Cyber and Data Protection

The Cyber and Data Protection team has been established so that Lavan can continue to provide our clients from all industry sectors with the services they need.
Iain Freeman
PUBLICATIONS
THE TEAM
CONTACT

Cyber and Data Protection

Lavan’s Cyber and Data Protection team provides advice on all aspects of cyber and data protection.   We have knowledge and expertise in cyber security and cyber crime, Fintech, distributed ledger technology, or  blockchain, and digital commerce.  Our experience within cyber and data protection includes technology licensing arrangements, Privacy Act, privacy and data breach and cyber insurance.

Cyber will become one of the most important areas of corporate responsibility from both a regulatory and legislative perspective.  It has the potential to influence and overhaul standard business practices to the same extent as the laws and regulations that were introduced around OHS.  Every employee in a company will have a responsibility for and involvement in managing their company’s cyber risk and security.  Directors of companies also need to be aware that they may be personally liable in the event of a cyber attack occurring.

Lavan takes a practical approach to cyber risk.   Lavan goes beyond a legal review.  We work with a cyber security company which will review your company’s operational systems to identify areas of weakness, and with insurance brokers who provide customised cyber insurance policies.  This means that you will have a full understanding of your company’s exposure to cyber risk and a comprehensive plan to mitigate those risks and meet your legal and regulatory obligations.

Lavan is also keeping a close watch on developments in the use of blockchain and distributed ledger technology.  This includes the emergence of ICO’s (initial coin offering) as a new source of funding, and the rise of Fintech organisations and smart contracts using blockchain technology.

Our Experience

Lavan’s work with technology companies includes:

  • Technology Licensing Arrangements.
  • Commercialisation Agreements.
  • Shareholders Agreements.
  • Memorandums of Understanding or Heads of Agreement.
  • App Development Agreements.
  • Drafting website T&Cs and disclaimers.
  • Developing Privacy Policies.
  • Advising companies on their Privacy Act compliance programs which includes advice on prevention of and response to possible data breach.
  • Advising on Fintech consultancy agreements.

Our Services

Cyber, Privacy and Data Protection

Cyber security and data protection is a growing area of liability for organisations.  Lavan has developed a specialised focus in the area. 

All organisations with a turnover (not profit) of three million dollars are subject to the Privacy Act.  The Privacy Act has been revamped quite considerably to bring it into the electronic world.

Organisations are now required to have an understanding of the Privacy Act, to have privacy policies and to have means in place to deal with compliance and issues that might arise under the Act.  Our experience is that many organisations are unaware of their obligations under the Act and are not compliant with it.

The recent amendment to the Privacy Act will become effective on 22 February 2018.  There will be an obligation to disclose significant data breaches both to the individuals who are the subject of the breach and to the Office of the Australian Information Commissioner. 

Organisations are now required to make various changes to their existing Privacy Act regimes, and to put into place response plans for the contingency that there is a breach.  The risk of breach is very real.

Lavan has worked with organisations to advise and develop privacy policies, governance manuals and training for staff.

Cyber Protection

How has your organisation protected itself against a cyber attack? Lavan can assist in:

  • Identification of your organisation’s assets which require protection.
  • Drafting contractual agreements which include provisions for cyber risk.
  • Allocation of the obligations for the protection of data and the distribution of risk.
  • Alignment of contractual arrangements with the law.

What arrangements does your organisation have for the storing of data externally?  Storage on a cloud must be done in a manner which complies with contractual and Privacy Act obligations.  There must be proper agreements in place to protect against liability.

Cyber and Insurance

What insurance regimes does your organisation hold and how do those insurance regimes sit with:

  • Any contractual allocation of risk?
  • The indemnification against any loss which might be incurred?
  • The law?

We often see insurance clauses or risk allocation clauses which:

  • Negate any insurance cover taken out by a client.
  • Transfer risk to a counterparty in circumstances where it is likely the benefit of that risk transference will be illusory because it will strike down the counterparty’s insurance policy.
  • Contain inappropriate dispute resolution clauses which are too complex and expensive.

An understanding of your insurance requirements can both ameliorate the risk of loss and also have beneficial outcomes for obtaining insurance on favourable terms.

Lavan can conduct general contract reviews in relation to cyber requirements.

Cyber and HR

What HR policies does your organisation have in place to mitigate the risk of a cyber attack occurring?  As an example, does your organisation restrict how material can be brought into the network, such as via a USB stick, the use of Dropbox or similar?

Cyber and Intellectual Property

Lavan’s Intellectual Property team has represented some of Western Australia’s largest and most reputable organisations.  We have also acted on some of Western Australia’s most high profile IP matters.

The team advises on issues associated with the use of electronic commerce.  These issues include privacy, use of data, copyright issues regarding websites and use of blockchain technology in commercial contracts.