The data protection and cyber security practice at Allens advises on the intersection of legal compliance, commercial focus and ethical grounding for clients from data-intensive businesses to large organisational bodies. Acting as both legal and policy advocates, the team has been working with the Australian Banking Association, advising on its submission to the Government following the Privacy Act Reform Review. Team co-head Valeska Bloch is particularly sought after for her expertise regarding highly regulated sectors, including the energy, resources, healthcare and financial services industries. Gavin Smith‘s data, security and law enforcement experience, combined with his dual qualification in England, bolsters the team’s GDPR experience. Melbourne-based Elyse Adams has notable expertise regarding payment technologies, including blockchain, and David Rountree is experienced across compliance, commercialisation, and cyber incident preparedness and response work.
Data protection in Australia
Allens
Practice head(s):
Gavin Smith; Valeska Bloch
Other key lawyers:
Phil O’Sullivan; David Rountree; Elyse Adams
Testimonials
‘The Allens team are first and foremost practical and provide advice that is easily digestible for complex matters.’
‘Gavin Smith is knowledgeable, diligent and across industry specific issues that impact the tech businesses. Having worked with Gavin on a number of matters, we are always provided with practical and applicable advice.’
‘Industry leading knowledge in cyber security developments.’
Key clients
Coles
Quantium
Commonwealth Bank of Australia
Westpac
News Corporation
IAG
Woodside Petroleum
Australian Banking Association
Work highlights
- Advising Coles in relation to its response to the Latitude Financial Australia cyber incident which was announced to market on 16 March 2023.
- Advised on an AI and data joint venture between Quantium and Telstra.
- Working with a number of Australia’s leading organisations including Commonwealth Bank of Australia (CBA), IAG, Australian Retirement Trust and BHP (among others) on their data protection and cyber security strategies.
Ashurst
Ashurst‘s ‘dynamic’ digital economy team is led by Brisbane-based Amanda Ludlow, an expert regarding data regulation. The team is engaged both in advising clients in regards to privacy reform and the development of digital regulation, and supporting them through cyber incidents and data breaches. Angela Summersby, based in Canberra, specialises in government-related work, with notable experience advising on data migration and program transformation projects. In Melbourne, Emma Butler is recommended for her work assisting with the development and implementation cyber strategies, with specific experience with energy sector clients. Sydney-based Tim Brookes and Geoff McGrath are also recommended.
Practice head(s):
Amanda Ludlow
Other key lawyers:
Emma Butler; Tim Brookes; Angela Summersby; Geoff McGrath; Mitchell Bazzana
Testimonials
‘The team was able to expertly manage every aspect of a highly complex, multifaceted, multinational arrangement. They manage the project from start to finish, including: advice on structuring the transaction, gaps analysis, coordinating financial regulatory advice and commercial inputs, and document negotiation, drafting, and finalisation.’
‘Tim Brookes and Mitchell Bazzana have incredible subject matter expertise, immaculate attention to detail, their ability to turn around extensive amounts of precision drafting and provide commercial solutions to roadblocks is second to none.’
‘Amanda Ludlow – knows the law and the industry knowledge is second to none. Exceptional client service.’
Key clients
7-Eleven Stores Pty Ltd
Aer Riata International
AGL Energy Limited
AIA Company Limited
Allegis Talent Consultancy (Shanghai) Co. Ltd.
Australia and New Zealand Banking Group Limited
Aveo Group
Commonwealth Bank of Australia
Commonwealth Government – Department of Defence
Commonwealth Government – Department of Employment and Workplace Relations
Commonwealth Government – Department of Finance
DataBank Australia Pty Ltd
KVD Singapore Pte Ltd
Meta Platforms, Inc (formerly Facebook)
Monash University
NBN Co Limited
NSW Government
Quantium Group Holdings
Queensland Government
Optus Singtel
SAP Fioneer Australia Pty Ltd
Standards Australia Limited
State of Victoria
Westpac Banking Corporation
Woolworths Group Limited
X15Ventures
Work highlights
- Assisting the Commonwealth Bank of Australia in the preparation of the Cybersource Agreement with Visa, and reviewing the IP, data, security and privacy clauses.
