REGULATORY DEADLINE COUNTDOWN
Data Privacy & Consumer Protection Summit 2026
Thursday, 28 May 2026 | 8:30 am – 5:30 pm AEDT | Sydney CBD
CPD - up to 6 points
The perfect compliance storm has arrived
Australia's privacy landscape has fundamentally changed. The Privacy Act reforms you've been hearing about? They're law. The OAIC compliance sweep? It's happening now. The December 2026 automated decision-making deadline? It's just months away.
And while you're navigating generational privacy reforms, the Australian Consumer Law is simultaneously being overhauled with new unfair trading practices prohibitions targeting the exact same business operations.
Same regulators. Same deadlines. Same compliance teams. One impossible workload.
In-person
SUPER EARLY BIRD
Individuals: $459 + GST, ends 22 March
EARLY BIRD
Individuals: $559 + GST, ends 26 April
FULL PRICE
Individuals: $699 + GST
VENDORS
Individuals: $1,299 + GST
*Buy 4 get 1 free offer available.
Don't wait until December. The compliance clock is ticking.
Early bird pricing ends 26 April — secure your spot and save $140.
The stakes have never been higher
Civil penalties up to $50 million for privacy breaches
New statutory tort creating direct litigation exposure (commenced June 2025)
Record data breaches reported in 2024–25, with human error the leading cause
OAIC enforcement ramping up with new powers and compliance sweeps targeting all sectors
December 2026 deadlines for automated decision-making transparency and Children's Privacy Code
Simultaneous ACL reforms banning unfair trading practices, subscription traps and dark patterns
Program highlights
8:30 - 09:00
Registration and networking
09:00 - 09:45
Keynote: Inside the OAIC’s 2026 Enforcement Baseline
Get an inside look at the OAIC’s first privacy compliance sweep and the 2026 Community Attitudes to Privacy Survey. Discover what’s driving enforcement activity, how regulators now interpret “reasonable steps, ” and the priority areas organisations must prepare for in 2025– 26.
09:45 - 10:45
Your December 2026 compliance roadmap: ADM transparency & children's privacy code
What you must complete before 11 December 2026: automated decision-making (ADM) transparency and Children's Online Privacy Code readiness. This session provides a practical framework to identify which systems qualify as ADM under APP 1.4, what policy updates are mandatory, and how to prepare for children's privacy obligations. Walk away with a 90-day implementation roadmap and compliance checklist.
10:45 - 11:15
Morning tea & networking
11:15 - 12:15
The statutory tort reality check: Managing your new litigation risk
Since June 2025, individuals can pursue serious privacy invasion damages claims directly in court - no regulator required. With the first published judgment already handed down and a high-profile media settlement grabbing national attention, the tort is moving fast from theory to practice. Learn what distinguishes a routine incident from a "serious invasion," which organisational practices are creating real exposure, and how to demonstrate the reasonable steps that may mitigate liability. Includes practical guidance on insurance gaps, indemnity provisions, and responding to a tort claim before it escalates.
12:15 - 13:15
Lunch and networking
13:15 - 14:15
Data breach crisis management: From detection to OAIC notification
Australia recorded record breaches in 2024–25, with human error the leading cause. Navigate the full 30-day assessment window from detection to OAIC notification using real case studies from health, finance and government. Walk away with a practical breach response playbook, notification guidance, and strategies for managing third-party breach liability.
14:15 - 15:00
Privacy compliance & vendor risk management: What actually works in 2026
Move beyond policy to genuine privacy governance. This session covers practical policy audits, data mapping without enterprise tools, practical and actionable insights on conducting privacy impact assessments (PIAs), staff training to reduce human error, and effective vendor risk management from due diligence to breach response. Walk away with templates, frameworks, and guidance on which compliance technologies and practices deliver real ROI.
15:00 - 15:45
Afternoon tea & networking
15:40 - 16:30
Consumer protection reforms: Unfair practices, subscription traps & dark patterns
The 2026 ACL amendments target subscription traps, drip pricing, and dark patterns—often the same business practices under privacy scrutiny. Learn what the new unfair trading provisions prohibit, how consumer protection intersects with privacy obligations, and practical steps to meet both standards. Includes a compliance audit checklist for digital interfaces.
