Follow us

Follow us

 

Heather Kelly

Senior Associate
Senior Associate
Melbourne, Australia

Heather specialises in cyber, privacy and data protection.

Heather supports clients in relation to cyber resilience and cyber incident response, privacy, data protection and data governance.

Heather started her career working in M&A and corporate governance at Herbert Smith Freehills, and has spent several years in corporate counsel roles in-house. During this time Heather accumulated experience in consumer law, intellectual property, procurement, retail banking, and general commercial contracting. 

While at Toll Group, Heather took a lead role coordinating the legal response to the 2020 cyber incidents.  She also managed the privacy and data portfolio at international cancer care provider, GenesisCare.

With first-hand experience of being the client, Heather brings a client-centric approach to every matter. She is a skilled communicator and collaborator. She also has on-the-ground experience implementing and uplifting privacy and data governance programs in a corporate setting.

Heather is passionate about people, and has a particular interest in privacy and cyber risk management in the healthcare sector.

Heather returned to HSF in 2023.

Background

Heather graduated from the University of Melbourne with a Bachelor of Commerce and a Juris Doctor.

Heather is admitted to practice in Victoria.

Heather Kelly photo

Experience & expertise

Selected matters

  • leading post-incident reviews into cyber incidents and other IT operational crises (including the CrowdStrike outage in July 2024)
  • acting as the lead incident response manager in relation to multiple cyber incidents, including communicating with regulators, customers and affected individuals
  • providing advice regarding legal and regulatory obligations relevant to cyber resilience and incident response arising under the Security of Critical Infrastructure Act 2018, the Privacy Act 1988 and the Cyber Security Act 2024
  • developing and facilitating cyber simulation exercises developed for boards and senior executives
  • advising clients in a range of industries regarding privacy compliance, including in relation to eligible data breaches, management of sensitive information and cross-border data transfers
  • building and implementing a new privacy framework for a large Australian corporate, including introducing privacy impact assessments

Sectors

Technology, Media and Telecommunications

Financial Institutions

Healthcare

Infrastructure

Services

Cyber Risk Advisory

Data Protection and Privacy

Corporate

Technology, Media and Entertainment, and Telecommunications

Related insights

Cyber security network. Padlock icon and internet technology networking. Businessman protecting data personal information on tablet and virtual interface. Data protection privacy concept. GDPR. EU.
Article

Australia’s 2024 Cyber Security Reforms

A high-level guide to the November 2024 cyber law reforms

Cyber in Australia

Cyber risk escalates: Are Australian businesses keeping up?
View all insights
Heather Kelly photo