- Assisting Monash University with negotiating a new Digital ID Verification solution agreement with global identity specialist, GBG.
- Provided ongoing support to Quantium in relation to various matters relating to the implementation of its technology and data platforms in multiple jurisdictions, including privacy and data protection advice for projects in Australia, the UK and the US.
Corrs Chambers Westgarth
The team at Corrs Chambers Westgarth is noted for its ‘excellent, deep and holistic subject matter expertise’, acting on a range of data and cyber matters for both public and private sector clients. Team head James North in Sydney has particular expertise advising on the data aspects of cross-border M&A transactions alongside a wider information security practice. Also in Sydney, Eugenia Kolivos ‘is an expert in this field‘, advising on privacy reforms, privacy policies and data protection in addition to cross-jurisdictional data protection and overseas data disclosure. Melbourne-based Philip Catania is praised as an 'absolute expert' and has a strong track record on large data breaches, both domestic and international, and bolsters the team’s international expertise providing advice for clients in regards to GDPR compliance. Arvind Dixit in Melbourne focuses on information technology work.
Practice head(s):
James North
Other key lawyers:
Eugenia Kolivos; Arvind Dixit; Philip Catania; Justin Gay
Testimonials
‘The team are well regarded in the sector and bring to the table diverse experience and well balanced legal advice and guidance. They are open to debate, understanding and challenging client risk and advocating for streamlined solutions.’
‘Excellent, deep and holistic subject matter expertise. The firm has a broad range and level of experience which provides for a sound client outcome. The team are highly intelligent and motivated to provide our organization the best possible advice and guidance.’
‘Eugenia Kolivos is an expert in this field and takes a commercial view to ensure the advice is tailored to our business.’
‘Their strengths lie in their expertise of the law and how the law can be applied in a commercial setting. They are exceptionally responsive, take the time to understand the problem we are solving for and provide tailored commercial advice.’
‘Phil Catania is an absolute expert in privacy, data and cyber who is exceptionally well connected in Australia and overseas. He is very proactive, enthusiastic, knowledgeable and approachable. He goes to great lengths to understand client needs and deliver.’
‘Corrs have their finger on the pulse – with broad and deep legal, regulatory and commercial knowledge, but a good eye to what is likely coming in Australia in the future.’
Key clients
Carsales
Flybuys
Qantas
QIC
NSW Government
Google / Alphabet
Adobe
Square/Block
Commonwealth Bank of Australia (CBA) / X15 Ventures
Australian National Broadband Network (nbn)
Splunk
Okta
Capital One
ANZ
National Australia Bank (NAB)
Westpac
TPG Telecom
FNZ
Work highlights
- Acted for Flybuys in relation to its complex data protection considerations and arrangements with Australia’s two largest grocers, Wesfarmers and Coles, in connection with the inclusion of Bunnings and Officeworks into the Flybuys program.
- Advising QIC on all aspects of its new online shopping and e-commerce marketplace, Shopindee, including in the context of significant data, security, and privacy considerations.
- Advising REA on a range of privacy and data related matters associated with the operation and growth of the REA platform and its core product offerings, including in the context of data enrichment, and advertising.
Gilbert + Tobin
Sheila McGregor heads up the multidisciplinary, cross-practice digital and data team at Gilbert + Tobin from Sydney; the group's ‘deep subject matter expertise‘ covers all stages of the data lifecycle. Cyber resilience is an area of growing emphasis for the team, assisting clients with the implementation of cyber governance regimes and advising on best practice when responding to cyber incidents; Sydney-based Michael Williams has particular strength regarding cyber response strategy. Also in Sydney, Tim Gole advises businesses on privacy obligations with notable expertise regarding the highly regulated financial services and healthcare industries, while Melissa Fai specialises in data and privacy work including issues surrounding the commercialisation of data.
Practice head(s):
Sheila McGregor
Other key lawyers:
Melissa Fai; Tim Gole; Michael Williams
Testimonials
‘Deep subject matter expertise that is easily translated into our organisational and market risk profile. The team have provided guidance on complex legislation and risk management that has been received well and translated into actionable outcomes.’
‘Highly intelligent associates and junior lawyers that are clearly afforded time and guidance from partners.’
