Sladen Legal’s multi-disciplinary approach to cyberlaw assists clients to achieve regulatory compliance, manage risk and optimise business operations. We inspire action through knowledge by advising on legal and regulatory issues, translating often complex legal theory into operational practice.





Information Law


Information Security



About the Sladen Legal Cyberlaw Practice

Cyberlaw regulates people, information and information systems at national and international level. And, at Sladen Legal, we believe cyberlaw is empowering.

Coming to grips with cyberlaw means knowing your rights while meeting your obligations. This allows you to maximise your business opportunities and manage your risk.

Our services are uniquely differentiated and we have specific experience in Tier-1 enterprise environments, working in collaboration with information security, risk and compliance.

Our cyberlaw clients come from the full range of industries in the public and private sectors. From start-ups through to large businesses, we service any organisation that uses information systems.


+61 3 9620 9288


Including warfare & espionage

Private sector entities operate today on the frontlines of cyber conflict. Hostile actors target them, aiming to steal and/or misappropriate intellectual property, degrade infrastructure, and disrupt business activities.

Sladen Legal’s cyberlawyers have decades of experience. They know that applying a range of proactive strategic and technical cybersecurity measures is key to an effective cyber strategy. They will help you understand how to develop and use these measures within a carefully defined legal and policy framework, providing you with powerful tools for addressing cyber threats.


  • Strategic and policy advice; and
  • Runbook on ramifications.
Malicious cyber activity is a security challenge for all Australians. Australian organisations across the public and private sectors have been compromised by state-sponsored or non-state actors. Overseas, large multinational companies and government organisations have been targeted, losing substantial amounts of sensitive commercial and personal information or incurring major damage to their business and reputation.
— Australia’s Cyber Security Strategy 2016


Including protecting & defending cyberspace

Sladen Legal specialises in providing advice on cyberlaw and information (cyber) security. And we underpin it with business advice founded on decades of hands-on, practical implementation of legal theory to business processes.

Regardless of your technology choices, our team provides the best solution for your business. Sladen Legal’s cyber security approaches and methodologies are designed to complement your business processes and objectives. Based on your risk appetite, business culture and budget, we work with you for your desired outcome.

Cyber Security Services

  • Advice on applicable cyber security laws.
  • Cyber security strategy development.
  • Cyber security frameworks, programs and plans.
  • Development, drafting, auditing and reviewing of cyber security posture, policy, procedures, standards, baselines, guidelines and FAQs.
  • Implementation, compliance, audits and GAP analyses on international and Australian standards.
  • Information/data classification and development of security controls for handling high value, high sensitivity and other legally classified information.
  • Business continuity (BCP), disaster recovery (DRP) plans and advice.
  • Ethics and crisis communications policy and advice.
  • Training and change management.
  • Managed and retainer services.
If an organisation is connected to the Internet, it is vulnerable to compromise. As people and systems become ever more interconnected, the quantity and value of information held online has increased. So have efforts to steal and exploit that information, harming our economy, privacy and safety. Cyberspace, and the dynamic opportunities it offers, is under persistent threat.
— Australia’s Cyber Security Strategy 2016

Information law

Including intellectual property, technology, media & telecommunications

There is a misconception around information law – people think it’s limited to traditional legal practice areas such as intellectual property, technology, and media and telecommunications.

But that’s not true: information law affects every legal practice area and everyone who uses Information and Communications Technology (ICT).

Sladen Legal believes information law compliance and risk management begins with the development of an ICT legal strategy. This provides a clear framework for implementing ICT legal compliance and risk management across your operations.

With decades’ experience applying ICT laws to business processes and technologies, our cyberlawyers are uniquely positioned to guide and advise you on the intricacies of doing business in a digital world.

We understand protocols and how information moves up and down the technology stack. And we understand the differences between telecommunication laws that cater for switched network communications, and data laws that cater for internet protocol (packet switched) communications.

Through multi-disciplinary expertise, Sladen Legal helps turn legal theory into everyday operational practicality, demonstrating compliance with law and maximising business opportunities. And our service delivery is heightened by our hands-on collaboration with your IT team and (if applicable) in-house legal counsel. 


  • Information Communication Technology (ICT) legal compliance strategy.

  • ICT legal compliance frameworks, programs and plans.

  • Assistance with the identification of applicable laws.

  • Advice relating to ICT laws and assistance with practical implementation of compliance through development of administrative, technical and physical controls.

  • Development, drafting, auditing and reviewing of ICT legal policy, procedures, standards, baselines and guidelines.

  • ICT legal risk assessments and compliance audits.

  • Development of ICT legal compliance maturity matrices.

  • Information asset identification and protection.

  • Record Retention and Destruction Schedule (RDS) development.

  • Legal Information classification and development of handling criteria (high value, high sensitivity, Intellectual Property [IP] and Personal Information [PI]).


Information security

Including information, systems, management & governance

Information Security and Information Management (IM) have specific meanings within a business context, and Sladen Legal is fully equipped to assist you with the legal ramifications of both.

