Rising Stars

Firms To Watch: Data protection

Paul Kallenbach in Melbourne leads the cyber law and data protection offering at Minter Ellison, which has expanded its offering across data compliance and cyber risk management work.

Data protection in Australia


The data protection and cyber security practice at Allens advises on the intersection of legal compliance, commercial focus and ethical grounding for clients from data-intensive businesses to large organisational bodies. Acting as both legal and policy advocates, the team has been working with the Australian Banking Association, advising on its submission to the Government following the Privacy Act Reform Review. Team co-head Valeska Bloch is particularly sought after for her expertise regarding highly regulated sectors, including the energy, resources, healthcare and financial services industries. Gavin Smith‘s data, security and law enforcement experience, combined with his dual qualification in England, bolsters the team’s GDPR experience. Melbourne-based Elyse Adams has notable expertise regarding payment technologies, including blockchain, and David Rountree is experienced across compliance, commercialisation, and cyber incident preparedness and response work.

Practice head(s):

Gavin Smith; Valeska Bloch

Other key lawyers:

Phil O’Sullivan; David Rountree; Elyse Adams


‘The Allens team are first and foremost practical and provide advice that is easily digestible for complex matters.’

‘Gavin Smith is knowledgeable, diligent and across industry specific issues that impact the tech businesses. Having worked with Gavin on a number of matters, we are always provided with practical and applicable advice.’

‘Industry leading knowledge in cyber security developments.’

Key clients



Commonwealth Bank of Australia


News Corporation


Woodside Petroleum

Australian Banking Association

Work highlights

  • Advising Coles in relation to its response to the Latitude Financial Australia cyber incident which was announced to market on 16 March 2023.
  • Advised on an AI and data joint venture between Quantium and Telstra.
  • Working with a number of Australia’s leading organisations including Commonwealth Bank of Australia (CBA), IAG, Australian Retirement Trust and BHP (among others) on their data protection and cyber security strategies.


Ashurst‘s ‘dynamic’ digital economy team is led by Brisbane-based Amanda Ludlow, an expert regarding data regulation. The team is engaged both in advising clients in regards to privacy reform and the development of digital regulation, and supporting them through cyber incidents and data breaches. Angela Summersby, based in Canberra, specialises in government-related work, with notable experience advising on data migration and program transformation projects. In Melbourne, Emma Butler is recommended for her work assisting with the development and implementation cyber strategies, with specific experience with energy sector clients. Sydney-based Tim Brookes and Geoff McGrath are also recommended.

Practice head(s):

Amanda Ludlow

Other key lawyers:

Emma Butler; Tim Brookes; Angela Summersby; Geoff McGrath; Mitchell Bazzana


‘The team was able to expertly manage every aspect of a highly complex, multifaceted, multinational arrangement. They manage the project from start to finish, including: advice on structuring the transaction, gaps analysis, coordinating financial regulatory advice and commercial inputs, and document negotiation, drafting, and finalisation.’

‘Tim Brookes and Mitchell Bazzana have incredible subject matter expertise, immaculate attention to detail, their ability to turn around extensive amounts of precision drafting and provide commercial solutions to roadblocks is second to none.’ 

‘Amanda Ludlow – knows the law and the industry knowledge is second to none. Exceptional client service.’

Key clients

7-Eleven Stores Pty Ltd

Aer Riata International

AGL Energy Limited

AIA Company Limited

Allegis Talent Consultancy (Shanghai) Co. Ltd.

Australia and New Zealand Banking Group Limited

Aveo Group

Commonwealth Bank of Australia

Commonwealth Government – Department of Defence

Commonwealth Government – Department of Employment and Workplace Relations

Commonwealth Government – Department of Finance

DataBank Australia Pty Ltd

KVD Singapore Pte Ltd

Meta Platforms, Inc (formerly Facebook)

Monash University

NBN Co Limited

NSW Government

Quantium Group Holdings

Queensland Government

Optus Singtel

SAP Fioneer Australia Pty Ltd

Standards Australia Limited

State of Victoria

Westpac Banking Corporation

Woolworths Group Limited


Work highlights

  • Assisting the Commonwealth Bank of Australia in the preparation of the Cybersource Agreement with Visa, and reviewing the IP, data, security and privacy clauses.
  • Assisting Monash University with negotiating a new Digital ID Verification solution agreement with global identity specialist, GBG.
  • Provided ongoing support to Quantium in relation to various matters relating to the implementation of its technology and data platforms in multiple jurisdictions, including privacy and data protection advice for projects in Australia, the UK and the US.

