GDR 100 2023

Holding Redlich

Holding Redlich

Professional notice

Other senior lawyers7
Associates and senior associates7
Who’s Who Legal: Data nominees0
Percentage of lawyers in Who’s Who Legal: Data0%
Key clientsOracle, Free TV Australia, Office of the National Data Commissioner, Illion and Scentre Group

A squad of senior partners with an unusual breadth of experience working in government and at regulators between them gives Holding Redlich’s data team, led by Angela Flannery in Sydney, a deep understanding of Australia’s shifting data protection laws. The last year alone has seen Paul Menzies-McVey join from the Office of the National Data Commissioner.

The Office of the Australian Information Commissioner (OAIC) is a major client. This insider knowledge, combined with a close working relationship with colleagues in litigation and dispute resolution, makes the team a strong choice for any investigation – a fact reflected in their appearances in significant cases at the High Court of Australia.

The team is also more than capable of advising entities across a range of sectors on day-to-day compliance issues, with experience helping clients from government, financial services, manufacturing and retail.


Alongside Flannery, who brings two decades of private practice experience as well as prior stints as general counsel and first assistant secretary at the Department of Communications and the Arts, Blair Beven in Sydney marries expertise in managing IP issues for individuals, start-ups and SMEs with experience in data protection matters.

Greg Wrobel, also in Sydney, regularly represents the OAIC, including defending its decisions before the Federal Court of Australia. In Canberra, Elizabeth Carroll advises on a range of issues including statutory interpretation, freedom of information and legislative drafting, drawing on her experience working across three Commonwealth agencies including as chief legal counsel at IP Australia.

Work highlights

The firm, and particularly Paul Venus, has carried out a great deal of work for the OAIC in a number of matters, including several judicial reviews of its decisions before the Australian Federal Court and Federal Circuit and Family Court of Australia. It has also represented the regulator before the Administrative Appeals Tribunal in a case to reach a settlement over a data breach, and advised several government departments in confidential matters relating to data-heavy initiatives.

The team also assisted Macquarie Bank in its successful bid to operate the Victorian motor registry, including ensuring that a plan to monetise the data held in the registry was compliant with both privacy legislation and the Road Safety Act.

It additionally advised Scentre Group, the operator of Westfield Shopping Centres, on the roll-out of hybrid online and in-person shopping apps.

Client references

“Holding Redlich provided expert advice on data, information law, administrative and commercial law with strong knowledge and understanding of the Australian government. Their advice was strategic, pragmatic and client-focused.”

“Excellent written communication, concise advice, highly responsive and accessible, ability to advocate to third parties on behalf of client.”

Holding Redlich has a multi-disciplinary team that can assist you in all aspects of data protection and privacy, from developing privacy policies and data governance structures, to preparation of transaction documentation and advice on regulatory compliance including consumer protection, competition (including ad tech), cyber security and national security regulation. We also provide IP assistance and act for clients in data-related dispute resolution and litigation.

Australia’s ongoing regulatory evolution

Holding Redlich is well-placed to assist clients as the Australian data regulatory landscape continues to evolve, with increasingly onerous obligations imposed on businesses, coupled with higher penalties for breaches.

With the change in Australian Government in mid-2022, privacy has become an area of greater regulatory focus. The new Government has already sought to pass legislation that will increase the maximum penalties for serious or repeated breaches of Australia’s Privacy Act from approximately Australian $2.2 million to Australian $50 million or more. That legislation may take effect before the end of 2022. Australia’s Attorney-General has also promised to commence consultation on sweeping Privacy Act reforms before the end of 2022.

The changes to the Privacy Act need to be seen in the context of a number of very serious and high profile data breaches, including in relation to one of Australia’s largest telecommunications companies and also one of Australia’ largest health insurers. This has provided impetus to the Australian Government to also consider further cyber security regulation, which will likely be introduced during 2023.

Our practice

Our practice covers data in many forms, including business information, big data and personal information. We understand that managing data and privacy risks involves a range of stakeholders within an organisation. We work not only with general counsel but internal executive teams, including chief data officers, chief security officers, chief risk officers and regulatory and communications executives.

The broad experience of our team in strategic planning, governance structures, compliance and dealing with regulatory investigations and breach management means our clients receive expert advice that is both pragmatic and tailored to best assist them. Our partners also have extensive experience in engaging with regulators, including the Office of the Australian Information Commissioner and the Australian Competition and Consumer Commission.

Utilising our knowledge of the law, as well as our extensive experience of the Australian regulatory environment and with Government agencies and regulators, we can:

  • Provide advice and transactional assistance to clients that ensures they fully comply with the current law, with an eye to ensuring compliance with future regulatory changes that may impact their business in relation to data.
  • Resolve disputes and act in litigation related to data, whether between private companies or in relation to regulatory matters, in a manner that is both effective and efficient for our clients.
  • Draft and negotiate transaction documentation related to data, including transfers of data and other IP, as well as privacy, rights to information and data security specific provisions for commercial contracts.
  • Develop cutting-edge regulatory proposals and carefully balanced submissions to the Government responding to legislative reform consultation processes. This includes reform of privacy legislation and reform in competition and consumer protection areas that impact data usage.
  • Advise on other key data and privacy areas, including data security, data breach planning, risk management, compliance with the full spectrum of privacy and data related regulation and information governance.
  • Assist in the registration and ongoing management of IP.

About Holding Redlich

The firm’s reputation for delivering excellent results for our clients has developed over 60 years and our consistent growth has seen us become one of Australia’s leading law firms. We provide a complete range of legal services for our clients, including many of Australia’s largest public and private companies and all levels of government. Our solutions are tailored to our clients’ needs and underpinned by the very best legal thinking and expertise of more than 500 staff, including over 200 lawyers and 70 partners.


Unlock unlimited access to all Global Data Review content