Susan Kantor
Special Counsel, Melbourne
I am a technology, data and cyber law specialist, with a focus on helping clients navigate a wide range of matters surrounding their information-handling obligations.

I advise a broad range of public, private and not-for-profit sector entities in relation to their privacy, data protection and related obligations, including under security of critical infrastructure, marketing, data sharing, surveillance and freedom of information laws.

My clients value my pragmatic, risk-based advice as I work with them to identify, navigate and manage reputational risks in connection with the management of projects in light of community, stakeholder and regulator expectations.

I have a particular interest in data and cyber related impacts associated with the use of emerging technologies, including biometrics, connected and smart devices and AI.

Career highlights

  • Conducted a number of Privacy Impact Assessments for a health insurer in relation to data-related projects, including the establishment of a joint venture entity to provide data analytics, client profiling and related services to the insurer, as well as the broader public in future. This project also involved consideration of the joint venture company's privacy and data regulatory obligations from inception in the Australian market.
  • Conducted a Privacy Impact Assessment and detailed analysis of the potential privacy risks and impacts in relation to the implementation of a single electronic record system across four public hospitals, including information sharing obligations under the health services (and related) laws and the Child and Family Violence Information Sharing Schemes.
  • Advised an information services and data analytics company in relation to the development of various new products and data analytics activities, including relating to credit information.
  • Advised a foreign bank setting up operations in Australia in relation to its data-related regulatory obligations in Australia. Also drafted privacy policy and collection notices, consent forms, customer terms and conditions, template supplier agreements and data sharing terms of contracts with business partners in Australia, including relating to CPS 234 requirements.
  • Advised major Australian banks on the implementation of their GDPR compliance projects, including strategies for managing global compliance data-handling obligations across the various jurisdictions in which they operate. Also drafted GDPR uplift of service provider contracts to meet GDPR requirements.
  • Advised Australian universities in relation to the privacy, data and technology risks associated with the use of online proctoring services involving the use of biometrics, to enable the universities to conduct online examinations. I also drafted the associated services agreements.
  • Advised various financial services and health organisations in relation to their obligations under the security of critical infrastructure laws.
  • Advised a range of organisations in relation to the management of data breaches, including preparation, breach coaching and notification.

Visit our Intellect blog home to sign up to our newsletter.