Matthew Ellis

Subscribe to all posts by Matthew Ellis

ASIC consults on new IDR ideas

The Australian Securities and Investments Commission (ASIC) has released Consultation Paper 311 seeking input from interested parties on 15 proposals that will change the way Australian Financial Services Licence (AFSL) holders conduct and report on internal dispute resolution (IDR)  processes. Submissions close on 9 August 2019, with the final revisions to Regulatory Guide 165: Internal … Continue reading

OAIC releases 12-month data breach scheme report – encourages entities to move beyond compliance

The Office of the Australian Information Commissioner (OAIC) this week released its 12-month Insights Report for the Notifiable Data Breach (NDB) Scheme (Report).  The Report shows trends and noteworthy statistics from 1 April 2018 to 31 March 2019, reporting an uptick in notifications and identifying the most common cyber trends leading to a requirement to … Continue reading

Enforceable code provisions: an interview with John Price, Lead Ombudsman for General Insurance Decisions, AFCA

Continuing on from our blog series “Insurance After Hayne”, we will be posting short interviews with industry and legal experts on the Hayne recommendations and the proposed reforms to the industry.   In the second instalment of the series, we were joined by John Price, Lead Ombudsman for General Insurance Decisions at the Australian Financial Complaints … Continue reading

Back to the drawing board as design and distribution laws pass Parliament

The Treasury Laws Amendment (Design and Distribution Obligations and Product Intervention Powers) Act 2019 passed Parliament last week and received royal assent shortly after. It introduces design and distribution obligations into the Corporations Act 2001 (Cth), requiring financial services entities to consider the design of their retail financial products and the way they are distributed. … Continue reading

Privacy Shake-Up – Tougher Penalties and More Funding

What’s happened? The Australian Attorney-General’s department has announced a proposed new regime that would make changes to the Privacy Act 1988 (Cth) (Act). The proposed changes would see a significant expansion of the powers afforded to the Office of the Australian Information Commissioner (OAIC), particularly with respect to the scope of penalties that may be … Continue reading

Removal of the claims handling exemption – what will it mean for insurers?

A Norton Rose Fulbright webinar with John Anning, Insurance Council of Australia Continuing on from our blog series “Insurance After Hayne”, we will be posting short interviews with industry and legal experts on the Hayne recommendations and the proposed reforms to the industry. In the first of these interviews, Ray Giblett (insurance partner, Sydney) sat … Continue reading

Insurance After Hayne Part 6 – The BEAR necessities

Welcome to the 6th and final instalment of our weekly updates following the Hayne Royal Commission into the financial services industry. This week we focus on Recommendation 4.12, in which Hayne recommends that the Banking Executive Accountability Regime (BEAR) be extended to other financial service providers, including insurers. Now that the full contents of the … Continue reading

Insurance After Hayne Part 5 – The Three Cs: Claims, Codes and Complaints. A Triple Threat or Opportunity?

Welcome to Part 5 of Insurance After Hayne, a six part series on our Insurance Law Tomorrow blog focusing on the implications for insurers following the release of the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services industry. In this week’s article, we explore Commissioner Hayne’s recommendations on … Continue reading

Insurance After Hayne Part 4 – Spotlight on culture, governance and pay

Welcome to Part 4 of Insurance After Hayne, a six part series on our Insurance Law Tomorrow blog focusing on the implications for insurers following the release of the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services industry. In this week’s article, we explore Commissioner Hayne’s recommendations on … Continue reading

Insurance After Hayne Part 3 – The duty of disclosure: 5 lessons for insurers

Welcome to Part 3 of Insurance After Hayne, a six part series on our Insurance Law Tomorrow blog focusing on the implications for insurers following the release of the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. This week, we shift our focus to one of the … Continue reading

Insurance After Hayne Part 2 – How the Royal Commission will change how insurance is sold

Welcome to Part 2 of Insurance After Hayne, a series focusing on the implications for general and life insurers of the Royal Commission’s final report.  In last week’s article, we provided an overview of the recommendations applicable to the insurance industry. This week, we look more closely at the recommendations regarding sales practices and policy … Continue reading

Insurance after Hayne Part 1 – What do insurers need to do following the Royal Commission’s final report?