16:30 - 17:15
The privacy reform roadmap: Planning beyond December 2026
Balance December 2026 compliance with upcoming Tranche 2 changes. Learn how to prioritize competing demands, build scalable privacy frameworks, and avoid rework. This strategic session covers expected reforms, governance investments that deliver long-term value, and a roadmap for the next 12–24 months.
17:15
Event close
*Please note agenda is subject to change, speakers to be announced soon
View 2026 programme and speakers
Speakers
Carly Kind
Australian Privacy Commissioner, Office of the Australian Information Commissioner (OAIC)
Carly Kind commenced as Australia’s Privacy Commissioner in February 2024 for a 5-year term. As Privacy Commissioner, she regulates the handling of personal information by entities covered by the Australian Privacy Act 1988 and seeks to influence the development of legislation and advance privacy protections for Australians. Ms Kind was previously the inaugural director of the UK-based Ada Lovelace Institute, a research institute focussed on the ethical and societal impacts of data and AI. She has worked with the European Commission, the Council of Europe, numerous UN bodies and a range of civil society organisations. Ms Kind has a Masters of Science, International Relations (Hons) from the London School of Economics, a Graduate Diploma in Legal Practice, and a Bachelor of Arts (International Relations) (Hons) and Bachelor of Laws from the University of Queensland.
Amyn Nathwani
Head of Data Governance and Privacy, Healthdirect Australia
Amyn Nathwani is the Head of Privacy at Healthdirect Australia, bringing extensive experience across privacy, risk, and governance roles within government and the health sector. His background spans senior positions in NSW Government, the Commonwealth Bank of Australia, and national health services, where he has led privacy strategy, regulatory compliance, and enterprise risk programs. At Healthdirect, he oversees privacy governance across critical digital health services, contributing deep expertise in consumer data protection, emerging privacy risks, and responsible data use in public healthcare.
Theo Kapodistriast
General Counsel, Stacked Farm and Director, ACC Australia
Theo Kapodistrias is a multi award winning lawyer, speaker, MC and presentation coach based in Hobart, and the author of A Way With Words, an Amazon Best Seller. He has held senior legal roles including General Counsel at Stacked Farm and Evergen, and Senior Legal Counsel at Gentrack. Recognised as one of Australia’s Most Influential Lawyers (2022–2023) and Speaker of the Year at the 2022 International Coaches Awards, he also serves as a Non Executive Director of ACC Australia and Tasmanian Divisional President. Theo is the Chair of the Story Island Project, Executive Director and Licensee of TEDxHobart, hosts the podcast Craft Messages That Matter, and delivered his TEDx Talk “Lessons from my Ethnic Lunchbox” in 2023.
Amie Grierson
Director, Privacy, Data Governance and Fraud Advisory, Service NSW
Amie is a lawyer and experienced governance professional with over 20 years of experience specialising in privacy, risk, information law and governance. Amie was Assistant Commissioner for privacy dispute resolution at the Office of the Australian Information Commissioner during the first year of operation of the notifiable data breaches scheme, as well as overseeing Commissioner Initiated Investigations into serious interferences with privacy. As a Senior Lawyer at the Australian Government Solicitor, Amie advised Commonwealth agencies on the application of the Commonwealth scheme. These days she heads up privacy, data governance and fraud advisory at Service NSW and is responsible for Trust advice for the Digital Identity and Verifiable Credentials program. In her role she manages suspected breaches for the agency, and leads the implementation of robust proactive privacy programs to minimise the likelihood of breaches occurring.
Dr James Baumeister
Lecturer - Information Technology, Adelaide University; Lead Researcher on Dark Patterns & Digital Manipulation
Dr James Baumeister is a Lecturer in Information Technology at Adelaide University, specialising in human centred computing, user experience design and digital behaviour. He is the lead author of the Federal Treasury–commissioned national report on deceptive online design practices (“dark patterns”), highlighting how manipulative interfaces impact consumer autonomy and privacy. His multidisciplinary research with UniSA’s Australian Research Centre for Interactive and Virtual Environments spans computing, psychology and interactive systems. James’ work is widely published across augmented and mixed reality, cognitive psychology and human factors computing.