‘Melissa Fai demonstrates deep knowledge of relevant issues and potential solutions to those issues. Her advice is always practical and that is critical in this complex area.’
Key clients
Australian Clinical Labs / Medlabs
Australian Payments Plus (AP+) / ConnectID
DataX – Westpac Banking Corporation
Westpac Banking Corporation
Hollard Insurance
The Wine Concierge Service Pty Ltd
Microsoft
Department of Customer Service and Transport for NSW
NSW Health / Cancer Institute of NSW
PricewaterhouseCoopers
Audi
Volkswagen / Cariad
Work highlights
- Advising Australian Payments+ on its combination of three domestic payment providers, BPAY Group, eftpos and NPP Australia, into one integrated entity.
- Advising Australian Clinical Labs on its response to a significant cyber incident, its privacy compliance obligations moving forward, and its continuous disclosure obligations under the ASX Listing Rules.
- Advising Microsoft in respect of a program of advice in relation to an array of regulatory reforms (including cross-jurisdiction) concerning data protection, security and data management, including Australia’s critical infrastructure framework, online safety framework, government surveillance and data privacy, as impacting Microsoft products and services and its enterprise customers.
King & Wood Mallesons
King & Wood Mallesons‘ digital economy and tech law team fields ‘thought leaders with extensive experience’, acting on matters from large public data breaches to risk mitigation. The team works with forensic IT investigators to manage the causes and impacts of cyber incidents for its clients, which include financial institutions, media companies and energy retailers. Cheng Lim and Patrick Gunning co-head the team from Melbourne and Sydney respectively; Lim is recommended for his ability to provide a ‘robust, holistic, commercial view‘, while Gunning is experienced in supporting high-profile clients through regulatory investigations and advising on changes to cybersecurity policy. Melbourne-based Michael Swinson ‘brings a wealth of knowledge and experience’ to mandates including data-heavy transactions and digital platform developments. Kirsten Bowe is a notable team member in Brisbane, specialising in strategic commercial transactions and advisory work involving emerging technologies, and Kendra Fouracre in Melbourne is also recommended.
Practice head(s):
Cheng Lim; Patrick Gunning
Other key lawyers:
Michael Swinson; Kirsten Bowe; Kendra Fouracre
Testimonials
‘The team has experienced and trusted advisers of a high calibre.’
‘Michael Swinson provides timely and practical advice. Truly a trusted adviser who brings a wealth of knowledge and experience to matters and assists in finding practical risk based solutions.’
‘The KWM data, privacy and cyber team are thought leaders with extensive experience, and also deep domestic and international knowledge. They are practical, commercial, reliable and easy to work with. Their passion for the subject always comes through. This is an exceptionally high-quality team at every level – from partner to junior lawyers.’
Key clients
REA
Sportsbet
7 Eleven
National Australia Bank
World Bank
Meta (Facebook)
Commonwealth Bank of Australia
IAG
BHP
RP Data
Transurban
Medibank
Latitude Financial Services
Work highlights
- Advised Latitude Financial Services on one of Australia’s largest and most significant data breaches.
- Advising Medibank on all aspects of its response to a cybercrime incident in which a malicious threat actor stole and released sensitive information on the dark web concerning current and former Medibank customers.
- Provided strategic advice and managed a team to provide a comprehensive cross-regional review of privacy and data protection laws as they may apply to Meta’s products and services.
Baker McKenzie
Lauded for its ‘in-depth knowledge and experience in handling a wide range of matters‘, Baker McKenzie‘s data offering spans crisis management advice, compliance and regulatory work, and data-rich transactional mandates. Anne-Marie Allgrove and Adrian Lawrence lead the team, both in Sydney. Allgrove is recommended for her ‘ability to distil complex matters’ and is a leader in the firm’s global cybersecurity initiative; she has extensive experience regarding consumer data rights. Lawrence specialises in data-heavy commercial matters, and leads the firm’s global digital transformation initiative. In Sydney, Anne Petterd‘s practice focuses on navigating data issues for new product offerings, for clients ranging from start-ups to global companies.
