Susan Bennett

LLM (Hons), MBA

Principal & Director
M:  +61 (2) 8226 8682
E:  susan.bennett@sibenco.com
Connect with Susan on LinkedIn

 

Overview

Susan is the Principal of Sibenco Legal & Advisory and Co-founder & Director of Information Governance ANZ (IGANZ). With over twenty-five years experience as a lawyer and advisor, Susan works closely with corporate and government clients to deliver tailored legal and risk management solutions that meet client needs and strategic objectives.

Prior to establishing Sibenco, for many years Susan led large litigation cases and inquiries involving the production of large volumes of documents/data. She draws on this experience to deliver responsive risk management solutions for effective Information Governance and regulatory compliance, particularly in data privacy, cross border data protection and critical incident planning and response.

Susan co-founded IGANZ in 2016 to break down the ‘information silos’ she observed among professionals, to enable more connected thinking and innovation for Information Governance best practice and help drive more holistic solutions, particularly for data privacy and cybersecurity. For more information – visit www.infogovanz.com.

Susan holds a Master of Business Administration and a Master of Laws, and is a Certified Information Privacy Professional – Europe (CIPP/E).   Susan is Chair of APAC Working Group 6 – International Electronic Information Management of the Sedona Conference® and a member of Working Group 11 – Data Security and Privacy Liability.  Susan is a Fellow of the Governance Institute of Australia (FGIA), a member of the International Association of Privacy Professionals (iappANZ), a member of the Asian Privacy Scholars Network (APSN), a member and graduate of the Australian Institute of Company Directors (AICD).

Areas of Expertise

Susan delivers strategic, practical and responsive advice to organisations in:

• Information Governance –  frameworks, policies and procedures to strategically maximise the value of information to achieve organisational objectives, while minimising the risks and costs of holding it.
• Privacy and Data Breach – policies and procedures complying with privacy requirements, privacy-by-design, ethical frameworks for big data initiatives, cyberattack preparation with critical incident planning and data breach response.
• Corporate Governance – governance frameworks, policies and procedures to achieve organisational objectives.
• Legal Project Management – timely delivery of projects within budget through the effective use of technology and people.
• Inquiries – representing people and organisations involved in Inquiries & Royal Commissions.
• Investigations – providing independent workplace investigations and reports.
• Workshops and Presentations – helping leaders achieve strategic objectives and manage legal risks.

Upcoming Speaking Engagements

• EduTECH Australia – Presentation, ‘Mandatory Notifiable Data Breaches: making sure your governance framework is ready’, Sydney, June 2018
• Culture, Conduct and Compliance Risk in Financial Services Forum – Presentation ‘Information Governance – A Strategic Approach to Data, Records, Privacy and Information Security’, Sydney, June 2018
• Data Governance 2018 – Investment Data Governance and Management Conference – Presentation, ‘Brace for impact: how the new Mandatory Data Breaches Scheme and the EU GDPR will affect your business’,  Sydney, June 2018
• Legal Framework for Records Management in the Public Sector – Presentation, ‘Information Governance and Digital Continuity 2020’, Canberra, August 2018

Speaking Engagements 2017-2018  

• NZ Privacy Forum – Panel member, ‘Mandatory Data Breach Notification: lessons learned from overseas’, Te Papa, Wellington, May 2018
• InfoGovANZ & Information Innovation@UTS  – Panel Member, ‘Leading Information Governance’, Sydney, May 2018
• AIIM Conference 2018 – Presentation, ‘Does your C-Suite Care about Information Governance? They will if you tie it to Organizational Objectives’, San Antonio, April 2018
• Cybersecurity and Privacy Protection Conference and the Ohio Attorney-General’s CyberOhio Business Summit – Panel member, ‘GDPR and Data Localization Laws: the Growing Compliance Risk for US Businesses’, Cleveland-Marshall College of Law, March 2018
• Governance Institute of Australia 34th National Conference – Governance in a world of disruption, Panel member, ‘Digital Risk: Consumer protection and data innovation: are they compatible?’ Melbourne, December 2017
• Risk Australia 2017 – Panel member, ‘Building a firm-wide culture for strong compliance and conduct risk management’, Sydney, August 2017
• The 9^th Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws – Panel member, ‘The Sedona Conference International Litigation Principles (Transitional Edition): What has changed and what has not? and Panel Chair, ‘Beyond EU-U.S. data transfers: Updates on APAC, South America & the Middle East’,  Dublin, June 2017
• LawFest NZ – Presentation, ‘Information Governance – Managing the Data Tsunami’, Auckland, May 2017
• Records & Information Officers’ Forum – Presentation, ‘Information Governance & RIM – The importance of strategy and leadership’, Melbourne, March, 2017
• 10^th Annual Women Legal Conference 2017 – Panel member, ‘Power: what is it?’, San Francisco, February 2017
• Sedona Conference Working Group on Data Security & Privacy Liability  (WG11) – Panel member, ‘Communicating with Executives on Data Security and Privacy Liability’, Florida, January 2017

Publications 2017-2018  

• GDPR: Change to European Privacy Laws and its impact on Australian businesses – published in January 2018
• Australia’s new Notifiable Data Breaches Scheme: Is your Data Breach Response Plan up to date? published in January 2018
• What is Information Governance and how does it differ from Data Governance? published in September 2017
• Information Governance Leadership – controlling data and information to achieve strategic objectives published in October 2017
• Big Data & Privacy: Does your organisation need an ethical based approach? published in May 2017

Qualifications

  Tertiary Education

• Master of Business Administration (Exec), AGSM (2003)
• Master of Laws (Hons), University of Sydney (1999)
• Diploma of Legal Practice, University of Technology Sydney (1990)
• Bachelor of Laws, University of Tasmania (1990)

  Professional education

• Certified Information Privacy Professional – CIPP/E (2018)
• Legal Lean Sigma® and Project Management (2014)
• Leading Professional Services Firms, Harvard Business School (2011)
• Company Directors Course (GAICD), AICD (2007)

Practising Certificate & Admissions

• Unrestricted Practising Certificate New South Wales, Australia
• NSW Supreme Court, Federal Court of Australia and High Court

Professional Memberships

• Australian Institute of Company Directors (GAICD)
• Fellow of Governance Institute of Australia (FGIA)
• Asian Privacy Scholars Network (APSN)
• International Association of Privacy Professionals (iappANZ)
• New South Wales Law Society
• Sedona Conference® Working Group 6 – International Electronic Information Management, Discovery and Disclosure
• Sedona Conference® Working Group 11 – Data Security and Privacy Liability

 Career overview

Sibenco Legal & Advisory	Principal and Director (2012 to date)
Information Governance ANZ	Co-founder and Director (2016 to date)
Ashgrove Cheese Pty Ltd	Director and Company Secretary (2011 to date)
Sparke Helmore	Sydney Managing Partner (2010-2011) Partner and National Group Leader, Commercial Litigation & Dispute Resolution Group and the Legal Technology Support Group (2003-2011)
Consultant	Consultant lawyer on large high profile commercial litigation disputes (2000-2002)
Middletons (now K&L Gates)	Senior Associate, Dispute Resolution and Commercial Litigation Group (1997-2000)
Phillips Fox (now DLA Piper)	Solicitor, Construction Group (1995-1997)