Lisa Fitzgerald

Partner
Norton Rose Fulbright Australia

Lisa Fitzgerald

Lisa Fitzgerald

vCard

Biography

Lisa is a lawyer in our technology, privacy and data protection practice. She advises on transactional and regulatory matters relating to major technology procurement and outsourcing, emerging and legacy technology, supply chain management, managed services, and telecommunications. This extends to digital media, digital assets as well as specialist privacy, data protection and cyber matters. Lisa is recognised by The Best Lawyers in Australia in Privacy and Data Security, has served as Acting Chief Privacy Officer for a Big 4 bank, has advised Australia’s largest corporates including in relation to major data breaches and their design of enterprise data governance and AI governance frameworks.

Lisa advises clients on complex data-related and privacy-related transactions and projects (including facial recognition technology (FRT)), outsourcing, adaptive sourcing arrangements and agile procurement, as well as cloud services, telecommunications and connectivity matters and AI adoption. Lisa regularly leads negotiations that are highly strategic for her clients as well as complex restructuring. This often involves multi-function business process outsourcing (BPO), build, own and operate (BOT) models, integrations, separations, master services agreements, SOWs, SLAs and other performance incentive regimes, distribution agreements, agencies, maintenance and support agreements and data sharing and data transfer agreements. Lisa also supports tech sector joint ventures and tech M&A.

 Lisa and her team’s unique transactional skills and regulatory engagement help serve clients at each stage of their maturity, at each point in the information lifecycle, in various states of volatility, as well as throughout supply chains, reaching to third and fourth party security and liability management. On the front end, Lisa advises clients in assessing and reducing their data, privacy and security risks to ensure their compliance with applicable laws. This extends from Privacy Act 1988 (Cth) to APRA prudential standards (including CPS 230), security of critical infrastructure (SOCI) and cyber security legislation, the Spam Act 2003 (Cth), other data regulatory laws, and applicable AI guardrails, combined with effective mitigation strategies and processes.

Lisa served as an Associate to former High Court judge, the Hon Ken Hayne AC KC. She currently holds the office of Victorian Chair and National Deputy Chair of the Law Council of Australia’s Business Law Section, Media and Communications Committee, and is a State Councilor and Fellow of the Governance Institute of Australia. Lisa is an experienced speaker and regularly contributes to thought leadership articles and presentations. Lisa is actively involved in law reform in emerging areas such as privacy and cyber reform, AI, automation, IoT, as well as the intersection between between privacy, cyber, consumer and corporations’ law and directors’ duties.


Professional experience

+Alle öffnen -Alle schließen
  • Bachelor of Laws, (First Class Hons), University of Melbourne (1998)
  • Bachelor of Arts, University of Melbourne (1998) 
  • Oxford Blockchain Strategy Program, University of Oxford (2022)
  • Supreme Court of Victoria 2000
  • High Court of Australia 2000
  • Senior Courts of England and Wales 2006
  • Australian State and Federal governments and the Government of the United Kingdom - on various technology procurements, utilities, transport and communications infrastructure construction and assurance projects, from the divestment of the South Australian government's electricity network to the construction and assurance of communications networks including the nbn's multi-technology mix for fixed line, fixed wireless and satellite connections.

  • on the complex outsourcing of services and business processes in public and private sectors, from helpdesk functions for national carriers to support on-field technicians and network operations centres, to automation projects for NSW Treasury and Waverley Council and the procurement of various technologies for the Victoria Police

  • on major data breaches and cyber security breaches including obligations under various regulatory regimes such as the Privacy Act 1988 (Cth), Security of Critical Infrastructure Act 2018 (Cth), various prudential standards including CPS 234, the Corporations Act 2001 (Cth) and directors’ duties, as well as notifications to regulators, affected individuals and other entities, and implementation of effective and proportionate mitigation strategies 

  • a major telecommunications entity in relation to the outsourcing and automation of its help desk for use by telecommunications technicians, involving the development of systems and resourcing including an app, manuals, transcripts and regular staff training, as well as the design of service levels, performance tracking, reporting and enforcement procedures

  • a utility company on a Customer Transformation and Systems Integration Project to upgrade its billing system using third party service providers. This work involved drafting and negotiating master services agreements, service levels, service credits, statements of work, procurement strategy and multi-party governance and resolution protocols 

  • a major telecommunications provider on the procurement of Enterprise Resourcing software. This work involved reviewing and negotiating vendor software terms and conditions and developing a performance incentives regime to promote enhanced service and continuousimprovement

  • a global energy company in relation to the outsourcing of its global payroll system for use by group entities, involving integration with third party software and systems, transition-out negotiations from incumbent providers and development of robust service level regime, governance, cyber and data breach procedures overseas-based software vendors regarding various State Government technology framework agreements, including reviewing and negotiating the terms and conditions of State Government ICT contracts with government agencies

  • a peak sporting governing body regarding the renewal of a sport management platform operated by a third party. This involved reviewing and negotiating a master supply agreement with a sports management software vendor, with a focus on development of servicelevels relevant to new platform requirements and features 

  • Big Four banks and non-bank lenders on technology-related transactions, intellectual property licensing and ownership and major data and privacy matters including the Consumer Data Right, data breaches, data breach response plans, privacy access requests,privacy impact statements and the specialist subject of credit information and credit reporting under PartIIIA of the Privacy Act 1988

  • Best Lawyer in Privacy and Data Security since 2024
  • Ranked Legal 500 in Technology and Telecommunications (2022-present)
  • Ranked GDR 100 (2022-present)
  • Former High Court Associate to the Hon. Kenneth Hayne AC KC 
  • Keynote address on “Blockchain and the Law”, APAC Blockchain Conference (Sydney, 2021)
  • “Who are the frontier lawyers? Automation specialists, Law Tech Summit (Sydney, 2022)
  • Keynote address on “NFTs in Sport”, Asian Racing Conference (Melbourne, 2023)
  • Chair, 2023 Law Tech Conference (Gold Coast, 2023)
  • Presenter at 2030, The Future of Tech Legal Industry, “AI, Liability and Lawyering: AI’s impact on law practices and the practice of law’ (Sydney and Melbourne, 2024)
  • Presenter at FranData Summit, “When and how to use, and not use, Artificial Intelligence” (Melbourne, 2024)
     
  • Member of the Media and Communications Committee, Business Law Section of the Law Council of Australia (2020 - present)
  • Fellow of the Governance Institute of Australia and Member of its Victorian State Council (2020 - present)