Emerging Cyber & Digital Law
Privacy, Confidentiality AI & Cyber Threats
Positioned as a New Age Law Firm
We Thrive on Digital Innovation and Digital Business
Combining New Law and Traditional law
Law is increasingly challenged by being applied to areas involving societal, political and technological changes. Legal systems slowly but eventually adapt, but this adaption needs to be properly driven by lawyers who welcome and embrace the new frontiers.
We welcome questions on challenging new areas where traditional legal principles need to be extended or extrapolated.
Awarded for legal innovation. Working as a smart law firm, since 2016. This is not a “fad” to us, but who we are.
Why Successful Clients
Use Goldman Law?*
Goldman Law Awarded & Recognised*
“Legal Services Innovation” Award 2022
“Litigation Excellence Awards” 2021
“International Advisory Experts” Award 2020
Connect With Our Senior Lawyers
Mr. Jaswinder (Jas) Sekhon
Mr. Mohammed Fawzy
Senior General Consistency
Admitted in UAE
Senior General Counsel in Dubai and the UAE which is a leading center for tech innovation, cyber law, digital currency and new tech frontiers.
Over 10 years of experience in the UAE in dealing with all Government departments, provides a variety of corporate and legal services, company formation, corporate contracts, dispute resolution and arbitration issues. L.L.M, LLB Menofia University, Egypt.
He hopes to bring innovation and change to civil and sharia law principles using new age technology enhancing the delivery of legal services.
Mr. Ram Sethi
Ram is a digital transformation specialist with over 25 years of experience across technology services, finance and advisory.
He has an MBA (International Business and Finance) together with director experience with senior Government transformations and with world leading companies such as CISCO.
Ram brings all his industry knowledge to drive our legal transformation objectives to reality.
Digital Business Methods Increase Business Risks
Free Initial Discussion on Cyber Threats and Legal Protection
Our Clients Benefit From Technology and Threat Protection
Collaborations and discussion will help shape the future of law and institutions in these new frontiers. Rapid technological advancements have quickly changed the cyber-security and data protection concepts. We face sophisticated threats, from employees, associates and cyber criminals.
Law firms advise on best practice from data and privacy breaches to comply with directors duties and to protect your information, know how and business from employee and external threats.
Typical Clients in
Cyber Law Include...
Employees, Privacy & Directors Duties
In today’s digital world and hyper-connected global economy, putting effective cybersecurity measures into practice is especially difficult.
The risk of your organization’s data being unintentionally compromised or stolen through human error or corporate espionage increases as devices start to outnumber people and more people are connecting to IT networks remotely in the future of work.
We take a multidisciplinary approach. Directors must as part of their duties undertake a risk assessment on their business and then ensure that this is implemented. We will see directors being held liable for breach of these duties. Their may be personal liability for breach of legislation compelling cyber security implementation.
New Law NFTs - Old Law Issues?
Digital assets known as NFTs are frequently created on the Ethereum blockchain and are exchangeable for free.
The specific rights that apply to NFTs vary, but they typically serve as proof of ownership of virtual (or even physical) assets. NFTs provide a way to create an “original” or “authentic” version of digital content or assets that are easily duplicated.
Digital assets raise old law issues such as breach of copyright and ownership of property. For example, Chat-GPT has currently eight legal actions for breach of copy right as it uses someone elses data set to combine and produce an output. Is this a new work or simply parts of old work?
How does a Smart
NFTs incorporate “smart contracts”, for example to fix how interactions with the content can take place. Coding is locked on to the blockchain as part of the token and self- executes when defined events occur. The smart contract is set up so that access to the digital asset is only granted following payment.
Smart contracts are automated agreements made by the parties involved. This agreement, which was written in code, is baked into the blockchain and is both irrevocable and immutable. They eliminate any need for “middlemen”, automating a workflow.
Each party promises to uphold the legal duties they agreed to in the written agreement once the contract is properly signed.
Emerging Issues; Using NFT's
AI Bots and Copyright
How a NFT is “Sold” & Makes Money
The seller of an NFT is issuing an intellectual property right to use a particular item or are they transferring the rights completely? And the buyer of an NFT must know what “rights” they are getting. For instance.
Smart GPT, auto GPT and chat GPT are emerging trends of bots which are trained on publicly available information. The question is, where the owners have retained copyright on what is searched in “:Google”, then the bot itself may be legally in breach. It is a unsettled question of degree,
Experience & Trust
With deep local and international expertise for over 30 years.
