Here are some of the matters that our cyber security and data breach team deal with on a regular basis:
Advising on sale of data to third parties, data transfers and retention, breach notification, employee monitoring and surveillance, liability, directors' duties, compliance and data governance;
Pre-Incident Preparation: assistance in reviewing cyber insurance policies, customer and supplier contracts to meet business needs and when addressing data breaches;
Dealing with data subject requests and/or disclosure of personal information required under various regulations and constitutions;
Drafting and assisting the implementation of internal data breach and notification policies and procedures including staff workshops;
Drafting privacy agreements e.g. data processing addendums, data breach response plans, privacy policies;
Drafting, reviewing and negotiating technology and commercial contracts with a focus on privacy and data due diligence;
Advising on privacy, health privacy, cybersecurity and consumer data rights laws across multiple jurisdictions;
Dispute Resolution with respect to cyber breach incidents and loss and/or disclosure of data.
Some key areas:
GDPR
Privacy Act
Legislation around banking and consumer data transfers i.e. Competition and Consumer (Consumer Data Right) Rules
Legislation around retention and management of Health Data and Patient Records
Federal and state legislation around surveillance, interception and access i.e. Telecommunications (Interception and Access) Act
Federal legislation on email marketing and telemarketing i.e. Do Not Call Register Act and Spam Act
Why have lawyers involved?
legal professional privilege extends to all communications and documents relating to the data breach which is useful to investigate the breach in circumstances where internal documents may be used against the company;
coordinating all information relating to data security and to ensure compliance;
Privacy Compliance Audit: ensure compliance with the relevant privacy and data security regulations and legislation across multiple jurisdictions and insurance policy wording.
PRIVACY IMPACT ASSESSMENTS
Privacy Impact Assessments can help an organisation understand how information flows in, through and out of the business, and uncover potential areas of non-compliance.
PRIVACY AND SECURITY POLICIES and documentation
We can assist with the drafting of a full suite of privacy documents, from privacy policies to security policies, data breach response plans and data processing agreements
PRIVACY ADVICE FOR HEALTH SERVICE PROVIDERS
We act for hospitals, health service providers and technology providers to the health sector. We are familiar with the My Health Records Act and other applicable privacy legislation. We can help you achieve compliant privacy documentation and practices throughout your health services organisation.