Corrs Chambers Westgarth

The team at Corrs Chambers Westgarth is noted for its ‘excellent, deep and holistic subject matter expertise’, acting on a range of data and cyber matters for both public and private sector clients. Team head James North in Sydney has particular expertise advising on the data aspects of cross-border M&A transactions alongside a wider information security practice. Also in Sydney, Eugenia Kolivos ‘is an expert in this field‘, advising on privacy reforms, privacy policies and data protection in addition to cross-jurisdictional data protection and overseas data disclosure. Melbourne-based Philip Catania is praised as an 'absolute expert' and has a strong track record on large data breaches, both domestic and international, and bolsters the team’s international expertise providing advice for clients in regards to GDPR compliance. Arvind Dixit in Melbourne focuses on information technology work.

Practice head(s):

James North

Other key lawyers:

Eugenia Kolivos; Arvind Dixit; Philip Catania; Justin Gay


The team are well regarded in the sector and bring to the table diverse experience and well balanced legal advice and guidance. They are open to debate, understanding and challenging client risk and advocating for streamlined solutions.’

Excellent, deep and holistic subject matter expertise. The firm has a broad range and level of experience which provides for a sound client outcome. The team are highly intelligent and motivated to provide our organization the best possible advice and guidance.’

Eugenia Kolivos is an expert in this field and takes a commercial view to ensure the advice is tailored to our business.’

Their strengths lie in their expertise of the law and how the law can be applied in a commercial setting. They are exceptionally responsive, take the time to understand the problem we are solving for and provide tailored commercial advice.’

Phil Catania is an absolute expert in privacy, data and cyber who is exceptionally well connected in Australia and overseas. He is very proactive, enthusiastic, knowledgeable and approachable. He goes to great lengths to understand client needs and deliver.’

‘Corrs have their finger on the pulse – with broad and deep legal, regulatory and commercial knowledge, but a good eye to what is likely coming in Australia in the future.’

Key clients





NSW Government

Google / Alphabet



Commonwealth Bank of Australia (CBA) / X15 Ventures

Australian National Broadband Network (nbn)



Capital One


National Australia Bank (NAB)


TPG Telecom


Work highlights

  • Acted for Flybuys in relation to its complex data protection considerations and arrangements with Australia’s two largest grocers, Wesfarmers and Coles, in connection with the inclusion of Bunnings and Officeworks into the Flybuys program.
  • Advising QIC on all aspects of its new online shopping and e-commerce marketplace, Shopindee, including in the context of significant data, security, and privacy considerations.
  • Advising REA on a range of privacy and data related matters associated with the operation and growth of the REA platform and its core product offerings, including in the context of data enrichment, and advertising.

Gilbert + Tobin

Sheila McGregor heads up the multidisciplinary, cross-practice digital and data team at Gilbert + Tobin from Sydney; the group's ‘deep subject matter expertise‘ covers all stages of the data lifecycle. Cyber resilience is an area of growing emphasis for the team, assisting clients with the implementation of cyber governance regimes and advising on best practice when responding to cyber incidents; Sydney-based Michael Williams has particular strength regarding cyber response strategy. Also in Sydney, Tim Gole advises businesses on privacy obligations with notable expertise regarding the highly regulated financial services and healthcare industries, while Melissa Fai specialises in data and privacy work including issues surrounding the commercialisation of data.

Practice head(s):

Sheila McGregor

Other key lawyers:

Melissa Fai; Tim Gole; Michael Williams


‘Deep subject matter expertise that is easily translated into our organisational and market risk profile. The team have provided guidance on complex legislation and risk management that has been received well and translated into actionable outcomes.’ 

