Connect with meStefanie specialises in cyber and data security law and is a member of WK’s Australian cyber incident response team. She advises on a broad range of cyber incidents, assisting with data breach investigations and preparing notifications to the OAIC and affected individuals.
She also specialises in privacy law, which she applies to guiding insureds through cyber events, including those with significant multiparty and/or multi-jurisdictional impacts, necessitating a broad understanding of local and international privacy legislation and data protection regulation.
Stefanie acts for corporate clients across the hospitality, financial services, and health sectors, advising on incident response management, regulatory notification obligations, and incident response strategy.
She brings a commercially focused approach to breach response, coordinating IT forensics teams, managing large-scale notification campaigns, and delivering practical advice that balances regulatory compliance with operational priorities.
- Acting as incident response manager and privacy counsel across a significant number of cyber matters for Australian SMEs in the hospitality and financial services, involving ransomware, phishing, and social engineering incidents. Coordinating IT forensics, providing privacy advice, and preparing submissions to the OAIC to achieve timely regulatory compliance.
- Managing a large-scale personally identifiable information (PII) review of company systems and folders in connection with a ransomware incident affecting an Australian subsidiary of a global testing company.
- Advising corporate clients on compliance with the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and data breach notification obligations under the Notifiable Data Breaches (NDB) scheme, including reviewing third-party contracts to ensure contractual reporting obligations are met.
- Assisting corporate clients with preparing and implementing comprehensive incident response plans and record retention policies to strengthen organisational breach readiness.
- Reviewing and drafting privacy policies, data governance frameworks, and enterprise technology agreements to ensure regulatory compliance and alignment with clients’ commercial priorities.
- Cyber and Technology Risks
- Cyber, Data and Technology
- Technology and Cyber