Susan Bennett

LLM (Hons), MBA, FGIA, CIPP/E

Principal & Director
M:  +61 (2) 8226 8682
E:  susan.bennett@sibenco.com
Connect with Susan on LinkedIn

 

Overview

Susan is the Principal of Sibenco Legal & Advisory and Co-founder & Director of Information Governance ANZ (IGANZ). With over twenty-five years experience as a lawyer and advisor, Susan works closely with corporate and government clients to deliver tailored legal and risk management solutions that meet client needs and strategic objectives.

Prior to establishing Sibenco, for many years Susan led large litigation cases and inquiries involving the production of large volumes of documents/data. She draws on this experience to deliver responsive risk management solutions for effective Information Governance and regulatory compliance, particularly in data privacy, cross border data protection and critical incident planning and response.

Susan co-founded IGANZ in 2016 to break down the ‘information silos’ she observed among professionals, to enable more connected thinking and innovation for Information Governance best practice and help drive more holistic solutions, particularly for data privacy and cybersecurity. For more information – visit www.infogovanz.com.

Susan holds a Master of Business Administration and a Master of Laws, and is a Certified Information Privacy Professional – Europe (CIPP/E).   Susan is Chair of Sedona® APAC Working Group 6 – International Electronic Information Management, Discovery and Discloure, and a member of Working Group 11 – Data Security and Privacy Liability.  Susan is a Fellow of the Governance Institute of Australia (FGIA), a member of the International Association of Privacy Professionals (iappANZ), a member of the Asian Privacy Scholars Network (APSN), a member and graduate of the Australian Institute of Company Directors (AICD).

Areas of Expertise

Susan delivers strategic, practical and responsive advice to organisations in:

• Information Governance –  frameworks, policies and procedures to strategically maximise the value of information to achieve organisational objectives, while minimising the risks and costs of holding it.
• Privacy and Data Breach – policies and procedures complying with privacy requirements, privacy impact assessments, privacy-by-design, ethical frameworks for data analytics, cyberattack preparation with critical incident planning and data breach response.
• Corporate Governance – governance frameworks, policies and procedures to achieve organisational objectives.
• Legal Project Management – timely delivery of projects within budget through the effective use of technology and people.
• Inquiries – representing people and organisations involved in Inquiries & Royal Commissions.
• Investigations – providing independent workplace investigations and reports.
• Workshops and Presentations – helping leaders achieve strategic objectives and manage legal risks.

Speaking Engagements

• CDS Legal Corporate Counsel Rountable NYC 2019, Panel member on Data Privacy, New York, January 2019
• Sedona Conference Working Group 6 – Panel member, ‘Cross-border discovery and investigations and data protection laws update: APAC, South America and the Middle East’, Florida, January 2019
• Legalwise CPD for Inhouse Counsel – Presentation, ‘Effective Internal Investigations’, November 2019
• GovData2018 – Presentation, ‘Data, Privacy, Ethics and Trust: The role of Governance’, and Panel member ‘The Trust Deficit’, Canberra, October 2018
• NSW Law Society – FLIP Inquiry Series, ‘Behind the Buzz Words’, Panel member on ‘Decoding Metadata’,  Sydney,  August 2018
• 12th Annual Technology and Cyber Security in Government Conference – Presentation, ‘Mandatory Data Breach Notification and Australia’s Regulations in the Global Spotlight’, and Panel member ‘Cyber Human Factors – Why employees are still a security risk’, Canberra, August 2018
• Legal Framework for Records Management in the Public Sector – Presentation, ‘Information Governance and Digital Continuity 2020’, Canberra, August 2018
• Culture, Conduct and Compliance Risk in Financial Services Forum – Presentation ‘Information Governance – A Strategic Approach to Data, Records, Privacy and Information Security’, Sydney, June 2018
• EduTECH Australia – Presentation, ‘Mandatory Notifiable Data Breaches: making sure your governance framework is ready’, Sydney, June 2018
• Data Governance 2018 – Investment Data Governance and Management Conference – Presentation, ‘Brace for impact: how the new Mandatory Data Breaches Scheme and the EU GDPR will affect your business’,  Sydney, June 2018
• NZ Privacy Forum – Presentation and Panel member, ‘Mandatory Data Breach Notification: lessons learned from overseas’, Te Papa, Wellington, May 2018
• InfoGovANZ & Information Innovation@UTS  – Panel Member, ‘Leading Information Governance’, Sydney, May 2018
• AIIM Conference 2018 – Presentation, ‘Does your C-Suite Care about Information Governance? They will if you tie it to Organizational Objectives’, San Antonio, April 2018
• Cybersecurity and Privacy Protection Conference and the Ohio Attorney-General’s CyberOhio Business Summit – Panel member, ‘GDPR and Data Localization Laws: the Growing Compliance Risk for US Businesses’, Cleveland-Marshall College of Law, March 2018
• Governance Institute of Australia 34th National Conference – Governance in a world of disruption, Panel member, ‘Digital Risk: Consumer protection and data innovation: are they compatible?’ Melbourne, December 2017
• Risk Australia 2017 – Panel member, ‘Building a firm-wide culture for strong compliance and conduct risk management’, Sydney, August 2017
• The 9^th Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws – Panel member, ‘The Sedona Conference International Litigation Principles (Transitional Edition): What has changed and what has not? and Panel Chair, ‘Beyond EU-U.S. data transfers: Updates on APAC, South America & the Middle East’,  Dublin, June 2017
• LawFest NZ – Presentation, ‘Information Governance – Managing the Data Tsunami’, Auckland, May 2017
• Records & Information Officers’ Forum – Presentation, ‘Information Governance & RIM – The importance of strategy and leadership’, Melbourne, March, 2017
• 10^th Annual Women Legal Conference 2017 – Panel member, ‘Power: what is it?’, San Francisco, February 2017
• Sedona Conference Working Group on Data Security & Privacy Liability  (WG11) – Panel member, ‘Communicating with Executives on Data Security and Privacy Liability’, Florida, January 2017

