Tres elegant.
_
Our new collection. Ships December.
_
Our winter collection. Available worldwide.
Water: The primary base for most hand creams, providing hydration and aiding in the absorption of other ingredients.
Emollients: These help to soften and smooth the skin. Common emollients include:
- Shea Butter: Rich in fats and vitamins, excellent for deep hydration.
- Cocoa Butter: Provides a protective barrier and is very moisturizing.
- Jojoba Oil: Mimics the skin’s natural oils, offering hydration without being greasy.
- Humectants: These attract moisture from the environment into the skin. Examples include:
- Glycerin: A powerful humectant that helps to keep the skin hydrated.
- Hyaluronic Acid: Known for its ability to hold up to 1,000 times its weight in water, providing intense moisture.
Occlusive Agents: These help to lock moisture in and create a barrier on the skin. Examples are:
- Petrolatum (Vaseline): A heavy occlusive agent that provides long-lasting protection.
- Dimethicone: A silicone that smooths the skin and forms a barrier.
Vitamins: Added for their beneficial effects on the skin.
- Vitamin E: An antioxidant that helps protect the skin from damage and supports healing.
- Vitamin A: Often included for its anti-aging properties and skin-renewing effects.
Essential Oils: Used for their fragrance and potential therapeutic benefits, such as:
- Lavender Oil: Known for its calming and soothing properties.
- Tea Tree Oil: Has antibacterial and antifungal properties.
Botanical Extracts: These provide additional skin benefits and often have soothing or antioxidant properties. Examples include:
- Aloe Vera: Known for its soothing and moisturizing properties.
La Mer
Known for its luxurious, high-performance skincare products, including hand creams. Their Crème de la Mer is particularly famous.
Chanel
Offers a range of high-end skincare products, including hand creams, under their exclusive beauty line.
Dior
Renowned for its luxury skincare and cosmetic products, including high-quality hand creams.
Guerlain
A prestigious brand with a selection of high-end skincare products, including hand creams that often feature unique ingredients.
Sisley Paris
Offers luxury skincare products enriched with plant extracts and essential oils, including their hand creams.
Clarins
Known for high-quality skincare products with a focus on natural ingredients and luxury formulations.
Estee Lauder
Provides premium skincare solutions, including hand creams that are well-regarded for their effectiveness and quality.
25% off
For a limited time only we're offering 25% with bulk purchase orders. Valid till end of year.
Cyber & Privacy
Risk Management Solutions
Introduction
In today's interconnected digital landscape, safeguarding your business against cyber and privacy risks is not just an option – it's a necessity. At Albrecht Burrows, we understand the critical importance of proactive risk management in the face of evolving cyber threats. Our expertise in cyber and privacy risk management empowers businesses to assess, address, and mitigate potential vulnerabilities effectively and cost-efficiently.
With cyber attacks on the rise and privacy regulations becoming increasingly stringent, businesses can no longer afford to overlook the importance of comprehensive risk management strategies. Our tailored solutions provide you with the peace of mind that comes from knowing your organization is equipped to navigate the complexities of the digital world securely. Partner with us to secure your business today and build a resilient foundation for tomorrow.
Cyber and Technology Solutions
- Cyber Readiness Assessments (click for details)
- Information Security Policies and Frameworks
- Incident Response & Business Continuity Plans
- Data Governance
- Artificial Intelligence (AI) Governance
- Cyber and Technology contracts
- Incident response management (click for details)
- Rapid breach analysis and confirmation
- Foreign jurisdiction applicability assessments and coordination of international response
- Notifiable data breach management (Australia, NZ and UK/EU GDPR)
- Data breach eDiscovery
- Ransomware response and payment advice
- International sanctions checking and advice
- Digital IP enforcement & injunctive relief
- Freedom of information requests (and response)
- Post incident recovery and remediation
- AFSL / ACL Breach investigation and ASIC reporting
- Insurance coverage and claims
- Complex indemnity disputes and claims for dual insurance
- Financial Ombudsman Service (FOS) disputes
- Policy wording and endorsement drafting
- Cyber insurance proposal design and drafting
- Civil Liability Act and the application of third party liability for the criminal acts of others
- Misleading and Deceptive Conduct under the Australian Consumer Law
- Contractual breaches and implied contractual duties
- Inducing breach, knowing receipt, knowing assistance, and tort of passing off
- Corporation Act and breach of directors’ & fiduciary duties
- Acting in response to regulatory investigations
- Complex recoveries
- Project specific information security and data protection advice
- Regulatory and industry body engagement
- International expansions support and advice
- M&A Cyber Security Due Diligence
- AFSL / APRA Cyber compliance audits
- Corporations Act and Regulations (and ASIC Regulatory Guides)
- APRA Prudential Standards
- Spam Act and Do Not Call Register Act
- Workplace Surveillance Laws
- AI laws and regulations including the EU AI Act
Privacy & Data Protection Solutions
- Privacy Capability Assessments (click for details)
- Privacy Policies, Notices, and Disclosures
- Data Governance and Strategy including Privacy Management Programs covering the UK / EU General Data Protection Regulation (GDPR)
- Legitimate Interest and Transfer Impact Assessments
- Privacy Impact Assessments (click for details)
- Data Privacy Impact Assessments (DPIA)
- Artificial Intelligence (AI) Governance including Conformity Assessments, Data Ethics, and Bias Assessments