Practice head(s):
Anne-Marie Allgrove; Adrian Lawrence
Other key lawyers:
Anne Petterd; Toby Patten; Caitlin Whale
Testimonials
‘This team is very experienced and knowledgeable on data protection and cyber security matters. They have in-depth knowledge and experience in handling a wide range of matters in this practice area. They also have the advantage of being able to draw on the expertise and resources of their global network of other Baker McKenzie offices, as well as their trusted advisers in the jurisdictions in which they do not have their own offices.’
‘Anne-Marie Allgrove is excellent to work with – she has the ability to distil complex matters into manageable components and to deliver solutions in a clear and concise manner.’
‘Both Anne Petterd and Adrian Lawrence are also both excellent to deal with and provide clear and timely advice.’
Bird & Bird
The privacy and data protection team at Bird & Bird is ‘unique because it has excellent global reach and expertise’: working as part of an integrated global practice, it tracks international precedents to best support clients within Australia’s changing regulatory environment. The ‘very knowledgeable’ Sophie Dawson co-leads the team from Sydney, advising major companies on privacy law reform and providing strategic privacy advice. Also in Sydney, Hamish Fraser co-leads the team with notable experience in providing data breach advice to global platforms and cloud providers. Privacy compliance is an area of strength for Sydney partner Julie Cheeseman, who works with clients from a range of industries encompassing the media, technology, retail and consumer sectors, among others.
Practice head(s):
Sophie Dawson; Hamish Fraser
Other key lawyers:
Julie Cheeseman
Testimonials
‘Sophie Dawson is excellent – completely across a rapidly changing area of law and practice.’
‘Bird & Bird’s practice is unique because it has excellent global reach and expertise, especially in the technology, media and telecommunications space. Their data protection and cyber security practice, in particular, bats very deep.’
‘They have multiple very senior, capable and experienced partners who include privacy and cyber within their expertise, as well as a team of well respected senior and junior lawyers who are all very capable in this space.’
‘Sophie Dawson is very knowledgeable and provides practical advice and insights.’
‘All round in-depth knowledge of data privacy, data protection and cybersecurity laws.’
Key clients
National Roads and Motorists Association
Tencent
TPG Telecom
Work highlights
- Advising several clients with instructions in relation to highly sensitive and time critical matters arising out of three of Australia’s recent large-scale data breaches: Medicare, Optus and Latitude.
- Advising several clients with important privacy compliance work. This work has included advice on the application of Australian privacy and other relevant laws to complex novel technologies.
Clyde & Co LLP
John Moran in Sydney, leads the cyber and digital practice at Clyde & Co LLP, which is praised as a team of ‘experienced lawyers with a deep understanding of privacy issues’. Moran specialises in advising corporates experiencing cyber crises, from cyber readiness advice to incident response planning and recovery work, including regulatory investigations. The team also advises on data frameworks and strategies for new and innovative projects, and has notable strength in multi-party data breaches. Working across Sydney and Auckland, Richard Berkahn advises clients across the APAC region.
Practice head(s):
John Moran
Other key lawyers:
Richard Berkahn; Anthony Cooke; Reece Corbett-Wilkins; Alec Christie; Andrea Mitchell; Iris Rad
Testimonials
‘The team is very easy to work with. They demonstrate genuine interest. They have the technical expertise, but also know how to be practical and pragmatic. Alex Christie and John Moran are stand outs for these reasons.’
‘Clyde & Co have been able to show a leading capability when it comes to Cyber security response planning and preparation. The team has incident response knowledge and has been able to connect us with other experts in this field where required.’
‘Experienced lawyers with a deep understanding of privacy issues, with specialised expertise in privacy meaning they have the unique ability to provide deep, focused and specialised services. This specialisation means they are across all the latest developments and provide high-quality advice.’
Key clients
Australian Catholic University
Adelaide Airport
Binance
Carnival Corporation & plc
Chubb
Decjuba
Department of Home Affairs/National Emergency Management Agency (NEMA)
Downer Group Limited
Dubai Department of Economy and Tourism
EML Payments
I-MED Radiology Network
Liberty Specialty Markets
McAffee
Microsoft Corporation
New Zealand Post
Orrick
QBE
ScotPac Business Finance
UPS
Uniting NSW
Ventia
Virgin Australia
Westpac
Zurich
Work highlights
- Advised Department of Home Affairs on a review of its regulatory and governance options available for ensuring the implementation, maintenance and enforcement of economy-wide baseline cyber security technical requirements.