Welcome to Part 1 of “Insurance after Hayne”, a special series on our Insurance Law Tomorrow blog focusing on the implications for general and life insurers following the release of the Royal Commission’s final report. Each week, we will be sharing our thoughts on Commissioner Hayne’s recommendations through the lens of our insurance regulatory team. … Continue reading

Norton Rose Fulbright contributes to ALRC’s review of litigation funding

The Australian Law Reform Commission’s (ALRC) report ‘Integrity, Fairness and Efficiency—An Inquiry into Class Action Proceedings and Third-Party Litigation Funders’[1], was released on 25 January 2019. The report makes 24 recommendations in an effort to ‘shake up’ a now-booming sector.  The ALRC received over 75 submissions in response to their initial Discussion Paper[2], including a … Continue reading

Cyber-attacks are getting more sophisticated – are you safe?

It has become common knowledge that password protection and encryption of data are some of the most effective ways of preventing your information from ending up in the wrong hands. As cybercriminals adapt to advances in password protection and encryption technology, it is important to remember that these measures cannot completely eliminate the risk of … Continue reading

A Trend Has Emerged – Third Quarter Report on Data Breaches by the OAIC

The Office of the Australian Information Commissioner (OAIC) recently released its third quarterly report in relation to data breaches notified under the Notifiable Data Breach (NDB) Scheme between 1 July and 30 September 2018. For this quarter, the OAIC received 245 data breach notifications which is on par with the previous quarter. With this being … Continue reading

Cloud cover: 5 tips to mitigate the risks of cloud computing services

In mid-2017, the Australian Bureau of Statistics revealed that almost a third of sampled businesses are using commercial cloud computing services.  This year, Gartner reported Australian businesses will spend $4.6 billion on cloud services (an 18.5% increase from last year). Below we highlight some of the risks for businesses associated with the use of cloud … Continue reading

Cyber Risk for D&O – Steps to Mitigate

Think of one of the greatest nightmares of your professional life. For the management team of a corporation and their in-house counsel, there are few more nightmarish days than when they receive a call from the IT department reporting unauthorised activity in the company’s databases. Over the next few days, the fog lifts and it … Continue reading

Class Actions – Time for Review and Change?

As we have previously reported, the Australian Law Reform Commission (ALRC) is in the midst of conducting an Inquiry into Class Action Proceedings and Third-Party Litigation Funders.  The ALRC is to deliver its report on 21 December 2018. Class actions are now considered one of the greatest risks to corporations in Australia, with resulting increases … Continue reading

Data breaches notifications are on the rise

As many readers know, the Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018.  It has resulted in changes to Australia’s privacy law in relation to notification obligations on individuals and organisations that experience an eligible data breach. The Office of the Australian Information Commissioner (OAIC) recently released its second quarterly … Continue reading

ALRC inquiry into class action proceedings and third party litigation funders: What you need to know

On 11 December 2017, then Attorney-General of Australia, Senator the Honourable George Brandis QC, asked the Australian Law Reform Commission (ALRC) to consider whether and to what extent class action proceedings and third party litigation funders should be subject to Commonwealth regulation. The inquiry is set against the background of: (a)      The increased prevalence … Continue reading

AI and Insurance: Planning for an intelligent future

The insurance industry is looking at the means to develop new business models that rely on the mining of large data sets in order to identify customers, price risk and analyse claims. Not only does the application of artificial intelligence (AI) have the potential to reduce costs by reducing headcount, it also has the potential … Continue reading

The results are in: weekly data breach notifications have increased fivefold!

The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018.  It has resulted in changes to Australia’s privacy law in relation to notification obligations on individuals and organisations that experience a data breach.  In this post, we look at the first quarterly report issued by the Office of the Australian Information … Continue reading

Cyber Risk, Data Breaches and the NDB Scheme – What are the Australian Privacy Commissioner’s range of powers?

The Notifiable Data Breach Scheme (NDB Scheme) came into force on 22 February 2018, resulting in various changes to Australia’s privacy law. In previous posts, we have considered: the nature and contents of notification statements; how to identify which data breaches need to be notified; the steps to be taken when an organisation suspects a … Continue reading
LexBlog