Author:
Publication | April 2017
A new age for data privacy in Australia will begin on 22 February 2018. Recent legislation regarding mandatory data breach notification has two direct consequences on all Australian companies with an annual turnover exceeding $3 million:
There are many implications for the main guardians and users of consumer data: chief marketers, branding and CRM executives alike will need to keep in mind the possibility of class actions in relation to breaches, a million dollar-plus price tag for non-compliance, and a more stringent vendor selection and management process.
FoodiesUnited* is a fast-growing, mid-sized business managing gourmet tasting events across Victoria and New South Wales. It’s an ambitious organisation with annual revenues averaging $30 million. Their relationships are their greatest asset: to foodie customers, to vendors and to social media champions who have fuelled their success.
FoodiesUnited is currently using a cloud-service provider to manage and store its customer information. But what if this third party suffered a data breach, and 20 percent of FoodiesUnited’s customer data was stolen?
| in 2017 FoodiesUnited... | in 2018 FoodiesUnited... |
|---|---|
| May not have had to notify impacted individuals. | Might pay between $350,000 and $1.8 million in fines AND notification costs to all impacted customers in addition to other breach-related costs (crisis management, breach recovery and reputational damage). |
| No notice given, therefore no personal complaints, and no legal action. | Might face a class action suit with a hefty price tag over several years. |
| Would not have been held liable for the data breach within its supply chain. | Would be held liable for the breach, and face an enquiry over data privacy compliance across its supply chain. Also the cloud-service provider would be obliged to notify impacted individuals. |
*this is a hypothetical example.
There are practical steps that a business of any size can take to ensure compliance with the new laws, assess its supply chain, and prepare for the eventuality of a breach.
Our privacy practice has put together affordable and comprehensive compliance packages that can help. Click here to find out more.
Our Asia-Pacific head of technology and innovation, Nick Abrahams, discussed the cost of data breaches in CMO. Click here to read the article.
Publication
On 3 July 2025 the UK Takeover Panel (Panel) published PCP 2025/1: Dual class share structures, IPOs and share buybacks (Consultation) setting out a proposed framework for the application of the UK Takeover Code (Code) to companies with dual class share structures (DCSS companies).
Publication
In Sapura Fabrication Sdn Bhd and others v GAS and anor appeal [2025] SGCA 13, the Singapore Court of Appeal made important findings
Publication
Recent announcements by the Canadian federal government to invest billions of dollars to modernize the Canadian Armed Forces, build a self-sufficient domestic defence and security industrial base, and reduce reliance on the United States for defence capabilities signal Canada’s renewed commitment to national defence and security and a diversification of its strategic alliances.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2025
