy Act 1988 (Cth) and applicable State and Territory privacy legislation and health records legislation;
  • advise on specific privacy legislation queries, including matters such as consent, use and disclosure for a ‘secondary purpose’, data retention, cross-border data transfers, and access and correction requests; 
  • advise in response to privacy complaints and regulatory investigations undertaken by various regulators including the OAIC, ACMA and others;
  • draft and advise on privacy and data protection clauses in supplier and other third-party contracts and data transfer deeds;
  • provide legal advice with regard to actual or suspected data breaches involving compromised personal information;
  • prepare submissions and responses to the OAIC and other regulators; and
  • act for organisations in investigations and conferences by the OAIC and other regulators.
Our cyber, privacy and data protection experience
Cyber
Privacy
Key contacts

Hall & Wilcox acknowledges the Traditional Custodians of the land, sea and waters on which we work, live and engage. We pay our respects to Elders past, present and emerging.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of service apply.