Publications

Recent

​​​

• 2025 From assurance to insurance - a conversation on the insurability of generative AI, IAPP, April 2025

• 2025 Is your organisation's data governance capable of managing your technology risks?, secureGOV, March 2025

• 2025 Ready set go - Managing privacy risks amidst an evolving privacy regulatory regime, Cybercon, Canberra, March 2025

• 2025 Lessons from the Crowdstrike Falcon outage, Cybercon, Canberra, March 2025

• 2025 Managing privacy risks in an evolving regulatory regime, AISA NSW Chapter Meeting, Sydney, February 2025

• 2025 Australia stops use of facial recognition in a retail setting, Privacy Laws & Business International Report, February 2025

• 2024 Enabling cross border data transfers in a global economy, iappANZ Summit, Melbourne, November 2024

• 2024 Assurance to insurance: Strategic choices for generative AI risk governance, iappANZ Summit, Melbourne, November 2024

• 2024 Managing privacy risks: Privacy reform and what this means for cybersecurity professionals and business, Australian Women in Security Network, Gold Coast, October 2024

• 2024 What challenges will insurance providers face when covering generative AI risks? Financial Risk Day, Macquarie University, Sydney, October 2024

• 2024 Lessons from cyber insurance for the emerging generative AI insurance market ANZ Institute of Insurance and Finance, October 2024

• 2024 Personal data should be an asset on the balance sheet Privacy Laws & Business International Report, August p.24 

• 2024 Un-insurable generative AI harms: How can you respond to these risks?NSW Right to Information and Privacy Practitioners Network and Sydney Water, Privacy Awareness Week, Sydney May 2024

• 2024 What makes a great Privacy Impact Assessment?​, IAPP Knowledgenet, Perth April 2024 

​

Artificial intelligence, technology and change

​

• 2025 From assurance to insurance - a conversation on the insurability of generative AI, IAPP, April 2025

• ​2025 Is your organisation's data governance capable of managing your technology risks?​, secureGOV, March 2025

• 2025 Australia stops use of facial recognition in a retail setting, Privacy Laws & Business International Report, February 2025

• 2024 Assurance to insurance: Strategic choices for generative AI risk governance, iappANZ Summit, Melbourne, November 2024

• ​2024 What challenges will insurance providers face when covering generative AI risks? Financial Risk Day, Macquarie University, Sydney, October 2024

• ​2024 Lessons from cyber insurance for the emerging generative AI insurance market ANZ Institute of Insurance and Finance, October

• 2024 Un-insurable generative AI harms: How can you respond to these risks?NSW Right to Information and Privacy Practitioners Network and Sydney Water, Privacy Awareness Week, Sydney May 2024

• 2023 AI Policy Summit, closed sessions to discuss the challenges arising from the proposed developer-deployer distinction in AI regulation, Zurich November 2023

• 2023 ChatGPT and generative AI for business and cyber - Embrace or displace?, plenary panel at AISA's SydneySEC June 2023

• 2023 A journey to a career that didn't exist when I was at school, keynote presentation at It takes a spark STEM conference Gold Coast June 2023

• 2023 GPS 2023: AI opportunities for privacy professionals, International Association of Privacy Professionals April 2023

• 2022 What's her story?, Women in Security Magazine, Issue 11 Nov-Dec 2022 pp16-17

• 2021 Privacy by Design in AI

• 2020 Startup Daily's Eliot Hastie on Ausbiz interviews Annelies Moens on the Superstars of STEM program and privacy - 23 December 2020 at 10:25min into final episode for 2020

• 2020 Stranger times: When TikTok became a geopolitical football Australian Institute of International Affairs

• 2020 Privacy beyond data at the 11th iappANZ Summit TrustArc News and Insights

• 2020 NSW GIPA Access Request to PIA and related documents on mobile phone detection cameras

• 2019 Privacy as a public good at the 41st International Conference of Data Protection and Privacy Commissioners TrustArc News and Insights

• 2019 AI - what's the drama? Applying accountability to new tech (Presentation at the iappANZ Annual Summit, Sydney)

• 2019 Submission: Consultation on Artificial Intelligence, Australia's ethics framework - A discussion paper submitted to the Australian Department of Industry, Innovation and Science

