Cybercrime, Data Protection & Privacy Lawyers

A quarter of all data breaches globally originate inside an organisation — either as a result of error or misuse. In Australia, human error is responsible for more than half of all reported data breaches.

Given the rapid increase of data breaches and difficulties small to medium enterprise businesses face in protecting against cyberattacks from malicious parties, reducing the occurrence of insider risk will greatly reduce the overall risk profile of your organisation.

5.0 (based on Google Reviews)

Stanley & Co Lawyers helped my business when I was the victim of a targeted business email compromise scam. They explained my obligations under the Privacy Act, and helped my to minimise the damage.

Talk to an IT Lawyer

We are experts in online law, IT, cybercrime, data security and privacy laws. Go ahead, ask us anything.
  • Let us know how we can help.
  • Get plain English advice - quickly.
  • This field is for validation purposes and should be left unchanged.


Responding to a notifiable data breach

The number one security challenge globally is detecting and responding to a data breach in a timely fashion. Therefore, how your organisation handles a data breach incident is a greater indicator of the reputational impact than the size of the data breach itself.

Despite this, most businesses lack cyber-awareness and do not have an effective response team. Our IT lawyers assist you to identify roles, responsibilities and reporting lines of individual team members in order to respond appropriately in the event of a notifiable data breach.

Why choose Stanley & Co Lawyers ?

  • Criminal & commercial lawyers with IT experience
  • Fixed fee pricing & quick turnaround
  • Tailored advice in plain English

Notifiable Data Breach Regime

Data breaches are occurring more frequently, with increasing sophistication and causing greater financial and reputational damage than ever before. Now, as a result of legislative intervention, an eligible data breach under the mandatory data breach notification regime must be reported to the Privacy Commissioner. You must also notify the affected party in the prescribed manner within 30 days. An eligible data breach arises where there has been unauthorised access, loss or disclosure of personal information by a business, and such disclosure is likely to cause serious harm to the individuals whose personal information is stored. Compliance is not optional.

How we do it

1. Contact

Book online, call, email, SMS for your no-obligation free first appointment at Carrington Street.
T: 08 7001 6135
24 HR: 0420 359 833 or send an email

2. Meeting

You will meet with an experienced lawyer for a free initial appointment to discuss your matter.

3. Agreement

We send you a tailored fee proposal with a detailed ‘Scope of Work’ explaining exactly what you get for your money. If you are happy, sign the agreement and send it back to us.

4. Action

Now that we are engaged, we will get to work on your matter straight away. We will update you at each important milestone of your matter.

Privacy & Data security lawyers

Our team of experienced privacy and data security lawyers are standing by to advise you as data protection and privacy laws continue to evolve to meet the increased demand for information security. We assist businesses, individuals, law enforcement agencies, and have regularly appeared as key-speakers at notable cybercrime conferences. Contact the industry experts today for plain English advice.

  • Rich Stanley

    Co-Founder and Partner
  • Danial Esmaili Lawyer

    Danial Esmaili

  • Ed Hewitt

  • Adelaide Commercial Female Lawyer

    Tina Tran



Mandatory Data Breach Notification

  • You must notify affected individuals and the Privacy Commissioner when an eligible data breach involving personal information is likely to result in serious harm.
  • Notification must occur within 30 days in the required form.
  • Failure to notify the Privacy Commissioner and affected party in the prescribed manner may attract serious financial penalties.

Corporate Liability

  • Directors and officers of a corporation have a duty of care and diligence towards their company that arises under the Corporations Act 2001 (Cth).
  • The duty extends to understanding their company’s cybersecurity strategy, cyber resilience framework, and obligations under privacy law.
  • Directors and officers must be aware of their company’s obligations under the mandatory data breach notification regime.
  • There are various obligations under corporations law for regulated entities in the event of a data breach. Depending on the type of entity, including whether it holds particular licences and whom it is regulated by, obligations will vary.

How can we help?

FREE first appointment

Book us in for a coffee and a chat…

Book a Free Consultation

Get in touch

And don’t worry, we won’t charge you

Call 24/7 - 08 7001 6135