IISP Finals 2019-009 (resized).jpg




About Us

Information Integrity Solutions (IIS) is an Australian company with a global presence that provides services in data protection and information privacy to public, private and non-government organisations. We are the largest privacy consultancy company in the Asia-Pacific region, based in Sydney and Melbourne, Australia. Malcolm Crompton AM, Australia's Privacy Commissioner between 1999 and 2004, and Peter Fritz AM established the company in 2004.

IIS has a world-class reputation based on our team's combined experience of over 60 years of privacy regulatory, policy, management and consulting experience. Malcolm Crompton’s valuable contribution to privacy was recognised when IAPP awarded him the 2012 Privacy Leadership Award in Washington DC and when he was made a Member of the Order of Australia in the 2016 Queen's Birthday Honours.

IIS clients are based in each Australian state and territory, as well as the USA, Europe and the Asia-Pacific (including New Zealand, Hong Kong, Singapore and Malaysia). We maintain close contacts with Australian and International privacy regulators and practitioners. Malcolm Crompton founded the International Association of Privacy Professionals in Australia and New Zealand. IIS is also involved in high-level policy forums such as the APEC data privacy subgroup and European research programs.

Many privacy issues today are not about being non-compliant with privacy and security legislation, rather they are about the ethics of how personal information is used and disclosed as well as the availability, reliability and integrity of the service. Individuals are increasingly expecting a higher level of accountability around business and government use of their data. IIS differentiate ourselves from our competitors in that we are not only well placed to deal with what is required to meet minimum compliance, we also understand the nature of higher citizen and customer expectations.

In January 2018, IIS merged with Cyber Risk Advisors, based in Melbourne. After the merger, we continue to trade under the IIS brand.

Download Company Brochure

Download Company Brochure

IISP Finals 2019-009 (resized).jpg

Our Team

Our Team

Staff at IIS have combined over 60 years of privacy regulatory, management and consulting experience, the largest in the Asia-Pacific region.

Mike Trovato is the Managing Director and Lead Security Advisor, having commenced his role in 2018. Malcolm Crompton is the Founder and Lead Privacy Advisor, having served as Managing Director from 2004 to 2017. Christine Cowper is IIS' most experienced privacy consultant, joining IIS in 2007. Chong Shao joined IIS in 2010, while Natasha Roberts and Joshua Ngai joined IIS in 2016. Alexander Benze Von Fritz and Eugenia Caralt joined the team in 2018.

Malcolm, Christine and Natasha first met at the then Australian Office of the Federal Privacy Commissioner where they worked for a number of years.



Mike Trovato is a cyber security and technology risk advisor to boards, board risk committees, and executive management. He focuses on assisting key stakeholders with understanding the obligations and outcomes of effective privacy and cyber security. This includes solving an organisation’s issues with respect to regulatory, industry, and company policy compliance and to protect what matters most in terms of availability, loss of value, regulatory sanctions, or brand and reputation impacts balanced with investment.

Mike is ICG’s Global Cyber Practice Leader. Prior to joining IIS, he was the Founder and Managing Partner of Cyber Risk Advisors. Before then, he was Asia Pacific, Oceania and FSO Lead Partner EY Cyber Security; GM Technology Risk and Security for NAB Group; a Partner within Information Risk Management at KPMG in New York, and has held financial services industry roles at Salomon Brothers and MasterCard International.

At EY, Mike was the lead partner responsible for the strategy, direction, and management of an Advisory Cyber Security team, creating the largest, sustained Big-4 cyber security practice. He was also responsible for EY becoming a Payments Card Industry (PCI) Qualified Security Assessor (QSA) for APAC region, developing and deploying Privacy and Data Protection solutions, and building the Melbourne Advanced Security Centre (ASC), specialised in attack and penetration testing.

As the NAB’s Group Technology Risk and Security GM, Mike was responsible for risk assessment, strategy, and the security program with a budget of AU$6 million, 11 direct reports, 40+ team members. He focused on enhancing technology risk, security governance and functional security analysis capabilities and establishing key regulatory and compliance activities for a three-year plan.

Mike is a Graduate of the Australian Institute of Company Directors (GAICD), Member Australian Information Security Association (AISA), an AISA Board Member, ISACA Melbourne Chapter Board Member, Member of National Standing Committee on Digital Trade, and is a Heide Foundation Board Member - Museum of Modern Art, Heide.

