Matthew Ellis

Photo of Matthew Ellis
Firm/Organization: Norton Rose Fulbright
Blogs: Financial services: Regulation tomorrow, Health Law Pulse, Insurance law tomorrow

Latest Articles

The Office of the Australian Information Commissioner (OAIC) recently released its third quarterly report in relation to data breaches notified under the Notifiable Data Breach (NDB) Scheme between 1 July and 30 September 2018. For this quarter, the OAIC received 245 data breach notifications which is on par with the previous quarter. With this being the second full quarter report released by the OAIC, it is becoming easier to recognise certain trends in data breach…
clouds
In mid-2017, the Australian Bureau of Statistics revealed that almost a third of sampled businesses are using commercial cloud computing services.  This year, Gartner reported Australian businesses will spend $4.6 billion on cloud services (an 18.5% increase from last year). Below we highlight some of the risks for businesses associated with the use of cloud services and provide tips to mitigate some of those risks. Vendor lock-in Some cloud service providers can make it difficult…
cyber computer
Think of one of the greatest nightmares of your professional life. For the management team of a corporation and their in-house counsel, there are few more nightmarish days than when they receive a call from the IT department reporting unauthorised activity in the company’s databases. Over the next few days, the fog lifts and it becomes clear that the company has been the subject of a cyber-attack and personally identifiable data of its customers or…
law2
As we have previously reported, the Australian Law Reform Commission (ALRC) is in the midst of conducting an Inquiry into Class Action Proceedings and Third-Party Litigation Funders.  The ALRC is to deliver its report on 21 December 2018. Class actions are now considered one of the greatest risks to corporations in Australia, with resulting increases in D&O insurance premiums being seen in the market.  Gone are the days of yesteryear, when class actions were…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018.  It has resulted in changes to Australia’s privacy law in relation to notification obligations on individuals and organisations that experience a data breach.  In this post, we look at the first quarterly report issued by the Office of the Australian Information Commissioner (OAIC) in relation to data breaches notified under the NDB Scheme. The Report Now that notification of data breaches…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law.  In previous posts, we have considered the nature and contents of notification statements, how to identify which data breaches need to be notified, and the steps to be taken when an organisation suspects a data breach. In this post, we look at which organisation is responsible for notifying affected individuals…
The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law.  In this post, we look at how to identify which data breaches are “eligible data breaches” and need to be notified to the OAIC and affected individuals under the NDB Scheme. Which data breaches require notification An organisation must notify under the NDB scheme if it experiences (or has reasonable grounds to believe…
  Norton Rose Fulbright Australia’s Insurance team recently hosted a panel discussion which explored the intergenerational divide in the workplace.  The panel explored what the differing values, communication styles and work habits of each generation mean for the insurance industry, and considered multigenerational risk through the prism of loyalty, leadership, innovation, corporate social responsibility and insurance products. The esteemed and multigenerational panel comprised: Catherine Carlyon, head of claims at XL Catlin Jennifer Pham, Senior Underwriter…
Despite unprecedented levels of privacy breaches and ongoing debate, there is still no statutory regime or binding common law in Australia that establishes a cause of action for breach of privacy.  However, the upcoming introduction of the mandatory data breach notification law, the Privacy Amendment (Notifiable Data Breaches) Act 2017 – which takes effect on 22 February 2018 – will undoubtedly cast a spotlight on data breaches that affect an individual’s privacy. So, how will…
ASIC’s latest report (Report 492) on add-on insurance makes for sobering reading. Following a review of add-on general insurance products sold through car dealers, ASIC identifies a number of concerns. This follows earlier reports focused on consumer experiences (Report 470) and the sale of life insurance through car dealers (Report 471). The most recent report focuses on the design of insurance policies and sales processes.…