Publication
Challenges to the validity of local council levies
The way that local councils issue special levies, and deal with errors made in the passing of those levies, has come under spotlight in the recent High Court of Australia decision.
Author:
Publication | April 2017
A new age for data privacy in Australia will begin on 22 February 2018. Recent legislation regarding mandatory data breach notification has two direct consequences on all Australian organisations with an annual turnover exceeding $3 million:
companies will need to inform all third parties affected by an eligible data breach.
firms may be held liable for breaches occurring across their supply chain.
There are many implications for the main guardians and users of vendor and financial data: operations, finance and IT executives alike will need to keep in mind the possibility of class actions in relation to breaches, a million dollar-plus price tag for non-compliance, and a more stringent vendor selection and management process.
PetScience* is an Australian online retailer with a global supply chain. They are a leader in providing accessories for pets, ranging from food supplements to medical devices and toys, with an annual revenue exceeding $150 million. PetScience manages a broad set of vendors, and operates a rewards program for veterinarians across Australia, connecting referrals to generous discounts and other perks.
But what if one of PetScience's IT vendors suffered a data breach, and the information related to the rewards programme, totalling 20,000 email addresses, names and vet practice information, was stolen?
in 2017 PetScience... | in 2018 PetScience... |
---|---|
May not have had to notify impacted individuals. | Might pay between $350,000 and $1.8 million in fines AND notification costs to all impacted individuals in addition to other breach-related costs (crisis management, breach recovery and reputational damage). |
No notice given, therefore no personal complaints, and no legal action. | Might face a class action suit with a hefty price tag over several years. |
Would not have been held liable for the data breach within its supply chain. | Would be held liable for the breach, and face an enquiry over data privacy compliance across its supply chain. Also the IT vendor would be obliged to notify impacted individuals. |
*this is a hypothetical example.
There are practical steps that a business of any size can take to ensure compliance with the new laws, assess its supply chain, and prepare for the eventuality of a breach.
Our privacy practice has put together affordable and comprehensive compliance packages that can help. Click here to find out more.
Publication
The way that local councils issue special levies, and deal with errors made in the passing of those levies, has come under spotlight in the recent High Court of Australia decision.
Publication
On 22 February 2024, Belgium became the EU frontrunner in the fight against ecocides by being the first EU member state to criminalise ecocide, in the new Belgian Criminal Code.
Publication
The Pensions Regulator’s General Code has arrived and will apply from March 27, 2024. In this briefing, we take a step back from the detail. We set out why the General Code really matters and how pension scheme trustees can best make it work for them.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023