Profile

For more than 20 years, Leah has provided legal, regulatory, governance, risk and compliance services to insurer, corporate and government entities. She is best known for helping clients to understand data privacy, cyber security and technology risk and compliance, with a particular focus on responding to complex data breaches, security of critical infrastructure, countering foreign interference, and high-risk AI technologies.

Leah has advised clients on the strategic management of legal and regulatory issues arising from major privacy and cyber security incidents. She has provided advice throughout the entire cyber insurance lifecycle including cyber insurance policy development, coverage advice, breach coaching, responding to ransom demands, privacy compliance, regulatory investigations and enforcement actions.

Leah has a keen interest in the evolution of privacy, cyber and technology laws in Australia, having contributed to a significant volume of publications on these issues. She is an active industry committee member and regularly presents at industry conferences and events, including the Australian Information Security Association’s CyberCon and AUSCERT’s annual conference.

Leah is qualified in Australia, England and Wales

Experience

Cyber Insurance

  • Advising a health care provider on navigating a complex cyber insurance coverage claim in the aftermath of a significant denial of service attack impacting a range of health care services and causing significant business interruption.

Cyber Incident Response

  • Advising an e-commerce provider on regulatory enforcement action in the aftermath of a data breach occurring during a large data migration project.
  • Advising a high-end retailer on ransomware negotiations and legal reporting obligations following a ransomware event.

Privacy

  • Conducting a privacy gap analysis and maturity assessment for a major beauty retailer and developing an implementation plan to support its global expansion plans.
  • Providing a privacy impact assessment for a Commonwealth government agency on complex national security considerations.

Countering Foreign Interference

  • Developing and implementing a framework for managing countering foreign interference risks for a university.

Security of Critical Infrastructure

  • Developing a governance framework for a major energy retailer to support compliance with protected information obligations under security of critical infrastructure laws.
  • Conducting an internal audit for an airport operator to support compliance with transport security reforms.
Areas of Expertise
  • Cyber and Technology Risks
  • Professional Liability
  • Cyber, Data and Technology
  • Directors and Officers Liability
  • eDiscovery
  • Fidelity and Crime
  • Technology Liability

Industry Representation
  • Aviation
  • Construction and Infrastructure
  • Education
  • Energy, Mining and Power
  • Financial Institutions and Services
  • Healthcare and Life Sciences
  • Professions and Business Services
  • Retail and Labour Hire
  • Public Sector
  • Technology and Cyber

Professional Affiliations
  • Queensland Law Society (Member – Privacy, Data and Intellectual Property Committee) (Member – GenAI: Courts and Dispute Resolution Advisory Group)
  • Australian Society for Computers & Law (National Privacy Lead)