About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising on tech company IPOs July 6, 2018

Silicon Valley-based technology company Pivotal Systems launched an initial public offering (IPO) and listing on the Australian Securities Exchange (ASX) on 2 July 2018. The IPO raised $53.5 million, placing the value of the specialist … Continued

Latest News

Maddocks acts on major mining acquisition July 17, 2018

Tuesday 17 July 2018 Law firm Maddocks has advised Consolidated Mining & Civil Pty Ltd (CMC) on its purchase of 100 percent of Benagerie Gold Pty Ltd, which holds the Benagerie mining lease, from Havilah … Continued

Latest Article

NSW Crown land reforms have commenced – what do local councils need to know? July 18, 2018

The majority of the Crown Land Management Act 2016 (NSW) (the Act) commenced on 1 July 2018. The Act significantly reforms the use and management of Crown land in NSW. This article provides an overview of the key reforms, … Continued

No escape from cyber security duties for Commonwealth officials and directors

In a recent blog post and more comprehensive article, we discussed directors’ duties under the Corporations Act 2001 (Cth) as they extend into the field of cyber security. Similar (and, as discussed below, in some cases even broader) duties are imposed on Commonwealth entity officials, and Commonwealth company directors.

Commonwealth entity officials are required under the Commonwealth’s Public Governance, Performance and Accountability Act 2013 (Cth) (PGPA) to perform their powers and functions and discharge their duties with care and diligence. These duties are analogous to directors’ duties under the Corporations Act.

In the case of Commonwealth company directors, they must also comply with their Corporations Act directors’ duties, and with additional duties and obligations under the PGPA, including keeping the responsible Minister informed of significant issues affecting the relevant Commonwealth company. In our view, this duty to inform extends to informing the responsible Minister of any significant cyber breach or cyber security related issues.

We have identified six key cyber security standards that Commonwealth entity officials and Commonwealth company directors should be aware of as follows:

  1. The Australian Signals Directorate’s Top Four Migration Strategies to Protect Your ICT System
  2. The Australian Government Cyber Security Operations Centre’s Questions Senor Management Need to be Asking About Cyber Security
  3. ASIC’s Cyber Resilience: Health Check (ASIC Report 429)
  4. The Office of the Australian Information Commissioner’s Guide to Security Personal Information – ‘Reasonable Steps’ to Protect Personal Information
  5. The Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures and
  6. ISO/IEC Standards.

The six cyber security standards referred to above are by no means exhaustive and we have discussed these standards in more detail in our related article here.

In a recent blog post and more comprehensive article, we discussed directors’ duties under the Corporations Act 2001 (Cth) as they extend into the field of cyber security. Similar (and, as discussed below, in some cases even broader) duties are imposed on Commonwealth entity officials, and Commonwealth company directors.

Commonwealth entity officials are required under the Commonwealth’s Public Governance, Performance and Accountability Act 2013 (Cth) (PGPA) to perform their powers and functions and discharge their duties with care and diligence. These duties are analogous to directors’ duties under the Corporations Act.

In the case of Commonwealth company directors, they must also comply with their Corporations Act directors’ duties, and with additional duties and obligations under the PGPA, including keeping the responsible Minister informed of significant issues affecting the relevant Commonwealth company. In our view, this duty to inform extends to informing the responsible Minister of any significant cyber breach or cyber security related issues.

We have identified six key cyber security standards that Commonwealth entity officials and Commonwealth company directors should be aware of as follows:

  1. The Australian Signals Directorate’s Top Four Migration Strategies to Protect Your ICT System
  2. The Australian Government Cyber Security Operations Centre’s Questions Senor Management Need to be Asking About Cyber Security
  3. ASIC’s Cyber Resilience: Health Check (ASIC Report 429)
  4. The Office of the Australian Information Commissioner’s Guide to Security Personal Information – ‘Reasonable Steps’ to Protect Personal Information
  5. The Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures and
  6. ISO/IEC Standards.

The six cyber security standards referred to above are by no means exhaustive and we have discussed these standards in more detail in our related article here.