Let's Get Started! Fill out your details and let our team assist







    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    We picked the most highly specialised and talented lawyers

    At Chamberlains Law Firm, our cyber, data and privacy lawyers are well-versed in new-age technology and traversing the legal challenges that arise from disruptive technologies in the workplace.

    Angela
    Backhouse

    Director

    Marissa Dimarco

    Director

    Antonia Tahhan

    Senior Associate

    Our process

    01Initial case evaluation

    After an initial briefing of your matter, we will provide you with a preliminary quote.


    02Consultation

    We look into all aspects of your matter and suggest the most viable path for you.


    03Case management

    The Chamberlains team will work tirelessly to reach the best possible outcome for you.


     

    Antonia was incredibly helpful, I am very grateful for her help and for Chamberlains’ efficiency. Thank you so much, cannot recommend you enough for the assistance you’ve provided.

     

    Gregory C.

     

    Call us at 1300 676 823
    Email us at hello@chamberlains.com.au

     

    Contact our offices:

     


     

    FAQ

    01What is cyber security?

    Cyber security refers to the protection of online websites and systems from external cyberattacks, such as those seen in the Optus and Medibank data hacks. It is essential that online websites and systems protect themselves from cyberattacks that target sensitive information and disrupt businesses. As a business, you can protect your online presence through tangible methods like anti-virus software, as well as intangible means including privacy policies, website terms of use and employee training.

    Cyber generally refers to the cyberspace which is a term that encompasses the entirety of the digital world, including digital technology and software such as computers, websites and the “Internet of Things”. Meanwhile, data is the information that may be obtained within this cyberspace, including personal and sensitive information. It is this personal data that is protected by the current Australian Privacy regime. The right to privacy is particularly enforced in Australian law, with the OAIC considering privacy to be a “fundamental human right”, referring to the right that all humans have to control who can see or use their information and data.

    Yes! There are two types of privacy policies that your business needs for both internal and external use.

    Any website operating on an Australian domain requires an online privacy policy in accordance with the Privacy Act 1988 (Cth). This policy should outline how a web-users information may be collected, stored, used, disclosed and deleted. Depending on the type of data collected (e.g. banking details via online check-outs), the method of collection and industry-specific requirements, such as AHPRA privacy collection regulations.

    In the event that your business employs staff or engages contractors, you must have an internal privacy policy that addresses how employee information is collected, stored, used and disclosed. This obligation is mirrored in the Fair Work Act 2009 (Cth) with respect to ensuring that employee personnel records are up-to-date and securely stored for a certain period of time.

    Cyber, data and privacy law are complex and dynamic practice areas. We can assist you with curating an online presence that reflects your creative and authentic brand without exposing your business to risk of liability arising from invasion of privacy, data breaches and intellectual property infringements.

    Yes, in Australia there are a number of legal documents that you will need to create and embed within your website. Whilst these requirements vary from website to website, they include documents like a privacy policy, terms and conditions, email disclaimers and cookie policies.

    Your website may also be subject to industry-specific security obligations that imposes an additional source of regulations requiring compliance. For example, Optus were subject to a variety of legislation that extended beyond the purview of the Privacy Act, including the Security of Critical Infrastructure Act 2018 (Cth) to implement cyber-security infrastructure that protects sensitive data, as well as the Telecommunications Sector Security Reforms.

    Yes! Your website terms and conditions should not be a copy and paste exercise. Terms and conditions of a website act as an electronic contract that legally binds the users of a website to the provisions that govern the use and access of that website.

    Your brand, ethos, product and service offering is vastly different from the website that may be inclined to “copy”. Introducing bespoke website terms and conditions that are tailored directly to your business and website will ensure that the provisions reflect your business model in a legally compliant manner, whilst minimising risk of exposure to claims.

    Yes, it is legal to monitor your employee’s computer usage and performance on computer issued devices. However, it is essential that the employee is acknowledges and actively consents to the company’s surveillance procedures.

    Chamberlains Law Firm can prepare bespoke “Computer Usage” policies to ensure that businesses can monitor an employee’s browser history, online activity, download patterns and performance to manage their productivity in the workplace.

    The Australian Privacy Principles continue to operate internally. Therefore, it is important that a business has a “Computer Usage” and “Privacy Policy” to ensure that employees can be performance and/or disciplinary managed in accordance with those policies, and that the employer is aware of the parameters to collecting, using and disclosing that data during their employment tenure.