- Conducted a tailored ransomware simulation for Adelaide Airport Limited in preparation for a potential ransomware attack.
- Advised Westpac Banking Corporation on its global privacy policy uplift program.
DLA Piper
Data sustainability is the focus for the team at DLA Piper, advising clients on strategic planning, reputation management issues and commercial opportunities as they relate to data. Tim Lyons leads the team, advising international clients on Australia privacy law from Melbourne, including those which regard the offshoring of personal information and compliance requirements. Cross-border data transfers are another area of expertise for the team. Also in Melbourne, special counsel Sarah Birkett advises clients from start-ups to international companies on Australian privacy law, including complex data storage and transfer arrangements.
Practice head(s):
Tim Lyons
Other key lawyers:
Claire Kermond; Nicholas Boyle; Sarah Birkett
Testimonials
‘Strong pragmatic advice delivered by Tim Lyons in a positive and calming manner.’
‘Tim Lyons’ extensive practical experience combined with his ability to quickly identify what advice would be most relevant (and how best to deliver it) makes him a trusted and valuable adviser to our business.’
Key clients
Thales Australia Limited
Levi Strauss & Co
Stripe Payments Europe Limited
Standard Chartered Bank
Spring Care, Inc.
Spriggy
Four Seasons Hotels
Australian Financial Complaints Authority
Endeavour Energy
Worley Limited
Victoria Police
ResMed
Blackmores
Work highlights
- Providing advice to Thales Australia in relation to a wide variety of privacy issues including: data protection training; updating internal and external privacy policies; assisting with the collation of data processing records; advising on the legal framework for use of personal information; and advising on GDPR.
- Undertaking a review of Levi Strauss’ privacy and data handling practices, policies and procedures in Australia, Singapore, New Zealand, Thailand, Japan and China as part of wider project to review its privacy arrangements across the globe.
- Advising Stripe on a range of data protection compliance matters, including Stripe’s approach to direct marketing consents across Australia, Singapore, Japan, Malaysia, Hong Kong, New Zealand, Canada, Mexico, Brazil, Switzerland, and UAE.
Maddocks
Maddocks‘ cyber and data resilience team acts for clients ranging from international blue-chip companies to local government departments, providing advice on GDPR compliance, complex data breaches, social media issues and data transfer agreements. The team is co-led by Brendan Tomlinson and Sonia Sharma in Sydney, Katherine Armytage in Canberra, and Robert Gregory in Melbourne. Tomlinson primarily advises on IT transactions, while Sharma specialises in end-to-end data and privacy management issues and privacy governance. Armytage brings information law expertise to data protection issues, including advising on the application of privacy regulation for a number of public sector clients, and Gregory advises international government and corporate clients across the education, energy and financial services sectors.
Practice head(s):
Brendan Tomlinson; Sonia Sharma; Katherine Armytage; Robert Gregory
Other key lawyers:
Patrick Collins; Anthony Willis
Testimonials
‘The team listen to what is required and ensure their delivery meets the needs of their customers. They work diligently and endeavour to meet timelines provided – even if these are very short. The team are approachable and professional.’
‘Patrick Collins and Anthony Willis are determined to meet and exceed the needs of their customers.’
‘The Data Protection and Cyber Security practice took it upon themselves to develop a clear understanding of our business, commercial goals, requirements of our executives and external stakeholders and to explain how their practice can assist our business. The practice always provides up to date, commercially astute legal advice that supports our business needs and allows us to clearly understand risks and how we can either mitigate or manage those risks.’
Key clients
Sony
Diageo
Philips
Sydney Airport
Deutsche Bank
Deloitte
Aristocrat Technologies
Lendlease
Mirvac
Greencross (Petbarn)
ORIX
Melbourne City Mission
South East Water
City of Monash
Department of Health
Digital Transformation Agency
Department of Defence
Swinburne University of Technology
HMD Global (Nokia)
Camp Australia
Department of Health and Ageing
Department of Social Services
Services Australia
Department of Home Affairs
Department of Education
Department of Employment and Workplace Relations
Australian Bureau of Statistics
Office of National Data Commissioner
NSW Department of Customer Service
Cancer Institute
NSW Health
Transport for NSW
Iberdrola Australia Limited
Essential Energy
Federation University
Work highlights
- Advising Aristocrat Technologies on the privacy, data and cyber aspects of the development of a digital wallet functionality for digital payment purposes.