Growing and protecting successful individuals, family offices and business.
Experience & trust built through sheer hard work
Cyber Law FAQ's*
Why should we be worried about cyber security?
- If realised, cyber security risks have the potential to significantly disrupt your business operations. This can result in significant incident response costs, damage to your organisation’s brand and reputation, and depending on your response, shareholder or regulatory action.
- Managing cyber security risks requires strong leadership with the board working in concert with executives and technical teams to understand the organisation’s risk exposure. Encouraging an organisational culture that supports cyber security is important, as is supporting technical experts and information technology (IT) departments in their cyber security efforts.
Do you understand your threat environment?
- Understanding what systems are critical to core business operations, and their security posture, is integral to managing cyber security risks. Furthermore, in order to determine cyber security risks, you need to have an understanding of the threat environment in which your business operates.
Hacking (i.e. unauthorised access)
- In Australia, unauthorised access to computer systems is criminalised by both State and Federal legislation.
- In the Federal jurisdiction, hacking is criminalised under the Criminal Code Act 1995 (Cth) (“the Code”).
- Most commonly, persons suspected of engaging in cybercrime are charged pursuant to the Code, given its universal application in all States and Territories in Australia.
- Persons suspected of unauthorised access to computer systems are charged pursuant to s. 478.1 of the Code, which provides for the offence of “Unauthorised access to, or modification of, restricted data”.
- An example of state-based legislation criminalising hacking of private computer systems is Part 6 the New South Wales Crimes Act 1900 (“NSW Crimes Act”). Part 6 relates to “Computer Offences” and sets out multiple offences centred around unauthorised access, modification, or impairment of restricted data and electronic communications.
- Phishing, being a form of online fraud, is criminalised under the Code in instances where the victim is said to be a Commonwealth entity. When the victim is a member of the public, charges are brought under parallel State or Territory legislation. In New South Wales (“NSW”), charges could be brought under s. 192E of the NSW Crimes Act, which criminalises the general offence of fraud.
Depending on the subsequent financial gain or loss suffered subsequent to the activity, the below charges are available:
- S. 134.2(1) – obtaining a financial advantage by deception.
- S. 135.1(1) – general dishonesty – obtaining a gain.
- S. 135.1(3) – general dishonesty – causing a loss.
- S. 135.1(5) – general dishonesty – causing a loss to another.
- For the charge to be proven, the prosecution must establish that the accused obtains or causes a financial advantage, gain or loss by way of deception or dishonesty. The maximum penalty for each offence is 10 years’ imprisonment.
- In the Federal jurisdiction, hacking is criminalised under the Criminal Code Act 1995 (Cth) (“the Code”).
NSW Crimes Act Part 6 Computer Offences.
- Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime
- Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime is criminalised by s. 478.4 of the Code,
- Possession or use of hardware, software or other tools used to commit cybercrime
- Possession or use of hardware, software or other tools used to commit cybercrime is criminalised by s. 478.3 of the Code, which provides for the offence of possession or control of data with intent to commit a computer offence.
- The maximum penalty for a contravention of s. 478.3 of the Code is three years’ imprisonment.
- ss 308F and 308G of the NSW Crimes Act.
Identity theft or identity fraud (e.g. in connection with access devices)
- Identity crime, and in particular identity fraud offences, are criminalised by Division 372 of the Code. Particular acts that are criminalised include dealing in identification information, dealing in identification information that involves use of a carriage service, possession of identification information, and possession of equipment used to make identification information.
- The offence of “Dealing in identification information that involves use of a carriage service” is most relevant to cybercrime. It is criminalised by s. 372.1A of the Code
Electronic theft (e.g. breach of confidence by a current or former employee, or criminal copyright infringement)
- Electronic theft is criminalised by s. 478.1 of the Code. the unauthorised copying of data from a computer would contravene this offence provision.
- Unsolicited penetration testing (i.e. the exploitation of an IT system without the permission of its owner to determine its vulnerabilities and weak points)
- Any other activity that adversely affects or threatens the security, confidentiality, integrity or availability of any IT system, infrastructure, communications network, device or data
Part 10.6 of the Code creates offences related to telecommunication services.
- They include offences relating to dishonesty with respect to carriage services and interference with telecommunications.
- Additionally, the above-mentioned Part 6 of the NSW Crimes Act would likely be an example of state legislation that could cover these types of activities.
Extended geographical jurisdiction 10.7 of the Code (Divisions 477 and 478).
