I advise a broad range of public, private and not-for-profit sector entities in relation to their privacy, data protection and related obligations, including under security of critical infrastructure, marketing, data sharing, surveillance and freedom of information laws.
My clients value my pragmatic, risk-based advice as I work with them to identify, navigate and manage reputational risks in connection with the management of projects in light of community, stakeholder and regulator expectations.
I have a particular interest in data and cyber related impacts associated with the use of emerging technologies, including biometrics, connected and smart devices and AI.
- Conducted a number of Privacy Impact Assessments for a health insurer in relation to data-related projects, including the establishment of a joint venture entity to provide data analytics, client profiling and related services to the insurer, as well as the broader public in future. This project also involved consideration of the joint venture company's privacy and data regulatory obligations from inception in the Australian market.
- Conducted a Privacy Impact Assessment and detailed analysis of the potential privacy risks and impacts in relation to the implementation of a single electronic record system across four public hospitals, including information sharing obligations under the health services (and related) laws and the Child and Family Violence Information Sharing Schemes.
- Advised an information services and data analytics company in relation to the development of various new products and data analytics activities, including relating to credit information.
- Advised major Australian banks on the implementation of their GDPR compliance projects, including strategies for managing global compliance data-handling obligations across the various jurisdictions in which they operate. Also drafted GDPR uplift of service provider contracts to meet GDPR requirements.
- Advised Australian universities in relation to the privacy, data and technology risks associated with the use of online proctoring services involving the use of biometrics, to enable the universities to conduct online examinations. I also drafted the associated services agreements.
- Advised various financial services and health organisations in relation to their obligations under the security of critical infrastructure laws.
- Advised a range of organisations in relation to the management of data breaches, including preparation, breach coaching and notification.