Cyber & New Law Success

Digital Frontiers & Smart Law

Positioned as a New Age Law Firm

We Drive & Thrive on Innovation & Change

Reshaping & Combining the Traditional Areas of Law

Law is increasingly challenged by being applied to areas involving societal, political and technological changes. Legal systems slowly but eventually adapt, but this adaption needs to be properly driven by lawyers who welcome and embrace the new frontiers.

We welcome questions on challenging new areas where traditional legal principles need to be extended or extrapolated.

Awarded for legal innovation. Working as a smart law firm, since 2016. This is not a “fad” to us, but who we are.

Why Successful Clients
use Goldman Law?

[law_blogs_cyber]

Goldman Law Awarded & Recognised

“Legal Services Innovation” Award 2022
“Litigation Excellence Awards” 2021
“International Advisory Experts” Award 2020

Contact Our Senior People

downarrow-new-tri
Jas-profile

Jaswinder (Jas) Sekhon

Snr Int’l lawyer

Managing partner

20 yrs+ exp, Australia+++

Global awards recipient, diverse and strategic client focus. Commercial, tax finance, litigation, offshore, tax planning, trusts estates, assets, IP, AI , medical, family law and mediation.

arrow-right
zeinab-02

Zeinab
Elzein

Senior family lawyer

General counsel

10 yrs+ exp Australia

Her experience ranges from complex property settlement litigation matters to contested children matters, including relocation matters. Zee is sympathetic and guides you stress free.
arrow-right-white
Mat-pic

Mathew
Nott

Snr criminal lawyer

General counsel

Australia, NSW.

Outstanding on his feet, a criminal expert with a 99%+ success rate! Pragmatic commercial life experienced. Client outcome laser focus.

arrow-right-white
Kerry-profile

Kerry
Turner

Snr Client Relations Manager

Australia, NZ, Int’l

(UK, Dubai, Caribbean)

Client and customer experience expert.
Expert in diverse cultures and specialist client needs
Operations and para-legal support.

arrow-right

How will Embracing Tech Help Clients?

Reduce Cost, Increase Responsiveness

Clients Benefit in Smart Contracts and Threat Protection

Collaborations and discussion will help shape the future of law and institutions in these new frontiers. Rapid technological advancements have quickly changed the cyber-security and data protection concepts. We face sophisticated threats, from employees, associates and cyber criminals.

Law firms advise on best practice from data and privacy breaches to comply with directors duties and to protect your information, know how and business from employee and external threats.

Typical Clients in
Cyber Law Include...

Cyber Security & Directors Duties

In today’s digital world and hyper-connected global economy, putting effective cybersecurity measures into practice is especially difficult.

The risk of your organization’s data being unintentionally compromised or stolen through human error or corporate espionage increases as devices start to outnumber people and more people are connecting to IT networks remotely in the future of work.

We take a multidisciplinary approach. Directors must as part of their duties undertake a risk assessment on their business and then ensure that this is implemented. We will see directors being held liable for breach of these duties. Their may be personal liability for breach of legislation compelling cyber security implementation.

New Law NFTs - Old Law Issues?

Digital assets known as NFTs are frequently created on the Ethereum blockchain and are exchangeable for free.

The specific rights that apply to NFTs vary, but they typically serve as proof of ownership of virtual (or even physical) assets. NFTs provide a way to create an “original” or “authentic” version of digital content or assets that are easily duplicated.

Digital assets raise old law issues such as breach of copyright and ownership of property. For example, Chat-GPT has currently eight legal actions for breach of copy right as it uses someone elses data set to combine and produce an output. Is this a new work or simply parts of old work?

How does a Smart 
Contract Work?

NFTs incorporate “smart contracts”, for example to fix how interactions with the content can take place. Coding is locked on to the blockchain as part of the token and self- executes when defined events occur. The smart contract is set up so that access to the digital asset is only granted following payment.

Smart contracts are automated agreements made by the parties involved. This agreement, which was written in code, is baked into the blockchain and is both irrevocable and immutable. They eliminate any need for “middlemen”, automating a workflow.

Each party promises to uphold the legal duties they agreed to in the written agreement once the contract is properly signed.

Successfully Defining & Using a NFT

Legal Issues and Rights

How a NFT is “Sold” & Makes Money

These might include certifying an asset’s ownership, issuing an intellectual property rights (IPR) license, or even having a contractual right to use or receive something (digital or virtual) or to access benefits. Being upfront will prevent the issuer from reneging on unintended rights and potential buyer claims that the rights being offered were misrepresented.

