Boldly going secure: Cyber security voyage for directors, SME's and charities

Tuesday
 
26
 
November
2:25 pm
 - 
3:05 pm
Topic
Cyber Security Fundamentals for Board Directors / SME / NFP
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Think Tank 1
Theme
Leadership & Governance in Cyber Security

Speakers

Melissa Wingard
Melissa Wingard

Melissa Wingard

Melissa Wingard

Special Counsel
Seeing Machines

Synopsis

Resistance is futile.

SME’s and NFP’s have often fallen into the trap of thinking that their organisation is small, or the data they hold isn’t worth stealing, and therefore they are not a target for cyber criminals or hackers. This couldn’t’ be further from the truth.

In addition to the immediate costs of a cyber attack or data breach, small businesses, directors and NFP’s need to be aware of the unintended and often unwelcome consequences which could arise from a legal perspective, beyond a breach of the Privacy Act.

In this presentation, we propose looking at the legal impacts which directors, businesses and NFP’s’ need to be aware of when preparing and managing a cyber attack or data breach. Using recent case law and legislation to inform and educate attendees on legal issues which may arise and provide guidance on how to consider these risks within their own organisation including:

1. Breach of Duties under the Corporations Act or for NFP’s the ACNC Governance Standards

a. Failing to have adequate cyber security measures in place could be construed as:

i. a breach of a director’s duty of care and diligence under section 180 of the Corporations Act. Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496.

ii. a breach of the conditions of an AFSL licensee Australian Securities and Investments Commission v Lanterne Fund Services Pty Limited [2024] FCA 353

iii. not meeting the requirements of charities under the ACNC Governance Standards which exposes charities to risk that they will have warning or directions issued by the Commissioner.

2. Office of the Australian Information Commissioner can investigate and bring claims against organisations for failing to meet the APP’s:

a. Australian Information Commissioner v Australian Clinical Labs Limited [2023] FCA 1517

b. Medibank Private Limited v Australian Information Commissioner [2024] FCA 117

3. Loss of Legal Professional Privilege meaning that information you obtain through your lawyer might not be protected from disclosure:

a. Robertson v Singtel Optus Pty Ltd [2023] FCA 1392

b. Zoe Lee McClure v Medibank Private Limited (ACN 080 890 259) (current federal court class action)

4. Breach of Law and not just the Privacy Act

a. Australian Consumer Law for misleading and deceptive conduct, if you claim your organisation has certain security controls it does not;

b. Telecommunications Act imposes cyber security obligations on telecommunications carriers and service providers.

c. Security of Critical Infrastructure Act 2018 imposes obligations of security across critical infrastructure.

5. Breach of Confidentiality

a. HWL Ebsworth Lawyers v Persons Unknown [2024] NSWSC 71

6. Breach of contract.

a. If you provide services to the Government you may be in breach of your obligations to comply with the relevant obligations of the PSPF and ISM.

b. If you have contracted with a third party that you will hold information secure to a certain standard you may be in breach of contract. 

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country