Cyber and information security

Cyber and information security is a critical matter that no business can afford to ignore in the ever-evolving risk and regulatory landscape.

The law now expects businesses and boards to ensure that cyber security and data protection is firmly embedded as part of the organisation’s risk management systems and that appropriate and proportionate steps will be taken to assess and mitigate those risks.

Failure to do so exposes you and your business to a myriad of legal, compliance and commercial risks, which can all too often be devastating.

DMAW Lawyers has you covered when it comes to identifying your legal obligations, assessing risk and exposure, and putting in place strategies to manage legal risks and meet regulatory obligations, whether that be:

• digital information security obligations and protections in your supply chain contracts;
• privacy, data breach assessment, incident response and notification laws;
• on-boarding and off-boarding processes; or
• fit for purpose employment contracts and digital security policies.

• On-boarding and off-boarding advice.

• Information security effective employment and consultancy contracts and managing insider threats.
• Development of policies including:
  • cyber and information security;
  • ICT and social media use;
  • privacy.
• Cyber regulation compliance and governance including:
  • privacy and data breach response planning;
  • critical infrastructure and ransomware payment regulation;
  • corporations law and directors’ duties;
  • ASX requirements and reporting;
  • financial services and superannuation regulation.

• Managing supply chain and third party supplier data security risks through contract terms and processes.
• Incident response planning.
• Cyber incident investigations, response, risk mitigation and damage limitation, notifications and recovery.
• Forensic investigation and data recovery.
• Legal action to prevent misuse of information and recover loss.

• Review and advice on a cloud services agreement for an online retailer, including with respect to PCI-DSS compliance, data security, privacy and audit rights.
• Advice to an international clothing retailer on privacy policy, data breach response and collection and use of Covid-19 vaccine status information.
• Advised a national pharmacy group on privacy policy, collection, and use of Covid-19 information and use of anti-fraud surveillance information.
• Advised a national retailer on a ransomware attack and data breach affecting a third party cloud based service provider including loss recovery and termination rights.
• Developed and delivered a data breach response plan for significant vertically integrated property group and advised on response to external data breach investigation and notification obligations.

DMAW Lawyers has partnered with Comunet & Digital Trace Australia to form a comprehensive, industry leading cyber security service group, the Cyber Alliance Group.

Head to the Cyber Alliance Group website to find out more about our full service, cyber security offering and how we can assist your business.

DMAW Lawyers is an active member of the Australian Cyber Collaboration Centre (Aus3C) through which we have had the opportunity to regularly attend, host and participate in events including:

• hosting Aus3C’s Small Business Morning Tea;
• participating as an expert in Aus3C’s Cyber Advisory Panel program;
• presenting to the Industry Leaders Fund Scholars Network with the Cyber Alliance Group on cyber security risks and recommendations; and
• participating with the Cyber Alliance Group in an incident management workshop for the Australian Computer Society.