- Privacy contractual clauses
- Data Processing Agreements and International Data Transfer Agreements
- Privacy data mapping
- Privacy Advisory and Privacy-by-Design project support
- Privacy breach response and management
- Rapid breach analysis and confirmation
- Foreign jurisdiction applicability assessments and coordination of international response
- Notifiable data breach management (Australia, NZ and UK/EU GDPR)
- Data breach eDiscovery
- Ransomware response and payment advice
- International sanctions checking and advice
- Digital IP enforcement & injunctive relief
- Post incident recovery and remediation
- AFSL / ACL Breach investigation and ASIC reporting
- Privacy complaints and investigations
- Data Subject Access Requests (DSARs)
- Civil Liability Act and the application of third party liability for the criminal acts of others relating to interferences with privacy including doxxing
- Misleading and Deceptive Conduct under the Australian Consumer Law relating to Privacy
- Contractual breaches and implied contractual duties
- Privacy Act breaches and breach of directors’ & fiduciary duties
- Acting in response to regulatory investigations
- Privacy-by-Design consulting / Privacy Engineering
- Advising on Privacy enhancing technologies
- Regulatory and industry body engagement and advocacy
- International expansions support and advice
- Mergers & Acquisitions (M&A) Privacy Due Diligence
- Privacy compliance audits including APRA, ASIC (AFSL/ACL), & Health
- Product liability relating to privacy, including AI / ML
- Commonwealth and State Privacy Acts
- EU & UK General Data Protection Regulation (GDPR)
- EU ePrivacy Directive
- Consumer Data Rights (CDR)
- Corporations Act and Regulations (and ASIC Regulatory Guides)
- APRA Prudential Standards
- Spam Act and Do Not Call Register Act
- Workplace Surveillance and Privacy laws
- PIPEDA (Canada)
- US State and Federal privacy including California Consumer Privacy
- Illinois Biometric Information Privacy
- AI laws and regulations including the EU AI Act
Truly commercial advice
Behind every legal issue exists a unique set of commercial circumstances and objectives which can have a huge impact on how time and resources should be invested. Indemnities don’t need to be negotiated if there’s no exposure. IP rights are only as valuable as the IP. Often fee calculations and payment terms are the most important clauses in a contract. If you understand that a legal clause has no commercial relevance – that’s an advantage you have over your counterpart. Many lawyers are oblivious to these factors – we live for them.
Transparent and Flexible Pricing
Solution prices starting from
Description | Item | Quantity | Price |
|---|---|---|---|
Cyber Readiness Assessment (CRA) Starting from | $3,500 | ||
Privacy Capability Assessment (PCA) Starting from | $3,500 | ||
Privacy Impact Assessments Starting from | $3,500 | ||
Incident Response Plans Starting from | $2,000 | ||
Cyber and Privacy Contract Reviews Starting from | $1,500 | ||
AI Compliance Maturity Assessment. Starting from | $3,500 |
Fractional Privacy Officer Plans
Foundations Package
- Privacy Policy updates/drafting and 1 round of editing by a privacy lawyer
- Data Breach Response Plan template, guidance, and 1x review
- Collection Notices and Consent Forms
- General ad-hoc privacy enquiries (up to 4 hours per month)
Established Package
- Everything in Foundations plus:
- Model contractual clauses for privacy and data breach management
- Personal Information Data Retention Policy template and 1 round of editing by privacy lawyer
- Record of Processing Activities (ROPA) worksheet, guidance, and 1 round of review
- Privacy Impact Assessment template
- 4 additional hours per month for general ad-hoc privacy enquiries
(total = 8 hours per month)
Advanced Package
- Everything in Established plus:
- Model Data Processing Agreement (DTA): Controller - Processor
- Business Continuity Plan template, 1 hr workshop, and 1 round of review and edits of your completed BCP
- Privacy Impact Assessment covering 1 major system with 1 round of editing, conducted by a privacy lawyer
- 4 additional hours per month for general ad-hoc privacy enquiries (total = 12 hours per month)
Privacy Helpdesk - Ad-hoc hours
Privacy Helpdesk
4 hours
- Access to senior privacy lawyer
- 4 hours of informal privacy advice
- review of draft privacy documents
- ad-hoc privacy advice
- Hours valid to use for 12 months from date of purchase
Privacy Helpdesk hours are not usable for data breach response services or work relating to large projects or complex issues (typically requiring more than 4 hrs effort on a single enquiry or relating to: complex international or multi-jurisdictional privacy law, machine learning, facial recognition, artificial intelligence, data breach response, insurance claims, or disputes & litigations)
Privacy Helpdesk
8 hours
- Access to senior privacy lawyer
- 8 hours of informal privacy advice
- review of draft privacy documents
- ad-hoc privacy advice
- Hours valid to use for 12 months from date of purchase
Privacy Helpdesk
12 hours
- Access to senior privacy lawyer
- 12 hours of informal privacy advice
- review of draft privacy documents
- ad-hoc privacy advice
- Hours valid to use for 12 months from date of purchase
Get a no obligation consultation
At Albrecht Burrows, we understand the complexity and urgency of cyber and privacy risks facing businesses today. Get a no obligation consultation with our experts to better understand how your business can increase your resilience to cyber and privacy threats and regulatory risks. Our team of experienced multidisciplinary professionals will work closely with you to create personalised risk management solutions tailored to your business' unique needs needs and budget. Don't wait until it's too late – schedule your no-obligation consultation today and take proactive steps towards protecting your business from cyber threats and privacy breaches.
