Susan Bennett is a leading Information Governance expert and an international privacy lawyer, based in Sydney, Australia. She established her own business seven years ago, Sibenco Legal & Advisory, and subsequently Information Governance ANZ. Prior to this, Susan spent over 20 years specializing in large-scale commercial litigation, inquiries, and royal commissions. Susan holds a Master of Law and a Master of Business Administration, and is a Certified Information Privacy Professional (CIPP/E). She is also Chair of the Sedona WG6 APAC Committee and a Fellow of the Governance Institute of Australia.
IGW: Where did you grow up in Australia and begin your career?
I grew up on a farm in Tasmania, which is an island state to the south of mainland Australia. The farm is in the northern part of the state, called Ashgrove Farms, and is predominantly a dairying farm with a milk and cheese factory. It is also on the “Cradle to Coast” tourist trail. While the cows can on many days be seen in paddocks surrounding the factory and going to and from the dairy for milking in a very long line, there are also painted art cows outside the Ashgrove Farm Store (see photo). In my photo of the calves on the farm, you can see Mt. Roland in the background, which is part of a range defining the start of the central highlands of Tasmania. Within this region is the famous Cradle Mountain and Dove Lake-protected World Heritage Area.
“THE CONCEPT OF IG AS A DISCIPLINE AND PRACTICE IMMEDIATELY RESONATED WITH ME.”
I was the first person in my family to attend university and graduated in law from the University of Tasmania. The Law School is in Hobart, which is the capital of Tasmania. Hobart was the second colony to be established by the British after Sydney. It was a penal colony; about 70,000 convicts (including some of my Irish and English forbearers) were sent to Tasmania. As a consequence, Tasmania has a lot of interesting colonial history and Georgian architecture (thanks to convict labor).
What experiences did you have early on as a lawyer? And what changes in technology and law have you seen?
After finishing Law School in Tasmania, I moved to Sydney and did my practical training course at the College of Law, and was admitted the Supreme Court of New South Wales, the Federal Court of Australia, and the High Court of Australia—all a long time ago now!
When I commenced as a lawyer, my secretary took dictation; and while there were word processors, Australia had only been connected to the Internet for 18 months. Email was still several years away for law firms. The technology to enable eDiscovery had not yet been developed. I was a user of the initial versions of several eDiscovery technology tools (particularly Ringtail, which is an Australian product) and established a legal technology support team to support litigation matters and due diligence in M&As. Australia was an early leader in records management, and has been a leader in eDiscovery technology tools as well, including Nuix, Ringtail, and EDT. I was involved in one of the earliest commercial litigation trials in London that used live transcription—that was back in 1995. I was also involved in the first fully electronic trial in a major commercial litigation case in the New South Wales Supreme Court, which was in 2000-2001. As is often the case with technology, it takes time and improvements, both to the technology and with the skills of users, before the full extent of the benefits are realized.
The first electronic trial was also accompanied by multiple sets of an initial 165-folder trial bundle set, and there were multiple hard-copy printouts of the transcript made each day over the course of a 12-month hearing. The first few electronic hearings experienced more than a few teething problems!
The continuing improvement of litigation legal technology tools and, in particular, the development of AI capabilities in eDiscovery software is impressive. The use of Technology Assisted Review (TAR), which is AI in eDiscovery, has been an enormous step forward in dealing with the vast data stored by organizations and being able to comply with discovery or production orders in a technologically efficient and cost-effective way.
What led you into the world of Information Governance?
The short answer is when I first heard about IG in 2014. At a conference I attended a conference in Europe and there were a couple of sessions on IG; one of the keynotes was given by U.S.-based attorney Jason R. Baron, an eDiscovery and IG pioneer. The concept of IG as a discipline and practice immediately resonated with me and accorded with some work that I was undertaking. Jason encouraged me to write my first article on IG (published in May 2015) on the importance of top-down leadership, which I believe is key to setting an enterprise-wide strategy and ensuring effective IG implementation.
