Eight documents. One deadline. Complete privacy compliance for your practice.

$990 - One purchase covers one practice (designed for practices less than $3M annual revenue - see our Terms of Use))

Complete privacy compliance for property practitioners

The AML Privacy Toolkit for Property Practices is the only compliance pack built specifically for Australian property lawyers and conveyancers navigating Tranche 2. Eight pre-drafted documents. Every Privacy Act obligation covered - AML/CTF, Privacy Act, and e-conveyancing rules, all in one place.

Suitable for sole practitioners and small practices with annual turnover under $3 million, the pack delivers eight practice-ready documents in plain, accessible language. Each document is drafted for the property practice context, not repurposed from a generic template.

🗂  Pack contents: Ten documents: two guidance guides covering the legal framework and implementation, plus eight ready-to-use templates including client-facing notices, internal policies, a data breach response plan, and a destruction schedule

🔒  Single-practice licence: One purchase covers your entire practice

⚖️  Legally current: Reflects the law as at 1 July 2026, including OAIC April 2026 AML/CTF guidance and the OAIC v Australian Clinical Labs civil penalty decision

For multi-practice or association licensing, contact us at [email protected].

From 1 July 2026 you must be Privacy Act compliant

This obligation extends to all customer due diligence information and any other purpose that intersects with CDD

What the pack contains

The pack includes two introductory guides covering the legal framework and how to implement the documents, plus eight ready-to-use templates. Each template is provided as an editable Word file, ready to customise to your practice. Detailed instructions are included with each template.

  • A Privacy Collection Notice for client onboarding

  • A Privacy Policy for publication on your website

  • An Internal Privacy Policy for staff

  • A Privacy and Data Handling Procedure (ten step-by-step staff procedures)

  • A Data Breach Response Plan with decision tree

  • A Third-Party Disclosure Register

  • A Personal Information Destruction Schedule

  • A GDPR Privacy Notice for EU and UK clients

How the pack works

  • Purchase the pack and access all ten documents immediately

  • Start with the implementation guide, which explains each document, how to complete it, and the order in which to prioritise implementation

  • Work through the legal framework guide to understand your obligations before implementing the templates

  • Each template includes a cover page with instructions explaining when and how to use it

  • Complete the highlighted template fields with your practice details

  • Implement each document as directed, and most can be in place within a working day

  • Download all ten documents within 28 days of purchase and save them to your practice file system

  • For multi-practice or association licensing, contact us at [email protected]

Why 1 July 2026 changes everything

The Tranche 2 AML/CTF reforms are one of the most significant change to compliance obligations for Australian property lawyers in decades.

  • The small business exemption to the Privacy Act does not apply to AML/CTF activities, and your practice is required to comply regardless of turnover

  • The Federal Court issued the first-ever Privacy Act civil penalty in 2025: $5.8 million for failure to take reasonable steps to protect personal information and to investigate and notify a data breach

  • Reasonable steps now explicitly include a data breach response plan, staff training, and documented procedures

  • The new statutory tort for serious invasions of privacy applies to all organisations, regardless of size or revenue

  • AUSTRAC and the OAIC are both active regulators, and non-compliance with one will be visible to the other

As a result of the OAIC v Australian Clinical Labs decision, Australian businesses now know exactly what the Federal Court expects when it says "reasonable steps." A data breach response plan, staff procedures, and documented organisational measures are no longer optional. They are the baseline.

About the Author - Simone Herbert-Lowe

Founder, Law & Cyber


Simone Herbert-Lowe is one of Australia's leading advisers on cyber law, privacy, and AML/CTF compliance. She is the founder of Law & Cyber Pty Ltd and a former Partner in the Cyber, Media and Technology practice at Clyde & Co, with over 30 years of legal experience. Her background includes senior roles at Lawcover, where she handled more than 2,000 professional indemnity notifications against law firms.

Simone's work is trusted by:

  • Professional indemnity insurers, legal regulators, and financial services organisations
  • Courts (expert opinion, 2021) and Parliament (Committee evidence, 2024)
  • Major education and platform providers, including PEXA and CPD providers including LawCPD.

Her contributions have been recognised with:

  • Wanbil Lee Prize for Ethical Leadership in Business (AGSM, 2016)
  • Innovator of the Year, Lawyers Weekly Women in Law Awards (2022)
  • Thought Leader of the Year finalist, Lawyers Weekly Women in Law Awards (2022, 2023 & 2025)
  • Relativity Innovation Awards, Security finalist (2022 & 2023)

Simone is the author of Law & Cyber's suite of AML/CTF and privacy compliance resources for Australian legal practices, and a regular speaker at legal industry conferences including Thomson Reuters Cyber Bootcamps and Data Privacy & Consumer Protection Summit, and RelFest Chicago and Sydney.

Course curriculum

  • 1

    Before you start - accessing your compliance pack

    • Before you start: accessing your compliance pack

  • 2

    Chapter 01: Start here: how to use this pack

    • Part 1: How to use your AML Privacy Toolkit

  • 3

    Chapter 02: Your privacy obligations explained: the legal framework

    • Chapter 02: Your privacy obligations explained: the legal framework

  • 4

    Chapter 03: Privacy Collection Notice

    • Chapter 03: Privacy Collection Notice

  • 5

    Chapter 04: Privacy Policy

    • Chapter 04: Privacy Policy

  • 6

    Chapter 05: Internal Privacy Policy

    • Chapter 05: Internal Privacy Policy

  • 7

    Chapter 06: Privacy and Data Handling Procedures

    • Chapter 06: Privacy and Data Handling Procedure

  • 8

    Chapter 07: Data Breach Response Plan

    • Chapter 07: Data Breach Response Plan

  • 9

    Chapter 08: Third-Party Disclosure Register

    • Chapter 08: Third-Party Disclosure Register

  • 10

    Chapter 09: Personal Information Destruction Schedule

    • Chapter 09: Personal Information Destruction Schedule

    • Chapter 9A: Appendix - Retention and Destruction Reference Guide

  • 11

    Chapter 10: GDPR and UK GDPR Privacy Notice

    • Chapter 10: GDPR and UK GDPR Privacy Notice

  • 12

    Chapter 11: What to do next

    • You're set up - Here's what to do next

  • 13

    About L & C

    • About the author

    • Our Education Portfolio

  • 14

    Terms of Use

    • Terms of Use

Licence and permitted use

Your purchase gives you a single-practice licence to use the pack for the internal compliance purposes of your practice only. This pack is intended for sole practitioners and small practices with annual turnover under $3 million. It is not licensed for use across a network, association, or group of practices, and is not suitable for larger firms with more complex compliance requirements. Each practice requires its own licence. By purchasing, you agree that you will not: share, resell, or transfer the documents to any other practice or person use the documents as the basis for a competing product or derivative work or submit any document, or a substantial part of it, to any artificial intelligence tool, large language model, or similar technology. Law & Cyber retains copyright in all documents. If you require a multi-practice, association, or insurer licence, please contact us at [email protected]. See below for our Terms of Use - Purchasing the pack constitutes acceptance of those Terms.