LLM (Hons), MBA
Susan is the Principal of Sibenco Legal & Advisory and Co-founder & Director of Information Governance ANZ (IGANZ). With over twenty-five years experience as a lawyer and advisor, Susan works closely with corporate and government clients to deliver tailored legal and risk management solutions that meet client needs and strategic objectives.
Prior to establishing Sibenco, for many years Susan led large litigation cases and inquiries involving the production of large volumes of documents/data. She draws on this experience to deliver responsive risk management solutions for effective Information Governance and regulatory compliance, particularly in data privacy, cross border data protection and critical incident planning and response.
Susan co-founded IGANZ in 2016 to break down the ‘information silos’ she observed among professionals, to enable more connected thinking and innovation for Information Governance best practice and help drive more holistic solutions, particularly for data privacy and cybersecurity. For more information – visit www.infogovanz.com.
Susan holds a Master of Business Administration and a Master of Laws, and is a Certified Information Privacy Professional – Europe (CIPP/E). Susan is Chair of APAC Working Group 6 – International Electronic Information Management of the Sedona Conference® and a member of Working Group 11 – Data Security and Privacy Liability. Susan is a Fellow of the Governance Institute of Australia (FGIA), a member of the International Association of Privacy Professionals (iappANZ), a member of the Asian Privacy Scholars Network (APSN), a member and graduate of the Australian Institute of Company Directors (AICD).
Areas of Expertise
Susan delivers strategic, practical and responsive advice to organisations in:
- Information Governance – frameworks, policies and procedures to strategically maximise the value of information to achieve organisational objectives, while minimising the risks and costs of holding it.
- Privacy and Data Breach – policies and procedures complying with privacy requirements, privacy-by-design, ethical frameworks for big data initiatives, cyberattack preparation with critical incident planning and data breach response.
- Corporate Governance – governance frameworks, policies and procedures to achieve organisational objectives.
- Legal Project Management – timely delivery of projects within budget through the effective use of technology and people.
- Inquiries – representing people and organisations involved in Inquiries & Royal Commissions.
- Investigations – providing independent workplace investigations and reports.
- Workshops and Presentations – helping leaders achieve strategic objectives and manage legal risks.
Speaking Engagements 2017-2018
- NSW Law Society – FLIP Inquiry Series, ‘Behind the Buzz Words’, Panel member on ‘Decoding Metadata’, Sydney, August 2018
- 12th Annual Technology and Cyber Security in Government Conference – Presentation, ‘Mandatory Data Breach Notification and Australia’s Regulations in the Global Spotlight’, and Panel member ‘Cyber Human Factors – Why employees are still a security risk’, Canberra, August 2018
- Legal Framework for Records Management in the Public Sector – Presentation, ‘Information Governance and Digital Continuity 2020’, Canberra, August 2018
- Culture, Conduct and Compliance Risk in Financial Services Forum – Presentation ‘Information Governance – A Strategic Approach to Data, Records, Privacy and Information Security’, Sydney, June 2018
- EduTECH Australia – Presentation, ‘Mandatory Notifiable Data Breaches: making sure your governance framework is ready’, Sydney, June 2018
- Data Governance 2018 – Investment Data Governance and Management Conference – Presentation, ‘Brace for impact: how the new Mandatory Data Breaches Scheme and the EU GDPR will affect your business’, Sydney, June 2018
- NZ Privacy Forum – Presentation and Panel member, ‘Mandatory Data Breach Notification: lessons learned from overseas’, Te Papa, Wellington, May 2018
- InfoGovANZ & Information Innovation@UTS – Panel Member, ‘Leading Information Governance’, Sydney, May 2018
- AIIM Conference 2018 – Presentation, ‘Does your C-Suite Care about Information Governance? They will if you tie it to Organizational Objectives’, San Antonio, April 2018
- Cybersecurity and Privacy Protection Conference and the Ohio Attorney-General’s CyberOhio Business Summit – Panel member, ‘GDPR and Data Localization Laws: the Growing Compliance Risk for US Businesses’, Cleveland-Marshall College of Law, March 2018
- Governance Institute of Australia 34th National Conference – Governance in a world of disruption, Panel member, ‘Digital Risk: Consumer protection and data innovation: are they compatible?’ Melbourne, December 2017
- Risk Australia 2017 – Panel member, ‘Building a firm-wide culture for strong compliance and conduct risk management’, Sydney, August 2017
- The 9th Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws – Panel member, ‘The Sedona Conference International Litigation Principles (Transitional Edition): What has changed and what has not? and Panel Chair, ‘Beyond EU-U.S. data transfers: Updates on APAC, South America & the Middle East’, Dublin, June 2017
- LawFest NZ – Presentation, ‘Information Governance – Managing the Data Tsunami’, Auckland, May 2017
- Records & Information Officers’ Forum – Presentation, ‘Information Governance & RIM – The importance of strategy and leadership’, Melbourne, March, 2017
- 10th Annual Women Legal Conference 2017 – Panel member, ‘Power: what is it?’, San Francisco, February 2017
- Sedona Conference Working Group on Data Security & Privacy Liability (WG11) – Panel member, ‘Communicating with Executives on Data Security and Privacy Liability’, Florida, January 2017
- GDPR: Change to European Privacy Laws and its impact on Australian businesses – Governance Directions, December 2018, Vol 70, Issue 2
- Australia’s new Notifiable Data Breaches Scheme: Is your Data Breach Response Plan up to date? – published in January 2018
- What is Information Governance and how does it differ from Data Governance? – Governance Directions, September 2017, Vol 69, Issue 8
- Information Governance Leadership – controlling data and information to achieve strategic objectives – Governance Directions, December 2017, Vol 69, Issue 11
- Big Data & Privacy: Does your organisation need an ethical based approach? – published in May 2017
- Master of Business Administration (Exec), AGSM (2003)
- Master of Laws (Hons), University of Sydney (1999)
- Diploma of Legal Practice, University of Technology Sydney (1990)
- Bachelor of Laws, University of Tasmania (1990)
- Certified Information Privacy Professional – CIPP/E (2018)
- Legal Lean Sigma® and Project Management (2014)
- Leading Professional Services Firms, Harvard Business School (2011)
- Company Directors Course (GAICD), AICD (2007)
Practising Certificate & Admissions
- Unrestricted Practising Certificate New South Wales, Australia
- NSW Supreme Court, Federal Court of Australia and High Court
- Australian Institute of Company Directors (GAICD)
- Fellow of Governance Institute of Australia (FGIA)
- Asian Privacy Scholars Network (APSN)
- International Association of Privacy Professionals (iappANZ)
- New South Wales Law Society
- Sedona Conference® Working Group 6 – International Electronic Information Management, Discovery and Disclosure
- Sedona Conference® Working Group 11 – Data Security and Privacy Liability
|Sibenco Legal & Advisory||Principal and Director (2012 to date)|
|Information Governance ANZ||Co-founder and Director (2016 to date)|
|Ashgrove Cheese Pty Ltd||Director and Company Secretary (2011 to date)|
|Sparke Helmore||Sydney Managing Partner (2010-2011)
Partner and National Group Leader, Commercial Litigation & Dispute Resolution Group and the Legal Technology Support Group (2003-2011)
|Consultant||Consultant lawyer on large high profile commercial litigation disputes (2000-2002)|
|Middletons (now K&L Gates)||Senior Associate, Dispute Resolution and Commercial Litigation Group (1997-2000)|
|Phillips Fox (now DLA Piper)||Solicitor, Construction Group (1995-1997)|