Privacy, Data Protection and Cyber Security

Need advice?

Australian data protection and privacy laws continue to evolve to meet the increased demand for information security. Legislative measures such as the changes to privacy laws in 2014, including the credit reporting regime, and the forthcoming introduction of the Commonwealth Government’s data breach notification legislation, mean that organisations need to understand what steps need to be taken in order to comply with relevant laws.

Cyber security continues to grow in prominence as one of the key risks faced by Australian businesses, with increasing frequency of incidents occurring and greater regulatory scrutiny of how businesses are responding to the growing threat. A business operating in today’s environment must develop good cyber resilience practices and procedures and understand their regulatory and legal obligations in relation to managing information in the cyber world and responding to cyber incidents.

The question of liability for data loss and privacy breaches can be confusing for some businesses. With cyber insurance products now available in the market, organisations should also consider cover for cyber risks to provide assistance in the event of a breach and payment of losses that may result.

HWL Ebsworth’s Privacy, Data Protection and Cyber Security team provide market leading advice for government agencies, private sector organisations, financial institutions and Australia’s leading credit reporting agencies.


Our team provides advice and services in all aspects of privacy law including handling of personal information, data protection, online security, compliance with the Privacy Act and Australian Privacy Principles as well as providing advice under the Spam Act and Do Not Call Register Act. We also advise clients in relation to requirements under credit reporting codes and other statutory reporting bodies.

We regularly conduct Privacy Impact Assessments for State and Federal Government Departments and are very familiar with the requirements of regulatory bodies responsible for privacy and data protection.

We regularly assist domestic as well as international technology and financial services companies with expert and commercial advice on the management of cross-border initiatives and offshoring.

Practitioners at our firm are members of the Privacy Law Committee of the Business Section of the Law Council of Australia; the Editorial Panel of the LexisNexis Privacy Law Bulletin and the International Association of Privacy Professionals – Australia and New Zealand.


Responding to cyber security requires a multi-disciplinary approach and our full service offering gives clients access to experienced practitioners with a range of expertise relevant to managing cyber security. With offices in all Australian state and territory capital cities, the firm has key contacts in each jurisdiction whom can facilitate access to the expertise needed to manage a cyber resilience program.

We can assist clients with:

  • Corporate Governance;
  • Cyber Security and Cyber Resilience Policies;
  • Responding to Cyber Breach incidents; and
  • Litigation arising from a Cyber incident.


  • State Government Department: Advised on legal remedies in respect of a high level data breach, liaising with the Incident Response Team including forensic experts, the AFP and other agencies;
  • Australian Taxation Office: Conducted a privacy impact assessment for the introduction of Streamlined Individual Income Tax Returns, known as SIITR or myTax, and accessible through myGov;
  • National sporting organisation: Acted on an OAIC own motion investigation into a data breach. The breach was the subject of a television report. We negotiated with the OAIC around penalties and remediation;
  • Major bank: Advised in relation to a privacy breach involving the mailing of a spread sheet of high net worth private clients to those private clients. We advised on the wording for the notification of the incident given by the bank to its clients and provided follow up advice on the bank’s legal position;
  • Credit reporting bureau: Acted in relation to various claims in different jurisdictions by consumers and businesses alleging breach of the Privacy Act and inaccurate data; and
  • Various insurers: Advised in relation to policy wordings for cyber risk insurance products and advised on privacy law reform and other regulatory changes and their effect on risks underwritten.

Contact us