The services I provided in Corporate Governance then extended to Information Governance. This now includes frameworks, policies, and processes to manage the exponential growth in data within organizations, focusing on the needs of the organization from a strategic perspective. At a more granular level, it also includes privacy frameworks, privacy impact assessments, and data impact assessments for data analytics projects, including an ethical-based assessment as part of the overall assessment framework. The growth in legal work in data protection and privacy is due to technology developments and increasing global privacy regulation.
What led you to establish Information Governance ANZ?
As there was very limited discussion in corporate Australia at the time about IG, we thought it was important to promote discussion and best practices around IG, which led to InfoGovANZ being established just over three years ago.
The idea is that by building a network of multi-disciplinary professionals, information silos will be broken down, enabling more connected thinking and innovation leading to IG best practices. This, in turn, will promote the delivery of better outcomes for organizations by both minimizing risk and maximizing the value of the information held within organizations. The InfoGovANZ community provides a forum to learn from leading practitioners, keep informed of the latest developments, and shape the future development of IG. Our goals are to:
- Build the knowledge of IG, best practices, and innovation
- Ensure professional discipline of IG is recognized as a key component to managing the exponential rise in data in the information age
- Create a community of IG professionals in Australia and New Zealand
While our membership is predominantly based in Australia and New Zealand, we do encourage members from anywhere to join. Our membership is free and our events and activities are supported and made possible by our sponsors, which currently include Active Navigation, Nuix, FTI Consulting, and Western Sydney University, which offers a Masters of Information Governance.
As previously mentioned, a driving force behind establishing InfoGovANZ was to bring together professionals across different disciplines to break down ‘information silos’ within organizations. A key challenge for organizations in maximizing the benefits of new technology opportunities is to have the right people and skill sets involved in initiatives from the outset. For example, in data analytics initiatives and opportunities to deliver the best outcomes while utilizing the latest technology requires effective collaboration among a broad range of skills sets including: cybersecurity, data set subject matter experts, data scientists, privacy, project management, risk management, and stakeholders.
“THE RISK OF AI ALGORITHMIC BIAS AND POTENTIAL ADVERSE CONSEQUENCES IS VERY REAL, PARTICULARLY AS DATA SETS ARE SHARED AND AGGREGATED ”
Who are some InfoGov ANZ affiliates?
We are affiliated with a number of associations including the IGI (Information Governance Initiative), ILTA, RIMPA (the “ARMA of Australia”), and DAMA––and we promote each other’s events. We recently participated as part of Information Awareness Month with National Archives and other professional organizations including RIMPA, IM, DAMA, Australian Society of Archivists, and the Australian Library and Information Association in a roundtable workshop. The event provided an opportunity for industry leaders to share perspectives on contemporary information and data management trends and challenges. The Many Voices, One Message booklet summarizing the key themes and topics discussed at the workshop has been published and it is anticipated to lead to ongoing discussion and collaboration.
What are some major challenges of governing emerging technologies?
I believe a key challenge is properly understanding both the scope and limits of new technology. The issue of having the right capabilities and skills to use the technology is infrequently properly considered. Sometimes, it is less about what software or new technology you are using and more about having the right skill set using it.
Another important consideration at the outset, before acquiring or deploying new technology or new data projects, is considering and mitigating risks, including thinking about unintended consequences and mitigating those risks. For instance, the risk of AI algorithmic bias and potential adverse consequences is very real, particularly as data sets are shared and aggregated.
The focus and resourcing should be at the planning stage with emphasis on security-by-design and privacy-by-design, as well as project goals from the business perspective. This is a far more efficient approach rather than trying to cover privacy compliance as an afterthought or when things go wrong.
Digital transformations require organizations to be proactive in security and privacy with robust leadership. Waiting until there is a data breach or a big regulatory fine and then having to invest far more resources and costs into remediation, responding to regulatory investigations, and litigation costs is an expensive way to do business and not good for the organization itself (or its shareholders and stakeholders).
“THE FOCUS AND RESOURCING SHOULD BE AT THE PLANNING STAGE WITH EMPHASIS ON SECURITY-BY-DESIGN AND PRIVACY-BY-DESIGN.”
Would you tell us about your latest trip to the U.S.?
