Nick Boyle

I have deep experience acting for and advising clients on digital transformation projects and complex commercial transactions, including those involving procurement, the design and implementation of complex IT systems, business process outsourcing arrangements and the commercialisation of technology services and system. I also advise clients on data protection and cyber-security related matters, including advice on regulatory compliance with privacy and cyber laws, and data incident responses.

I advise clients on digital transformation projects, including design and implementation of technology systems and tools, technology-based outsourcing projects, business process outsourcing and software licensing arrangements; issues arising out of, and compliance with, the Privacy Act 1988 (Cth) and State and Territory privacy legislation; cyber security risks and mitigations; and information and security related regulatory issues, including workplace surveillance requirements.
My expertise includes:
• advising organisations on issues relating to cyber-security, data and personal information laws and regulations, including the Security of Critical Infrastructure Act 2018 (Cth), the Privacy Act 1988 (Cth), State and Territory privacy legislation and APRA's CPS 234 prudential standard. This work spans advice on the impact of these laws and regulations on organisations' existing practices, processes and systems; conducting audits of information- and data-handling practices; reviewing, designing and implementing compliance programmes (including assisting in development of policies, processes and procedures); supporting on complaints from individuals and enquiries from regulators, and assisting clients; advising senior management teams and boards on trends and issues relevant to setting of risk postures and design of governance structures;
• advising organisations on information- and cyber-security risks and incidents. This includes working with multi-disciplinary teams (including forensics, technology, communications and PR, and senior leadership teams) on responses to data breaches;
• digital transformation projects, including design and implementation of technology systems and tools
I bring the best of my technical expertise, experience and market insight to help clients navigate the complexities of digital transformation, cyber security and data privacy.

• Advising a major professional services firm in the engineering and construction sector on its response to a data breach affecting its operations in Australia and APAC. This included advising on data breach notification requirements, issues pertaining to its contractual arrangements with its customers and advice in relation to issues identified by the appointed forensic cyber experts.
• Advising a range of organisations across a variety of industries on audits and reviews of their cyber, data security and privacy compliance programmes. This includes working closely with stakeholders to understand the existing arrangements, and identifying gaps, risks and mitigating / remedial actions, and assisting in implementing mitigating and remedial actions.
• Advising a major on its global outsourcing programme across its finance and accounting, IT service desk and applications development and management, and HR operations. The agreements with three vendors were for five years, across the entirety of Worley's global footprint of 25+ countries and had a total contract value of more than USD70 million. *completed at previous firm
• Advising a number of major Australian financial services organisations on major IT infrastructure and technology services arrangements, including for applications development and management arrangements, provision and management of IT infrastructure, and licensing and implementation of major technology systems (including ERP platforms).
• Advising Worldline on the strategic alliance agreement, intra-group outsourcing agreement and transitional services agreement as part of its acquisition of a 51% interest in ANZ Bank's merchant acquiring business for ~AUD485 million. A significant part of the strategic alliance arrangement, and the overall deal, was the scope of the parties' respective rights to data generated by the new operating entity, including with respect to the development and commercialisation of 'insights' and data products arising out of that data. *completed at previous firm