‘Highly intelligent associates and junior lawyers that are clearly afforded time and guidance from partners.’

‘Melissa Fai demonstrates deep knowledge of relevant issues and potential solutions to those issues. Her advice is always practical and that is critical in this complex area.’

Key clients

Australian Clinical Labs / Medlabs

Australian Payments Plus (AP+) / ConnectID

DataX – Westpac Banking Corporation

Westpac Banking Corporation

Hollard Insurance

The Wine Concierge Service Pty Ltd


Department of Customer Service and Transport for NSW

NSW Health / Cancer Institute of NSW



Volkswagen / Cariad

Work highlights

  • Advising Australian Payments+ on its combination of three domestic payment providers, BPAY Group, eftpos and NPP Australia, into one integrated entity.
  • Advising Australian Clinical Labs on its response to a significant cyber incident, its privacy compliance obligations moving forward, and its continuous disclosure obligations under the ASX Listing Rules.
  • Advising Microsoft in respect of a program of advice in relation to an array of regulatory reforms (including cross-jurisdiction) concerning data protection, security and data management, including Australia’s critical infrastructure framework, online safety framework, government surveillance and data privacy, as impacting Microsoft products and services and its enterprise customers.

King & Wood Mallesons

King & Wood Mallesons‘ digital economy and tech law team fields ‘thought leaders with extensive experience’, acting on matters from large public data breaches to risk mitigation. The team works with forensic IT investigators to manage the causes and impacts of cyber incidents for its clients, which include financial institutions, media companies and energy retailers. Cheng Lim and Patrick Gunning co-head the team from Melbourne and Sydney respectively; Lim is recommended for his ability to provide a ‘robust, holistic, commercial view‘, while Gunning is experienced in supporting high-profile clients through regulatory investigations and advising on changes to cybersecurity policy. Melbourne-based Michael Swinson ‘brings a wealth of knowledge and experience’ to mandates including data-heavy transactions and digital platform developments. Kirsten Bowe is a notable team member in Brisbane, specialising in strategic commercial transactions and advisory work involving emerging technologies, and Kendra Fouracre in Melbourne is also recommended.

Practice head(s):

Cheng Lim; Patrick Gunning

Other key lawyers:

Michael Swinson; Kirsten Bowe; Kendra Fouracre


The team has experienced and trusted advisers of a high calibre.’ 

Michael Swinson provides timely and practical advice. Truly a trusted adviser who brings a wealth of knowledge and experience to matters and assists in finding practical risk based solutions.’ 

‘The KWM data, privacy and cyber team are thought leaders with extensive experience, and also deep domestic and international knowledge. They are practical, commercial, reliable and easy to work with. Their passion for the subject always comes through. This is an exceptionally high-quality team at every level – from partner to junior lawyers.’ 

Key clients



7 Eleven

National Australia Bank

World Bank

Meta (Facebook)

Commonwealth Bank of Australia



RP Data



Latitude Financial Services

Work highlights

  • Advised Latitude Financial Services on one of Australia’s largest and most significant data breaches.
  • Advising Medibank on all aspects of its response to a cybercrime incident in which a malicious threat actor stole and released sensitive information on the dark web concerning current and former Medibank customers.
  • Provided strategic advice and managed a team to provide a comprehensive cross-regional review of privacy and data protection laws as they may apply to Meta’s products and services.

Baker McKenzie

Lauded for its ‘in-depth knowledge and experience in handling a wide range of matters‘, Baker McKenzie‘s data offering spans crisis management advice, compliance and regulatory work, and data-rich transactional mandates. Anne-Marie Allgrove and Adrian Lawrence lead the team, both in Sydney. Allgrove is recommended for her ‘ability to distil complex matters’ and is a leader in the firm’s global cybersecurity initiative; she has extensive experience regarding consumer data rights. Lawrence specialises in data-heavy commercial matters, and leads the firm’s global digital transformation initiative. In Sydney, Anne Petterd‘s practice focuses on navigating data issues for new product offerings, for clients ranging from start-ups to global companies.