So far, I’ve had two trips to the U.S. this year. My latest trip started with the Infonomics Summit in Chicago, sponsored by IG World. This was a very interesting day. As a lawyer and governance practitioner, I spend most of my time focused on mitigating risk. The focus of this summit was on maximizing the value of data. It was great to meet Doug Laney, the keynote speaker, who very kindly the following day invited Neil Calvert from New Zealand-based LINQ Solutions (infonomics software) and myself as the Antipodean attendees to his neighborhood for lunch.
I then attended my first MER Conference, where I spoke on the topic of “Privacy, Ethics, and Trust: The Role of Information Governance.” I was looked after by InfoGovANZ’s sponsor Active Navigation. Peter Baumnann, the CEO, is very thoughtful to include me in dinners and ensures I’ve met new members of the ever-growing ActiveNav team. I’ve also made other friends along the way in the U.S. and run into people unexpectedly at events, particularly Sedona friends, and it is great to catch up.
MER was then followed by the CIGO Summit, where Jason Baron interviewed me on “Asia-Pacific Privacy Law,” which was part of the section of the summit dealing with all things GDPR and CCPA. It was great to be able to catch up with Barclay Blair and the IGI guys. I then spent a couple of days in NYC catching up with friends and attending several Broadway productions. I finally made it to the Cybersecurity and Privacy Protection Conference 2019 and was a panel member on “GDPR and International Compliance,” which was held at Cleveland-Marshall College of Law, Cleveland State University.
I spoke at this conference last year and it is interesting to reflect on the difference in discussion between last year when the GDPR was just coming into force and a year later with impending large fines likely (that are now happening), as well as the CCPA and eight amendment bills with 11 other state privacy laws being considered. A lot has happened in 12 months from the U.S.’s perspective, and it is a similar story in Asia where there are new privacy laws and expected further privacy laws before the end of 2019. The GDPR has definitely set a new global benchmark and will create a lot of work for privacy professionals and lawyers in the coming years.
Tell us about your love for the arts, and why you are such an ardent supporter.
One of the joys of traveling is seeing and learning about new things. The highlights are more often than not unexpected surprises. In trying to find decent coffee in St Petersburg, Florida, I found myself at the Frieda Kahlo exhibition at the Salvador Dali museum and proceeded to spend most of the day viewing extraordinary artwork. I was so inspired by Salvador Dali that I have a presentation that includes his painting the “Hallucinogenic Toreador” to explain the quagmire confronting organizations. The surrealist painting is a good way to explain the different perspectives of data collection, use, and storage from those using and responsible for the data in different parts of the organization and why you need an overarching IG framework. I also have a presentation on leadership in times of rapid innovation and technological change, which has extensive references to the book and film Hidden Figures.
On a side trip from Chicago to Detroit with friends, to go somewhere different, we visited the Motown museum. I was surprised when we arrived to see a suburban house, which was the hit-making factory synonymous with the Motown name. So much extraordinary Motown music emanated from Studio A. It was also incredibly interesting seeing empty, but amazing art deco buildings and the truly extraordinary Diego Rivera frescoes depicting work and workers at the Ford factory at the Detroit Institute of Arts.
I am passionate about music, which is definitely food for the soul. I enjoy a very wide range of music and singing. I grew up playing piano, so I had a basic foundation in classical music and also learned guitar.
The photo of me in front of a monument to the classical composers—Beethoven, Haydn, and Mozart—was in Berlin. We were walking through the Tiergarten when we just came across this stunning monument to the three great composers.
I recently attended the premiere of a new opera in Sydney called Whiteley, which is about a modern Australian artist who died of a heroin overdose when he was 53. It’s interesting to see technology being used in the production: the Opera House has huge LED screens that move around the stage. In this latest opera, displays of Brett Whiteley’s art are displayed on the LED screens and take the production to a new level with the wonderful singing and orchestra. New operas are quite rare and it is fantastic to see a new Australian opera in the iconic Sydney Opera House, which is within walking distance of where I live. My Twitter and LinkedIn profiles have the background photo of the Sydney Opera House and so I have provided a photo for this article.
I hope I have enticed some of your readers to come and visit Sydney and Tasmania!