Testimonials
What sets AB apart is their flexible and pragmatic approach - they share our values, our DNA, and they think outside the box. The team are highly skilled commercial lawyers who possess unparalleled expertise in regulatory areas, a deep understanding of business, and exceptional negotiation skills."
Regan Carey
Head of Legal and Compliance
Craigs Investment Partners
AB offers exceptional legal advice delivered by highly skilled and brilliant lawyers who are fantastic to deal with; personable, easy to talk to and compassionate. The commerciality of their advice is matched only by their commitment to simplifying the law and finding practical, creative solutions!
Tas Demos
Managing Partner
BDH Leaders
Meet the Team
Our cyber and privacy services are delivered by our team of highly qualified professionals with decades of experience across all areas of cyber security and law, as well as law enforcement, artificial intelligence, privacy and data protection, risk management, business resilience, disaster recovery, crisis management, insurance and more.
James A. Cole
Partner | Head of Cyber & Privacy
My passion is helping our clients to implement holistic and commercial technology, privacy, and governance strategies that are aligned to their business objectives and risk appetite. I enjoy holistically applying my expertise across technology, business, and law enabling me to get to the heart of the issues and achieve positive, long-term results for clients.
James has spent more than two decades specialising in information security, strategic operations, and Governance, Risk & Compliance helping businesses and government seamlessly integrate privacy, technology, security, and compliance with business objectives.
James’ success as a computer scientist and lawyer has been centred on his core belief that privacy, security, and compliance do not have to be onerous activities that hinder business.
James’ expertise is wide ranging on every axis. He has advised organisations across both private and public sectors, as well as a broad range of industries including financial services, insurance, technology, healthcare, and government.
His advice spans across:
- international commercial expansions and regulatory compliance
- international privacy regimes including GDPR, CCPA, HIPPA, PIPEDA, UK PECR, ePrivacy Directive
- Access to Information / Freedom of Information
- multi-jurisdictional privacy and data protection
- artificial intelligence (AI) and facial recognition technology including ISO 42001
- cyber resiliency and preparation & prevention of cybercrime
- cyber governance, risk and compliance including ISO 27001 & NIST 800-53
- contractual liability in cyber & technology, and privacy & data protection
- misleading and deceptive conduct in financial services including AFSL compliance and breach investigation & reporting
- data breach incident response and remediation
Academic Credentials
- Bachelor of Laws (Honours) - Queensland University of Technology
- Bachelor of Computer Science - University of Calgary
- Bachelor of Arts (English Literature and Philosophy) - Trent University
- Postgraduate Studies (Law) - University of British Columbia
- Diploma in Insurance Law - Law Society of Ireland
- Masters of International Security Studies (Distinction)- Macquarie University
- Masters of Policing, Intelligence & Counter Terrorism (Distinction) - Macquarie University
Certifications
- Certified Information Privacy Professional / Europe (CIPM/E) - International Association of Privacy Professionals (IAPP)
- Certified Information Privacy Manager (CIPM) - International Association of Privacy Professionals (IAPP)
- Certificate in Data Protection Practice - Law Society of Ireland
- Certificate in General Data Protection Regulation (GDPR) - Law Society of Ireland
- Security+, Computer Technology Industry Association (CompTIA)
- Canadian Securities Course (CSC) - Canadian Securities Institute
- Australia - New South Wales - Lawyer
- Australia - High Court of Australia - Solicitor
- New Zealand - Barrister and Solicitor (inactive)
- England & Wales - Registered Foreign Lawyer
- Privacy and Data Protection
- Cyber and Technology
- Insurance
- Artificial intelligence (AI)
- International Private
- Corporate and Commercial
- Administrative and Regulatory
2024
- Member of Law Society of NSW Taskforce on AI & other tools and trends shaping the legal profession
2023
- UNSW Edge Seminar - Cyber Security & Data Breaches: the new governance frontier
- Gartner Security & Risk Summit - CISO Masterclass on the Ins & Outs of Cyber Insurance
- AISA CyberCon Canberra - Ask an Expert - Ask a cyber insurance breach coach about prevention and incident response planning
2022
- Tenable on Tour - Managing data risks and the role of legal teams
- Law Society of NSW Annual Conference The value of data, what you can do with it and what you can't (Moderator)
- Young Lawyers Criminal Law Sub-Committee, Law Society of NSW - The challenges of responding to cybercrime
- Albrecht Burrows & Law Squared webinar - Privacy: a whole of enterprise risk
- Law Society of NSW CPD webinar - Risk management as a strategic business tool: why legal is so much more than a dustpan and brush
2021
- Pemba Capital Partners Lunch and Learn - Cybersecurity in financial services
Mark Anderson
Legal Consultant, Lawyer (NZ)
Managing risk with both technical precision and pragmatism is critical in the modern environment. Properly understanding your business needs and then delivering that advice together with integrity, trust and loyalty are fundamental to ensuring your most optimal outcomes.
