Matthew Pokarier
Clyde & Co
Matthew Pokarier specialises in commercial litigation and dispute resolution defending directors and companies, and advising on professional indemnity claims for a wide range of professionals for the past 25 years. This has included advising on the growing area of privacy and data breach law. He acts for Australian and international clients involved with the insurance and reinsurance sector including insurance companies, brokers and insureds. He has experience in all areas of insurance law but particularly professional indemnity, cyber insurance, financial institutions and directors' and officers' liability, both as coverage and defence adviser.

A Panel Discussion: Greater Possibilities, What Recent Trends in Cyber Insurance Means for Australian Organisations

Allianz Global Corporate & Speciality (AGCS), Clyde & Co and Willis Towers Watson propose to deliver a joint panel discussion that explores key market developments and emerging trends in cyber insurance and IT liability insurance over the past 12 months, and key strategies for obtaining the best outcomes from cyber insurance policies.

This multi-disciplinary panel will examine how organisations can best take advantage of changes in the cyber insurance market including increases in coverage available for first and third parties losses, changes in coverage exclusions, improvements in insurers' incident response capabilities and vendor relationships and best strategies for how organisations can engage with their insurers to manage cyber risk. The presentation will be a general market discussion and will not discuss any individual policy, or seek to promote any particular product.

The panel will also provide examples of real world cyber insurance claims and how to avoid the mistakes organisations commonly make when accessing cyber insurance coverage. It is anticipated that the presentation will involve a moderated discussion format, and cover the following topics:

(a) Understanding emerging changes in cyber liability including in relation to the prevalence of significant insured losses, the frequency of incidents, regulatory trends and the level of sophistication of organisations around incident response;
(b) Key developments in cyber insurance including in relation to expanded first party and business interruption losses coverage, the availability of consequential and reputational damages, and improvements in incident response frameworks and vendor management;
(c) Emerging insurance issues including coverage for general systems failure, supply chain risk and physical damages arising from a security event;
(d) Understanding silent cyber risk exposures, and the potential for traditional liability insurance products to include coverage for losses arising from security breaches;
(e) Practical examples and case studies explaining how organisations can best take advantage of changes in the market and the expanded coverages available; and
(f) A question and answer session.

The aim of the presentation is to improve the audience's understanding of recent developments in cyber insurance and equip them with the knowledge to understand how best to obtain cyber insurance and take advantage of the expanded coverage which is now available.

TUTORIAL: A Tangled Web - Navigating Mandatory Notification, the GDPR, Data Protection and Privacy Laws

Over the past 12 months, privacy and data security have become an increasingly greater compliance challenge for organisations due to the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (the Data Notification Law) which comes into force on 22 February 2018, the existing Privacy Act 1988 (Cth) (the Privacy Act) and significant international laws including the EU General Data Protection Rules.

Many organisations fail to appreciate that the Data Notification Law provides the means by which Australian regulators can assess and investigate a company's overall compliance with their data security, collection, retention and privacy obligations. For these reasons it is important that organisations understand the wide reaching impacts of Australia’s privacy laws, and the extent to which international laws can impose added compliance costs and financial burden.

This tutorial will examine the Data Notification Law, organisations' data security and privacy obligations under both federal and state privacy and data protection laws (including the Privacy Act, the Information Privacy Act 2009 (Qld), the Privacy and Data Protection Act 2014 (Vic) and the Privacy and Personal Information Protection Act 1998 (NSW)), the EU's General Data Protection Regulation (GDPR), key United States and Canadian privacy laws and the ways in which organisations can be exposed to both local and cross jurisdictional regulations for data privacy and security.

The tutorial will also provide practical guidance for how to ensure readiness and compliance with the relevant laws, and provide insights into frameworks that organisations can adopt to better manage these legal obligations and reduce their risk profile.

It is anticipated that the tutorial will cover the following topics:

(a) A brief explanation of the threshold requirements of the Data Notification Laws, the EU's General Data Protection Regulation (GDPR), as well key United States and Canadian laws that have potential cross jurisdictional application;
(b) How the Data Notification Law works within the existing Privacy Act;
(c) Examining other key state and federal statutory requirements relating to the protection and storage of data at each stage of the information lifecycle such as under the Information Privacy Act 2009 (Qld), the Privacy and Data Protection Act 2014 (Vic) and the Privacy and Personal Information Protection Act 1998 (NSW);
(d) Understanding key risk areas where cross jurisdictional liability can arise;
(e) Practical steps organisations can take to ensure compliance with their legal and regulatory obligations and guidelines for developing internal processes to manage the Data Notification Law;
(f) Practical examples and case studies drawn from real world experience; and
(g) A question and answer session.
The aim of the tutorial is to improve the audience's understanding of the growing web of legal and regulatory obligations they face to protect and manage data. The tutorial will provide guidance on compliance with privacy and data protection laws and recommend steps for organisations to manage these obligations and improve internal compliance processes.