Head office - Melbourne +61 3 8636 9100
Sydney office +61 2 9238 8028

Privacy & Data Protection

The Australian privacy and data protection laws regulate the handling, use, disclosure, storage and security of  an individual’s personal, medical, financial/credit and other sensitive information by Commonwealth, State and local government and its agencies and private sector organisations. Notifiable data breaches have to be reported to the regulator, Office of the Australian Information Commission (“OAIC”). Individuals affected by privacy data breach may seek compensation from the organisation involved in the breach.

In many cases privacy compliance need not be costly or onerous. Stephens Lawyers & Consultants recognises this and is able to offer advice on the most appropriate compliance approach for your organisation.”

Stephens Lawyers & Consultants advises on all aspects of Australian privacy and data protection and cybersecurity laws. Our services include:

  • Internal reviews and/or audits of data collection and flow systems and processes for privacy compliance
  • Privacy compliance assessments of new systems or projects
  • Preparation of privacy and data protection policies and procedures
  • Advice in respect of responding to a notifiable data breach and cybersecurity incident
  • Advice in respect of risk assessment and management of data breaches and cybersecurity incidents
  • Privacy and data protection compliance training and education.

Stephens Lawyer’s dispute resolution and litigation practice extends to claims for compensation involving privacy and data breaches.

Links to Publications

Review of Compensation for Privacy Breaches Determined by the Australian Information and Privacy Commissioner – (for October 2022 to July 2024)

Risk Management: Notifiable Data Breaches, Data Protection and Privacy Compliance – April 2024 Update

The Risk of Data Retention – Why Your Organisation Needs a Data Retention and Destruction Policy – February 2024

Risk Management: Notifiable Data Breaches, Data Protection & Privacy Compliance – Update – November 2023

Risk Management: Data Protection and Privacy Compliance – Update – May 2023

Australian Privacy Law Reforms – How will they impact you? – Update – April 2023

Do companies require a cybersecurity risk management plan, under Australian law? – Update – July 2022

Privacy Protection to be Increased in Australia with Proposed Amendments to Privacy Act 1988 (Cth) – Update – February, 2022 

Privacy Breaches in Victoria – Information Sheet – 2 February 2022

Privacy Breaches in New South Wales – Information Sheet – December 2021

Review of Compensation Awards for Privacy Breaches determined by the Australian Information and Privacy Commissioner – from 2016 to April 2021

Privacy Update – Review of Australian Privacy Commissioner’s Recent Determination in relation to Class Members Affected by Privacy Breach – February 2021

Privacy & Data Protection – Risk Management – Information Sheet 3 – Updated September 2020

Review of Compensation Awards for Privacy Breaches in Determinations made by the Office of the Australian Information Privacy Commissioner (Updated July 2020)

Protecting Confidential Information and Personal Data during COVID-19 (April 2020)

Zoom Video Communications and Data and Privacy Risks (April 2020)

Compensation and Penalties for Privacy Data Breaches under the Privacy Act 1988 (Cth.) – March 2020

Privacy & Data Protection – Risk Management – Information Sheet 3 – Updated 17 March 2020

Private Sector Privacy Information Sheet – Privacy Act 1988 – From 11 March 2014

Privacy & Data Protection – Information Sheet 1 (Sept 2018) – Privacy Act 1988 – Notifiable data breach scheme 

Privacy & Data Protection – Information Sheet 2 (Sept 2018) – EU General Data Protection Regulations (GDPR) and Australian Privacy Laws