Lavan’s Cyber and Data Protection team provides advice on all aspects of cyber and data protection. We have knowledge and expertise in cyber security and cyber crime, Fintech, distributed ledger technology, or blockchain, and digital commerce. Our experience within cyber and data protection includes technology licensing arrangements, Privacy Act, privacy and data breach and cyber insurance.
Cyber will become one of the most important areas of corporate responsibility from both a regulatory and legislative perspective. It has the potential to influence and overhaul standard business practices to the same extent as the laws and regulations that were introduced around OHS. Every employee in a company will have a responsibility for and involvement in managing their company’s cyber risk and security. Directors of companies also need to be aware that they may be personally liable in the event of a cyber attack occurring.
Lavan takes a practical approach to cyber risk. Lavan goes beyond a legal review. We work with a cyber security company which will review your company’s operational systems to identify areas of weakness, and with insurance brokers who provide customised cyber insurance policies. This means that you will have a full understanding of your company’s exposure to cyber risk and a comprehensive plan to mitigate those risks and meet your legal and regulatory obligations.
Lavan is also keeping a close watch on developments in the use of blockchain and distributed ledger technology. This includes the emergence of ICO’s (initial coin offering) as a new source of funding, and the rise of Fintech organisations and smart contracts using blockchain technology.
Lavan’s work with technology companies includes:
Cyber security and data protection is a growing area of liability for organisations. Lavan has developed a specialised focus in the area.
All organisations with a turnover (not profit) of three million dollars are subject to the Privacy Act. The Privacy Act has been revamped quite considerably to bring it into the electronic world.
Organisations are now required to have an understanding of the Privacy Act, to have privacy policies and to have means in place to deal with compliance and issues that might arise under the Act. Our experience is that many organisations are unaware of their obligations under the Act and are not compliant with it.
The recent amendment to the Privacy Act will become effective on 22 February 2018. There will be an obligation to disclose significant data breaches both to the individuals who are the subject of the breach and to the Office of the Australian Information Commissioner.
Organisations are now required to make various changes to their existing Privacy Act regimes, and to put into place response plans for the contingency that there is a breach. The risk of breach is very real.
Lavan has worked with organisations to advise and develop privacy policies, governance manuals and training for staff.
How has your organisation protected itself against a cyber attack? Lavan can assist in:
What arrangements does your organisation have for the storing of data externally? Storage on a cloud must be done in a manner which complies with contractual and Privacy Act obligations. There must be proper agreements in place to protect against liability.
What insurance regimes does your organisation hold and how do those insurance regimes sit with:
We often see insurance clauses or risk allocation clauses which:
An understanding of your insurance requirements can both ameliorate the risk of loss and also have beneficial outcomes for obtaining insurance on favourable terms.
Lavan can conduct general contract reviews in relation to cyber requirements.
What HR policies does your organisation have in place to mitigate the risk of a cyber attack occurring? As an example, does your organisation restrict how material can be brought into the network, such as via a USB stick, the use of Dropbox or similar?
Lavan’s Intellectual Property team has represented some of Western Australia’s largest and most reputable organisations. We have also acted on some of Western Australia’s most high profile IP matters.
The team advises on issues associated with the use of electronic commerce. These issues include privacy, use of data, copyright issues regarding websites and use of blockchain technology in commercial contracts.