Mark is a highly awarded legal risk adviser and barrister to New Zealand and international business, governmental entities and public bodies. He has more than 20 years experience advising on risk including cyber risks and breach responses, technology contract liability, security and governance, health and safety, environmental, competition and other regulatory investigations.
He has provided incident response advice globally to clients in need, including those in Europe, Australia, New Zealand and across APAC, after developing global incident response panels drawing together legal, IT, Forensic and PR professions to manage cyber crises. He has managed some of the highest profile cyber breaches in Australasia.
Mark is a trusted leader with a high level of integrity, professionalism, and discretion. An exceptional strategist committed to minimising current and perceived risks while providing innovative, future focused and pragmatic legal strategies to achieve your objectives.
Recognised by peers for tenacity and a proven ability to direct technology and cyber risk/data breach incident responses, regulatory notifications, and insurance operations during business interruptions following a cyber incident. Mark has been ranked as a leading lawyer in the Legal 500 (2020&2021) and top lawyer privacy by Best Lawyers (2017-2023).
LLB (Otago University)
BA (Hons - International Relations & Politics)
- New Zealand - Barrister and Solicitor. Currently registered Barrister
Technology
Cyber Incident Response
Privacy
Insurance
Litigation
Board Risk and Governance Advisory
Administrative and Regulatory
Regulatory Investigation Response
Aviation and Marine Risks
Health and Safety
Environmental / Climate Change Risk
Data subject rights: The real risk of privacy and security for business 2022
Ransomware - the mechanics of ransom payments - Seminar Insurance industry 2021
The Globalisation of Privacy Breach Law – European developments and impact on Australasia - New Zealand Insurance Law Assocation – March 2020.
Cyber, conflict and cover: time for a re-think? 2018 Seminar and publication
Connected and Autonomous Vehicles: The future? Oral and written evidence 2016
Nik Albrecht
Principal
While there are many outstanding technical lawyers in the Australian market, they can be highly risk averse, and most have no interest in implementation. If you can maintain technical rigour of the legal skillset, but apply a commercial risk tolerance, a practical knowledge of the business, and genuine focus on relationships - then you have the potential to come up with truly valuable solutions.
Nik is a financial services specialist and a co-founder of the firm.
After spending 15 years working in both legal and commercial roles within leading financial services firms, Nik saw an opportunity. Despite all the marketing, most lawyers were risk averse, uncommercial, and simply not user-friendly for clients.
Through spending a large portion of his career working in-house within financial services firms, Nik developed a refined sense of what it really means to be commercial, and his success in corporate life has hinged on combining technical rigour with a risk neutral approach and a genuine focus on business objectives - and this underpins the approach he encourages the team to embrace at Albrecht Burrows.
The rest is all about the people. Nik applies a strict ‘no-psychopaths’ rule across his life and the firm, and believes your professional life should be filled with genuine friendships with your colleagues and clients.
In his pre-AB life, Nik held positions ranging from General Counsel through to Head of Business Strategy at leading firms such as King & Wood Mallesons, UBS, Schroders and Wilsons Advisory.
Academic Credentials
- Bachelor of Laws - University of Sydney (Banking, Corporate, Finance, and Securities Law)
- Bachelor of Arts (English Literature and Philosophy) - University of Sydney
- Master of Commerce, Finance and Accounting (Distinction, Top 10%) - University of Sydney
- Master of Business Administration (Distinction, Top 10%) - INSEAD
Certifications
- Australia - New South Wales - Lawyer
- Australia - High Court of Australia - Solicitor
- Financial Services Regulatory & Compliance
- Corporate and Commercial
- Alternative Dispute Resolution
Amanda Cefai (Burrows)
Principal
Litigation is a team sport. The best results are a product of incredible collaboration: brilliant solicitors, esteemed barristers, top-of-their-field experts, and reliable service providers. The experience you need isn't just in the person you are talking to, it's in the team that person can harness, all for the right price.
Mandy is the person you want in your corner when things become contentious. She is also a co-founder of the firm.
Having spent over 15 years managing disputes across a vast range of areas, Mandy is the person you want in your corner when things become contentious. Not one for drama, her calm approach can diffuse even the most stressful situations.
Mandy’s success has been built on her ability to quickly assess risk and implement strategies to drive resolutions tailored to commercial interests.
She believes that the key with disputes is to look at them as a predictable course of business - and that with any dispute, no matter what the subject matter is, you need to know your prospects of success and the options you have; specifically including what each of those options will look like and what they will likely cost. That’s how you remain in control.
Mandy is approachable, responsive, and committed to providing the best possible service. She is highly regarded by both her clients and her colleagues due to the genuine relationships she creates, which was an integral value in the creation of AB.
She has experience representing clients' interests across proceedings instituted in Federal, Supreme, District, and Local Courts together with the Coroners Court throughout the Australian jurisdictions, where she has acted for ASX listed companies, international corporations, government agencies, strata corporations, and clients across various industries such as construction, financial services, professional services (accounting, legal and health), insurance, real estate, retail, and security.