The buyer of an NFT must also be aware of what they are getting. For instance, if the NFT includes smart contract functionality, this may not be immediately apparent but will be encoded into it.

Experience & Trust

With deep local and international expertise for over 30 years.

Growing and protecting successful individuals, family offices and business.

Experience & trust built through sheer hard work

Cyber Law FAQ's

Why should we be worried about cyber security?

  • If realised, cyber security risks have the potential to significantly disrupt your business operations. This can result in significant incident response costs, damage to your organisation’s brand and reputation, and depending on your response, shareholder or regulatory action.
  • Managing cyber security risks requires strong leadership with the board working in concert with executives and technical teams to understand the organisation’s risk exposure. Encouraging an organisational culture that supports cyber security is important, as is supporting technical experts and information technology (IT) departments in their cyber security efforts.

Do you understand your threat environment?

  • Understanding what systems are critical to core business operations, and their security posture, is integral to managing cyber security risks. Furthermore, in order to determine cyber security risks, you need to have an understanding of the threat environment in which your business operates.

Hacking (i.e. unauthorised access)

  • In Australia, unauthorised access to computer systems is criminalised by both State and Federal legislation.
  • In the Federal jurisdiction, hacking is criminalised under the Criminal Code Act 1995 (Cth) (“the Code”).
  • Most commonly, persons suspected of engaging in cybercrime are charged pursuant to the Code, given its universal application in all States and Territories in Australia.
  • Persons suspected of unauthorised access to computer systems are charged pursuant to s. 478.1 of the Code, which provides for the offence of “Unauthorised access to, or modification of, restricted data”.
  • An example of state-based legislation criminalising hacking of private computer systems is Part 6 the New South Wales Crimes Act 1900 (“NSW Crimes Act”). Part 6 relates to “Computer Offences” and sets out multiple offences centred around unauthorised access, modification, or impairment of restricted data and electronic communications.

Phishing

  • Phishing, being a form of online fraud, is criminalised under the Code in instances where the victim is said to be a Commonwealth entity. When the victim is a member of the public, charges are brought under parallel State or Territory legislation. In New South Wales (“NSW”), charges could be brought under s. 192E of the NSW Crimes Act, which criminalises the general offence of fraud.

Depending on the subsequent financial gain or loss suffered subsequent to the activity, the below charges are available:

  • S. 134.2(1) – obtaining a financial advantage by deception.
  • S. 135.1(1) – general dishonesty – obtaining a gain.
  • S. 135.1(3) – general dishonesty – causing a loss.
  • S. 135.1(5) – general dishonesty – causing a loss to another.
  • For the charge to be proven, the prosecution must establish that the accused obtains or causes a financial advantage, gain or loss by way of deception or dishonesty. The maximum penalty for each offence is 10 years’ imprisonment.

  • In the Federal jurisdiction, hacking is criminalised under the Criminal Code Act 1995 (Cth) (“the Code”).

NSW Crimes Act Part 6 Computer Offences.

  • Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime
  • Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime is criminalised by s. 478.4 of the Code,
  • Possession or use of hardware, software or other tools used to commit cybercrime
  • Possession or use of hardware, software or other tools used to commit cybercrime is criminalised by s. 478.3 of the Code, which provides for the offence of possession or control of data with intent to commit a computer offence.
  • The maximum penalty for a contravention of s. 478.3 of the Code is three years’ imprisonment.
  • ss 308F and 308G of the NSW Crimes Act.

Identity theft or identity fraud (e.g. in connection with access devices)

  • Identity crime, and in particular identity fraud offences, are criminalised by Division 372 of the Code. Particular acts that are criminalised include dealing in identification information, dealing in identification information that involves use of a carriage service, possession of identification information, and possession of equipment used to make identification information.
  • The offence of “Dealing in identification information that involves use of a carriage service” is most relevant to cybercrime. It is criminalised by s. 372.1A of the Code

Electronic theft (e.g. breach of confidence by a current or former employee, or criminal copyright infringement)

  • Electronic theft is criminalised by s. 478.1 of the Code. the unauthorised copying of data from a computer would contravene this offence provision.
  • Unsolicited penetration testing (i.e. the exploitation of an IT system without the permission of its owner to determine its vulnerabilities and weak points)
  • Any other activity that adversely affects or threatens the security, confidentiality, integrity or availability of any IT system, infrastructure, communications network, device or data

Part 10.6 of the Code creates offences related to telecommunication services.

  • They include offences relating to dishonesty with respect to carriage services and interference with telecommunications.
  • Additionally, the above-mentioned Part 6 of the NSW Crimes Act would likely be an example of state legislation that could cover these types of activities.