- Advising Deutsche Bank on its data protection, privacy compliance and technology matters for the Australian branch of the global banking institution.
- Advising the Department of Employment and Workplace Relations on privacy advice and conducted PIAs for the Workforce Australia Program.
Hall & Wilcox
Hall & Wilcox
‘s cyber team advises on the whole life cycle of a cyber claim, from triaging incidents to managing forensic investigations and post-incident advisory services. The team is co-led by Eden Winokur and John Gray in Sydney, and Alison Baker in Melbourne. Baker has experience with both GDPR and the Privacy Act 1988 issues; Gray specialises in commercial transactions in the cyber field; and Winokur’s practice spans cyber, privacy, dispute and insurance matters, within Australia and internationally. Clients range from large commercial bodies to healthcare providers; the latter is a specialism of Sydney-based Alison Choy Flannigan.
Practice head(s):
Eden Winokur; Alison Baker; John Gray
Other key lawyers:
Alison Choy Flannigan
Testimonials
‘The team’s expertise was evident from our very first meeting, and the advice they gave us ensured the best possible outcome in a very difficult situation.’
‘The team’s advice always had the best interests of those impacted by the cyber attack at its core, while ensuring the risks to our business were mitigated as much as possible.’
‘There are few firms at the forefront of the explosion of issues surrounding cyber protection, cyber insurance and changes to the privacy landscape. Hall & Wilcox have been able to provide sound and timely advice consistently, whilst understanding our business needs and proactively sending advice/bulletins to help us keep ahead.’
‘Eden Winokur and his team have provided excellent written and verbal advice making a very complicated area of the law easy to navigate with practical commercial steps. Eden’s cyber and insurance expertise combined with specialist privacy associates have been invaluable to our organisation.’
Key clients
NSW Department of Customer Services
Australian New Zealand Gynaecological and Oncology Group (ANZGOG)
Surgery TV
Anywhere Physio
Work highlights
- Acting for the NSW Department of Customer Service on all legal aspects of the NSW Government’s Life Journeys program.
- Advising Australia New Zealand Gynaecological and Oncology Group (ANZGOG) on the legal and regulatory requirements concerning the creation of the largest Biobank in Australia for gynaecological and oncology research, referred to as the TR-ANZGOG project.
- Advised Surgery TV on its video platform, including health regulatory issues, the use, collection and distribution of health information, and obtaining clinical consent by patients.
McCullough Robertson
The McCullough Robertson team ‘thrives because it “gets” tech and telecoms’, offering ‘smart and pragmatic advice’ to its clients, which range from state and local government entities to international corporates. Alex Hutchens and Matthew McMillan co-lead the team from Sydney. Hutchens is ‘responsive, pragmatic, and great to work with’, while McMillan advises on a range of matters involving the protection and commercialisation of data, including the management of cyber risk issues.
Practice head(s):
Alex Hutchens; Matthew McMillan
Testimonials
‘This team thrives because it “gets” tech and telecoms. As genuine players in cyber and privacy, they’ve seen the issues before and, importantly, seen what others do and how others act. This makes for a proactive team offering smart and pragmatic advice – stellar and recommended for anyone asking for Australian counsel.’
‘Alex Hutchens is responsive, pragmatic and great to work with. His understanding of the market and international technology and data use is impressive. ’
‘The team brings a practical and commercial lens to their advice that is tailored to the business needs of the client.’
Key clients
Meandu Australia Pty Ltd (me&u)
Kimberly-Clark Australia Pty Limited
Work highlights
- Advised me&u on a range of data protection, consumer protection and commercial contracting issues across Australia, the UK and the US, as well as regulatory advice on financial services licensing and trade mark registrations.
- Advised Kimberly-Clark on privacy issues, both current and expected changes in privacy law relating to engaging with consumers via marketing and advertising, as well as privacy and data considerations.