Despite raising three girls and running a law firm, Mandy’s unmatched organisational skills mean she still finds time to be a keen golfer, and she is widely regarded as the person you want on your table at any long lunch.
Academic Credentials
- Bachelor of Laws - Macquarie University
- Bachelor of Psychology - Macquarie University
- Australia - New South Wales - Lawyer
- Australia - High Court of Australia - Solicitor
- Litigations and Disputes
- Alternative Dispute Resolution
- Corporate and Commercial
- Acting in response to ASIC investigations
- Acting for the appointed liquidator in a Public Examination
- Public Investigation of companies that were voluntarily placed into liquidation in order to investigate the affairs of those companies following longstanding shareholder disputes
- Advising on and preparing responses in Financial Ombudsman Service (FOS) disputes
- Defending a claim against an insurer in relation to its liability under the Corporations Act for the actions of its authorised representative
- Acting for manufacturers and suppliers of consumer products in relation to product liability claims and advising on recovery claims against deemed manufacturers
Risk-neutral advice
Legal advice is all about managing risks, but that doesn’t mean it should be risk-averse. At AB we believe that while your legal adviser should lay out the risks, and provide the information a client needs to make an informed decision, the decision of where to set risk tolerance should lie with the client. Your lawyer sets out where the line is – the client decides how close they want to be. Being able to pinpoint that line clearly and accurately is what distinguishes a legal advisor – not limiting the client’s options.
Case Studies
1. Financial Institution Compliance: Our hybrid computer science – legal team members helped the client successfully map their current cyber maturity level and legal obligations, establish a maturity uplift roadmap in coordination with their IT provider, and worked with their insurance broker to complete accurate proposal form responses resulting in the successfully obtaining cyber insurance coverage for an affordable premium. 2. SaaS Company AI & Facial Recognition Compliance: We helped an Australian SaaS web app maker successfully navigate the complexities of international data protection laws as they apply to biometric information in retail virtual try-on technology minimising their overall privacy and data protection risks and helping the company implement a sound multinational expansion strategy aligned to the client's risk tolerance. 3. Transport Logistics Incident Response: Working with a prominent logistics company, we provided timely and compassionate advice and assistance in responding to a devastating ransomware attack from day 1 through to full recovery and post-recovery risk mitigation successfully returning the client to normal operations in less than one week with no regulatory actions or adverse media.
Emotionally intelligent advice
While for the modern lawyer being able to manage relationships is par-for-the-course, our experience is that the impact that emotional factors can have on business outcomes is vastly underestimated. Human issues represent an entire spectrum of factors that can have very little to do with the legal merits of an issue, and can provide opportunities for leverage as well as unique avenues towards resolution. When managed well they can lead to exceptional outcomes that would not have seemed possible when assessing the matter on paper.
Assessment Solutions
A Privacy Capability Assessment provides a holistic snapshot of your organisation’s approach to handling personal information and assesses whether your capabilities align with your privacy objectives and legal obligations.
By contrast, a Privacy Impact Assessment (PIA) analyses an existing or proposed project, practice or technology and assesses it's level of compliance with the privacy laws - such as the Australian Privacy Principles (APPs). A PIA takes a deep dive into a particular initiative, examines its data flows, and ensures the initiative is compliant with relevant APPs and any other applicable privacy rules.
Yes.
You should revisit your PCA on at least an annual basis and see if anything has changed. You need to update the PCA if you have made changes to:
- your personal information handling practices;
- storage;
- vendors / suppliers;
- systems; or
- the types of personal information you collect, process, store, or disclose.
You should also update the PCA anytime the privacy laws change or your business practices change and you gain exposure to new privacy rules or foreign privacy laws.
A Privacy Impact Assessment (PIA) is a process used to protect privacy-by-design when an you start or acquire a new business, implement a new process, starting working with a new supplier or Cloud service or Processor, or launch a new product or technology. The PIA is focused on your activity's compliance to the privacy rules and laws.
A Data Protection Impact Assessment (DPIA) is an ongoing process, regularly applied to personal data processing, identifying, and mitigating data protection risks. The DPIA is focused on the risks to privacy associated with the activity.
Yes it is. A PIA can be conducted against existing projects, practices and systems.
However, it is best practice to carry out a PIA during the planning stages of an project or system and throughout the implementation phases. This way, privacy issues can be addressed early rather than being treated as an afterthought and the resutling PIA is updated as the project matures resulting in a privacy compliant initiative at go-live.
Yes you do. Privacy Impact Assessments are living documents. They need to be revisited every time a trigger event occurs.
Trigger events to refresh your PIA include:
- The privacy laws change;
- You make a material change to the previously assessed initiative or system such as technology upgrades, deploying a new system, change the data flows, changing the data storage, or changing suppliers / vendors;
- You make a change to the purpose of the personal information processing or you change what personal information you collect, or what processing you are doing on the personal information.
The easy way to think of it is: if something about your system or process changes, update the PIA.
Policy and Process
Every organisation that is covered by the Privacy Act, or any foreign privacy laws, must have a compliant Privacy Policy that is written in plain language, is freely accessible, and provides details about your collection, processing, storage, and disclosure of personal information.