    The Privacy Act 1988 (Cth) treats public and private employees differently. Public sector employees are able to access their employee record and any personal information kept about them at any time.

    However, employees in the private sector do not have a specific right to access their employee record, as the handling of employee records in the private sector is exempt from the Privacy Act 1988 (Cth). The legislative requirements of the Privacy Act 1988 (Cth) will only become binding if an employer is not using the information in the employee record for the employment relationship, such as sharing documents online.

    Personal information is any piece of data or information that may be used to identify a person including a name, IP address, phone number or date of birth. In isolation, these details may not disclose the identity of an individual. However, a collection of personal information may personally identify an individual.

    Meanwhile, sensitive data is a ‘step further’ than personal data which requires more sophisticated protection. Sensitive data includes a person’s beliefs, health records, financial information, or classified records such as criminal history. Sensitive information generally includes biometric and personally identifiable data.

    Often, businesses with websites that allows users to ‘check-out’ to purchase goods collect sensitive financial information and transmit that information to third party financial institutions. In the event that your business collects bank details to facilitate transactions, it is crucial that you indemnify your business from any loss or claims that may arise in the event that any third party that receives that information (i.e. financial institution) discloses that data. Your website terms of use and contract for services should address this.

    A data breach is when personal or sensitive information is accessed and disclosed to another party without the authorisation of a party involved. This could occur on a large scale, such as the Optus and Medibank data hacks, or a much smaller scale, such as a stolen or lost USB, or an email sent to the wrong person.

    The OAIC is the Federal Government’s independent national independent regulator for privacy and freedom of information. Therefore, they are the governing body that handle any privacy complaints and data breaches. The OAIC has the authority to order compensation for financial or non-financial loss in order to remedy any breaches of the Privacy Act 1988 (Cth).

    Should you receive a complaint from OAIC, you should consult our team. We have the knowledge and resources to handle complaints in this jurisdiction and defend complaints to avoid the imposition of severe financial penalties or further judicial action. Here at Chamberlains Law Firm, you can book in for a free 15-minute consultation with one of our highly skilled lawyers and they will be able to guide you through the next steps of your complaint.

    Amidst the changes to Australian privacy laws following the Optus and Medibank data breaches, the powers of the OAIC have increased, including gaining the ability to request all information about a data breach and impose regulatory action (including financial penalties) depending on its findings.

    You sure can, and it will not be cheap! Following the Optus and Medibank data breaches, the Australian Federal Parliament introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. This increased the maximum penalty to whichever is the greater of:

    • $50 million;
    • three times the value of any benefit obtained through the misuse of information; or
    • 30 per cent of a company’s adjusted turnover in the relevant period

    Therefore, it is essential to seek legal advice and ensure that your website and cyber activities are compliant with Australian legislation to avoid these substantial fines.

    Workplace Health and Safety laws, regulations and codes of practice were modelled by SafeWork Australia in 2011 for other states and territories to adopt. The underlying principle of the model WHS Act is that, so far as is reasonably practicable, duty holders provide workers with the highest level of health and safety.

    This means that a person conducting and undertaking a business, as the duty holder, is required to do whatever is reasonably able to be done at the time to ensure the health and safety of their workers. Employers have notification requirements for notifiable incidents. Notifiable incidents are ones that involve death, serious injury or serious illness to a worker or a dangerous incident that exposes workers to a serious risk.

    Under WHS Laws, a person conducting or undertaking a business must report a notifiable incident to WorkSafe by the fastest possible means and keep a record of all notifiable incidents for at least five years. Failure to notify SafeWork of the occurrence of a notifiable incident, keep a record of a notifiable incident or preserve an incident site until an inspector arrives carries large penalties.

    Businesses also have to have workers compensation from an insurer to ensure that compensation can be paid to an employee injured at work. If an employee is injured at work, the employer needs to notify the insurance company and complete all relevant documentation.

    Recent Articles

    8.01.2014

    The presumed compliance through the transition period will end on 30 January 2014. What is the PPSA and why should I know about it? The PPSA has been working....

    Read more
    15.01.2014

    Money or the lack thereof is often a reason start-ups will take shortcuts when it comes to their legal affairs. Start-Ups put their businesses at risk by trying....

    Read more

    Need legal support?

    Call or email us now