Mike’s professional credentials include being a Certified Information Systems Manager (CISM); Certified Information Systems Auditor (CISA); and PCI DSS Qualified Security Assessor (QSA). He is also a member of the International Association of Privacy Professionals (IAPP) and is an ICG Accredited Professional. He has an MBA, Accounting and Finance and BS, Management Science, Computer Science, and Psychology.

Mike is the co-author of The New Governance of Data and Privacy: Moving from compliance to performance, Australian Institute of Company Directors, November 2018.



Malcolm Crompton is the Lead Privacy Advisor and was the founder and first Managing Director of Information Integrity Solutions Pty Ltd (IIS), a global consultancy based in Asia Pacific, specialising in data protection and privacy strategies. IIS assists companies increase business value and customer trust, and assists governments meet the high standards expected of them in the handling of personal information.

As Australia’s Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of the nation’s private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003.

Malcolm was the founding President of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He served as a Director of iappANZ until 2016. He was a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional.

Through IIS, Malcolm has advised a wide range of industry sectors. He has also consulted to the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework and to the Organisation for Economic Cooperation and Development (OECD).

Malcolm is a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services. He is Chair of PRAXIS Australia Ltd, also a private not-for-profit company, established to promote the conduct of ethical research involving human participants. Malcolm is a member of the NSW Data Analytics Centre Advisory Board. He is also a Fellow of the Australian Institute of Company Directors and member of the International Association of Privacy Professionals (IAPP).

Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, he held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. He has degrees in Chemistry and Economics.

Malcolm was made a Member of the Order of Australia in the 2016 Queen’s Birthday Honours for significant service to public administration, particularly to data protection, privacy, and identity management, and to the community. Malcolm received the 2012 Privacy Leadership Award in Washington DC from the IAPP in recognition of his global reputation and expertise in privacy. He received the inaugural Chancellor’s Medal for distinguished contribution to the Australian National University in 2004.

Malcolm is a co-author of The New Governance of Data and Privacy: Moving from compliance to performance, Australian Institute of Company Directors, November 2018.

Malcolm Crompton
Robin McKenzie



Eugenia Caralt is a Principal Consultant with Information Integrity Solutions Pty Ltd (IIS). Having worked in both consulting and operational roles for over 18 years, she has broad experience in Organisational Resilience, Crisis Management, Information Security and Privacy Compliance. She has provided advice to a diverse portfolio of clients, including telecommunications and other critical infrastructure sectors.

Eugenia has worked in Australia, France, Spain and the UK on complex projects and has a track record of successfully managing and leading virtual teams, providing advice to Executive Management and delivering high-quality results. Her background in law, international standards, audit and advisory provides a comprehensive approach to effective risk management.

Eugenia’s project experience includes the implementation of Data Protection and Privacy frameworks and carrying out privacy audits. She has also delivered ISO 22301 certification “Societal security — Business continuity management systems” for a major global telecommunications provider, managed crisis management teams during major business disruption events and deployed a dedicated Disaster Recovery Site for a customer service desk.

More recently Eugenia has been leading engagements for major healthcare and government sector clients performing privacy impact assessments, privacy health checks, and third-party risk assessments to support enforceable undertakings.

Prior to joining IIS, Eugenia worked for a ‘Big 4’ IT Risk and Security Advisory practice for more than 10 years and then joined Colt Technology Services in Europe where she was the Group Head of Business Continuity. Returning to Australia in 2017, she worked for NBN Co as part of the Risk & Resilience team.

Eugenia has a law degree from the University of Barcelona, a Master in Law from ISDE Business School and a Post Master in Technology Law from ESADE Business School. She has recently lectured at the IE Law School in Madrid as part of their annual EU GDPR Course.

Eugenia joined the Barcelona Bar Association in 1999. She is a Certified Information Security Auditor (CISA) and an Associate Fellow of Business Continuity Institute (BCI). She is a member of ISACA and BCI Melbourne Chapters, the Australian Information Security Association (AISA), and the International Association of Privacy Professionals (IAPP). She is also an ICG Accredited Professional.

In addition to English, Eugenia speaks Spanish and French.