It's important to note that a Privacy Policy is a living document that needs to be regularly reviewed and updated - especially when your privacy practices or business activities change or the law changes.
A comprehensive Privacy Policy lets you demonstrate that your organisation takes it's privacy obligations seriously. Consumers expect an organisation to take reasonable steps to protect the personal information they entrust to the company and to be transparent in how that information is handled. This is demonstrated through the Privacy Policy.
Recent high-profile privacy breaches have increased consumer focuses on privacy protections and demonstrated the devastating impact a privacy breach can have on affected individuals and the organisation. Affected individuals can suffer substantial harms ranging from financial loss and identity theft to psychological harms. A privacy breach can also expose mishandling of personal information resulting in regulatory investigations and penalties.
There are also substantial risks in not keeping a Privacy Policy up-to-date and accurate. False or misleading statements made in a Privacy Policy can constitute misleading and deceptive conduct under the Australian Consumer Law resulting in substantial penalties and costly legal proceedings.
Complaints
Privacy laws grant express Rights and Freedoms to individuals. Some laws, such as the EU General Data Protection Regulation (GDPR) - that has been adopted in some form by more than half the world - include rights ranging from access, correction, and objection, to the right to be forgotten.
A significant part of the Australian Government proposal to amend the Privacy Act includes expansion of the existing rights under the Australian Privacy Principles. As of the start of 2024, Australians already have the right to request access and correction. Failing to respond within set time limits can result in an interference with privacy and a regulatory complaint. The proposed legislative amendments would introduce new rights, such as the Right to be Forgotten. Additionally, the proposals include a new penalty regime and a tort - the right to bring a legal action, for interference with privacy.
Your organisation should take any privacy complaints seriously. All privacy complaints need to be thoroughly investigated and any legal issues identified and addressed in a timely manner. This can be complex, as you need to respond to the complainant while not interfering with the privacy of anyone else.
Failing to respond to a privacy complaint, or simply dismissing it, could result in escalation of complaints to the Privacy Commissioner, regulatory action, and adverse media. This can lead to reputational harm and lost customers and opportunity.
Breach Prevention and Response
Privacy breaches can enliven a wide range of regulatory notification obligations. A lack of preparedness can also drive up the response costs. During a privacy breach, it is important to be able to quickly assess what personal information is impacted and who it relates to in order to conduct risk of serious harm assessments and comply with regulatory notification obligations.
With proper preparedness and planning, you can ensure your response is timely, efficient, and aligned to your legal obligations. This helps to minimise potential harms to impacted individuals and reduce the potential reputational harm to your organisation. Additionally, the more prepared you are, the lower the response costs. eDiscovery, the process to determine what personal information is impacted and to whom it relates, is one of the most expensive components of incident response activities. Access to a quality, up-to-date, and accurate data map allows you to rapidly exclude irrelevant data sources from eDiscovery activities increasing efficiency and reducing cost.
If you don't know what personal information is on a particular system, you may have to waste a lot of time and money ingesting that data source into eDiscovery just to find it wasn't relevant.
Efficiency in breach response is even more critical as the notification time requirements in data breach notification regulations are getting narrowed to as low as 72 hours. Preparation helps you avoid a late notification penalty.
Awareness and Culture
Every member of your staff should receive at least some training on protecting personal information. However, any staff involved in the collection, handling, storage, or disclosure of personal information need to have regular training on recognising privacy protected information, what their obligations are at law and according to your Privacy Policy, and what they can do to appropriately safeguard personal information.
Staff members that have privacy related job roles, such as a Privacy Officer, your in-house legal team, your risk management staff, and your senior managers and executives may need to have a more in-depth understanding of your privacy policies, legal obligations, and privacy practices. This may also apply to staff that handle large volumes of personal information, such as your marketing team. These groups often require specialist training in handling privacy risks and complaints. You incident response team should also receive more in-depth privacy training.
Privacy training should occur regularly. Annual training is an absolute minimum. More frequent training is often needed and more effective.
Terms and Conditions
We are required by the Legal Profession Uniform Law (NSW) (Uniform Law) to set out the following terms of our engagement for your acceptance or further negotiation.
In these Terms, references to Albrecht Burrows, "we", "us", "our" refer to Alliance Legal Pty Ltd (ABN ) trading as Albrecht Burrows of Level 12, 111 Elizabeth Street, Sydney NSW 2000.
This document, together with our General Terms of Business, sets out the terms of our offer to provide legal services to you and constitutes our costs agreement and disclosure pursuant to the Uniform Law. The Terms and the Accepted Options in this Proposal form the entire agreement between You and Us during our engagement and any references to the "Proposal" in this document refers to both the Terms and the Accepted Option.
By accepting this Proposal as set out herein and below in the Terms, you agree that this Proposal serves as a binding Costs Agreement and Disclosure under Schedule 1 of the Legal Profession Uniform Law (NSW) between Albrecht Burrows and You for the provision of legal services and may be enforced in the same way as any other contract.
The prices quoted in the attached proposal are indicative prices only unless specified as fixed price.
Some services are on a recurring basis and will be charged on an ongoing basis in accordance with the selected billing frequency until cancelled in writing with one month notice. By selecting a recurring service you agree to be charged for the selected service amount, plus GST, until cancelled.
