Greetings Asia-Pacific privacy pros.

The 2022-2023 fiscal year has closed and we've moved in to 2023-2024 with news that one of the largest law firms in Australia, HWL Ebsworth, recently reported a data breach under the Office of the Australian Information Commissioner's notifiable data breaches scheme. The details and circumstances of the breach are still being investigated and the OAIC has noted in a statement dated 15 June:

"On 8 May 2023, HWL Ebsworth reported a data breach to the Office of the Australian Information Commissioner in the OAIC's capacity as regulator of the Notifiable Data Breaches scheme. HWL Ebsworth provides legal services to a range of Commonwealth clients, including the OAIC. On Saturday 10 June, HWL Ebsworth advised the OAIC that a document or documents relating to a limited number of OAIC files were included in the breach experienced by HWL Ebsworth.

"HWL Ebsworth is currently providing further information to the OAIC about those documents. The OAIC will review those documents to see whether they contain personal information, and, consistent with requirements under the Notifiable Data Breaches scheme, will notify affected individuals where necessary. The OAIC's systems have not been compromised."

While we await the outcomes of the OAIC review and any potential follow up, it serves as a timely reminder — like we needed any more reminding — that data governance practices and customer trust are critically important to all organizations and sectors.

Meanwhile, the IAPP has been moving at the speed of light to build and roll out its AI Governance Center and began to deliver on its commitments to the privacy community — standing up an AI Governance Dashboard Newsletter, convening an incredibly talented AI Governance Center Advisory Board, announcing the launch of the first IAPP AI Governance Conference to be held in Boston, Massachusetts, U.S., 2-3 Nov.

Perhaps the most significant and tangible deliverable was the recent delivery and launch of the