Practice head(s):

Anne-Marie Allgrove; Adrian Lawrence

Other key lawyers:

Anne Petterd; Toby Patten; Caitlin Whale


‘This team is very experienced and knowledgeable on data protection and cyber security matters. They have in-depth knowledge and experience in handling a wide range of matters in this practice area. They also have the advantage of being able to draw on the expertise and resources of their global network of other Baker McKenzie offices, as well as their trusted advisers in the jurisdictions in which they do not have their own offices.’

‘Anne-Marie Allgrove is excellent to work with – she has the ability to distil complex matters into manageable components and to deliver solutions in a clear and concise manner.’

‘Both Anne Petterd and Adrian Lawrence are also both excellent to deal with and provide clear and timely advice.’

Bird & Bird

The privacy and data protection team at Bird & Bird is ‘unique because it has excellent global reach and expertise’: working as part of an integrated global practice, it tracks international precedents to best support clients within Australia’s changing regulatory environment. The ‘very knowledgeable’ Sophie Dawson co-leads the team from Sydney, advising major companies on privacy law reform and providing strategic privacy advice. Also in Sydney, Hamish Fraser co-leads the team with notable experience in providing data breach advice to global platforms and cloud providers. Privacy compliance is an area of strength for Sydney partner Julie Cheeseman, who works with clients from a range of industries encompassing the media, technology, retail and consumer sectors, among others.

Practice head(s):

Sophie Dawson; Hamish Fraser

Other key lawyers:

Julie Cheeseman


‘Sophie Dawson is excellent – completely across a rapidly changing area of law and practice.’

‘Bird & Bird’s practice is unique because it has excellent global reach and expertise, especially in the technology, media and telecommunications space. Their data protection and cyber security practice, in particular, bats very deep.’

‘They have multiple very senior, capable and experienced partners who include privacy and cyber within their expertise, as well as a team of well respected senior and junior lawyers who are all very capable in this space.’

‘Sophie Dawson is very knowledgeable and provides practical advice and insights.’

‘All round in-depth knowledge of data privacy, data protection and cybersecurity laws.’

Key clients

National Roads and Motorists Association


TPG Telecom

Work highlights

  • Advising several clients with instructions in relation to highly sensitive and time critical matters arising out of three of Australia’s recent large-scale data breaches: Medicare, Optus and Latitude.
  • Advising several clients with important privacy compliance work. This work has included advice on the application of Australian privacy and other relevant laws to complex novel technologies.

Clyde & Co LLP

John Moran in Sydney, leads the cyber and digital practice at Clyde & Co LLP, which is praised as a team of ‘experienced lawyers with a deep understanding of privacy issues’. Moran specialises in advising corporates experiencing cyber crises, from cyber readiness advice to incident response planning and recovery work, including regulatory investigations. The team also advises on data frameworks and strategies for new and innovative projects, and has notable strength in multi-party data breaches. Working across Sydney and Auckland, Richard Berkahn advises clients across the APAC region.

Practice head(s):

John Moran

Other key lawyers:

Richard Berkahn; Anthony Cooke; Reece Corbett-Wilkins; Alec Christie; Andrea Mitchell; Iris Rad


‘The team is very easy to work with. They demonstrate genuine interest. They have the technical expertise, but also know how to be practical and pragmatic. Alex Christie and John Moran are stand outs for these reasons.’

‘Clyde & Co have been able to show a leading capability when it comes to Cyber security response planning and preparation. The team has incident response knowledge and has been able to connect us with other experts in this field where required.’

‘Experienced lawyers with a deep understanding of privacy issues, with specialised expertise in privacy meaning they have the unique ability to provide deep, focused and specialised services. This specialisation means they are across all the latest developments and provide high-quality advice.’

Key clients

Australian Catholic University

Adelaide Airport


Carnival Corporation & plc



Department of Home Affairs/National Emergency Management Agency (NEMA)

Downer Group Limited

Dubai Department of Economy and Tourism

EML Payments

I-MED Radiology Network

Liberty Specialty Markets


Microsoft Corporation

New Zealand Post



ScotPac Business Finance


Uniting NSW


Virgin Australia



Work highlights

  • Advised Department of Home Affairs on a review of its regulatory and governance options available for ensuring the implementation, maintenance and enforcement of economy-wide baseline cyber security technical requirements.
  • Conducted a tailored ransomware simulation for Adelaide Airport Limited in preparation for a potential ransomware attack.
  • Advised Westpac Banking Corporation on its global privacy policy uplift program.