You will be proportionately charged for work involving shorter periods less than an hour. Our charges are structured in 6 minute units. For example, the time charged for an attendance of up to 6 minutes will be 1 unit and the time charged for an attendance between 6 and 12 minutes will be 2 units.
The agreed scope of work may include a fixed price. Where a fixed price is agreed, the following standard hourly rates charged by our professional staff will only apply to out of scope work. Where we have quoted a discounted hourly rate in the scope of work, the lesser of the quoted hourly rate or the following rates will apply:
(a) $650 plus GST for a Director, or Principal;
(b) $580 plus GST for a Partner, or Special Counsel;
(c) $450 plus GST for a Senior Associate;
(d) $380 plus GST for an Associate;
(e) $350 plus GST for a Solicitor; and
(f) $150 plus GST for a Paralegal.
Our rates are reviewed on a regular basis and may change during the course of a matter. In relation to lengthy matters this may impact upon our cost estimates (which may be revised accordingly). You will be given 30 days' notice in writing of any changes to our charge out rates.
Where you have been referred by a third-party such as your insurance broker, IT provider, or accountant, we may pay them referral fee. This fee is paid by us and is not an additional cost to you.
2.1 We may incur disbursements (being money which we pay or are liable to pay to others on your behalf). Disbursements may include search fees, court filing fees, process server fees, expert fees, witness expenses, travel expenses, transcript expenses and barrister's fees.
2.2 Where you instruct us to brief a barrister or other expert and they provide a disclosure and costs agreement we will provide this to you.
Our usual policy is to issue a tax invoice on a monthly basis or upon completion of a specific task or tasks. All tax invoices are due and payable 14 days from the date of the tax invoice. You consent to us sending our tax invoices to you electronically at your usual email address or mobile phone number as specified by you.
You may accept the Costs Disclosure and Costs Agreement by:
(a) signing and returning this document to us; or
(b) continuing to instruct us.
Upon acceptance you agree to pay for our services on these terms.
Interest at the maximum rate prescribed in Rule 75 of the Legal Profession Uniform General Rules 2015 (Uniform General Rules) (being the Cash Rate Target set by the Reserve Bank of Australia plus 2%) will be charged on any amounts unpaid after the expiry of 30 days after a tax invoice is given to you. Our tax invoices will specify the interest rate to be charged.
The Legal Profession Uniform Law (NSW) (the Uniform Law) provides that we cannot take action for recovery of legal costs until 30 days after a tax invoice (which complies with the Uniform Law) has been given to you.
It is your right to:
(a) negotiate a costs agreement with us;
(b) negotiate the method of billing (e.g. task based or time based);
(c) request and receive an itemised bill within 30 days after a lump sum bill or partially itemised bill is payable;
(d) seek the assistance of the designated local regulatory authority (the NSW Commissioner) in the event of a dispute about legal costs;
(e) be notified as soon as is reasonably practicable of any significant change to any matter affecting costs;
(f) accept or reject any offer we make for an interstate costs law to apply to your matter; and
(g) notify us that you require an interstate costs law to apply to your matter.
If you request an itemised bill and the total amount of the legal costs specified in it exceeds the amount previously specified in the lump sum bill for the same matter, the additional costs may be recovered by us only if:
(a) when the lump sum bill is given, we inform you in writing that the total amount of the legal costs specified in any itemised bill may be higher than the amount specified in the lump sum bill, and
(b) the costs are determined to be payable after a costs assessment or after a binding determination under section 292 of the Uniform Law.
Nothing in these terms affects your rights under the Australian Consumer Law.
If you have a dispute in relation to any aspect of our legal costs you have the following avenues of redress:
(a) in the first instance we encourage you to discuss your concerns with us so that any issue can be identified and we can have the opportunity of resolving the matter promptly and without it adversely impacting on our business relationship; and
(b) you may apply to the Manager, Costs Assessment located at the Supreme Court of NSW for an assessment of our costs. An application for assessment must be made within 12 months after the final bill in this matter was provided or request for payment made or after the costs were paid.
It is our policy that, when acting for new clients, we do one or more of the following:
(a) ask the client to pay monies into our trust account;
(b) ask the client for their credit card details.
Unless otherwise agreed with you, we may determine not to incur fees or expenses in excess of the amount that we hold in trust on your behalf.
You authorise us to receive directly into our trust account any judgment or settlement amount, or money received from any source in furtherance of your work, and to pay our professional fees, internal expenses and disbursements in accordance with the provisions of Rule 42 of the Uniform General Rules. A trust statement will be forwarded to you upon completion of the matter.
On completion of your work, or following termination (by either party) of our services, we will retain your documents for 7 years. Your agreement to these terms constitutes your authority for us to destroy the file after those 7 years. The authority does not relate to any documents which are deposited in safe custody which will, subject to agreement, be retained on your behalf indefinitely. We are entitled to retain your documents while there is money owing to us for our costs.
You will be liable for the cost of storing and retrieving documents in storage and our professional fees in connection with this.