Norton Rose Fulbright
Anna Gamvros leads the information governance, privacy and cybersecurity team at Norton Rose Fulbright from Brisbane and is praised as ‘an experienced and seasoned lawyer’. The team advises clients on compliance obligations, data transfers, and response strategies for adverse cyber incidents. Ross Phillipson is commended for his knowledge of global privacy requirements; based in Perth, he specialises in critical infrastructure reforms and operational resilience issues.
Practice head(s):
Anna Gamvros
Other key lawyers:
Ross Phillipson; Rajaee Rouhani
Testimonials
‘Norton Rose Fulbright provide a great mix of professional expertise across legal and technical matters within their practice. They bring together an outstanding team who have the capability to prepare advice, undertake detailed technical audits, risk management, and educate the client on a range of critical functions and industry reforms.’
‘Rajaee Rouhani and Ross Phillipson are approachable, have global experience, are responsive to our needs, provide flexibility to meet our timeframes, and are very engaging personalities who are supportive and understanding.’
‘Deep commercial knowledge from working with a range of different clients. Empathy regarding limited client resources and a can-do attitude to resolving complex commercial and operational challenges.’
Key clients
Vodafone Group
AT&T
Honda
Megaport
NEP
AirTrunk
Department of Environment, Land, Water and Planning
Kacific
TPG Telecom Group
Workday Australia
Datacom
World Wide Fund for Nature (WWF)
Australian Competition and Consumer Commission
Safaricom
Piper Alderman
Tim Clark and Andrea Beatty lead the privacy and data protection team at Piper Alderman
, from Melbourne and Sydney respectively. With expertise in areas including spam legislation as it applies to marketing activities and workplace surveillance, the team represents clients within Australia and internationally, supported by overseas associates. Notably, it has particular experience assisting clients setting up overseas businesses with understanding foreign data laws, including EU GDPR and the UK’s Data Protection Act. Beatty acts for a range of financial services clients and Clark has extensive intellectual property protection experience.
Practice head(s):
Tim Clark; Andrea Beatty
Other key lawyers:
Craig Subocz; Michael Bacina
Testimonials
‘Piper Alderman are responsive, able to shift work across team members based on specific skill sets and areas of expertise, and are willing to understand a company so that they can provide the most appropriate advice.’
‘Tim Clark and his team were very responsive, delivered on time, and also responded to specific feedback and scenarios in order to tailor the advice.’
‘Piper Alderman assisted us greatly with a privacy breach situation, providing timely and clear advice, and guiding us through the necessary response steps – providing a holistic solution.’
‘Collaborative and proactive matter management.’
‘Working with the practice is always easy and engaging. There’s a great team spirit and ‘can do’ attitude.’
Key clients
Caesarstone
Epi-Minder Pty Ltd
Perx Health
TotalCyber
Web3 Security Alliance / A16Z Crypto
Work highlights
- Advised and assisted Web3 Security Alliance/A16Z Crypto on a number of complex legal issues, including financial services regulations, anti-money laundering and sanctions laws, cyber crime and data issues, and the legal status of decentralised autonomous organisations (DAOs).
- Provided advice on the update of Epi-Minder’s privacy policy to reflect its current level of activities, and create a baseline on which the company could build as its activities increased in scale and spread.
- Advised Caesarstone in relation to the Australian law requirements for its Terms of Use document and its Privacy Policy.
Colin Biggers & Paisley
Colin Biggers & Paisley‘s digital governance team is led by Katherine Jones in Sydney, and Morgan Lane in Melbourne, acting across data governance, privacy and risk management, enforcement, and recovery mandates. Jones brings large-scale litigation experience to cyber breach work, while Lane advises on data management and protection issues for a variety of clients ranging from established corporates to start-ups and individuals. The team supports clients to prepare business continuity, disaster recovery and cyber security plans, alongside data collection policies.
Practice head(s):
Katherine Jones; Morgan Lane
Other key lawyers:
Michael Nurse
Key clients
Tokio Marine Kiln Cyber
Young Mens Christian Association of Sydney
Hartmann
The Scots College
Draeger
Arctic Wolf
OMC International
Contact Harald
Work highlights
- Managing the Lawcover Cyber Breach Hotline, advising on over 500 data breaches since inception.