- A person will not commit offences under that Part unless: the conduct constituting the alleged offence occurs wholly or partly in Australia, or wholly or partly on-board an Australian aircraft or an Australian ship; the conduct constituting the alleged offences occurs wholly outside Australia and a result of the conduct occurs wholly or partly in Australia, or wholly or partly on-board an Australian aircraft or an Australian ship; the conduct constituting the alleged offence occurs wholly outside Australia; and, at the time of the alleged offence, the person is an Australian citizen or at the time of the alleged offence, the person is a body corporate incorporated by or under a law of the
- Section 16A of the Crimes Act 1914 (Cth) sets out matters for the Court to consider when passing sentences for federal offences, including offences against the Code.
- Matters that will generally mitigate a penalty include the timing of any guilty plea, the offender’s character, the offender’s prior record, assistance provided by the offender to the authorities and the offender’s prospect of rehabilitation and likelihood of reoffending. In some circumstances, the absence of intent to cause damage or make a financial gain could be taken into account by a sentencing court as a factor of mitigation, if this is not a necessary element of the offence.
- A number of the offences particularised above require intent to be proven to establish the charge. For example, a necessary element of s. 478.2 of the Code is that the defendant “intended to cause the impairment” to the data.
- the Privacy Act (Cth) (“Privacy Act”);
- the Crimes Act 1914 (Cth);
- the Security of Critical Infrastructure Act 2018 (Cth);
- the Code (Cth); and
- the Telecommunications (Interception and Access) Act 1979 (Cth).
- The Australian Securities and Investments Commission (“ASIC”) provides guidance to Australia’s integrated corporate markets, financial services and consumer regulator, and organisations through its “cyber reliance good practices”. The good practices recommend, inter alia, periodic review of cyber strategy by a board of directors, using cyber resilience as a management tool, for corporate governance to be responsive (i.e. keeping cybersecurity policies and procedures up to date), collaboration and information sharing, third-party risk management and implementing continuous monitoring systems.
- The Office of the Australian Information Commissioner (“OAIC”) recommends that entities have a data breach response plan that includes a strategy for containing, assessing and managing data breaches and strategies for containing and remediating data breaches.
- In February 2018, the Privacy Amendment (Notifiable Data Breaches) Act 2017 amended the Privacy Act to require Australian Privacy Principles (“APP”) entities to, as soon as practicable, provide notice to the OAIC and affected individuals of an “eligible data breach”, where there are reasonable grounds to believe that an “eligible data breach” has occurred. This process is called the Notifiable Data Breaches Scheme (“NDB Scheme”).
- A failure by a company to prevent, mitigate, manage or respond to an Incident may result in breaches of provisions of the Corporations Act 2001 (Cth).
- The Corporations Act 2001 (Cth) imposes duties on directors to exercise powers and duties with the care and diligence that a reasonable person would. A director who ignores the real possibility of an Incident may be liable for failing to exercise their duties with care and diligence.
- Are companies (whether listed or private) required under Applicable Laws to: (a) designate a CISO (or equivalent); (b) establish a written Incident response plan or policy; (c) conduct periodic cyber risk assessments, including for third party vendors; and (d) perform penetration tests or vulnerability assessments?
- NO. Presently not required for companies to designate a chief information security officer (“CISO”), establish a written Incident response plan or policy, conduct periodic cyber risk assessments or perform penetration tests or vulnerability assessments.
- Australian common law does not recognise a general right of privacy. The equitable cause of action for breach of confidence may provide a remedy for invasions of privacy.
- Traditionally, the elements are that information must be confidential, information must have been imparted in circumstances importing an obligation of confidence and there must be an unauthorised use of that information.
- The current doctrine of breach of confidence does not currently entertain cases of wrongful intrusion, as opposed to cases of wrongful disclosure of confidential information.
- The Privacy Act regulates the way Commonwealth agencies handle personal information.
- A person may apply to the Court for an order that an entity pay compensation for loss or damage suffered by the person if a civil penalty has been made against the entity, or the entity is found guilty of an offence under the Privacy Act.
- The High Court in ABC v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 sanctioned the recognition of a tort of invasion of privacy.
- Judge Hampel in the case of Doe v ABC (2007) VCC 281 imposed liability in tort for the invasion of the plaintiff’s privacy.
* Some of these articles relate to other pratices such as in Australia, not specifically New Zealand unless expresslly mentioned.
**These awards relate to our global pratices generally and not specifically to our New Zealand pratice.
***Some of these answers relate to other pratices such as in Australia, not specifically New Zealand unless expresslly mentioned.