Extended geographical jurisdiction 10.7 of the Code (Divisions 477 and 478).

  • A person will not commit offences under that Part unless: the conduct constituting the alleged offence occurs wholly or partly in Australia, or wholly or partly on-board an Australian aircraft or an Australian ship; the conduct constituting the alleged offences occurs wholly outside Australia and a result of the conduct occurs wholly or partly in Australia, or wholly or partly on-board an Australian aircraft or an Australian ship; the conduct constituting the alleged offence occurs wholly outside Australia; and, at the time of the alleged offence, the person is an Australian citizen or at the time of the alleged offence, the person is a body corporate incorporated by or under a law of the

Mitigating Factors

  • Section 16A of the Crimes Act 1914 (Cth) sets out matters for the Court to consider when passing sentences for federal offences, including offences against the Code.
  • Matters that will generally mitigate a penalty include the timing of any guilty plea, the offender’s character, the offender’s prior record, assistance provided by the offender to the authorities and the offender’s prospect of rehabilitation and likelihood of reoffending. In some circumstances, the absence of intent to cause damage or make a financial gain could be taken into account by a sentencing court as a factor of mitigation, if this is not a necessary element of the offence.
  • A number of the offences particularised above require intent to be proven to establish the charge. For example, a necessary element of s. 478.2 of the Code is that the defendant “intended to cause the impairment” to the data.

  • the Privacy Act (Cth) (“Privacy Act”);
  • the Crimes Act 1914 (Cth);
  • the Security of Critical Infrastructure Act 2018 (Cth);
  • the Code (Cth); and
  • the Telecommunications (Interception and Access) Act 1979 (Cth).
  • The Australian Securities and Investments Commission (“ASIC”) provides guidance to Australia’s integrated corporate markets, financial services and consumer regulator, and organisations through its “cyber reliance good practices”. The good practices recommend, inter alia, periodic review of cyber strategy by a board of directors, using cyber resilience as a management tool, for corporate governance to be responsive (i.e. keeping cybersecurity policies and procedures up to date), collaboration and information sharing, third-party risk management and implementing continuous monitoring systems.
  • The Office of the Australian Information Commissioner (“OAIC”) recommends that entities have a data breach response plan that includes a strategy for containing, assessing and managing data breaches and strategies for containing and remediating data breaches.
  • In February 2018, the Privacy Amendment (Notifiable Data Breaches) Act 2017 amended the Privacy Act to require Australian Privacy Principles (“APP”) entities to, as soon as practicable, provide notice to the OAIC and affected individuals of an “eligible data breach”, where there are reasonable grounds to believe that an “eligible data breach” has occurred. This process is called the Notifiable Data Breaches Scheme (“NDB Scheme”).

  • A failure by a company to prevent, mitigate, manage or respond to an Incident may result in breaches of provisions of the Corporations Act 2001 (Cth).
  • The Corporations Act 2001 (Cth) imposes duties on directors to exercise powers and duties with the care and diligence that a reasonable person would. A director who ignores the real possibility of an Incident may be liable for failing to exercise their duties with care and diligence.
  • Are companies (whether listed or private) required under Applicable Laws to: (a) designate a CISO (or equivalent); (b) establish a written Incident response plan or policy; (c) conduct periodic cyber risk assessments, including for third party vendors; and (d) perform penetration tests or vulnerability assessments?
  • NO. Presently not required for companies to designate a chief information security officer (“CISO”), establish a written Incident response plan or policy, conduct periodic cyber risk assessments or perform penetration tests or vulnerability assessments.

  • Australian common law does not recognise a general right of privacy. The equitable cause of action for breach of confidence may provide a remedy for invasions of privacy.
  • Traditionally, the elements are that information must be confidential, information must have been imparted in circumstances importing an obligation of confidence and there must be an unauthorised use of that information.
  • The current doctrine of breach of confidence does not currently entertain cases of wrongful intrusion, as opposed to cases of wrongful disclosure of confidential information.
  • The Privacy Act regulates the way Commonwealth agencies handle personal information.
  • A person may apply to the Court for an order that an entity pay compensation for loss or damage suffered by the person if a civil penalty has been made against the entity, or the entity is found guilty of an offence under the Privacy Act.
  • The High Court in ABC v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 sanctioned the recognition of a tort of invasion of privacy.
  • Judge Hampel in the case of Doe v ABC (2007) VCC 281 imposed liability in tort for the invasion of the plaintiff’s privacy.

Book your legal strategy information meeting now with a senior lawyer

Fill in the form below to book a 30-minute no-obligation consulting session. 

I will reply within 24 hours.