Publications 

• Corporate Governance in the Digital Economy: The critical importance of Information Governance – Governance Directions, November 2018, Vol 70, Issue 10
• GDPR: Change to European Privacy Laws and its impact on Australian businesses – Governance Directions, March 2018, Vol 70, Issue 2
• Australia’s new Notifiable Data Breaches Scheme: Is your Data Breach Response Plan up to date? – published in January 2018
• What is Information Governance and how does it differ from Data Governance? – Governance Directions, September 2017, Vol 69, Issue 8 
• Information Governance Leadership – controlling data and information to achieve strategic objectives – Governance Directions, December 2017, Vol 69, Issue 11
• Big Data & Privacy: Does your organisation need an ethical based approach? – published in May 2017

Qualifications

  Tertiary Education

• Master of Business Administration (Exec), AGSM (2003)
• Master of Laws (Hons), University of Sydney (1999)
• Diploma of Legal Practice, University of Technology Sydney (1990)
• Bachelor of Laws, University of Tasmania (1990)

  Professional education

• Certified Information Privacy Professional – CIPP/E (2018)
• Legal Lean Sigma® and Project Management (2014)
• Leading Professional Services Firms, Harvard Business School (2011)
• Company Directors Course (GAICD), AICD (2007)

Practising Certificate & Admissions

• Unrestricted Practising Certificate New South Wales, Australia
• NSW Supreme Court, Federal Court of Australia and High Court

Professional Memberships

• Australian Institute of Company Directors (GAICD)
• Fellow of Governance Institute of Australia (FGIA)
• Asian Privacy Scholars Network (APSN)
• International Association of Privacy Professionals (iappANZ)
• New South Wales Law Society
• Sedona Conference® Working Group 6 – International Electronic Information Management, Discovery and Disclosure
• Sedona Conference® Working Group 11 – Data Security and Privacy Liability

 Career overview

Sibenco Legal & Advisory	Principal and Director (2012 to date)
Information Governance ANZ	Co-founder and Director (2016 to date)
Sparke Helmore	Sydney Managing Partner (2010-2011) Partner and National Group Leader, Commercial Litigation & Dispute Resolution Group and the Legal Technology Support Group (2003-2011)
Consultant	Consultant lawyer on large high profile commercial litigation disputes (2000-2002)
Middletons (now K&L Gates)	Senior Associate, Dispute Resolution and Commercial Litigation Group (1997-2000)
Phillips Fox (now DLA Piper)	Solicitor, Construction Group (1995-1997)