He is ICG’s Global Cyber Practice Leader; and the Founder and Managing Partner of Cyber Risk Advisors. Prior to joining IIS, he was Asia Pacific, Oceania and FSO Lead Partner EY Cyber Security; GM Technology Risk and Security for NAB Group; a Partner within Information Risk Management at KPMG in New York, and has held financial services industry roles at Salomon Brothers and MasterCard International.

At EY, he was the lead partner responsible for the strategy, direction, and management of an Advisory Risk Cyber Security team, creating the largest, sustained Big-4 cyber security practice. He was also responsible for EY becoming a Payments Card Industry (PCI) Qualified Security Assessor (QSA) for APAC region and developing and deploying Privacy and Data Protection solutions.

As founding partner of the EY Melbourne Advanced Security Centre (ASC), specializing in attack and penetration testing and cyber threat management, he built a large Council of Registered Ethical Security Testers (CREST) certified team.

As the NAB’s Group Technology Risk and Security GM he was responsible for risk assessment, strategy, and the security program with a budget of AU$6 million, 11 direct reports, 40+ team members. He focused on enhancing technology risk, security governance and functional security analysis capabilities and establishing key regulatory and compliance activities for a three year build out plan.

He is a Graduate of the Australian Institute of Company Directors (GAICD); ISACA Melbourne Chapter Board Member, and Heide Foundation Board Member - Museum of Modern Art, Heide.

Professional credentials include being a Certified Information Systems Manager (CISM); Certified Information Systems Auditor (CISA); and PCI DSS Qualified Security Assessor (QSA). He has an MBA, Accounting and Finance and BS, Management Science, Computer Science, and Psychology.

As Australia's Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of the nation's private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003.

Malcolm was the founding President of of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He served as a Director of iappANZ until 2016. He was a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional.

Through IIS, Malcolm has advised a wide range of industry sectors. He has also consulted to the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework and to the Organisation for Economic Cooperation and Development (OECD).

Malcolm is a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services. He is Chair of PRAXIS Australia Ltd, also a private not-for-profit company, established to promote the conduct of ethical research involving human participants. Malcolm is a member of the NSW Data Analytics Centre Advisory Board. He is also a Fellow of the Australian Institute of Company Directors.

Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, Malcolm held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. Malcolm has degrees in Chemistry and Economics.

He was made a Member of the Order of Australia in the 2016 Queen's Birthday Honours for significant service to public administration, particularly to data protection, and identity management, and to the community. Malcolm received the 2012 Privacy Leadership Award in Washington DC from the IAPP in recognition of his global reputation and expertise in privacy. He received the inaugural Chancellor's Medal for distinguished contribution to the Australian National University in 2004.

• Privacy health checks in areas such as government and non-government personal injury and property insurance, health and related service provision and professional associations managing member information.
• Privacy impact assessments on intiatives involving identity management and whole of government service delivery strategies for Australian and New Zealand governments, electronic health records, education and young people including Office 365 and Google Apps for education, law enforcement and licensing agencies, ID scanning in pubs, telecommunications, online bill payment systems and cloud services.
• Easy to read and well placed privacy notices and privacy policies as well as 'how to' guidance for a wide range of organisations including regulators.
• Thought leadership, including white papers in areas such as identity management, whole of government service provision and governance.
• Advisory services including in the credit reporting area, de-identification, trouble shooting, implementing the 2013 amendments to the Privacy Act and cloud services.

Between 1999-2005 Robin was in senior roles at then Office of the Federal Privacy Commissioner where she developed guidelines for privacy in the private sector and oversaw its review of the private sector provisions of the Privacy Act 1988 (Cth). She was a partner in a highly respected legal policy consulting company, Kearney McKenzie and Associates between 1994 and 1999. This was preceded by 5 years at the Australian Law Reform Commission where Robin was Associate to the President Justice Elizabeth Evatt and senior law reform officer where work included developing a uniform approach to privacy across the federal human services and health departments.

Robin has a law degree from the University of Adelaide, an honours arts degree majoring in social anthropology from Monash University, and Masters Degree (with merit) in Art History from Sydney University. She was admitted to practice as a Barrister and Solicitor in the Supreme Court of South Australia in 1982.

As principal consultant with IIS, Christine has worked with over 90 clients in the public and private sectors on areas including identity management, data analytics, e-health, health information, law enforcement and e-government. These projects have included:

• conducting privacy impact assessments on new government policy, law or programs, or the adoption of new technologies, for example in relation to the personal property securities register, online identity verification and customer relationship management systems
• planning and implementing stakeholder consultations for privacy impact assessments, privacy compliance reviews and development of privacy plans
• drafting and reviewing privacy notices for example, for a large employment vetting service, an ethics review body and an internet sales company
• developing detailed privacy strategies for example for organisations in the transport and communications sectors and
• preparing papers and articles, particularly in relation to developments in privacy law and regulation

Before joining IIS in 2007, Christine worked for 16 years with the Office of the Federal Privacy Commissioner (now the Office of the Australian Information Commissioner) managing its policy and compliance sections. Her achievements in these roles included key involvement in the implementation of the Privacy Act's private sector jurisdiction, leading consultations, development of guidance material and policy development and improving compliance and conciliation practice.

