About Katherine

Katherine provides high quality commercial law and privacy services for Australian Government clients. She advises on major procurement and funding agreement programs, particularly in the health, immigration and communications sectors. She also has a strong interest and practice in information law, particularly in the areas of privacy and data sharing and protection.


  • Department of Health

    Led the team which undertook an urgent privacy impact assessment (PIA) for the development and deployment of the COVIDSafe App for the Department of Health. The Australian Government wanted the COVIDSafe app to be downloaded by as many Australians as possible to help fast-track the road to recovery, but was concerned that many Australians may be reluctant to do so given previous privacy and security concerns associated with the collection of personal information by the Australian Government. Katherine and the Maddocks team undertook a comprehensive analysis of the COVIDSafe App against our client’s obligations specified in the Privacy Act 1988 (including the Australian Privacy Principles). We took a very pragmatic and practical approach, working collaboratively with other stakeholders and their legal and privacy advisers. We identified 19 areas where further work would improve the privacy protections for individuals, and almost all of our recommendations were adopted by the client in full, which assisted in assuring the Australian public that the Government had appropriately considered and addressed the privacy risks associated with the COVIDSafe App.

  • Department of the Treasury

    Katherine led our team conducting an independent privacy impact assessment (PIA) of the Consumer Data Right (CDR) regime, which is being implemented by the Department of the Treasury, together with the Australian Competition and Consumer Commission as the proposed regulator, the Office of the Australian Information Commissioner and the interim Standards Body (and its technical adviser Data61). We analysed the information flows concerned, and conducted a detailed stakeholder consultation process due to the nature and complexity of the proposed regime. The project involved us consulting closely with the agency stakeholders, as well as with broader stakeholders who will be affected by, and interested in, the CDR regime. We delivered our PIA report with high quality analysis and recommendations within an extremely tight timeframe required by the client for completion of this significant PIA.

  • Department of Education, Skills and Employment

    Katherine undertook a complex privacy impact assessment (PIA) on the proposed implementation of new legislation and associated ICT systems, which were designed to ensure simpler and easier provision of student information to the Commonwealth by various tertiary institutions, for subsequent use by numerous Commonwealth entities for their legislative functions. The PIA involved detailed consideration of information sharing arrangements between the participating entities, complex information flows, and alignment of data handling roles and responsibilities. Katherine is continuing to provide subsequent advice about the implementation of this project, including in relation to the data sharing protocols between various Commonwealth agencies using the ICT systems to access the relevant data.

  • National Disability Insurance Agency

    Katherine is working with the NDIA as legal adviser for the establishment of a range of services panels, which are urgently required for the NDIA to ensure efficient and effective operation of the NDIS scheme. These include procurements for accessible communications and for the conduct of independent assessments to assist the NDIA in its decision making processes to reflect new legislative requirements. We have assisted the NDIA with its planning and documentation of the relevant procurements in very tight timeframes, working closely with the probity adviser, to ensure clear and consistent documentation with appropriate contractual mechanisms and protections.

  • Murray Darling Basin Authority

    Katherine has helped many Commonwealth agencies prepare for a data breach involving personal information, and then to manage data breaches in accordance with the agency’s plans. For example, Katherine recently led a team to conduct an independent assessment for the Murray Darling Basin Authority of a potential data breach involving unintended disclosure of personal information. We urgently reviewed all of the relevant material, considered the circumstances, and provided independent advice to assist the decision-maker in accordance with agency’s Data Breach Response Plan.

Online Access