Privacy and Data Protection

The collection, storage and use of personal information is generally governed by the Privacy Act 1988.

With increasing scrutiny being placed on organisations that collect and hold personal information arising from a run of recent data breaches (a recent example includes the federal government’s sale of file cabinets containing confidential data), and with the February 2018 introduction of the mandatory reporting of data breaches - clients need to be aware of their obligations with regard to the storing of personal information, and how best to respond to an eligible data breach.

Penalties for non-compliance with the Privacy Act are significant, and range from $360,000 for individuals, to $1.8 million for corporations.  It is therefore extremely important for organisations that do hold personal information as part of the everyday running of their business to be familiar with the new mandatory data breach notification laws, as well as their responsibilities surrounding eligible data breaches.

How can we help?

Coleman Greig’s Privacy and Data Protection team can advise you on your legal obligations under the Privacy Act, including your obligation to report certain types of data breaches to both the Office of the Australian Information Commissioner, and any person who may potentially face harm due to eligible data breaches.

We regularly work with clients on:

  • Reviewing data protection plans and data breach response protocols;
  • Reviewing IT contractor agreements to ensure they contain adequate protection of your data;
  • Developing policies and programs to assist you in complying with the Privacy Act;
  • Providing in-house training on privacy and data breach issues;
  • Advising on related legislation including the Spam Act and the Electronic Transactions Act.

Contact our Commercial Law team for tailored, commercially-focused advice for your business or to make an appointment at one of our offices, please select from the below.

Privacy and Data Protection - Our Clients


  • New Penalties Recommended for Privacy Infringements - 13 Aug 2019
    Hyun Shin
    The ACCC recently released its Digital Platforms Inquiry which, although focused on the impact of digital platforms (Google and Facebook) on competition in the media and advertising markets, also touched upon privacy-related issues. Amongst the recommendations, they included the strengthening of protections in the Privacy Act and the privacy law regime in general.
  • CBD-Style Legal Services Now on the Doorstep for Campbelltown-Macarthur Residents - 23 Jul 2019
    Warrick McLean
    Residents and businesses within the Campbelltown-Macarthur region now have access to a wider range of commercial and personal legal services, expertise and support following Coleman Greig Lawyers' opening of offices in the centrally-located Oran Park Podium.
  • A few months on: What has the Notifiable Data Breach Scheme taught us? - 19 Nov 2018
    James Ferguson
    With the Notifiable Data Breach Scheme having now been in operation for close to 9 months, Coleman Greig has decided to take a detailed look at what the current statistics are saying, as well as what organisations are able to glean from them in order to effectively protect both themselves and their clients from cyber-attacks.
  • GDPR in Australia – is Your Business Compliant? - 7 Jun 2018
    Peter Stewart
    The European Union's ('EU') new General Data Protection Regulation ('GDPR') came into effect on 25 May 2018. Whilst Europe is over 14,000km from Australia's sandy shores, its data protection laws are only a click away.
  • Is Your House in Order? New Data Breach Regime laws take effect on 22 February 2018 - 15 Feb 2018
    Peter Stewart
    Incoming legislation relating to mandatory notification for data breaches comes into effect from 22 February, 2018. Once in effect, the new regime will require agencies and organisations that are subject to the Privacy Act 1988 to notify both the Office of the Australian Information Commissioner (OAIC) and affected individuals in cases where there has been a confirmed ‘eligible data breach’ of personal information.

Privacy and Data Protection - Useful Links