DLA Piper

Data sustainability is the focus for the team at DLA Piper, advising clients on strategic planning, reputation management issues and commercial opportunities as they relate to data. Tim Lyons leads the team, advising international clients on Australia privacy law from Melbourne, including those which regard the offshoring of personal information and compliance requirements. Cross-border data transfers are another area of expertise for the team. Also in Melbourne, special counsel Sarah Birkett advises clients from start-ups to international companies on Australian privacy law, including complex data storage and transfer arrangements.

Practice head(s):

Tim Lyons

Other key lawyers:

Claire Kermond; Nicholas Boyle; Sarah Birkett


‘Strong pragmatic advice delivered by Tim Lyons in a positive and calming manner.’

‘Tim Lyons’ extensive practical experience combined with his ability to quickly identify what advice would be most relevant (and how best to deliver it) makes him a trusted and valuable adviser to our business.’

Key clients

Thales Australia Limited

Levi Strauss & Co

Stripe Payments Europe Limited

Standard Chartered Bank

Spring Care, Inc.


Four Seasons Hotels

Australian Financial Complaints Authority

Endeavour Energy

Worley Limited

Victoria Police



Work highlights

  • Providing advice to Thales Australia in relation to a wide variety of privacy issues including: data protection training; updating internal and external privacy policies; assisting with the collation of data processing records; advising on the legal framework for use of personal information; and advising on GDPR.
  • Undertaking a review of Levi Strauss’ privacy and data handling practices, policies and procedures in Australia, Singapore, New Zealand, Thailand, Japan and China as part of wider project to review its privacy arrangements across the globe.
  • Advising Stripe on a range of data protection compliance matters, including Stripe’s approach to direct marketing consents across Australia, Singapore, Japan, Malaysia, Hong Kong, New Zealand, Canada, Mexico, Brazil, Switzerland, and UAE.


Maddocks‘ cyber and data resilience team acts for clients ranging from international blue-chip companies to local government departments, providing advice on GDPR compliance, complex data breaches, social media issues and data transfer agreements. The team is co-led by Brendan Tomlinson and Sonia Sharma in Sydney, Katherine Armytage in Canberra, and Robert Gregory in Melbourne. Tomlinson primarily advises on IT transactions, while Sharma specialises in end-to-end data and privacy management issues and privacy governance. Armytage brings information law expertise to data protection issues, including advising on the application of privacy regulation for a number of public sector clients, and Gregory advises international government and corporate clients across the education, energy and financial services sectors.

Practice head(s):

Brendan Tomlinson; Sonia Sharma; Katherine Armytage; Robert Gregory

Other key lawyers:

Patrick Collins; Anthony Willis


‘The team listen to what is required and ensure their delivery meets the needs of their customers. They work diligently and endeavour to meet timelines provided – even if these are very short. The team are approachable and professional.’

‘Patrick Collins and Anthony Willis are determined to meet and exceed the needs of their customers.’

‘The Data Protection and Cyber Security practice took it upon themselves to develop a clear understanding of our business, commercial goals, requirements of our executives and external stakeholders and to explain how their practice can assist our business. The practice always provides up to date, commercially astute legal advice that supports our business needs and allows us to clearly understand risks and how we can either mitigate or manage those risks.’

Key clients




Sydney Airport

Deutsche Bank


Aristocrat Technologies



Greencross (Petbarn)


Melbourne City Mission

South East Water

City of Monash

Department of Health

Digital Transformation Agency

Department of Defence

Swinburne University of Technology

HMD Global (Nokia)

Camp Australia

Department of Health and Ageing

Department of Social Services

Services Australia

Department of Home Affairs

Department of Education

Department of Employment and Workplace Relations

Australian Bureau of Statistics

Office of National Data Commissioner

NSW Department of Customer Service

Cancer Institute

NSW Health

Transport for NSW

Iberdrola Australia Limited

Essential Energy

Federation University

Work highlights

  • Advising Aristocrat Technologies on the privacy, data and cyber aspects of the development of a digital wallet functionality for digital payment purposes.
  • Advising Deutsche Bank on its data protection, privacy compliance and technology matters for the Australian branch of the global banking institution.
  • Advising the Department of Employment and Workplace Relations on privacy advice and conducted PIAs for the Workforce Australia Program.

