Eden Winokur

Photo of Eden Winokur

Latest Articles

In mid-2017, the Australian Bureau of Statistics revealed that almost a third of sampled businesses are using commercial cloud computing services.  This year, Gartner reported Australian businesses will spend $4.6 billion on cloud services (an 18.5% increase from last year). Below we highlight some of the risks for businesses associated with the use of cloud services and provide tips to mitigate some of those risks. Vendor lock-in Some cloud service providers can make it difficult…
Think of one of the greatest nightmares of your professional life. For the management team of a corporation and their in-house counsel, there are few more nightmarish days than when they receive a call from the IT department reporting unauthorised activity in the company’s databases. Over the next few days, the fog lifts and it becomes clear that the company has been the subject of a cyber-attack and personally identifiable data of its customers or…
As many readers know, the Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018.  It has resulted in changes to Australia’s privacy law in relation to notification obligations on individuals and organisations that experience an eligible data breach. The Office of the Australian Information Commissioner (OAIC) recently released its second quarterly report in relation to data breaches notified under the NDB Scheme between 1 April and 30 June 2018.  The OAIC…
Global litigation funder IMF Bentham Ltd (IMF) has launched a representative complaint with the Office of the Australian Information Commissioner (OAIC) seeking, amongst other things, financial compensation for alleged breaches of the Privacy Act 1988 (Cth) by Facebook Inc (Facebook). The action relates to unauthorised access to over 87 million Facebook users’ data by political consulting firm, Cambridge Analytica. The class action has the potential to be formed by over 300,000 Australian class members who…
Does your company or organisation (or any of its subsidiaries) monitor, track or target EU data subjects in the context of offering goods or services to them? If the answer is yes, your organisation needs to ensure it is ready to comply with the requirements of the GDPR. What is the GDPR? The European Union General Data Protection Regulation (GDPR) commences operation today, 25 May 2018. The GDPR will operate to regulate the processing of…
  Although cyber insurance is seen as one of the biggest opportunities in insurance and reinsurance right now, the risks to insurers and insureds could be equally large. One significant threat is ‘cyber risk aggregation’. What is ‘cyber risk aggregation’? Risk aggregation in the insurance industry refers to multiple claims being generated by the same or a related event (such as the large number of claims that might follow a natural disaster). In the same…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018.  It has resulted in changes to Australia’s privacy law in relation to notification obligations on individuals and organisations that experience a data breach.  In this post, we look at the first quarterly report issued by the Office of the Australian Information Commissioner (OAIC) in relation to data breaches notified under the NDB Scheme. The Report Now that notification of data breaches…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law. In previous posts, we have considered: the nature and contents of notification statements; how to identify which data breaches need to be notified; the steps to be taken when an organisation suspects a data breach; and who is responsible when information is jointly held. In this post, we consider…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law.  In previous posts, we have considered the nature and contents of notification statements, how to identify which data breaches need to be notified, and the steps to be taken when an organisation suspects a data breach. In this post, we look at which organisation is responsible for notifying affected individuals…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law. In previous posts, we have considered the nature and contents of notification statements, and how to identify which data breaches need to be notified. Those posts set out the notification requirements where an organisation has reasonable grounds to believe it has experienced an eligible data breach? This post considers a preliminary…