Privacy 108 offers a comprehensive suite of privacy legal and consulting services, delivered by our team of privacy and security experts, to help establish or improve your data breach preparedness capability and ensure your team is equipped to respond quickly and effectively to a data breach.
Breaches in security can happen and in our experience it is often the way that a breach is handled that has the most long term impact, rather than the breach itself.
Wherever you are on your data breach path, we can provide the advice, support, implementation, improvement and testing assistance you need.
Our data breach management services include:
Our team of lawyers and security experts can support you through any organisational data breach with a view to resolving it as quickly as possible, while ensuring that any damage or loss to both affected individuals and your organisation is minimised.
From the initial attack through to ongoing communications with stakeholders, our team works closely with you to evaluate and understand the full context of the breach and ensure the most efficient and effective response that mitigates harm.
To help ensure the right people, processes and systems are in place, our team will work with you to develop an information security incident and data breach response plan, tailored for your organisation.
Our approach involves discussions with all stakeholders, review of relevant organisational policies and procedures and familiarising ourselves with existing systems to make sure the information security incident and data breach response we create aligns to your culture and is fit for purpose for your organisation.
We are familiar with and typically incorporate the leading incident response and data breach standards in our plans. This might include:
We are also expert in training and testing (including desktop drilss). We can devise interactive workshops to test your team’s ability to respond to an information security incident or data breach in accordance with the plan.
Testing a plan provides you with the reassurance that your team is able to work together and implement the plan in the case of a data breach. It also will help you identify any issues you might have, before the test is used in a real-world environment.
We advise how you should respond to data breaches including the notification of customers and regulators, and quantification of loss.
Our services in supporting you after a breach include:
Data breach laws are changing: new laws are being introduced and existing laws are being updated.
We will make sure you stay up to date with all your data breach notification obligations.
Our privacy and security team track data privacy and security regulations as they evolve both in Australia and internationally so we can help our clients develop the capabilities required to fulfill the needs of customers throughout APAC and the rest of the world, in accordance with all the latest and most up to date requirements.
A data breach is typically defined as any unauthorised access to or disclosure or loss of personal information. In Australia, ‘eligible data breaches’ are subject to mandatory reporting requirements under the Privacy Act There are also mandatory notification obligations for organisations covered by Australia’s security of critical infrastructure legislation.
Our team can help you determine whether you’ve had an eligible data breach and what your reporting obligations might be.
We are also familiar with and can support you meeting your data breach notification obligations in other jurisdictions – including the UK, the EU, China and the USA.
When deciding what to include in a data breach notice, our team will work with you to assess the following:
Breach notification laws typically specify what information must, or must not, be include in the breach notice. In general, the information to be included in the notice might include:
In addition to understanding your legal obligations, there are other important considerations in putting together your data breach response plan:
Our team can create a comprehensive communication plan that reaches all affected audiences — employees, customers, investors, business partners, and other stakeholders. The plan will make sure that you don’t make misleading statements about the breach. And don’t withhold key details that might help your customers or other affected individual protect themselves and their information. Also, it will help ensure you do not publicly share information that might put consumers at further risk.
We can also help you anticipate questions that people will ask and make sure you have the answers. This enables you to put top-tier questions and clear, plain-language answers on your website where they are easy to find. Good communication up front can limit customers’ concerns and frustration, saving your company time and money later.
Privacy108 is owned and led by one of Australia’s leading security and privacy professionals, Dr Jodie Siganto. The Privacy108 team includes lawyers, consultants and trainers who between them hold many years of experience in delivering privacy and security solutions for Australian organisations.
We have worked as in-house counsel and senior executives, and understand the pressures faced by executives, CISOs, Chief Privacy Officers, procurement teams and in-house lawyers. Our team’s industry experience is complemented by extensive legal knowledge and a desire to assist our clients with high quality practical advice.