Hall & Wilcox

Hall & Wilcox‘s cyber team advises on the whole life cycle of a cyber claim, from triaging incidents to managing forensic investigations and post-incident advisory services. The team is co-led by Eden Winokur and John Gray in Sydney, and Alison Baker in Melbourne. Baker has experience with both GDPR and the Privacy Act 1988 issues; Gray specialises in commercial transactions in the cyber field; and Winokur’s practice spans cyber, privacy, dispute and insurance matters, within Australia and internationally. Clients range from large commercial bodies to healthcare providers; the latter is a specialism of Sydney-based Alison Choy Flannigan.

Practice head(s):

Eden Winokur; Alison Baker; John Gray

Other key lawyers:

Alison Choy Flannigan


‘The team’s expertise was evident from our very first meeting, and the advice they gave us ensured the best possible outcome in a very difficult situation.’

The team’s advice always had the best interests of those impacted by the cyber attack at its core, while ensuring the risks to our business were mitigated as much as possible.’

‘There are few firms at the forefront of the explosion of issues surrounding cyber protection, cyber insurance and changes to the privacy landscape. Hall & Wilcox have been able to provide sound and timely advice consistently, whilst understanding our business needs and proactively sending advice/bulletins to help us keep ahead.’

‘Eden Winokur and his team have provided excellent written and verbal advice making a very complicated area of the law easy to navigate with practical commercial steps. Eden’s cyber and insurance expertise combined with specialist privacy associates have been invaluable to our organisation.’

Key clients

NSW Department of Customer Services

Australian New Zealand Gynaecological and Oncology Group (ANZGOG)

Surgery TV

Anywhere Physio

Work highlights

  • Acting for the NSW Department of Customer Service on all legal aspects of the NSW Government’s Life Journeys program.
  • Advising Australia New Zealand Gynaecological and Oncology Group (ANZGOG) on the legal and regulatory requirements concerning the creation of the largest Biobank in Australia for gynaecological and oncology research, referred to as the TR-ANZGOG project.
  • Advised Surgery TV on its video platform, including health regulatory issues, the use, collection and distribution of health information, and obtaining clinical consent by patients.

McCullough Robertson

The McCullough Robertson team ‘thrives because it “gets” tech and telecoms’, offering ‘smart and pragmatic advice’ to its clients, which range from state and local government entities to international corporates. Alex Hutchens and Matthew McMillan co-lead the team from Sydney. Hutchens is ‘responsive, pragmatic, and great to work with’, while McMillan advises on a range of matters involving the protection and commercialisation of data, including the management of cyber risk issues.

Practice head(s):

Alex Hutchens; Matthew McMillan


‘This team thrives because it “gets” tech and telecoms. As genuine players in cyber and privacy, they’ve seen the issues before and, importantly, seen what others do and how others act. This makes for a proactive team offering smart and pragmatic advice – stellar and recommended for anyone asking for Australian counsel.’

‘Alex Hutchens is responsive, pragmatic and great to work with. His understanding of the market and international technology and data use is impressive. ’

‘The team brings a practical and commercial lens to their advice that is tailored to the business needs of the client.’

Key clients

Meandu Australia Pty Ltd (me&u)

Kimberly-Clark Australia Pty Limited

Work highlights

  • Advised me&u on a range of data protection, consumer protection and commercial contracting issues across Australia, the UK and the US, as well as regulatory advice on financial services licensing and trade mark registrations.
  • Advised Kimberly-Clark on privacy issues, both current and expected changes in privacy law relating to engaging with consumers via marketing and advertising, as well as privacy and data considerations.