- Advising the YMCA on a payroll data breach impacting over 4000 employees.
- Advising Hartman on the implications of its exposure to a supplier’s data breach.
Dentons
Melbourne-based Robyn Chatwood and Matthew Hennessy co-lead the data protection and cybersecurity offering at Dentons alongside Ben Allen in Sydney. The team offers a range of support from advice on regulatory issues to litigation services, partnering with the firm’s global and regional teams. Chatwood works with clients in the financial services, media and retail industries to mitigate the reputational risk of data breaches, while Hennessy and Allen advise both public and private sector clients on a range of cybersecurity issues, working closely with the white collar and government investigations team, which is also led by Allen.
Practice head(s):
Ben Allen; Robyn Chatwood; Matthew Hennessy
Testimonials
‘Great response time under stressful conditions. Practical advice and great connections with companies that can add value in a data breach situation.’
‘Ben Allen is always cool, calm, and collected under pressure. He sets a strategy and follows through. Very responsive.’
Key clients
Avis Budget Group
Watches of Switzerland
Rapid Response Revival Research Limited
Work highlights
- Advising Avis Budget Group on its global privacy and related cyber-security matters.
- Advised Watches of Switzerland on anti-money laundering laws and implications for privacy/cybersecurity arising from customer relationship management and database management strategies.
KPMG Law in Australia
KPMG Law in Australia‘s cyber, privacy and digital data law team is praised for its ‘wide range of expertise‘, supporting a range of private and public sector clients in developing incident response plans, managing policy reform and ensuring regulatory compliance. Veronica Scott leads the team from Melbourne, bringing experience in privacy, information security, and data ethics to clients across a range of industry sectors including the education, healthcare, mining and technology industries.
Practice head(s):
Veronica Scott
Other key lawyers:
James Arnott; Leah Mooney
Testimonials
‘Great people with a wide range of expertise.’
‘Veronica Scott is excellent.’
‘A ‘whole team’ approach to supporting the assessment of a cyber incident along with relevant legal expertise to advice on both regulatory obligations and other stakeholder responses.’
‘Veronica Scott and the team worked together to provide seamless support – we never felt that their were any gaps in responsibility, who was doing what, when etc.’
Key clients
EnergyAustralia
MMG Limited
Epilepsy Foundation
Adventist HealthCare Ltd
Bega Cheese
Monash University
Medibank Private
Department of Treasury
Global EverGreening Alliance
Telecommunications Industry Ombudsman
Work highlights
- Retained to provide expert legal services to EnergyAustralia across its technology and cyber agenda which impacts on all areas of the business – valued in excess of A$1bn.
- Advised MMG on a multi-jurisdictional Digital Roadmap project which impacted on the entire MMG Ltd business with an operating income of circa A$3bn plus.
- Advised Medibank’s Privacy and Data Protection legal team since 2019, supporting all aspects of the business to embed privacy, cyber and data protection and provided key secondment support to the Privacy and Data Protection Legal team.
Wotton + Kearney
Kieran Doyle heads up the cyber, privacy and data security team at Wotton + Kearney from Sydney; he is ‘a leading cyber coverage lawyer’ who works across multiple jurisdictions on a range of cyber incident response matters. The team has a dedicated cyber incident hotline and particular experience using AI tools to support clients. Alongside incident response work, the team provides privacy advice, including in regards to regulatory investigations.
Practice head(s):
Kieran Doyle
Other key lawyers:
Nicole Gabryk
Testimonials
‘Kieran Doyle is approachable and is seen as a leading cyber coverage lawyer in our market.’
‘Up to speed on legal developments, fast to respond, with bench depth on team that allows them to handle multiple matters at once. These are professionals you want to work with.’
‘The data protection and cyber security team at Wotton+Kearney are leaders in the field. What truly sets them apart is their ability to explain complex concepts to their clients, putting them at ease at what can be an overwhelming time. Coupled with this, the team have excellent technical understanding in addition to their legal expertise.’
‘Kieran Doyle heads the practice, and goes beyond just providing legal advice.’
‘The team at Wotton + Kearney are incredibly supportive during substantial and major incidents.’
‘Lead partner Kieran Doyle is amazing, no answer was unexplained.’