• 2019 AI and accountability: What's the drama? (Presentation at the Telstra Enterprise Brilliant Connected Women Network, Sydney) 

• 2019 Creating a climate for change: The privacy conundrum Institute of Managers and Leaders, Australia | New Zealand

• 2019 Artificial intelligence and women Institute of Managers and Leaders, Australia | New Zealand International Women's Day (Keynote address and video, Sydney)

• 2018 Social climate change at the 40th Data Protection Commissioners’ conference Privacy Unbound Issue 87, p.32-34

• 2018 Algorithmic bias (Presentation at NSW Society for Computers & the Law, Sydney)

• 2017 Book review – Weapons of math destruction 2016 – Cathy O’Neil Data Scientist Privacy Unbound Issue 76

• 2016 Unravelling the mystery of blockchain – Do privacy professionals need to be concerned? Privacy Unbound Issue 72, p.10-12

• 2010 Privacy in the cloud: Points to consider Privacy Laws & Business International Newsletter June p.20

​

Cross border data flows, CBPR and trade

​

• 2024 Enabling cross border data transfers in a global economy​, iappANZ Summit, Melbourne, November 2024

• 2021 Privacy certification research commissioned by the OAIC to support the review of the Australian Privacy Act, published 28 April 2021 and written in June 2020

• 2020 Serious Privacy Podcast: My life got flipped-turned upside down (What's fresh in Australia and the Asia Pacific region)

• 2020 A primer on privacy in Asia Pacific, Privacy Advisor, IAPP

• 2020 Buying and selling personal data directly from consumers (Sanna Toropainen of Muna.io interviews Annelies Moens)

• 2019 CBPR/PRP basics - How the system works and benefits of the CBPR and PRP certifications (Panel sessions for the Centre for Information Policy Leadership and the Personal Data Protection Commission, Singapore)

• 2017 Privacy: APEC CBPR and mandatory data breach reporting (Presentation at Legalwise In-house Counsel Conference, Sydney)

• 2017 Data localisation laws: Trade barriers or legitimate responses to cybersecurity risks, or both? 25(3) International Journal of Law and Information Technology p.213-232

• 2016 APEC Privacy Framework and CBPRs: Ready for the spotlight (Presentation at IAPP’s Privacy Security Risk Conference, San Jose)

• 2016 Potential benefits for APEC economies and businesses joining the CBPR system (Presentation at APEC SOM 1 Meeting, Lima, at CIPL and APPA workshop, Singapore)

• 2016 Report for APEC: Preliminary assessment: potential benefits of APEC economies and businesses joining the CBPR System

• 2015 Best practice cross-border data flows (Presentation at APEC harmonisation of standards project workshop, Sydney)

• 2015 Cross Border Privacy Rules (Presentation at ALB Data Protection Conference, Kuala Lumpur)

• 2014 Report for APEC: Australia – Phase 1 – CBPR – Impediment Analysis

​

Cybersecurity and online privacy

​

• 2025 Lessons from the Crowdstrike Falcon outage, Cybercon, Canberra, March 2025

• 2024 Managing privacy risks: Privacy reform and what this means for cybersecurity professionals and business, Australian Women in Security Network, Gold Coast, October 2024

• 2022 Cyber-insurance: The existential battle for its future - update, Presentation at CyberCon Melbourne 2022

• 2022 Cyber Insurance: The existential battle for its future, Australian Cyber Conference, Canberra

• 2021 Trust and privacy, Peru Trade and Tech Online Conference, Online presentation

• 2021 Online browser privacy, Superstars of STEM, Online presentation

• 2021 Cyber insurance: The existential battle for its future, Australian Cyber Conference, Canberra (Video introduction)

• 2020 Three ways to kickstart your cybersecurity and privacy health check,  Institute of Managers and Leaders | Australia New Zealand

• 2020 COVID-19 and the downsides of a cashless society, The Lighthouse

• 2020 COVIDSafe App and Bluetooth vulnerabilities (video) Channel Seven Weekend Sunrise

• 2019 Australian government missed the point with new encryption Bill Australian Institute of International Affairs

• 2019 Online browser privacy Optus Macquarie University Cybersecurity Hub

• 2018 Cybersecurity (Presentation to the constituents of the federal electorate of Mackellar) (video)

• 2017 Not just an IT issue – Why cybersecurity should be on the Board agenda, OpenForum

