Hybrid work was named as a factor that complicated regulatory compliance and data privacy
Data privacy laws have affected organisations in Australia across the board, according to the findings published in FTI Technology and Relativity’s The General Counsel Report 2024.
The report revealed that such laws had an impact for 100% of the study’s Australia-based respondents, which consisted of GCs or CLOs. Nonetheless, most GCs in Australia indicated that significant or sophisticated processes were in place to tackle compliance and vendor risk management for privacy laws.
“In Australia, class action litigation is huge, particularly with respect to privacy compromises”, one respondent said.
In line with this, FTI Technology Australia managing director Tim de Sousa told Australasian Lawyer that companies “must view privacy and data governance as strategic long-term investments in the sustainability and robustness of the organisation; ‘quick wins’ do not last”.
“Privacy should be seen as the connective tissue of the organisation and be considered an integral component of every process that touches personal information. Customers increasingly demand responsible and ethical practice; a standard which generally exceeds mere compliance”, he said.
In the face of new data protection legislation, respondents highlighted the limited guidance available.
“As new data protection laws emerge, there is very little guidance. It is a catch-22 because you cannot really know how to prepare until someone is caught being unprepared”, one respondent said.
Hybrid work arrangements have also complicated regulatory compliance and data privacy.
“It is harder to track what people are doing. it gives rise to more opportunities for inadvertent or intentional risks related to data protection”, another respondent said.
FTI Technology Australia managing director Chris Hatfield told Australasian Lawyer that in light of recent high-profile third-party breaches, organisations must conduct third-party data assessments.
“These are a necessity, not a ‘nice to have’ option pending future resourcing”, he said. “For years in Australia, corporations have been working on data privacy uplift projects. However, policy is often not translating to improved information governance maturity”.
de Sousa added that with the oncoming wave of technological development, GCs “should position themselves as the centre of a multidisciplinary team of stakeholders across their organisations, including product design, compliance, data and privacy, which can deploy to manage multifaceted data risks”.
“Legal professionals need to keep an open and flexible mind – technology brings new challenges but also new solutions”, he said. “Companies that strive for established best privacy practice will more easily be able to comply with the rising standards of global privacy laws”.
The General Counsel Report 2024 revealed that across the globe, 62% of respondents confirmed that standard processes and/or vendor policies had been implemented in their organisations, while 17% said stringent due diligence practices were in place. Moreover, 39% of non-US respondents said that they were closely monitoring at least two categories of US regulatory activity, especially in relation to data privacy legislation. A total of 30% of non-US based GCs were paying attention to US state privacy laws.
