New privacy law book ‘Big Data, Big Responsibilities: Guide to Privacy and Data Security Obligations for Australian Business’ launches

Press release - Knowledge November 2018

Global law firm Norton Rose Fulbright privacy law experts Nick Abrahams and Jim Lennon have today launched a new e-book that offers an essential summary of Australian privacy laws, including recent mandatory data breach notification obligations under privacy laws.

This practical book includes an explanation of the main cyber security and privacy regulations, compliance checklists, and an analysis of the differences between the Australian Privacy Principles and the GDPR (the EU’s General Data Protection Regulation).

It also has a helpful guide to what organisations can do if they are the subject of a ransomware attack. Cyber security is a critical issue as, according to the cyber-security company, Norton, one in four Australian small businesses have fallen victim to cyber crime^. This is increasingly important as Norton have also found that one in ten business operators in Australia have been affected by a ransomware attack.

According to the OAIC*, the health and financial sectors are disproportionately targeted for data breaches. From 1 July to 30 September this year, 45 per cent of data breaches affected financial information, and 35 per cent affected identity information such as passports and driver’s licences.

The proliferation of data breaches around the world in recent years has led many countries to strengthen their mandatory data breach notification laws. Australia updated the Privacy Act 1988 in February 2018, bringing in tough new penalties for relevant organisations and individuals that fail to properly notify users when their personal data has been accessed unlawfully.

The authors of the book are Nick Abrahams, the firm’s global head of the technology and innovation, and Jim Lennon, special counsel in the firm’s technology and privacy law team. Both are based in Sydney.

Nick Abrahams commented:

“In our conversations with clients across the world, it’s clear that data breaches rank very highly on the list of nightmare scenarios for their organisations. The number and severity of breaches keeps increasing every year, and for many it will be a question of when, not if, one will hit them. The most important thing, therefore, is to take adequate steps to protect your business and your data now. Proper preparation and testing of policies and processes is critical.

“As a firm we are seeing increasing requests from clients for privacy and cyber security advice as more organisations take steps to try and mitigate cyber risk. Along with the sort of detailed information we’ve provided in this book, we have also assisted clients with the release of one of the world’s first privacy law chatbot “Parker”, fixed price privacy packages, and an Australian privacy team that this year has added partner Peter Mulligan, special counsel Dalvin Chien and associate Mitchell Kelly.”

Norton Rose Fulbright has provided privacy and data breach advice to clients across a wide range of industries including transport, franchises, banks, IT service providers, healthcare, not-for-profits and government.

Jim Lennon commented:

“Understanding your privacy and cyber security obligations and risks has never been more important. It is essential to building a business that is risk-aware, robust and resilient. After establishing thorough security controls, the number one thing that organisations can do for cyber security is to implement a Data Breach Response Plan. Our new e-book underscores the importance of having a Plan to manage a data breach, and makes it easier to put a Plan in place.”

Copies of ‘Big Data, Big Responsibilities: Guide to Privacy and Data Security Obligations for Australian Business’ can be accessed via Kindle and will be available in hardcopy in December.



^Click here to read the Norton SMB Cyber Security Survey – Australia 2017

*Notifiable Data Breaches Quarterly Statistics Report, 1 July – 30 September 2018, Office of the Australian Information Commissioner.

Testimonials for ‘Big Data, Big Responsibilities’

“This book provides a very useful summary of the privacy and cyber issues that all of us involved in the oversight and management of Australian companies need to consider.”

David Gonski, Chairman, Australia and New Zealand Banking Group


“A helpful resource for anyone wanting to know more about cyber risks for Australian organisations.”

Gordon Cairns, Chairman of Origin Energy & Woolworths Group


“For organisations today, whether large or small, there is no greater threat to corporate governance & reputation than cyber mismanagement. This book outlines some of these looming threats but also provides valuable insights and strategies about how to identify and manage these risks to corporate advantage.”

Julie Inman-Grant, Australian eSafety Commissioner



Global Head of Technology and Innovation; Partner
Special Counsel