Privacy

On 16 November 2022, the NSW Parliament passed amendments to the Privacy and Personal Information Protection Act 1998 (PIPA). The amendments to the PPIP Act aim to strengthen privacy legislation in NSW by:

• creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will require public sector agencies bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm; and
• applying the PPIP Act to all NSW state-owned corporations that are not regulated by the Commonwealth Privacy Act 1988 

The MNDB Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.  Read the media release and statement here from NSW Privacy Commissioner, Samantha Gavel on guidance and resources to prepare for the new Scheme to ensure the required systems, processes and capability is in place.

The amendments to the PPIP Act can be accessed on the NSW Parliament website here.

The Asian Business Law Institute and Future of Privacy Forum has published a report providing a detailed comparison of the requirements for processing personal data in 14 jurisdictions in APAC including Australia, China, India, Indonesia, Hong Kong SAR, Japan, Macau SAR, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, and Vietnam.

Individual reports for these 14 jurisdictions can be accessed here: ABLI-FPF Convergence Series – Balancing Organizational Accountability and Privacy Self-management in Asia-Pacific.

On 28 September, 365 legal professionals from across Aotearoa and abroad gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar.

LawFest is the only opportunity in New Zealand for the legal and technology community to come together to network, collaborate and learn about how to innovate and adapt to change – and to do so in-person ! After the disruption we have collectively faced over the past couple of years, there was even greater appreciation of the value of face-to-face connection!

The event was once again a must for anyone interested in driving efficiency in their organisation.

The key highlights

The one-day event was a great opportunity to hear from leaders and change makers in the innovation space. The programme provided something for everyone, from those new to technology, to those currently at the forefront of legal innovation.

Over 25 amazing speakers, delivered practical insights of how to innovate and leverage technology to help you deliver legal services for today and the future. From Developing an Innovative Mindset, Client Centred Innovation, NewLaw, Digital Transformation, Wellbeing, Māori Transformational Leadership, Privacy, Trust & Technology, AI, eDiscovery, Responding to Data Breaches, Attracting new Clients through to Legal Design, LawFest had something for everyone.

Frances Valintine CNZM, founder at Tech Futures Lab was the opening keynote as she inspired and challenged thinking with her expertise in creating a mindset that is adaptable and embraces change. Frances delivered practical tips to help you with your innovation initiatives and prepare you for now and the future. She reinforced the importance to be inspired and empowered to take risks, step off the conveyor belt, think originally, and lead with possibility – to create greater value for your clients.

The day was wrapped up by a fantastic final keynote by Mark A. Cohen – one of the world’s leading legal industry thought leaders. Mark examined the key elements of New Law and how legal professionals can prepare for it and be ready to embrace it, whilst challenging the thinking of all in attendance.

PwC NewLaw Directors, Marlo Osborne-Smith and Eric Chin provided powerful frameworks, strategies and solutions to help shape and accelerate the digital transformation journey of legal teams.

InfoGovANZ founder & Executive Director Susan Bennett, moderated a session on Privacy, Trust & Technology: Innovation with Accountability, joined by Sarah Auva’a, Lead Digital Trust Partner, Spark and Emma Maconick, Head of Data and Technology, EY Law. This wide-ranging discussion answered critical questions including what is privacy-by-design and security-by-design, why trust and ethics matter, how good governance can help mitigate risk and how to make the business case for investment in privacy and governance projects – as well as the highly topical Optus data breach.

One of the fantastic additions this year was the highly popular breakout streams for those from law firms, in-house and exciting Tech Talks. Sara Rayment of Inkling Legal, led fantastic legal design sessions to both the law firm and in-house streams, providing ideas they could take back and implement.

Bringing everything together superbly was the MC, Helen Mackay of Juno Legal.

LawFest is the only event in New Zealand providing the opportunity to meet and see leading legal technology in the large exhibition hall, together with live legal tech demonstrations. This year LawFest featured the largest Expo of tech providers ever assembled at a New Zealand legal event. From start-ups, through to global household names – if you provide legal tech in New Zealand (or simply want to start) you were at LawFest.

The great content was complimented by fantastic networking opportunities, as the legal community were able to re-connect and network in-person – something we have all missed the value of over the past few years.

With LawFest 22 behind us, the focus now shifts to LawFest 23 on 1 June, where we will look to explore further how to adapt and thrive in an ever-changing legal market.

Author:

Andrew King, Founder and Strategic Advisor – E-Discovery Consulting

In July, OAIC published guidance on the retention and deletion of personal information (PI) collected during the COVID-19 pandemic. Organisations should take stock of the personal information they hold and assess whether it is necessary to continue to collect and retain PI.

Australian Privacy Principles 11.1 and 11.2 require that reasonable steps be taken to protect personal information and personal information be destroyed or de-identified once it is no longer needed.

If information is stored electronically, such as in cloud-based storage, servers, USBs or with a third-party provider, you should ensure that the digital records are permanently destroyed, including in any back-up system or offsite storage.

It is also important to consider whether employees require any training to ensure that personal information is securely destroyed.

In November, OAIC published the COVIDSafe privacy report in accordance with s 94ZB of the Privacy Act, which examined compliance and risk throughout the ‘information lifecycle’ of COVID app data collected during the pandemic. Read the COVIDSafe Report May–November 2022 here.