Zoe is a Special Counsel in HWLE’s Corporate & Commercial team specialising in privacy, cyber security and incident response. She advises insurers, government agencies and private sector organisations on managing privacy and cyber risks – from prevention and readiness to response and recovery.
Her expertise spans the incident response cycle, from immediate containment to resolution of third-party claims and regulatory investigations. Zoe regularly co-ordinates the response to large, multi-party cyber incidents, guiding clients through complex events while managing exposure, compliance and stakeholder engagement.
She provides advice on risk mitigation, including cyber risk management, regulatory compliance, governance, directors’ duties, incident readiness and cyber insurance. Zoe also assists with privacy complaints and claims, including matters before the OAIC and state or territory privacy regulators.
Expertise
Experience
- a client management system provider Advising in a large scale data exfiltration incident involving personal information of vulnerable individuals posted on deep web forum, including advising on data breach regulatory obligations, engaging with corporate and government clients, PR/media management.
- a credit union Advising on regulatory obligations arising out of a data breach, including on AFSL and CL reporting obligations to ASIC, reporting obligations to APRA and privacy notifications to the OAIC and affected individuals.
- a large national law firm Advising on incident response plan framework, adequacy of cyber insurance coverage and ransom payment considerations.
- a state government agency following a large scale data breach, advising on requests for access to personal information under privacy legislation, and complaints and claims for compensation by aggrieved individuals.
- a managed services provider Advising on applicability of reforms to the Privacy Act 1988 (Cth) and implementation plan for key action items.
- a not-for-profit organisation Advising on its compliance with the Privacy Act 1988 (Cth) and developing its privacy policy and collection notices.
- an insurer Advising on its compliance with the Privacy Act 1988 (Cth) and developing internal policies for management of privacy related requests from individuals.
- various entities including insurers, health practitioners and professional service firms Advising on OAIC complaints and conciliations involving privacy complaints.
