Privacy and data protection

Service Experience People

Data privacy and information governance are taking on even greater importance in our digital economy

As Australian and international laws try to keep pace with emerging technologies and business methods, organisations need to understand their evolving regulatory obligations and stakeholder expectations, and how to meet them in the markets in which they operate. 

We assist businesses and government agencies to navigate data and privacy issues. These include local and international compliance obligations, data security in cloud and outsourcing arrangements, information governance and risk policies, and preparing for and responding to data breaches.


  • Preparing privacy policies and compliance documents
  • Guidance on privacy compliance obligations for local and foreign companies operating in Australia, and for Australian exporters and services providers operating in overseas markets including the European Union
  • Information governance and risk management
  • Cyber incident response: prevention, detection and protection services; data incident assessment, response and management services
  • Preparing data breach statements to the Office of the Australian Information Commissioner
  • Data breach remediation
  • Responding to privacy complaints and access to information requests
  • Cyber insurance reviews and incident claims


HopgoodGanim was proudly ranked by Doyle's Guide as a Leading Technology, Media & Telecommunications Law Firm in Queensland, 2017-2022.

Exceptional outcomes

Australian National Retailer / Provided incident response and crisis management in response to an email phishing campaign involving unauthorised access to cloud-based email accounts. Successfully managed notifications to Office of the Australian Information Commissioner and other government agencies, and to affected team members, job applicants and business suppliers.
Queensland aged care services provider / Assessing and responding to business email compromise and data breach affecting staff and aged care residents. This included assessing the affected types of personal information and corresponding risks of serious harm; and preparing a template notice to individuals with personalisation to reflect the particular steps each individual could take to protect themselves from risk of harm.
Legal technology service provider / Carried out an audit for the types of personal information collected, used or disclosed by our client; assessed and classified the risk and sensitivity of these personal information categories; prepared a data breach response flowchart, key contacts list and model data breach statement to use in event of a data breach.
Gas well services joint venture / Assisted our client by managing the incident investigation and recovery for a cyber breach involving unauthorised remote access to human resources personal information, and real risks of fraud and identity theft. This included data breach assessment and harm analysis, engaging a cyber forensic advisor, providing a data breach notice to the Office of the Australian Information Commissioner, and assisting with remediation steps to avoid future incidents.
Large automotive dealer group / Responding to and recovering from a ransomware attack, which resulted in business interruption and data loss, and placed customer identification information at risk.
Automotive dealer / Responding to and recovering from a business email compromise involving invoice payment fraud. 

Key contacts

Meet our Privacy and Data Protection team

Related services

Latest news and content