Norton Rose Fulbright

Anna Gamvros leads the information governance, privacy and cybersecurity team at Norton Rose Fulbright from Brisbane and is praised as ‘an experienced and seasoned lawyer’. The team advises clients on compliance obligations, data transfers, and response strategies for adverse cyber incidents. Ross Phillipson is commended for his knowledge of global privacy requirements; based in Perth, he specialises in critical infrastructure reforms and operational resilience issues.

Practice head(s):

Anna Gamvros

Other key lawyers:

Ross Phillipson; Rajaee Rouhani


‘Norton Rose Fulbright provide a great mix of professional expertise across legal and technical matters within their practice. They bring together an outstanding team who have the capability to prepare advice, undertake detailed technical audits, risk management, and educate the client on a range of critical functions and industry reforms.’

‘Rajaee Rouhani and Ross Phillipson are approachable, have global experience, are responsive to our needs, provide flexibility to meet our timeframes, and are very engaging personalities who are supportive and understanding.’

‘Deep commercial knowledge from working with a range of different clients. Empathy regarding limited client resources and a can-do attitude to resolving complex commercial and operational challenges.’

Key clients

Vodafone Group






Department of Environment, Land, Water and Planning


TPG Telecom Group

Workday Australia


World Wide Fund for Nature (WWF)

Australian Competition and Consumer Commission


Piper Alderman

Tim Clark and Andrea Beatty lead the privacy and data protection team at Piper Alderman, from Melbourne and Sydney respectively. With expertise in areas including spam legislation as it applies to marketing activities and workplace surveillance, the team represents clients within Australia and internationally, supported by overseas associates. Notably, it has particular experience assisting clients setting up overseas businesses with understanding foreign data laws, including EU GDPR and the UK’s Data Protection Act. Beatty acts for a range of financial services clients and Clark has extensive intellectual property protection experience.

Practice head(s):

Tim Clark; Andrea Beatty

Other key lawyers:

Craig Subocz; Michael Bacina


‘Piper Alderman are responsive, able to shift work across team members based on specific skill sets and areas of expertise, and are willing to understand a company so that they can provide the most appropriate advice.’

‘Tim Clark and his team were very responsive, delivered on time, and also responded to specific feedback and scenarios in order to tailor the advice.’

‘Piper Alderman assisted us greatly with a privacy breach situation, providing timely and clear advice, and guiding us through the necessary response steps – providing a holistic solution.’

‘Collaborative and proactive matter management.’

‘Working with the practice is always easy and engaging. There’s a great team spirit and ‘can do’ attitude.’

Key clients


Epi-Minder Pty Ltd

Perx Health


Web3 Security Alliance / A16Z Crypto

Work highlights

  • Advised and assisted Web3 Security Alliance/A16Z Crypto on a number of complex legal issues, including financial services regulations, anti-money laundering and sanctions laws, cyber crime and data issues, and the legal status of decentralised autonomous organisations (DAOs).
  • Provided advice on the update of Epi-Minder’s privacy policy to reflect its current level of activities, and create a baseline on which the company could build as its activities increased in scale and spread.
  • Advised Caesarstone in relation to the Australian law requirements for its Terms of Use document and its Privacy Policy.

Colin Biggers & Paisley

Colin Biggers & Paisley‘s digital governance team is led by Katherine Jones in Sydney, and Morgan Lane in Melbourne, acting across data governance, privacy and risk management, enforcement, and recovery mandates. Jones brings large-scale litigation experience to cyber breach work, while Lane advises on data management and protection issues for a variety of clients ranging from established corporates to start-ups and individuals. The team supports clients to prepare business continuity, disaster recovery and cyber security plans, alongside data collection policies.

Practice head(s):

Katherine Jones; Morgan Lane

Other key lawyers:

Michael Nurse

Key clients

Tokio Marine Kiln Cyber

Young Mens Christian Association of Sydney


The Scots College


Arctic Wolf

OMC International

Contact Harald

Work highlights

  • Managing the Lawcover Cyber Breach Hotline, advising on over 500 data breaches since inception.
  • Advising the YMCA on a payroll data breach impacting over 4000 employees.
  • Advising Hartman on the implications of its exposure to a supplier’s data breach.


