Full Profile
Stefanie is a Partner specialising in cyber incident response, data protection, IT liability matters and data breach regulatory investigations.
She regularly works on domestic and international cyber claims involving complex cyber incidents, regulatory issues, mandatory notification laws, misdirected funds and recovery actions against third parties.
She has acted as breach coach, privacy counsel and coverage counsel in a range of cyber incidents including high profile data breaches, ransomware incidents, business email compromise events and fraud related incidents. She regularly provides advice to affected organisations across all industries in respect of their breach response strategy, notification requirements as well as their compliance with the Australian Privacy Principles.
More broadly, her practice includes advising organisations in respect of complex regulatory investigations arising from a cyber incident and defending litigated and non-litigated claims that might arise. She has acted for a range of professionals, financial services firms and technology companies and has advised insurers on complex coverage issues. She has appeared in the Federal Court, the District and Supreme Courts of Queensland and the Queensland Civil & Administrative Tribunal.
Stefanie regularly presents at industry events including national cyber security conferences and insurance seminars (AusCERT, CyberCon, Australian Women In Security and AILA) in relation to data security matters and the legal and regulatory landscape for cyber risk. She was a co-chapter lead for the Australian Women in Security Network (Queensland) for several years as well as a committee member for the Queensland Law Society – Data and Privacy Law Committee.
Experience
- Incident response: Advising various organisations across all industries with respect to their incident response strategy and legal and regulatory obligations arising under the Privacy Act 1988 (Cth) and other state-based privacy legislation following unauthorised access to or disclosure of personal information.
- Recovery actions: Advising organisations impacted by cyber incidents in relation to their recovery rights against third parties including those responsible for security failures and/or misdirected funds, and pursuing and defending both litigated and non-litigated claims.
- Insurance coverage: Advising insurers in relation to first and third party losses arising under a cyber insurance policy and key coverage issues.
- Policy construction: Advising insurers in relation to silent cyber exposures and compliance with certain provisions under Insurance Contracts Act 1984 (Cth).
