Allens partner Gavin Smith said in-house counsel at telecommunications companies were likely to be most affected by the new laws.

These lawyers will be required to ensure their company is fully compliant with the new legislation and also deal with a “vastly increased” volume and range of requests to access data.

“They might, as part of that, have to deal with the potentially tricky issue of where agencies are seeking to obtain metadata about communications between journalists and their sources,” Mr Smith said.

“So in-house lawyers at telecommunications service providers could now be thrown into the middle of the new warrant and public interest advocate process which has been designed to deal with requests for access to data about journalists' sources.”

Breach notification

However, Mr Smith believes the most significant change for lawyers comes not from the act itself but from future legislation.

“As part of the negotiations to gain bi-partisan support for the bill, the government has agreed that it will introduce a new, broad-brush mandatory data breach notification regime,” Mr Smith said.

Under this regime, due to be introduced later in 2015, companies that breach privacy legislation will be required to notify the privacy commissioner and the affected individuals.

“We don't know quite what that legislation will look like just yet but this will impact law firms in quite a major way because of the public impact of having to make these notifications if they suffer breaches, and the potential loss of trust that might ensue if clients think their confidential information might also have been accessed,” Mr Smith said.

“To my knowledge, no major law firm in Australia has ever owned up to a data breach to date and this new law might change that and create some headaches for law firms.”

However, he said at this stage it was unclear what circumstances might trigger a notification.

Privilege

In the lead-up to the legislation passing, the Law Council of Victoria and other professional bodies warned the new laws could undermine lawyer-client privilege.

While Mr Smith admits this is a possibility, he believes the issue will be fairly minor.

“I am actually unconvinced that there is a major problem to privilege arising out of this new regime, although equally I don't want to say it's a completely non-issue,” he said.

In his view, privilege attaches itself to the contents of legal advice rather than the details surrounding it.

“The new data retention and access regime explicitly does not allow agencies to gain access to the content of communications; it only allows agencies to gain access to the details about the communications. So the contents of privileged communications should not be at risk of disclosure here,” he said.

He agreed it might be possible to glean valuable information from metadata – such as who potential witnesses or experts might be – but suggested the contents was far more important in terms of privilege.

“My personal view is that the much more important point is that the contents of the communication themselves, which is really where the privileged information would be, is not accessible under the new regime and therefore client legal privilege is not going to be jeopardised in general,” he said.