• 2016 How can Company Boards build trust in the face of cybersecurity risks?, Optus Macquarie University Cybersecurity Hub

• 2013 Current issues in cybersecurity, United Nations Internet Governance Forum, Denpasar, Indonesia

​

Data breaches

 

• ​2024 Personal data should be an asset on the balance sheet Privacy Laws & Business International Report, August p.24

• 2023 Data an asset and a liability? Getting financial buy-in for privacy controls iappANZ Summit, Sydney November 2023

• 2021 Supply chain privacy risk management

• 2019 Mandatory data breach reporting: outcomes since reporting began, Governance Risk Compliance Professional, Conference edition, p.55

• 2019 Your core business is data, Governance Risk Compliance Professional, Winter edition, pp.36-40

• 2019 How schools can mitigate cyber and privacy risks, Legalwise School News

• 2019 Why your student data is hot property to cyber crims. Legalwise School News

• 2019 About 1000 data breaches reported in first year of mandatory reporting, Legalwise News

• 2019 Your organisation's core business is data, Legalwise News

• 2019 Privacy and mandatory data breach notification regime - Data your clients' core business, (Presentation at the 6th Annual 10 Points in One Day Legalwise seminar, Parramatta)

• 2019 Data - Your organisation's core business and your obligations (Presentation at the Inaugural employment taxes and financial obligations conference, Sydney)

• 2018 Lower your risk of data breaches, Legalwise News

• 2017 Privacy: APEC CBPR and mandatory data breach reporting (Presentation at Legalwise In-house Counsel Conference, Sydney)

• 2015 Privacy disputes and data breaches: Lessons for dispute resolvers (Presentation at ACICA Conference, Perth)

• 2013 Privacy, the cloud and data breaches (Presentation at Legalwise seminar, Sydney)

​

Governance of data

​

• 2024 What makes a great Privacy Impact Assessment?​, IAPP Knowledgenet, Perth April 2024

• 2023 Privacy engineering consent workshop, European Data Protection Congress, Brussels November 2023

• 2023 Australian privacy legislation is undergoing major legislative reform and directors need to know how to govern privacy risks within their  organisations, Australian Institute of Company Directors Magazine, May pp.44-46

• 2023 Data as nuclear fuel: Both an asset and potential liability for organisations, presented at CyberCon Canberra March 2023

• 2022 Opinion piece - Privacy Act review, Australian Institute of Company Directors Magazine, May pp.26-27

• 2021 Navigating the minefield of children's personal information​

• 2021 What makes a great Privacy Impact Assessment?​, NSW Privacy and Right to Know Information Practitioners Network and Sydney Water, Privacy Awareness Week, 6 May

• 2021 Privacy risk assessments critical for handling sensitive data​, The Mandarin, 8 April

• 2021 The "Essential Eight" for a great Privacy Impact Assessment, Australian Cyber Conference, Canberra, 

• 2021 What makes a great Privacy Impact Assessment?, Australian Cyber Conference, Canberra, (Video introduction)

• 2020 It's personal, Australian Institute of Company Directors Magazine, March p.15

• 2020 Trading data - the risks of the 'trust society', Global Governance Initiative 

• 2019 Directors' defence of reliance on recommendations made by artificial intelligence systems: Comparing the approaches in Delaware, New Zealand and Australia, 34 Australian Journal of Corporate Law, pp.141-159

• 2019 The Digital Platform Inquiry is catalysing major enforcement changes to the Privacy Act, Australian Institute of Company Directors Magazine, June p.14 

• 2018 What do you know about your data?, Global Governance Initiative

• 2018 Data is your organisation’s core business: Are you prepared to govern it?, Journal of Data Protection & Privacy Vol 2.1 p.16-21 and extract in Legalwise News

• 2018 Innovation and the law – Exploring the grey area (Presentation at the AICD’s Australian Governance Summit, Melbourne (video available to AICD members)

• 2018 Data is an organisation’s core business, Australian Governance Summit 2018 Reader p.89-92

• 2017 Not just an IT issue: Why governance of data should be on the agenda of every Board Director, Governance Institute of Australia p.104-106

​

Influencing government policy

​

• 2023 Submission: Safe and responsible AI, submitted to the Department of Industry, Science and Resources, Australian Government July 2023