Melbourne-based Robyn Chatwood and Matthew Hennessy co-lead the data protection and cybersecurity offering at Dentons alongside Ben Allen in Sydney. The team offers a range of support from advice on regulatory issues to litigation services, partnering with the firm’s global and regional teams. Chatwood works with clients in the financial services, media and retail industries to mitigate the reputational risk of data breaches, while Hennessy and Allen advise both public and private sector clients on a range of cybersecurity issues, working closely with the white collar and government investigations team, which is also led by Allen.

Practice head(s):

Ben Allen; Robyn Chatwood; Matthew Hennessy


‘Great response time under stressful conditions. Practical advice and great connections with companies that can add value in a data breach situation.’

‘Ben Allen is always cool, calm, and collected under pressure. He sets a strategy and follows through. Very responsive.’

Key clients

Avis Budget Group

Watches of Switzerland

Rapid Response Revival Research Limited

Work highlights

  • Advising Avis Budget Group on its global privacy and related cyber-security matters.
  • Advised Watches of Switzerland on anti-money laundering laws and implications for privacy/cybersecurity arising from customer relationship management and database management strategies.

KPMG Law in Australia

KPMG Law in Australia‘s cyber, privacy and digital data law team is praised for its ‘wide range of expertise‘, supporting a range of private and public sector clients in developing incident response plans, managing policy reform and ensuring regulatory compliance. Veronica Scott leads the team from Melbourne, bringing experience in privacy, information security, and data ethics to clients across a range of industry sectors including the education, healthcare, mining and technology industries.

Practice head(s):

Veronica Scott

Other key lawyers:

James Arnott; Leah Mooney


‘Great people with a wide range of expertise.’

‘Veronica Scott is excellent.’

‘A ‘whole team’ approach to supporting the assessment of a cyber incident along with relevant legal expertise to advice on both regulatory obligations and other stakeholder responses.’

‘Veronica Scott and the team worked together to provide seamless support – we never felt that their were any gaps in responsibility, who was doing what, when etc.’

Key clients


MMG Limited

Epilepsy Foundation

Adventist HealthCare Ltd

Bega Cheese

Monash University

Medibank Private

Department of Treasury

Global EverGreening Alliance

Telecommunications Industry Ombudsman

Work highlights

  • Retained to provide expert legal services to EnergyAustralia across its technology and cyber agenda which impacts on all areas of the business – valued in excess of A$1bn.
  • Advised MMG on a multi-jurisdictional Digital Roadmap project which impacted on the entire MMG Ltd business with an operating income of circa A$3bn plus.
  • Advised Medibank’s Privacy and Data Protection legal team since 2019, supporting all aspects of the business to embed privacy, cyber and data protection and provided key secondment support to the Privacy and Data Protection Legal team.

Wotton + Kearney

Kieran Doyle heads up the cyber, privacy and data security team at Wotton + Kearney from Sydney; he is ‘a leading cyber coverage lawyer’ who works across multiple jurisdictions on a range of cyber incident response matters. The team has a dedicated cyber incident hotline and particular experience using AI tools to support clients. Alongside incident response work, the team provides privacy advice, including in regards to regulatory investigations.

Practice head(s):

Kieran Doyle

Other key lawyers:

Nicole Gabryk


‘Kieran Doyle is approachable and is seen as a leading cyber coverage lawyer in our market.’

‘Up to speed on legal developments, fast to respond, with bench depth on team that allows them to handle multiple matters at once. These are professionals you want to work with.’

‘The data protection and cyber security team at Wotton+Kearney are leaders in the field. What truly sets them apart is their ability to explain complex concepts to their clients, putting them at ease at what can be an overwhelming time. Coupled with this, the team have excellent technical understanding in addition to their legal expertise.’

‘Kieran Doyle heads the practice, and goes beyond just providing legal advice.’

‘The team at Wotton + Kearney are incredibly supportive during substantial and major incidents.’

‘Lead partner Kieran Doyle is amazing, no answer was unexplained.’