Corporate and Compliance

Risk Management and Governance


For many years we have assisted clients with risk managment, policy and advice work. Some examples of that work include: 

  • insurance advice
  • policy and procedure for risk reporting and governance
  • operational guidelines for hospitals including disease control and needle stick injuries
  • whistleblowing guidelines and education
  • information management and document control
  • privacy – best practices and compliance advice
  • practice manuals for volunteers, working with children checks and child protection issues
  • public event operational risk management advice
  • advice on supplier agreements and contractor arrangements with a view to setting out the clear delegation of responsibilities and risks
  • product recall and product liability
  • due diligence
  • risk management –  board reports and investigations


In this space we have:

  • acted in recovery actions arising out of the unintended installation of malware and fraudulent transactions, successfully recovering money for our clients
  • prepared and advised on numerous SaaS contracts
  • advised on the failed implementation and customisation of a suite of software sold to a client which involved a significant business interruption loss
  • acted in NSW Supreme Court litigation over contractual disputes arising out of the failed rollout and implementation of software
  • prepared privacy policies and advised on issues regarding the privacy principles and records management
  • advised clients and given a number of public seminars on the Mandatory Reporting of Data Breaches
  • advised clients on 1st party and 3rd party liability cover under Cyber policies

Financial Services and Insurance Regulation

Our team members have:

  • experience in regulatory compliance, including insurance regulation
  • experience at the Australian Prudential Regulation Authority (APRA)
  • experience with the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and the regulatory impacts on the insurance industry
  • experience in regulation of insurance services organisations under the  Insurance Act 1973, the Insurance Contracts Act 1984 and the Corporations Act


We have experience with the Office of the Australian Information Commissioner, working in privacy and data regulation under the Privacy Act and the Notifiable Data Breaches scheme.

Areas of experience:

  • privacy complaint investigations
  • investigations of data breaches
  • collection, use and disclosure of personal information under the Australian Privacy Principles (APPs)
  • privacy policies and ensuring they comply with the APPs
  • Employee Records Exemptions under the Privacy Act

Commercial Litigation

PC Legal has a wealth of experience in commercial litigation including banking disputes, breach of contract, breach of directors’ duties, knowing receipt/Barnes v Addy claims, intellectual property
We have assisted clients in circumstances where they have suffered employee theft claims as well as protecting the rights of insurers seeking to recover money pursuant to restitutions orders.
We have also had experience with the banking industry in circumstances of fraud and cyber-crime.
We have had success in the Supreme Court Equity Division in a Torrens Assurance Fund Claim arising out of the fraudulent acquisition of property (see Pedulla v Panetta and Ors [2011] NSWSC 1386) and secured their client a verdict of approximately $4 million.
We have also conducted a major piece of litigation regarding the synergistic effects of asbestos and tobacco. The case involved an application to the Dust Diseases Tribunal for access to documents over which privilege was claimed. The Tribunal held, on the prima facie level necessary to determine the interlocutory issue of discovery, that a tobacco company had adopted its document retention policy in furtherance of a fraud within the meaning of section 125 of the Evidence Act 1995 (Cth) and accordingly the documents were not privileged.