I advise a broad range of public, private and not-for-profit sector entities in relation to their privacy, data protection and related obligations, including under security of critical infrastructure, marketing, data sharing, surveillance and freedom of information laws.

My clients value my pragmatic, risk-based advice as I work with them to identify, navigate and manage reputational risks in connection with the management of projects in light of community, stakeholder and regulator expectations.

I have a particular interest in data and cyber related impacts associated with the use of emerging technologies, including biometrics, connected and smart devices and AI.

Career highlights

• Conducted a number of Privacy Impact Assessments for a health insurer in relation to data-related projects, including the establishment of a joint venture entity to provide data analytics, client profiling and related services to the insurer, as well as the broader public in future. This project also involved consideration of the joint venture company's privacy and data regulatory obligations from inception in the Australian market.
• Conducted a Privacy Impact Assessment and detailed analysis of the potential privacy risks and impacts in relation to the implementation of a single electronic record system across four public hospitals, including information sharing obligations under the health services (and related) laws and the Child and Family Violence Information Sharing Schemes.
• Advised an information services and data analytics company in relation to the development of various new products and data analytics activities, including relating to credit information.
• Advised a foreign bank setting up operations in Australia in relation to its data-related regulatory obligations in Australia. Also drafted privacy policy and collection notices, consent forms, customer terms and conditions, template supplier agreements and data sharing terms of contracts with business partners in Australia, including relating to CPS 234 requirements.
• Advised major Australian banks on the implementation of their GDPR compliance projects, including strategies for managing global compliance data-handling obligations across the various jurisdictions in which they operate. Also drafted GDPR uplift of service provider contracts to meet GDPR requirements.
• Advised Australian universities in relation to the privacy, data and technology risks associated with the use of online proctoring services involving the use of biometrics, to enable the universities to conduct online examinations. I also drafted the associated services agreements.
• Advised various financial services and health organisations in relation to their obligations under the security of critical infrastructure laws.
• Advised a range of organisations in relation to the management of data breaches, including preparation, breach coaching and notification.

• SOCI | Consultations open for critical infrastructure risk management program rules
  

  Consultation has begun on the risk management program requirements under the new Part 2A of the Security of Critical Infrastructure Act 2018 (Cth). What do the proposed rules look like – and what steps should affected organisations take in preparing for their implementation?

• Key insights: 2023 Australian Community Attitudes to Privacy Survey Report
  

  We set out the key findings from the Office of the Australian Information Commissioner (OAIC)’s 2023 Australian Community Attitudes to Privacy Survey Report.

• New privacy laws for WA's public sector
  

  The WA government is drafting PRIS laws for public sector organisations, necessitating significant preparation for new privacy obligations by 2024.

• Decryption laws update - what's the latest?
  

  Australia's 'decryption' laws have been passed, however further debate and amendments are expected.

  
  
• Google fined $60 million for misleading and deceptive conduct
  

  In the first public enforcement outcome arising from the ACCC's Digital Platforms Inquiry, Google has been fined for mising consumers.

• New privacy bill proposes tougher penalties and powers for serious privacy breaches
  

  In the wake of recent high profile data breaches, the federal government has introduced proposed amendments to Australian privacy law to significantly increase the penalties for privacy breaches, and give the regulator greater powers.

• SOCI equivalent incident reporting and asset register obligations now in effect for Telcos
  

  A new licence condition and determination have been issued by the Minister for Communications, imposing SOCI equivalent obligations on carriers and eligible carriage service providers (CSPs).

• Meta subsidiaries fined $20m for misleading representations on data collection practices
  

  The Federal Court fines Meta's subsidiaries $20 million for mising representations around the handling of 270,000 Australian users’ data

• SOCI Risk Management Program requirements now in effect
  

  On 17 February 2023, the Security of Critical Infrastructure Risk Management Program Rules commenced. The clock is now ticking for impacted responsible entities to become compliant with the risk management program obligation under the Security of Critical Infrastructure Act.

   

• Australia's evolving cyber security landscape: Consultation launched
  

  The Federal Government has released a Consultation Paper seeking feedback on proposed cyber security laws in support of its 2023-30 Cyber Strategy.

• Key insights from the latest NDB data breach report
  

  The OAIC recently published its latest NDB report, providing key insights into Australian data breaches during the first half of 2023.

• New privacy law sees tougher penalties and enforcement powers for serious and repeated privacy breaches
  

  The Australian federal government has passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.

• AI and scraped data: Data protection implications
  

  We explore the data protection implications that arise when data scraping is conducted for the purpose of training artificial intelligence tools.