Data Protection for METS Companies – A Practical Guide

Over the past few years, the risks associated with data security and protection have increased exponentially. In today’s age, data security and protection is a crucial aspect of running a successful business, but given that Mining Equipment, Technology andServices (METS) companies will routinely be handling sensitive client data and employee information it is particularly important for these companies to have adequate processes in place to deal with data security.

In our experience, we have seen that METS companies have a much greater awareness and appreciation of the importance of having these measures in place than they did a few years ago, but many companies procedures are still lacking or there may be room for improvement. In addition, Australian law applies to certain companies with a number of requirements relating to the collection and storing of client’s private information. In today’s post, we will discuss the importance of data protection and how METS companies can protect themselves from potential breaches while at the same time ensuring compliance with the law.

Why is data security so important?

Data security is essential for any enterprise, because METS companies will often use more technology in the course of completing their work than the average company, and may rely on data transactions and storage, they may face additional risks as well. The use of data and technology has a number of positives, and can been leveraged to increase both business efficiency and profitability, however, with these advantages comes a number of potential security risks that have the potential to severely damage a company.

METS companies, like all companies, are accountable for the safety and confidentiality of its client data and employee information. This may be via legislative obligations, but in addition contracts between private parties such as a client and a contractor will likely have clauses relating to privacy and data storage.

The METS industry currently in the process of its biggest change since the development of modern industrial equipment, with IT and operational technology having converged to create significant changes to the way METS companies do business and the services they offer. Automation, the use of smart devices for managing operations, remote operations, and the use of cloud-based services have meant a pivot towards a data-driven industry.  To be able to prevent any potential business disruptions and continue providing innovative solutions, it is essential that METS companies keep operations data secure.

What are the kinds of challenges for METS companies?

Hackers continue to come up with advanced mechanisms to evade security measures. Put simply, as more and more equipment and software becomes integrated to private and public data networks the potential for security breaches to occur continues to increase. Risks can include things like phishing, data leaks, theft, electronic fraud, malicious hacking, and ransomware. While previously spam and phishing were merely considered a nuisance, they are increasingly used by criminals for a financial outcome. METS executives need to be aware that there have been significant increases in the magnitude and frequency of cyber-attacks.

What are the legal obligations?

In addition to the operational need to prepare against potential cyber-attacks, a greater burden now exists for METS companies to comply with Australian law.

The general rule is that businesses with an annual turnover of more than AUD$3 million must comply with the Privacy Act 1988. Some smaller businesses with a turnover less than this threshold will still have responsibilities under the Privacy Act– one such exception that may apply to METS companies is for contractors services under a contract with the Australian Government.

There are currently thirteen Australian Privacy Principles (APPs) under the Privacy Actthat applicable businesses need to comply with. These relate to the collection and use of personal information, the governance of an organisation, security of personal information, and handling of personal information. Even if your company is not legally obligated to follow the APPs, many companies decide to opt-in as they are a good starting point for data protection.

Additionally, under the Notifiable Data Breaches scheme companies covered by the Privacy Actwill need to notify the Government and affected individuals of data breaches when they occur.

What step should a METS company take to protect against a data breach?

Some of the steps a METS company can take to mitigate risks include:

  • METS companies should have a clear and up to date privacy policy outlining how they collect, use and protect client information. This should be made available on a company’s website and should be drafted by a lawyer.
  • In addition, an internal company policy should be prepared outlining to staff the steps for data protection and how they can assist to minimise risks for breaches. It is very important that a culture of awareness is created throughout companies to ensure all employees (and not just executives) have an appreciation of the risks associated with data breaches. This should also include training staff on the type of threats that they may be exposed to.
  • METS companies need a clear, long-term plan and framework in place– given that technology is only going to place an increasingly important role in the industry, it is important that METS companies future proof themselves against cyber attacks as the risk is only going to increase.
  • METS companies should also consider if their current insurance policy covers them in the event of any data breach.


The solutions and products that METS companies are offering hascompletely changed the last 10 years. As more tasks go digital, processes become automated, sensors are installed on critical equipment, and smart devices are used throughout a mining operation. All of these lead to an increased cyber securitythreat and those risks needs to be managed.

METS companies cannot stop creating new solutions but it is important that companies recognisethe importance of cyber securityin order to mitigate risks before they arise. We invite you to talk to our experienced team today about how we can assist with data protection requirements.

Harris Gomez Group is a Common Law firm, with offices in Santiago, Bogotá, and Sydney. We also have legal teams in Peru, Bolivia, Ecuador, Brazil, and Argentina. Over the last 18 years, we have been supporting foreign companies with their growth in Australia and Latin America. Many of our clients are technology companies, service providers and engineering companies that focus on the mining, energy and infrastructure markets.

To better understand how we can support your management team in the Region, please contact us at

Share This

Related Posts