Phillip is a cybersecurity, technology and privacy lawyer with more than 20 years of combined experience in cyber law, cybercrime, digital forensics and cyber security.
He has advised some of Australia’s and the world’s largest companies (including technology giants) on data protection, cyber resilience, privacy, contractual and regulatory compliance, telecommunications law and technology-related transactions. Phillip has a unique combination of legal, cyber, regulatory and investigative expertise. His experience includes 18 years as an Australian Federal Police officer (specialising in digital forensics and cybercrime), and as a Senior Manager in Markets Enforcement at ASIC. He was also an Adjunct Professor at Deakin University’s Centre for Cyber Security and Innovation. Phillip is part of the firm’s Cybersecurity, Privacy & Technology practice, and also works with our Board Advisory & Governance team to help clients and their boards manage cyber risk.
Acted for various international and ASX-listed companies in relation to significant data breach matters, including ransomware, nation-state and insider attacks. Assisted with incident response, drafting communications, law enforcement engagement, regulatory compliance and engagement, breached data review, board advisory, and managing third-party claims.
Privacy counsel for three Australian companies subject to Commissioner Initiated Investigations.
Assisted various national and multi-national clients with the development of cyber and privacy frameworks, management and board-level incident response plans, cyber due diligence, contractual review, and cyber education and training.
Developed and delivered multiple cyber simulation exercises for crisis management teams and boards in the energy, health, mining, retail, financial and hospitality sectors. This included facilitating a cyber exercise for a multi-national hospitality provider in Singapore.
Trusted adviser to clients bound by critical infrastructure regulation, including advising on regulatory compliance and risk management planning. This included clients in the energy, transport, food and grocery, education and health sectors as well as one of the big Four Australian Banks.
Led ASIC’s litigation against RI Advice Group Pty Ltd. The proceedings involved a financial service licensee’s obligation to implement adequate cybersecurity and cyber resilience risk management controls.