Christine Cowper is a Principal Consultant with Information Integrity Solutions Pty Ltd (IIS). She has worked in privacy and data protection for over thirty years and is a specialist in privacy regulation, management and practice. Christine combines her strong background in Australian and international privacy regulation with a strategic and practical focus honed in her years of regulatory experience and in working closely with clients in a range of industries and environments

As principal consultant with IIS, Christine has worked with over 100 clients in the public and private sectors on a variety of projects such as:

  • Conducting privacy impact assessments in relation to government policy developments such as amendments to the telecommunications interception regime and mandatory data retention, the adoption of new technologies such as cloud services and electronic identity verification
  • Conducting privacy health checks for organisations interested in improving their privacy practices including for a major airport, a New Zealand education agency and an indigenous health service
  • Developing privacy compliance tools, for example privacy impact assessment toolkits and BYOD policy and risk assessment checklists
  • Developing privacy strategies, privacy policies and notices, for example, big data strategies, privacy complaint handling and access policies for major transport infrastructure corporations
  • Training organisations in the financial services and health sectors and overseas privacy regulators on applying privacy in practice
  •  Preparing speeches, papers and articles particularly in relation to building trust, global privacy initiatives in Japan and China and APEC developments.

Before joining IIS, Christine worked for 16 years with the then Office of the Federal Privacy Commissioner managing its policy and compliance sections. Her achievements in these roles included key involvement in the implementation of the Privacy Act’s private sector jurisdiction, leading consultations, development of guidance material and policy development and improving compliance and conciliation practice.

Christine also held senior roles with the DHHS of Community Services and Health, and the Federal Public Service Board. Her other experience includes roles in credit management and commercial lending. Christine has a Graduate Certificate in Management from Macquarie University.

Christine Cowper
Chong Shao



Chong Shao is a Senior Consultant with Information Integrity Solutions Pty Ltd (IIS). He is interested in the intersection of technology with society and individuals. In particular, he brings a curious and critical perspective where privacy and broader ethical issues are at stake.

Since 2010, Chong has worked on many projects including:

  • Conducting Privacy Impact Assessments and Privacy Health Checks for a diverse range of public and private organisations
  • Formulating privacy, governance and strategic advice in areas such as e-health and health information registers, de-identification of personal information, cloud computing, privacy law reform and data ethics
  • Drafting privacy notices and policies
  • Developing privacy tools, templates and programs specifically tailored for clients
  • Providing description and analysis on the state of technology, policy and law across various jurisdictions.

Chong has written on diverse topics such as the privacy legal landscape, Privacy by Design, trust, accountability and cross-border data flows, including for Microsoft, the National Centre for APEC, iappANZ and the Institute of Electrical and Electronics Engineers. His most recent work, co-authored with Malcolm Crompton and Michael Trovato, is The New Governance of Data and Privacy: Moving from compliance to performance, Australian Institute of Company Directors, November 2018.

Chong is a graduate of Sydney Law School (Hons 1) and contributed to the Sydney Law Review as a student editor. He also holds an Honours Degree in Psychology and a Master of Teaching from the University of Sydney. He is a member of the International Association of Privacy Professionals (IAPP).



Natasha Roberts is a Senior Consultant with Information Integrity Solutions Pty Ltd (IIS). She joined IIS in 2016. Natasha has significant experience with privacy law and policy. With close to ten years’ experience working at the Office of the Australian Information Commissioner (OAIC), Natasha brings strong analysis and assessment skills in privacy. In 2008 she was awarded an Australia Day Achievement Medallion for her work supporting the Australian Privacy Commissioner

Natasha has experience conducting privacy impact assessments, drafting major position and research papers, investigation reports, submissions, guidance material, statutory guidelines, executive briefs and speeches. She has researched and helped develop regulatory positions on new technologies and emerging privacy issues, including in relation to electronic health records, biometrics, smart infrastructure, smart phone technology, big data and social media.

Key projects Natasha has delivered include:

  • Project-managing the development of the OAIC’s first major position and issues paper on Australian Government Information Policy, published on the opening of the new Office
  • Drafting a major research paper and set of guidelines on privacy and CCTV for the New Zealand Privacy Commissioner
  • Drafting major OAIC submissions on eHealth, the National Disability Insurance Scheme, the financial system, online privacy, and playing a major role in OPC’s response to the Australian Law Reform Commission’s review of privacy
  • Drafting and/or editing a range of guidance material for individuals, agencies and organisations on the Privacy Act 1988 (Cth) and the My Health Records Act 2012 (Cth)
  • Assisting the Deputy Privacy Commissioner on the development of the APEC Cross-border Privacy Enforcement Arrangement in consultation with international privacy regulators
  • Supporting the work of the Gov 2.0 Taskforce as a member of the Taskforce Secretariat
  • Assessing privacy impacts of bills subject to parliamentary committee inquiry.