Johanna Weaver
Co-Founder and Executive Director of the Tech Policy Design Institute
A reformed commercial litigator, a recovering diplomat, and an escaped professor, Ms Weaver champions tech policy as a tool to shape technology for the long-term benefit of humanity. Prior to founding TPDi’s predecessor – the Tech Policy Design Centre – at ANU, Johanna completed her term as Australia’s independent expert and lead negotiator on cyber issues at the United Nations. In 2022, she was appointed Professor in the Practice of Tech Policy at ANU. Earlier Johanna led the Cyber Affairs Branch at the Australian Department of Foreign Affairs and Trade, working closely with Australia’s inaugural Ambassador for Cyber Affairs. Johanna is a member of several board, including International Committee of the Red Cross (ICRC) Global Advisory Board on digital threats during conflict, and the Independent Advisory board to the Australian Minister for Government Services.
Sylvia Hands
Corporate Lawyer, Australia Post.
Sylvia is a highly experienced generalist in lawyer, with over 15 years’ experience working in-house. Sylvia has a proactive, collaborative and energetic style and has worked in ASX-listed organisations and held executive leadership roles. Sylvia’s experience spans a wide variety of industries, including technology, FMCG, retail, logistics, health insurance and facilities management.
Sonia Minutillo
Privacy Commissioner, Information and Privacy Commission, New South Wales
Sonia Minutillo is the NSW Privacy Commissioner, appointed in March 2025 after serving as Acting Privacy Commissioner since August 2023. She leads the promotion and protection of privacy rights in NSW and administers the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002. Prior to her appointment, Sonia was Director of Investigation and Reporting at the Information and Privacy Commission NSW, where she led regulatory reviews, complaints, investigations, proactive audits and performance reporting across privacy and information access regimes, and served as Chief Audit Executive. She has held senior roles across NSW Government and the non‑profit sector, with experience in regulatory compliance, industrial relations and employment law. Sonia holds degrees in commerce and public administ.
Stephanie Tonkin
Chief Executive Officer, Consumer Action Law Centre
Stephanie Tonkin is the CEO of the Consumer Action Law Centre. She started her career in public law at a large firm, and for nearly 15 years since, has worked in the community legal and consumer sectors, focusing on systemic and integrated service responses to family violence, mortgage stress and vulnerability. Steph sits on a broad range of industry and government advisory committees including the Victorian Energy and Water Ombudsman Board, the National Anti-Scam Centre Advisory Board and ASIC Consumer Advisory Panel and Standards Australia SDAC Committee. Stephanie holds a BA/LLB (Hons) from Monash Uni.
Amyn Nathwani
Head of Data Governance & Privacy, Healthdirect Australia
Amyn Nathwani is the Head of Privacy at Healthdirect Australia, bringing extensive experience across privacy, risk, and governance roles within government and the health sector. His background spans senior positions in NSW Government, the Commonwealth Bank of Australia, and national health services, where he has led privacy strategy, regulatory compliance, and enterprise risk programs. At Healthdirect, he oversees privacy governance across critical digital health services, contributing deep expertise in consumer data protection, emerging privacy risks, and responsible data use in public healthcare.
Michael Coutts
Head of Consumer, Operations and Marketing Legal, Uber
Michael is the Head of the Consumer, Operations and Marketing legal team at Uber for Australia and New Zealand. He has over 10 years of experience advising on consumer protection across private practice and in-house environments. Prior to Uber, Michael was a solicitor in the competition and consumer law practice groups at Herbert Smith Freehills Kramer (then Herbert Smith Freehills) and A&O Shearman (then Allen Overy). Michael holds an LLM (Global Competition & Consumer Law) from the University of Melbourne, where he was awarded the Raynes Dickson Memorial Exhibition for academic excellence. He also holds a Masters of Philosophy from the University of East Anglia, where his thesis examined the implications of pricing algorithms for merger control regimes. A paper based on his thesis was published in the Journal of Competition Law and Economics.
Simone Herbert-Lowe
Cyber Resilience Specialist, Principal, Law & Cyber
Simone Herbert‑Lowe is a cyber resilience specialist and Principal of Law & Cyber, the firm she founded in 2018 to help Australian organisations protect themselves from cybercrime. With more than 30 years’ legal experience, she advises on cyber incidents, data breaches, professional liability and cyber insurance, and has acted for individuals, businesses and professionals impacted by email fraud and cyber events. Simone is widely recognised for her practical approach to uplifting cyber resilience through legal advisory, contractual protections, incident response planning and education.
