Katherine has a vibrant practice in information law, particularly in the areas of privacy, and data governance, sharing and protection. She provides high-quality privacy advice for Australian Government clients, with particular experience in undertaking privacy impact assessments for projects involving new or charged ICT arrangements for handling personal information, new or changed legislation that may impact on privacy rights and obligations, and arrangements for sharing data between government and non-governmental bodies. Katherine also regularly provides training and conducts workshops on privacy issues for her Australian Government clients.
Katherine is recognised by The Legal 500 Asia Pacific 2023 guide for Data Protection, IT & Telecommunications.
Department of Employment and Workplace Relations
Katherine has a vibrant practice in information law, particularly in the areas of privacy, and data governance, sharing and protection. She provides high quality privacy advice for Australian Government clients, with particular experience in undertaking privacy impact assessments for projects involving new or charged ICT arrangements for handling personal information, new or changed legislation that may impact on privacy rights and obligations, and arrangements for sharing data between government and non-governmental bodies. Katherine also regularly provides training and conducts workshops on privacy issues for her Australian Government clients.
Office of the Nation Data Commissioner
Conducted a privacy impact assessment (PIA) in relation to the ONDC’s design and implementation of its Dataplace solution, which facilitates the sharing of data under the Data Availability and Transparency Act 2022 (Cth). We used an agile PIA methodology, which allowed the recommendations arising from our PIA process to be implemented in the design and build of the ICT solution as it occurred. This allowed demonstration of a ‘privacy by design’ approach to its new ICT system.
Department of Health
Katherine led the team which undertook an urgent privacy impact assessment (PIA) for the development and deployment of the COVIDSafe App for the Department of Health. The Australian Government wanted the COVIDSafe app to be downloaded by as many Australians as possible to help fast-track the road to recovery, but was concerned that many Australians may be reluctant to do so given previous privacy and security concerns associated with the collection of personal information by the Australian Government. Katherine and the Maddocks team undertook a comprehensive analysis of the COVIDSafe App against our client’s obligations specified in the Privacy Act 1988 (including the Australian Privacy Principles). We took a very pragmatic and practical approach, working collaboratively with other stakeholders and their legal and privacy advisers. We identified 19 areas where further work would improve the privacy protections for individuals, and almost all of our recommendations were adopted by the client in full, which assisted in assuring the Australian public that the Government had appropriately considered and addressed the privacy risks associated with the COVIDSafe App.
Department of the Treasury
Katherine led our team conducting an independent privacy impact assessment (PIA) of the Consumer Data Right (CDR) regime, being implemented by the Department of the Treasury, together with the Australian Competition and Consumer Commission as the proposed regulator, the Office of the Australian Information Commissioner and the interim Standards Body (and its technical adviser Data61). In an initial PIA, and several subsequent PIA update processes, we analysed the information flows concerned, and conducted a detailed stakeholder consultation process due to the nature and complexity of the proposed regime. The project involved us consulting closely with the agency stakeholders, as well as with broader stakeholders who will be affected by, and interested in, the CDR regime. We delivered our initial PIA report, and subsequent PIA update reports, with high quality analysis and recommendations within an extremely tight timeframe required by the client for completion of this significant PIA.
Data breach planning and management
Katherine has helped many Australian Government agencies prepare for a potential data breach involving unauthorised access, use, disclosure or loss of personal information, and then to manage data breaches in accordance with the agency’s plans. For example, Katherine has worked with the Murray Darling Basin Authority, Department of Social Services, Department of Employment and Workplace Relations, Austrade and Services Australia in relation to incidents, to determine legal obligations and practical steps to minimise any actual or potential impact upon affected individuals. In each case, we have urgently reviewed all of the relevant material, considered the circumstances, and provided independent advice to assist the decision-maker in accordance with agency’s Data Breach Response Plan.