Deidre is a highly experienced commercial and administrative lawyer specialising in privacy/data protection/cyber law and information and corporate governance, as well as occupational and business regulation, acting for clients across the private, public and not-for-profit sectors. She has wide industry experience including financial and other professional services, healthcare, publishing, retail, education and childcare. Deidre has advised and acted for Federal and Victorian State Government entities and has deep insight into government strategy and policy.
Deidre understands client questions from a broader legal, practical and political risk-based perspective. She provides proactive advice relating to consumer protection and privacy obligations, compliance and privacy by design in ICT projects and CRM, strategies for protection of confidential information, lawful data access, transfers and sharing, data breach preparation, regulatory and legislative change and dispute resolution. She also supports clients to respond effectively to data breach incidents and complaints, and requests for access to information including by regulators.
Following several years in the corporate sector, including with the ASX and Thomson information publishing companies, for over a decade Deidre provided high-level, trusted legal advice and representation to the Victorian government, initially with the Victorian Government Solicitor’s Office, where she co-chaired the Technology and Data Protection practice group and acted for occupational and business regulators, then in-house with the Departments of Premier & Cabinet, Justice, and Education & Training.
During this time Deidre drafted key Victorian privacy and data protection legislation. She gave legal, strategic and operational guidance to a large Victorian government department in relation to reform of its internal data collection, storage, disclosure (sharing), and data handling/security arrangements, and negotiated information sharing agreements with government entities in other jurisdictions. She was the senior legal adviser for all aspects of establishment, implementation, and governance of a new Victorian statutory entity regulating the labour hire industry.
Immediately prior to joining Keypoint Law Melbourne in January 2021, Deidre ran her own privacy, information and governance consulting business, working with mainly non-government organisations to translate legislation, standards and contractual requirements into privacy, information and governance policies and practices that mitigate risk, such as compliant whistle-blower arrangements.
Expertise
Privacy
- international data transfers and data sharing
- PIAs and risk mitigation including re roll-out of digital platforms
- tailored privacy policies including re AI and machine learning
- privacy precedents and frameworks
- privacy law and related aspects of commercial contracts and workplace agreements
- privacy breach complaints and requests for access
- reputation management
- possible contravention of privacy and related consumer legislation eg do not call, and potential litigation, arbitration, mediation or conciliation
- emerging legislative and regulatory reform and policy eg children’s privacy, biometrics, IoT and personal devices
- privacy training and related capacity development
- external data protection officer or senior privacy director services
- neutral 3rd party privacy oversight in M&A or insolvency proceedings
Data protection and cybersecurity
- tailored data breach response plan
- all legal counsel services in the event of cyber incident including:
- advice on conduct of investigations to fulfill legal obligations and protect legal rights including preservation of LPP
- advice on mandatory notifications eg to OAIC, ASX and re ransom demands
- advice on communications with law enforcement, regulators and other interested stakeholders
- assisting with management of internal/external governance requirements in wake of cyber incident
- directors’ duties re data protection and cybersecurity.
Information governance, corporate governance
- FOI, statutory and other access requests or demands
- data retention and disposal requirements, policies and strategies
- information life cycle health checks
- whistleblower protection laws, policies and procedure
Occupational and professional regulation
- statutory interpretation for compliance with regulations governing specific professions or occupations
- assistance to develop and implement policies and procedures to ensure compliance with regulations
- licensing, permits and mutual recognition provisions
- advice to regulatory bodies in relation to practitioner disciplinary proceedings.
Experience
- Advised on the establishment of a new Victorian statutory authority, including guidance to new senior management on statutory interpretation, financial reporting requirements, delegations, ICT licence agreements and MOUs/information sharing agreements; drafted privacy policies and oversaw a PIA re the Authority’s ICT build.
- Drafted a Victorian government department’s suite of Data Governance Guidance and Protocols.
- As principal instructor, drafted Victoria’s key privacy/data protection legislation (the Privacy and Data Protection Act 2014) and Explanatory Memorandum, developed Guidelines published by the Commissioner and delivered whole of government seminars and training to introduce the legislation.
- Provided advice in relation to a new Victorian legislative scheme for child information sharing, various National and Victorian education projects and programs e.g. NAPLAN Online, and conducted or reviewed PIAs.
- Advised and/or represented government clients as either solicitor advocate (including ADR) or instructing solicitor in numerous significant privacy, FOI and other administrative law matters e.g.:
- Caripis v Victoria Police (Health and Privacy) [2012] VCAT 1472 (27 September 2012) (privacy/surveillance)
- Taylor v Victorian Institute of Teaching (Human Rights) [2013] VCAT 1290 (3 May 2013) (privacy)
- Hanes v Australian Health Practitioner Regulation Agency (Review and Regulation) [2013] VCAT 1270 (19 July 2013) (FOI)
- Pallas v Department of Premier and Cabinet (Review and Regulation) [2013] VCAT 877 (31 May 2013) (FOI)
- Advised a Commonwealth government Department on diverse privacy, confidentiality and FOI matters and drafted responses to the OAIC.
- Advised a multinational finance sector business on data transfers to Australia.
- Advised a small business on issues relating to deployment of facial recognition software
- Advised a registered training organisation on compliance with the Spam Act 2003.
- Conducted a PIA for an ICT build for a Victorian government Department.
Recognition
- Deidre was recently recognised by The Legal 500 for her extensive data protection and privacy expertise.
- Deidre holds Juris Doctor and Master of Arts qualifications from Monash University, and a Graduate Diploma in Media, Communications and Information Technology Law from the University of Melbourne.
- In September 2022, Deidre was appointed to the Editorial Board of LexisNexis’s ‘Privacy Law Bulletin.
- Throughout her career Deidre has served on diverse Boards and Committees. In 2016, Deidre was appointed a member of Victoria’s Public Records Advisory Council (State Archives), reappointed for a third term in 2022. Also in 2022, she was appointed to the Board of the East Wimmera Health Service and became an Approved Person for the Australian Health Practitioner Regulation Agency’s hearing panels. She is a Graduate of the Australian Institute of Company Directors, and a Fellow since 2001.
- Deidre is a member of the Law Institute of Victoria, ACC Australia and Women on Boards, and also serves as a mentor in the University of Melbourne JD program.
Career
| 2021-present | Keypoint Law | Consulting Principal |
| 2019-2020 | Privatus Consulting | Principal |
| 2018-2019 | Department of Premier and Cabinet, Victoria | Senior Legal Policy Adviser/in-house lawyer – Labour Hire Licensing Authority Implementation |
| 2015-2018 | Department of Education and Training, Victoria | Manager, Data Governance & Policy |
| 2009–2015 | Victorian Government Solicitor’s Office | Senior Solicitor/Co-Chair, Technology and Data Protection Practice Group |
| 2008-2009 | Associate to His Honour Judge Iain Ross AO (as he then was) |
| 2008 | Admitted to practise |
Deidre’s senior managerial roles prior to admission include:
| 2002-2004 | Chartered Secretaries Australia (Governance Institute)| Regional Manager Victoria & Tasmania |
| 1999-2001 | CPA Australia| National Manager, Learning Continuum |
| 1997-1999 | ASX: enterprise market| Operations Manager |
| 1993-1994 | Law Book Company (Thomson Legal and Regulatory)| Manager, The Laws of Australia encyclopedia |