Information Security refers to measures relating to people, processes and technology, and the confidentiality, integrity and availability of information and information systems. On the other hand, Information Management (IM) concerns the creation, receipt, distribution, use, maintenance and disposition of information through its lifecycle.

IM touches on every business and public sector departmental activity. It includes Records Management (RM) defined as “[i]nformation created, received, and maintained as evidence and information by an organisation or person in pursuance of legal obligations or in the transaction of business”. That means there is a legal imperative for organisations to retain their records.

Sladen Legal’s multidisciplinary team has the expertise and hands-on experience to assist your compliance with information laws, help mitigate your information-related risk, and leverage an information technology advantage. And we can tailor our services to provide a ‘first steps’ approach to assisting smaller organisations or start-ups that are beginning the compliance and risk management journey.


  • Information management strategy, including an Enterprise Information Management (EIM) strategy development.
  • Information management frameworks, programs and plans.
  • Compliance with legal record retention requirements (identify IM/RM requirements).
  • Development of Record Retention and Destruction schedules (RDS).
  • Development of Business Classification Schema (BCS) aligning to organisational RDS and IM/RM Policy.
  • Development, drafting, auditing and reviewing of IM/RM policy, procedures, standards, baselines, guidelines and FAQs.
  • IM risk assessments.
  • Information identification, classification and development of IM handling criteria (high value, high sensitivity).

If your organisation operates in Australia and internationally you can use any of our general services as part of a global program that includes:

  • Compliance with laws of different jurisdictions that have record retention requirements; and
  • The rationalisation of various jurisdictional IM/RM laws to global standard.

At Sladen Legal, we work with you, advising on legal and regulatory matters to ensure IM/RM compliance. Our services include hands-on participation in the rollout of technology implementation projects such as

  • Enterprise Content Management (ECM); and
  • Enterprise Resource Planning (ERP).



Including data protection & data governance

‘Information privacy’, ‘data privacy’ or ‘personal information’ (PI) concerns information that identifies an individual, or that has the potential to identify an individual. PI is, therefore, valuable to your organisation and can be sensitive.

People – and the law – require PI to be respected and protected. But this can’t happen without information security and the ability to apply law to the physical and logical realities of information systems and architectures.

Public and private sector organisations in Australia must comply with laws regulating PI ‘processing’. This includes any operation performed on PI, by automated or other means, such as:

  • collection, use and recording;

  • organisation and structuring;

  • storage, consultation or retrieval;

  • adaptation or alteration;

  • disclosure by transmission;

  • dissemination or otherwise making available;

  • alignment or combination; and

  • restriction, erasure or destruction.

Almost every business processes PI. It is invariably transferred across numerous international boundaries, meaning that privacy compliance is an international matter, requiring knowledge of laws in many jurisdictions. And, in the event of unauthorised access, disclosure or loss of PI, organisations must notify regulators and affected individuals.

At Sladen Legal, we believe privacy compliance and risk management should begin with the creation of a privacy strategy. This provides a clear framework for the implementation of information privacy compliance and risk management across your operations.

Our experience tells us this strategy is crucial to the successful delivery of a privacy framework, and to the subsequent program of work (or privacy plan) leading to operational efficiencies and business benefits.

We have a three-phase methodology:

  • analysis and assessment;

  • delivering your privacy strategy; and

  • building and implementing your privacy program.

After the three-phase process, we assist you to:

  • build your privacy team;

  • assess risks and establish communication channels;

  • design and implement (internal and external) operational controls;

  • manage and enhance the controls (Plan–Do-Check-Act);

  • demonstrate ongoing compliance and risk mitigation; and

  • achieve continual improvement (maturity model).


  • Advice on all aspects of privacy law.

  • Draft, review or update artefacts (policies, procedures, guidelines, baselines, FAQs and Wikis, etc.) pertaining to practices, procedures and systems for privacy compliance and risk management.

  • Advice on physical, logical and administrative controls for securing PI, including Privacy Enhancing Technologies (PETs), Data Leak Prevention (DLP) and others.

  • Prepare and update data breach response plans to ensure notifications requirements are met in an efficient and timely manner. (see Infosheet: Cyberlaw Notifiable Data Breaches)

  • Assist organisations to take steps to ensure good privacy governance and compliance, including embedding a culture of privacy that enables compliance, establishing robust and effective privacy practices, procedures and systems.

  • Undertake Privacy Impact Assessments (PIA) organisation-wide, and technology or use-case specific.

  • Development of Record Retention and Destruction Schedules (RDS) linked to privacy law and other legal and business retention requirements.

  • Development of Business Classification Schema (BCS) which align to organisational RDS.

  • Development of information classification and handling processes and procedures.

  • Compliance audits, GAP analyses and recommendations.

  • Data privacy risk assessments.

  • Privacy maturity model development and assessment.