• 2023 Submission: Privacy Act review report 2022 submitted to the Attorney-General's Department, Australian Government March 2023

• 2023 Australian privacy reform moves forward with new government report, IAPP's Jedidiah Bracy quotes Privcore, February 2023

• 2022 Review of the Australian Privacy Act: Key areas of business interest

• 2022 What's at stake? Review of the Australian Privacy Act

• 2022 Submission: Privacy Act review - Discussion paper submitted to the Attorney-General's Department, Australian Government

• 2021 The efficacy, equity and externalities of Australia's COVIDSafe app as a policy intervention during the COVID-19 pandemic: Was it sunscreen or tanning lotion? UNSW Law Journal, Volume 44 (4) pp.1584 - 1618, published 26 November 2021

• 2021 Privacy certification research commissioned by the OAIC to support the review of the Australian Privacy Act, published 28 April 2021 and written in June 2020

• 2020 Submission: Consultation on the Privacy Act review submitted to the Attorney-General's Department, Australian Government

• 2020 Independent review of ABS PIA - Using linked data to investigate the role of sociodemographic factors in people with cancer in NSW published by ABS

• 2020 COVIDSafe app - Are you sitting on the fence?

• 2019 Submission: Consultation on the ACCC's Digital Platforms Inquiry final report submitted to The Treasury, Australian Government

• 2019 Submission: Consultation on Artificial Intelligence, Australia's ethics framework - A Discussion Paper submitted to the Australian Department of Industry, Innovation and Science

• 2017 Response to the Attorney-General’s Department and Department of Communication and the Arts Inquiry into civil litigant access to retained metadata

• 2014 Response to Joint Parliamentary Inquiry on Intelligence and Security Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill

​

Law and regulation

​

• 2025 Ready set go - Managing privacy risks amidst an evolving privacy regulatory regime, Cybercon, Canberra, March 2025

• 2025 Managing privacy risks in an evolving regulatory regime, AISA NSW Chapter Meeting, Sydney, February 2025

• 2023 The data trap, ANZ IIF Journal, Vol 46, Issue 2, pp.46-49

• 2022 The shape of things to come - Review of the Australian Privacy Act, status at 22 November 2022, presented at iappANZ Summit Sydney 2022 (slides available​)

• 2022 Managing privacy risk - Current challenges and what the future may hold​, Presentation for AISA, RMIA and the Fair Institute Sydney chapters, hosted by IBM

• 2022 A precursor to the Australian Privacy Act's anticipated increased penalty regime

• 2022 Privacy and cyber security at the forefront of corporate responsibility (pdf), Antcliffe:Scott (html)

• 2022 The privacy landscape in Australia (Presentation for TrustArc)

• 2020 The new convergence between privacy, competition and consumer regulation (virtual iappANZ Summit with the OAIC, ACCC and the Law Council of Australia)

• 2019 The merger of competition and privacy regulation: Implications of the ACCC's Digital Platforms Inquiry on privacy reform (presentation at AISA, Hobart)

• 2015 White collar crime and metadata: Beware of building a new honeypot, The Conversation

• 2013 Does the Internet need a delete button? (Presentation and video at the Australian Internet Governance Forum, Melbourne)

• 2013 Recent proposals to reform data protection laws in the EU and Australia – A comparative analysis, Computer Law Review International Issue 3 p.65-70

• 2013 The latest David and Goliath story: Does the ‘Right to be Forgotten’ defy the tsunami of online information collection and distribution?, iappANZ Member Bulletin Issue 44

• 2011 Spam, Privacy and WHOIS, iappANZ Member Bulletin Issue 20

• 2004 Australian Privacy Commissioner launches online interactive system: ComplaintChecker, Internet Law Bulletin p.75

​

Lessons learned

​

• 2012 Privacy case study: Accident Compensation Corporation, New Zealand, iappANZ Member Bulletin Issue 37

• 2007 Enhancing trust in online auctions: eBay’s Australian experience with code and law, 8(6) Computer Law Review International p.172-176

• 2006 How Boeing turned theft of personal information into a privacy awareness campaign, Privacy Laws & Business International Newsletter p.12-13

• 2006 The 10 commandments of data privacy in outsourcing contracts, Privacy Laws & Business International Newsletter p.17-18