Christine has also held senior roles with the Department of Community Services and Health (now Health and Aged Care). Her other experience includes roles with the Federal Public Service Board and in credit management and commercial lending. Christine has a Graduate Certificate in Management from Macquarie University.

Since 2010, Chong has worked on many projects including:

• Conducting Privacy Impact Assessments and Privacy Health Checks for a diverse range of public and private organisations
• Formulating privacy, governance and strategic advice in areas such as e-health and health information registers, de-identification of personal information, cloud computing, privacy law reform and data ethics
• Drafting privacy notices and policies
• Developing privacy tools, templates and programs specifically tailored for clients
• Providing description and analysis on the state of technology, policy and law across various jurisdictions
• Contributing to privacy thought leadership through the development of presentations, articles and reports on diverse topics such as identity management, governance, trust and accountability, Privacy by Design and cross-border data flows.

Before joining IIS, Chong worked as a market researcher for ANOP Research Services Pty Ltd and as a legal assistant at Robert C. Minter Lawyers. He was the Deputy Editor of AERIS Magazine, a bilingual online lifestyle magazine for Chinese youth based in Hong Kong.

Chong is a graduate of Sydney Law School (Hons 1) and contributed to the Sydney Law Review as a student editor. He also holds an Honours Degree in Psychology and a Master of Teaching from the University of Sydney.

Prior to joining IIS, Alexander worked at international law firm Herbert Smith Freehills. As a lawyer in the Private Equity practice group he advised clients on a variety of transactions including capital raisings, mergers and acquisitions. In working with clients of different sizes and from a wide range of industries, Alexander developed practical knowledge of privacy and information security considerations and witnessed the detrimental impact on the value of organisations that neglect to adequately prioritise them.

Alexander has also had extensive international business experience having worked at a multinational IT service provider in Paris, a private equity firm in New York and a top-tier tax consultancy in Berlin. Complementing his understanding of global corporates, Alexander has spent time working within international political organisations including the Human Rights division of the United Nations and SME division of the OECD.

Coming from a legal background, Alexander is interested in the impact that rapidly developing technologies are having on privacy and information security regulations and corporate compliance with these regulatory obligations.

In addition to English, Alexander speaks German.

Alexander holds a Bachelor of Commerce and a Juris Doctor degree from the University of Sydney. Alexander was admitted as a solicitor to the New South Wales Supreme Court in 2016.

Natasha has experience conducting privacy impact assessments, drafting major position and research papers, investigation reports, submissions, guidance material, statutory guidelines, executive briefs and speeches. She has researched and helped develop regulatory positions on new technologies and emerging privacy issues, including in relation to electronic health records, biometrics, smart infrastructure, smart phone technology, big data and social media.

Key projects Natasha has delivered include:

• Project-managing the development of the OAIC’s first major position and issues paper on Australian Government Information Policy, published on the opening of the new Office
• Drafting a major research paper and set of guidelines on privacy and CCTV for the New Zealand Privacy Commissioner
• Drafting major OAIC submissions on eHealth, the National Disability Insurance Scheme, the financial system, online privacy, and playing a major role in OPC’s response to the Australian Law Reform Commission’s review of privacy
• Preparing a range of guidance material for individuals, agencies and organisations on the Privacy Act 1988 (Cth and the My Health Records Act 2012 (Cth)
• Assisting the Deputy Privacy Commissioner on the development of the APEC Cross-border Privacy Enforcement Arrangement in consultation with international privacy regulators

Along with an in-depth knowledge of privacy regulation, Natasha has expertise in information law and policy more generally including freedom of information law and trends in open government. Natasha holds a Bachelor of Arts (Hons 1) from the University of Sydney. She has also completed training courses on Fundamentals of internal audit; Administrative power and the law; Machinery of Government; and Policy Formulation.

Before joining IIS, Joshua worked for the Privacy Commissioner for Personal Data, Hong Kong and was posted to the Policy and Research Division. He was directly supervised by the Privacy Commissioner of Hong Kong and was tasked with over 10 research projects (including comparative law) relating to the:

• Comparison between the Hong Kong Personal Data (Privacy) Ordinance and the European Union General Data Protection Regulation (GDPR)
• Privacy ramifications of emerging technologies such as electronic mobile payments, video analytics and location tracking
• Privacy compliance of digital fitness bands, their associated Apps and websites, with comparative analysis based on their place of manufacture
• Current legal landscape of cyberbullying and its relation to the Hong Kong Personal Data (Privacy) Ordinance
• Preparation of speeches, papers and articles in relation to Hong Kong's free flow of information and privacy protection as an advantage in China's "One Belt One Road Initiative".

Joshua has also worked in China (as an intern at the Beijing Arbitration Commission), Kenya (as an intern at the United Nations) and Mexico (as a teacher for underprivileged children). In addition to English, Joshua speaks fluent Chinese, Spanish and Cantonese.

Joshua is a recent graduate from the Chinese University of Hong Kong, holding a Juris Doctorate degree with a scholarship and a Bachelor of Social Science (First Class Honours) in Sociology.