Follow us

Heather Kelly

Senior Associate
Senior Associate
Melbourne, Australia

Heather specialises in cyber, privacy and data protection.

Heather supports clients in relation to cyber resilience and cyber incident response, privacy, data protection and data governance.

Heather started her career working in M&A and corporate governance at Herbert Smith Freehills, and has spent several years in corporate counsel roles in-house. During this time Heather accumulated experience in consumer law, intellectual property, procurement, retail banking, and general commercial contracting. 

While at Toll Group, Heather took a lead role coordinating the legal response to the 2020 cyber incidents.  She also managed the privacy and data portfolio at international cancer care provider, GenesisCare.

With first-hand experience of being the client, Heather brings a client-centric approach to every matter. She is a skilled communicator and collaborator. She also has on-the-ground experience implementing and uplifting privacy and data governance programs in a corporate setting.

Heather is passionate about people, and has a particular interest in privacy and cyber risk management in the healthcare sector.

Heather returned to HSF in 2023.

Background

Heather graduated from the University of Melbourne with a Bachelor of Commerce and a Juris Doctor.

Heather is admitted to practice in Victoria.

Experience & expertise

Selected matters

  • leading post-incident reviews into cyber incidents and other IT operational crises (including the CrowdStrike outage in July 2024)
  • acting as the lead incident response manager in relation to multiple cyber incidents, including communicating with regulators, customers and affected individuals
  • providing advice regarding legal and regulatory obligations relevant to cyber resilience and incident response arising under the Security of Critical Infrastructure Act 2018, the Privacy Act 1988 and the Cyber Security Act 2024
  • developing and facilitating cyber simulation exercises developed for boards and senior executives
  • advising clients in a range of industries regarding privacy compliance, including in relation to eligible data breaches, management of sensitive information and cross-border data transfers
  • building and implementing a new privacy framework for a large Australian corporate, including introducing privacy impact assessments