By: Kieran Doyle, Nicole Gabryk, Stephen Morrissey, Joseph Fitzgerald, Amanda Beattie, Nick Martin and Gavin Davies


We are delighted to share Issue 8 of our Cyber, Tech and Data Risk Report – our wrap-up of relevant news for the last quarter of FY24 for insurers, brokers and their customers doing business in Australia and New Zealand in the cyber, tech and data fields.

In our June issue, we cover a number of regulatory updates in Australia, including updated ASX Guidance on disclosure of cyber incidents, the ACCC’s eighth interim report for the Digital Platform Services Inquiry, the OAIC’s preliminary investigation into TikTok, the APRA’s expectations on cyber security, the impact of the 2024-2025 Federal Budget on data protection and cyber security in Australia, and the new Western Australian privacy and information sharing laws introduced. We also cover developments in the litigation space, including the civil penalty proceedings filed against Medibank by the Australian Information Commissioner over the 2022 data breach, ACMA’s Federal Court proceedings against Optus, recent class actions including Medibank and Optus, and guidance on AI from the Victorian and Queensland Courts. In the technology space, we look at a recent case where the Federal Court granted interlocutory relief to a medicinal cannabis company in a technology dispute.

Looking to New Zealand, we delve into the Office of the Privacy Commissioner’s (OPC) draft Biometric Processing Code, updates on breach notification, the Customer and Product Data Bill that has been introduced to Parliament, and the OPC’s comprehensive privacy management framework – Poupou Matatapu (the ‘pillars of privacy’).

If you would like to discuss anything covered in these articles, please reach out to a member of the team.

To view the full report, click here.