Stefanie Luhrs
[Barry.Nilsson.]
Stefanie Luhrs is a solicitor specialising in cyber claims.

She has managed both small and large scale incidents for domestic and international insurers and their insureds. She has acted in a large number of incidents as coverage counsel, privacy counsel and/or breach coach involving high profile data breaches, ransomware, denial of service attacks and business email compromise incidents across a range of industries including healthcare, financial and professional services, hospitality, retail, insurance, real estate, government and technology.

More broadly, Stefanie’s experience includes defending litigated and non-litigated claims in complex multi-party financial and D&O disputes.

The Sea Change – How 2020 changed the data security and privacy risks landscape

Technical Level (3 being the highest score): 1

2020 has seen numerous developments that have changed the data security challenges and reputational and business interruption risks that organisations face due to cyber incidents. This sea change will cause organisations to face additional scrutiny and require them to further examine their data protection, incident response, triage and stakeholder processes.

The purpose of this presentation is to provide the audience with an understanding of the key risk, legal and regulatory developments that have occurred in this year, and to provide practical advice on how to address and navigate the sea change.

Some of the key developments this session will explore include:

a) Current penalties and enforcement actions being taken under the Privacy Act 1988 (Cth) and global legislation, as well as implications of the Office of the Australian Information Commissioner’s (OAIC) landmark case against Facebook;
b) Examining the increase in third party litigation and data breach class actions and the effect of the settlement of the first court run privacy class action in Australia;
c) Changes in the Federal Government’s policy settings including the impacts of the forthcoming 2020 Cyber Security Strategy, as well as the government’s announced commitment to enhance Australia’s Privacy Act 1988 (Cth) and adopt elements from global laws such as the EU’s General Data Protection Rules;
d) Emerging support and incident response requirements for organisations that experience significant data security events and managing the dramatic increase in ransomware events and extortion demands brought against domestic and global companies;
e) Responding to the significant rise in invoice and payment fraud or Business Email Compromise (BEC) attacks, the legal implications and practical steps organisations can take to enhance their prospects of recovering lost funds;
f) Other key developments to Australia’s legal and regulatory landscape including the introduction of the Consumer Data Right and APRA Prudential Standard CPS 234;
g) The emerging tension between workplace law and privacy rights, and the impact of social media on privacy. The presentation will address AusCERT’s conference themes of “Governance, Risk Management and compliance”, “Incident Response and Handling” and “Mandatory Breach Notification & Privacy”.

The aim of the presentation is to improve the audience’s understanding of the developments and significant changes to Australia’s data protection legal and regulatory environment and how this will impact organisations. Where possible it will provide practical examples and case studies drawn from both publically available and de-identified cases and guidance for mitigating legal, regulatory, financial and compliance risk.

Secure your place now!