• Conducting privacy audits for multinational businesses, including a global food and beverage manufacturer, pharmaceutical companies and a global consumer goods manufacturer. This involves assessing privacy and data handling practices through tailored questionnaires and workshops, and delivering practical, risk-based recommendations to enhance compliance and strengthen organisational data governance.
• Advising a global reinsurer on management of a data leakage incident involving sensitive commercial and personal data. This included liaising with insurance and privacy regulators in multiple jurisdictions.
• Advising a security and facility services company on its response to a ransomware attack involving large-scale data exfiltration. This included managing regulatory engagement and notification strategies, and supporting the client in responding to and resolving complaints from affected individuals, whilst seeking to minimise regulatory exposure and operational disruption.
• Conducting privacy impact assessments for a range of private and public sector organisations, helping clients to identify and mitigate privacy risks arising from the introduction of complex technology solutions and new business processes.
• Co‑authoring a report with the British High Commission on the regulatory and procedural challenges associated with overseas transfers of personal data in the absence of an Australia–UK adequacy decision. This included working with a range of government, industry and international stakeholders to assess current barriers and outline the potential impact of reform.
• Advising a range of national and international clients on compliance with direct marketing and spam laws across omni-channel campaigns, including correspondence with the regulator, the Australian Communications and Media Authority (ACMA), following consumer complaints.
• Conducting a bespoke cyber incident simulation workshop for a global pharmaceutical company.
• Advising insurance companies on the application of Australian Prudential Regulation Authority (APRA) regulations relating to information security and operational resilience, and drafting and negotiating commercial terms relating to data sharing.
• Providing advice on the application of privacy and surveillance laws including in respect of workplace surveillance schemes and to the State of Victoria in respect of its COVID-19 response.

• Global Perspectives on FemTech – Europe, Australia, and the United States, 6 May 2026

Sarah is a regular contributor to DLA Piper's Privacy Matters blog:

• Exposure draft of Children’s Online Privacy Code signals tougher standards, 2 April 2026
• Australia’s Social Media “Ban” and the eSafety Commissioner’s Social Media Minimum Age Regulatory Guidance, 17 February 2026
• Return to Sender ID: Businesses must register “branded identifiers” used in Australian SMS messages, 16 January 2026
• Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident, 21 October 2025
• Facial Recognition Technology Continues to Breach Australian Privacy Act, 23 September 2025
• Scraping the barrel – when data scraping breaches the Privacy Act, 8 September 2025
• Privacy Act amendments and Cyber Security Act become law, 5 December 2024
• In-Store Facial Recognition Tech Breached Privacy Act, 22 November 2024
• Australia’s Cyber Security Strategy in action – three new draft laws published, 11 October 2024
• Anti-scam measures and ransomware reporting on the agenda, 11 September 11 2024
• Long awaited Australian privacy reform comes to fruition, 13 September 2024
• Australia’s e-marketing expectations: When customers don’t give a spam, 5 August 2024
• Privacy Act Updates Expected in August 2024, 13 May 2024

Sarah regularly presents at external conferences and leads client training and briefings to boards of directors. Recent sessions and topics include:

• WIN In-House Counsel Week 2026: Employment & privacy in the digital workplace: risks, reforms and practical strategies, 16 February 2026
• Kaseya Connect Asia Pacific - Navigating Cyber Law and Compliance in 2025, 30 October 2025
• WIN In-House Counsel Week 2025: Privacy and cyber – a new era, 20 February 2025
• Payments Forum - Cyber Legal Assurance, 14 November 2024
• Cyber Breach Simulation Workshop, 13 March 2024 (Brisbane), 9 May 2024 (Melbourne) and 23 November 2023 (Sydney)
• WIN In-House Counsel Week 2024: Insights from the trenches - top tips for managing (and avoiding) cyber incidents, 22 February 2024
• Webinar: Strengthening your organisation's cyber resilience, 23 October 2023
• WIN In-House Counsel Week 2023: Data governance and cyber security – risk management for the digital age, 23 February 2023 (Melbourne) and 2 March 2023 (Brisbane)
• WIN In-House Counsel Week 2021: The wandering workforce – cyber security and privacy, home offices, WHS and other employment law bear traps, 25 February 2021
• WIN In-House Counsel Day 2020: Data breaches – a practical guide, 19 February 2020 (Brisbane) and 20 February 2020 (Melbourne)