Peter Leonard
Principal, Data Synergies and Adjunct Professor, UNSW Law & Justice
Peter Leonard is a data and technology business consultant and lawyer. His business consultancy Data Synergies assists businesses and other organisations with AI and data governance, assurance and legal compliance. He serves on the OECD Expert Group on AI, Data, and Privacy; Australia’s National Data Advisory Council; the Australian Treasury’s CDR and Digital ID Standards Advisory Committee; and the TGA’s Technical Reference Group for SaMD [Software as a Medical Device] and AI. He is an Adjunct Professor of UNSW Law and Justice. He was a founding partner of Gilbert + Tobin Lawyers and led G+T’s technology and digital practice for many years.
Sunita Bose
Managing Director, Digital Industry Group Inc (DIGI)
Sunita is the Managing Director of DIGI, Australia’s non‑profit technology industry peak body, representing members including Apple, Google, Meta, eBay, X, Redbubble, Linktree, Change.org and GoFundMe. DIGI advocates for a thriving digital economy that supports innovation while protecting online safety and privacy. A leading voice on technology policy, Sunita sits on the Australian Government’s Digital Experts Advisory Committee, and her commentary has featured in The Australian, The Sydney Morning Herald and The Guardian. Previously, Sunita was Head of Global Policy at Change.org in San Francisco, where she developed the platform’s global policy framework covering privacy, misinformation, hate speech, defamation and child safety. She has also held advocacy and communications roles at Oxfam and UNICEF, and holds a Master of Policy from UNSW.
Frequently asked questions
Most conferences give you theory. We're giving you the implementation playbook.
In 2026, Australian organizations face simultaneous privacy reforms and consumer protection changes, enforced by coordinating regulators, targeting the same business practices, managed by the same compliance teams, with overlapping December deadlines.
Attending separate events is inefficient and leaves dangerous gaps.
While others focus on privacy OR consumer protection, we address the reality: your business practices don't exist in regulatory silos, and neither should your compliance strategy.
This is the only Australian event that integrates privacy and consumer protection compliance with a laser focus on what you need to do before December 2026.
- Step-by-step compliance checklist for the 11 December 2026 ADM transparency deadline
- Privacy policy audit framework to survive the OAIC compliance sweep
- Statutory tort risk assessment to protect against the new direct right of action
- 30-day breach response playbook with hour-by-hour action plan
- Unfair practices compliance guide for subscription models and pricing
- Children's Privacy Code preparation roadmap
- Data mapping and vendor risk templates that actually work
No fluff. No theory. Just practical tools you can implement Monday morning.
Who this summit is designed for
This summit is essential for anyone responsible for privacy, compliance, consumer protection, or risk management:
- Privacy Officers & Data Protection Officers
- Legal Counsel & General Counsel
- Compliance & Risk Managers
- Chief Information Security Officers
- Consumer Affairs Teams
- Marketing & Product Managers
- E-commerce & Subscription Business Leaders
- IT & Security Teams
- Government Agency Compliance Officers
If your organization collects customer data, makes automated decisions, operates subscription services, or markets to consumers, you need to be here.
If you're a legal professional, you're facing:
- Immediate compliance accountability – December 2026 deadlines you're responsible for delivering
- New litigation exposure – The statutory tort for serious privacy invasions creates direct claims and emerging class actions
- Active enforcement – OAIC compliance sweeps are happening now, with penalties up to $50M
- Career-critical skills gap – Generational reforms require urgent upskilling
- Clear ROI – Practical tools to help your organization avoid catastrophic penalties
This event directly serves your urgent needs with practical, deadline-focused content you can't get anywhere else.
Beyond legal teams, this summit is essential for:
- CISOs – Data breach management, security obligations, vendor risk frameworks
- GRC Professionals – Integrated privacy/consumer compliance, cross-functional risk management
- Corporate Compliance – Policy development, staff training, privacy maturity assessment
- Privacy Officers – OAIC expectations, data mapping, Children's Privacy Code preparation
- Risk Managers – Statutory tort exposure, third-party liability, insurance considerations
This cross-functional content ensures your entire compliance ecosystem is aligned.
Be prepared before regulators come knocking
Join the only Australian event combining privacy and consumer protection compliance into one practical, implementation-focused day. Walk away with checklists, templates and action plans you can apply immediately.
Contact us
Attendee inquiries: eventsanz@thomsonreuters.com
Sponsorship enquiries:
david.lewis3@thomsonreuters.com