From 30 May 2025 all businesses that have an annual turnover of $3 million in a financial year, must report a ransomware or cyber extortion within 72 hours of making or having a payment made on its behalf. This is in addition to existing reporting obligations under the Notifiable Data Breach scheme. This article explores these reporting obligations and offers guidance on some strategies to consider for data protection and privacy law compliance.
Read more
Increasingly the ACCC is involved in technology disputes, either taking court enforcement proceedings against digital platforms and technology companies or intervening in private litigation commenced by affected parties. This review of recent technology cases provides useful insights for businesses and consumers into emerging trends and the related risk management.
Read more
Recent case of ASIC v RI Advice Group Pty Ltd serves as a warning that companies which do not have adequate cybersecurity risk management plans, systems and controls in place are at risk of contravention of the Corporations Law and the Privacy Act which can result in substantial pecuniary penalties. Practical steps can be taken by companies and their directors to reduce these risks.
Read more