If your organisation operates in Australia and internationally you can use any of our general services as part of a global program that includes:

  • project initiation and stakeholder identification;

  • Australian assessment;

  • other jurisdiction assessments;

  • development of a global privacy compliance plan;

  • development of a client privacy standard;

  • planning and actioning of global rollout; and

  • stock exchange listing and reporting requirements where relevant.

We offer retainer services and real-time support to ensure continued effectiveness and enhanced response to privacy compliance and risk.



Including interception & monitoring

The legal framework governing the sensitive relationship between privacy and surveillance is little understood. Furthermore, legal obligations in relation to privacy and surveillance are seldom seen in relation to privacy, consumer and other law.

The deployment of data leak, adware and tracking technologies involves the surveillance and monitoring of internal (and external) users through various logical means including telecommunications and data surveillance. Therefore, surveillance impacts directly upon privacy.

The capacity to make connections between related bodies of law is not central to business or IT personnel’s activities; their skill sets don’t include those needed to identify and apply law to the deployment of surveillance and tracking technologies.

It is a big mistake for organisations to rely solely on security teams to implement data protection programs. The most effective way of creating administrative data-protection controls is through a collaboration of strategic business functions with specialist legal, privacy and security professionals who understand the application of cyberlaw to risk.

Once you gain perspectives from these and other stakeholders, you will know that a data protection program and technical and legal controls are not roadblocks to business, or unfair limitations to expectations of privacy, but business enablers.

Please contact us for assistance in understanding this complex area of law and its application to your business.


Data governance, Risk & Compliance


‘Data Governance’ (‘Information Governance’) is a business-enabling function that powers data-driven business models and insight. It concerns the activities and technologies organisations use to maximise their information’s value while minimising associated risks and costs.

The goal is to make sure information can be found and that it is handled appropriately, ensuring confidentiality, integrity and availability. Data Governance involves identifying what information must be kept and getting rid of the rest – unless you choose to keep it.

Sladen Legal’s cyberlaw team has experience in all aspects of the law relating to information, and hands-on experience in managing information and information risk. We can advise and assist you to create successful Data Programs and help you to manage the necessary components for Data Governance success.


  • Data Governance strategy and planning including Corporate Governance cyber advice.

  • Data remediation (as a process that brings order to information).

  • Assistance with understanding Data Governance technologies and advice when working with vendors.

  • Compliance.

  • Business efficiencies.

  • Executive mandates, board charters and Data Governance roles.

  • Development of board charters and delegations of authority.

Cyber policy

Including cyber posture

Recognising the private sector’s significant role in nation states’ cybersecurity has led Australian and international policymakers to call for public-private partnerships. These have so far focused on information sharing, best practices and post-incident investigation, but there’s more to be done.  

Australia cannot accept the cybersecurity risks of a vulnerable private sector. Neither can it continue to maintain an inadequate cyber deterrence posture. The reality is, however, that the current legal and policy environment for private sector companies to defend themselves is ambiguous. This makes it risky for businesses to use certain defence tools that may be effective in addressing malicious cyberattacks.

Sladen Legal works with forward-leaning and technologically advanced private entities, assisting them to understand the legal risks when defending their assets in cyberspace. We ensure these actions are embedded within a policy and legal framework that confirms government oversight, ensures privacy and civil liberties are not infringed, and mitigates technical risks.

We invite you to contact us for bespoke advice on defending your business, customers and information assets.


standards, frameworks & best International practice

Australian and international standards and frameworks play an important role in supporting and demonstrating legal compliance and managing risk.

Even where no statutory compliance requirement exists, liability can arise where there is a legally recognised obligation, a failure to conform to the required standard and proximate causation resulting in injury, damage or loss.

Sladen Legal cyberlawyers have many years of hands-on experience working with standards in international business applications. Please contact us to find our more.

Other Cyberlaw Services...

Innovation Law, Commercialisation, New and Emerging Technologies

Recognised as leaders in innovation law and commercialisation, Sladen Legal lawyers are members of the Australian Department of Industry, Innovation and Science commercialisation program and are represented on the Technology and Law Committee of the Law Institute of Victoria.

If you have an idea and need assistance in understanding cyberlaw’s impact on your business – and if AI, Cloud, Big Data, blockchain, IOT and other emerging technologies are relevant – our full legal service offering can assist you.

Training & Webinars

We offer in-house and external training and awareness programs across all aspects of the Cyberlaw practice areas. Please contact us to find out more.

Cybercrime, Forensics, Incident Response and Crisis Communications

Malicious cyber activities are wide ranging, including activities aimed at compromising the confidentiality, integrity or availability of information systems (or the information on them).

‘Cyber espionage’ refers to theft of information for intelligence purposes, while ‘cybercrime’ means crimes committed through the use of computers, or crimes directed at computers. The latter can include illegally modifying electronic data or seeking a ransom to unlock a computer affected by malicious software.

If you are the victim of a cyberattack and need assistance with how to respond and manage communications, please contact us.


Cyberlaw News & Events