Cyber and information security is a critical matter that no business can afford to ignore in an increasingly complex risk and regulatory landscape.

The law now expects businesses and boards to ensure that cyber security and data privacy are embedded within organisational risk management systems with appropriate and proportionate steps will be taken to identify, assess and mitigate cyber risks.

Failure to do so exposes you and your business to a myriad of legal, compliance and commercial risks, which can all too often be devastating.

DMAW Lawyers advises businesses on cyber security compliance, privacy, data protection and risk management, including identifying legal obligations, assessing exposure and implementing practical strategies to manage legal risks and meet regulatory obligations, including:

• digital information security obligations and protections in supply chain contracts;
• privacy, data breach assessment, incident response and notification laws;
• on-boarding and off-boarding processes; or
• fit for purpose employment contracts and digital security and AI policies.

Employment and internal risk management

• On-boarding and off-boarding advice for data security and access control.
• Employment and consultancy contracts addressing information security.
• Managing insider threats.

Cyber security policies and governance

• Development of policies including:
  • cyber and information security;
  • ICT, social media and AI use;
  • privacy.

Regulatory compliance and corporate governance

• Cyber regulation compliance and governance including:
  • privacy and data breach response planning;
  • critical infrastructure and ransomware payment regulation;
  • corporations law and directors’ duties;
  • ASX requirements and reporting;
  • financial services and superannuation regulation.

Supply chain and third party risk

• Managing supply chain and third party supplier data security risks through contract terms and processes.

Incident response and crisis management

• Incident response planning and breach preparation.
• Cyber incident investigations, response, risk mitigation and damage limitation, notifications and recovery.

Investigation and dispute resolution

• Forensic investigation and data recovery.
• Legal action to prevent misuse of information and recover loss.

• Review and advice on a cloud services agreement for an online retailer, including with respect to PCI-DSS compliance, data security, privacy and audit rights.
• Advice to an international clothing retailer on privacy policy, data breach response and collection and use of Covid-19 vaccine status information.
• Advised a national pharmacy group on privacy policy, collection, and use of Covid-19 information and use of anti-fraud surveillance information.
• Advised a national retailer on a ransomware attack and data breach affecting a third party cloud based service provider including loss recovery and termination rights.
• Developed and delivered a data breach response plan for significant vertically integrated property group and advised on response to external data breach investigation and notification obligations.

DMAW Lawyers has partnered with Comunet & Digital Trace Australia to form a comprehensive, industry leading cyber security service group, the Cyber Alliance Group.

Head to the Cyber Alliance Group website to find out more about our full service, cyber security offering and how we can assist your business.