Along with an in-depth knowledge of privacy regulation, Natasha has expertise in information law and policy more generally including freedom of information law and trends in open government.

Natasha holds a Bachelor of Arts (Hons 1) from the University of Sydney. She has also completed training courses on Fundamentals of internal audit; Administrative power and the law; Machinery of Government; and Policy Formulation.

Natasha Roberts.jpg
Alexander Benz von Fritz.jpg



Alexander Benze von Fritz is a Consultant with Information Integrity Solutions Pty Ltd (IIS). Alexander assists clients by conducting privacy impact assessments, privacy and cyber security health checks, researching on privacy and security trends and laws globally, and providing written strategic and practical advice

Prior to joining IIS, Alexander worked at international law firm Herbert Smith Freehills. As a lawyer in the Private Equity practice group he advised clients on a variety of transactions including capital raisings, mergers and acquisitions. In working with clients of different sizes and from a wide range of industries, Alexander developed practical knowledge of privacy and information security considerations and witnessed the detrimental impact on the value of organisations that neglect to adequately prioritise them.

Alexander has also had extensive international business experience having worked at a multinational IT service provider in Paris, a private equity firm in New York and a top-tier tax consultancy in Berlin. Complementing his understanding of global corporates, Alexander has spent time working within international political organisations including the Human Rights division of the United Nations and SME division of the OECD.

Coming from a legal background, Alexander is interested in the impact that rapidly developing technologies are having on privacy and information security regulations and corporate compliance with these regulatory obligations.

Alexander holds a Bachelor of Commerce and a Juris Doctor degree from the University of Sydney. Alexander was admitted as a solicitor to the New South Wales Supreme Court in 2016. He is a Member of the Australian Information Security Association (AISA) and the International Association of Privacy Professionals (IAPP). He is also an ICG Accredited Professional.

In addition to English, Alexander speaks German.



Joshua Ngai joined Information Integrity Solutions Pty Ltd (IIS) as an Assistant Consultant in 2017. He assists clients by conducting privacy impact assessments, researching on privacy trends and laws globally, and providing written strategic and practical advice.

Before joining IIS, Joshua worked for the Privacy Commissioner for Personal Data, Hong Kong and was posted to the Policy and Research Division. He was directly supervised by the Privacy Commissioner of Hong Kong and was tasked with over 10 research projects (including comparative law) relating to the:

  • Comparison between the Hong Kong Personal Data (Privacy) Ordinance and the European Union General Data Protection Regulation (GDPR)
  • Privacy ramifications of emerging technologies such as electronic mobile payments, video analytics and location tracking
  • Privacy compliance of digital fitness bands, their associated Apps and websites, with comparative analysis based on their place of manufacture
  • Current legal landscape of cyberbullying and its relation to the Hong Kong Personal Data (Privacy) Ordinance
  • Preparation of speeches, papers and articles in relation to Hong Kong's free flow of information and privacy protection as an advantage in China's "One Belt One Road Initiative".

Joshua has also worked in China (as an intern at the Beijing Arbitration Commission), Kenya (as an intern at the United Nations) and Mexico (as a teacher for underprivileged children).

Joshua is a recent graduate from the Chinese University of Hong Kong, holding a Juris Doctorate degree with a scholarship and a Bachelor of Social Science (First Class Honours) in Sociology.

In addition to English, Joshua speaks fluent Chinese, Spanish and Cantonese.

Joshua Ngai.jpg


IIS has a wide network of strategic partners with whom it regularly teams to pool resources and deliver large or complex projects.

TCG Group of Companies

IIS is part of the TCG Group of companies, a group of independent, mutually supportive private enterprises that have been in operation since 1971, TCG® operates in five strategic areas - services, computers & communications, business accelerators & technology parks, land & food and the environment.

Global Access Partners (GAP)

IIS partners with Global Access Partners, a proactive and influential network which initiates high-level discussions at the cutting edge of the most pressing commercial, social and global issues of today, such as identity management, new approaches to privacy and trust in the information age and cloud computing.

Open Forum

Open Forum is an independent collaborative think-tank built around an interactive discussion website hosted and moderated by Global Access Partners (GAP). It provides a platform for focused dialogue on social, political, economic, ecological and cultural issues and challenges. IIS has participated in initiatives such as Privacy and Trust as well as blogs on Open Forum.