We may cease to act for you or refuse to perform further work, including:
(a) while any of our tax invoices remain unpaid;
(b) if you do not within 7 days comply with any request to pay an amount in respect of disbursements or future costs;
(c) if you fail to provide us with clear and timely instructions to enable us to advance your matter, for example, compromising our ability to comply with Court directions, orders or practice notes;
(d) if you refuse to accept our advice;
(e) if you indicate to us or we form the view that you have lost confidence in us;
(f) if there are any ethical grounds which we consider require us to cease acting for you, for example a conflict of interest;
(g) for any other reason outside our control which has the effect of compromising our ability to perform the work required within the required timeframe;
(h) if in our sole discretion we consider it is no longer appropriate to act for you; or
(i) for just cause.
We will give you reasonable written notice of termination of our services. You will be required to pay our costs incurred up to the date of termination.
You may terminate our services by written notice at any time. However, if you do so you will be required to pay our costs incurred up to the date of termination (including if the matter is litigious, any cancellation fees or other fees such as hearing allocation fees for which we remain responsible).
Without affecting any lien to which we are otherwise entitled at law over funds, papers and other property of yours:
(a) we shall be entitled to retain by way of lien any funds, property or papers of yours, which are from time to time in our possession or control, until all costs, disbursements, interest and other moneys due to the firm have been paid; and
(b) our lien will continue notwithstanding that we cease to act for you.
We may in any manner we regard appropriate disclose the fact that we act or have acted for you, and the type of work but in doing so we will not disclose other confidential information.
Also, we may place an advertisement in an appropriate financial journal or industry journal at our cost after completion of the work, but only after obtaining your prior approval that you must not unreasonably withhold.
However, if you request it now, we will make sure we do not disclose details of the work or your name to anyone except as necessary in the course of doing the work.
We share office space with BDH Leaders Pty Limited, a financial consultancy. Where We are providing legal services to you concurrently to you receiving services from BDHL Leaders Pty Limited, services provided by BDH Leaders Pty Limited are not provided by Us and should not be relied upon as such. Our services are not, and should not be relied upon, as being provided by BDH Leaders Pty Limited. Our services are distinct and separate despite the use of shared office space. We take all reasonable steps to ensure the confidentiality of your information and legal matter.
You agree that we may use your logo on our website in the “Trusted by” section (or equivalent), and that we may refer to our engagement with you when speaking with external parties including potential clients. In addition, you agree that any testimonial(s) you give us can be used on our website and reproduced for other marketing and business development purposes including social media platforms and award applications.
These authorisations can be withdrawn by you in writing at any time.
We will collect personal information from you in the course of providing our legal services. We may also obtain personal information from third party searches, other investigations and, sometimes, from adverse parties.
We are required to collect the full name and address of our clients by Rule 93 of the Uniform General Rules. Accurate name and address information must also be collected in order to comply with the trust account record keeping requirements of Rule 47 of the Uniform General Rules and to comply with our duty to the courts.
Your personal information will only be used for the purposes for which it is collected or in accordance with the Privacy Act 1988 (Cth). For example, we may use your personal information to provide advice and recommendations that take into account your personal circumstances.
If you do not provide us with the full name and address information required by law we cannot act for you. If you do not provide us with the other personal information that we request our advice may be wrong for you or misleading.
Depending on the nature of your matter the types of bodies to whom we may disclose your personal information include the courts, the other party or parties to litigation, experts and barristers, the Office of State Revenue, PEXA Limited, the Land and Property Information Division of the Department of Lands, the Registrar General and third parties involved in the completion or processing of a transaction.
We do not disclose your information overseas unless your instructions involve dealing with parties located overseas. If your matter involves parties overseas we may disclose select personal information to overseas recipients associated with that matter in order to carry out your instructions.
We manage and protect your personal information in accordance with our privacy policy (which can be found on our firm website or a copy of which we shall provide at your request). Our privacy policy contains information about how you can access and correct the personal information we hold about you and how you can raise any concerns about our personal information handling practices. For more information, please contact us in writing.
We are able to send and receive documents electronically. However, as such transmission is not secure and it may be copied, recorded, read or interfered with by third parties while in transit. If you ask us to transmit any document electronically, you release us from any claim you may have as a result of any unauthorised copying, recording, reading or interference with that document, for any delay or non-delivery of any document and for any damage caused to your system or any files.
Where applicable, GST is payable on our professional fees and expenses and will be clearly shown on our tax invoices.
By accepting these terms you agree to pay us an amount equivalent to the GST imposed on these charges.
The law of New South Wales governs these terms and legal costs in relation to any matter upon which we are instructed to act.
Data breach emergencies
If you have experienced a data breach, whether unintential employee errors, employee data theft, or you’ve been the victim of a cyber-attack, the first 48 hours is crucial. So don’t waste any time, just get in touch.
Reach out, day or night.
If you don’t reach us straight away, we will get in touch ASAP!
Email us on [email protected]
Breach emergency Line: 02 8318 5980
Smart Commercial Lawyers
Delivering emotionally intelligent legal solutions
ablaw.com.au | [email protected]
Reception 02 8014 2511
Level 12, 111 Elizabeth Street
Sydney NSW 2000
Level 11, 456 Lonsdale Street
Melbourne VIC 3000
Rahiri Chambers
Level 10, Britomart Place
Auckland CBD