IIS has a world-class reputation based on its team's combined experience of over 60 years of privacy regulatory, policy, management and consulting experience. Malcolm Crompton’s valuable contribution to privacy was recognised when IAPP awarded him the 2012 Privacy Leadership Award in Washington DC and when he was made a Member of the Order of Australia in the 2016 Queen's Birthday Honours.
IIS clients are based in the USA, Europe and the Asia Pacific, including Australia, New Zealand, Hong Kong, Singapore and Malaysia. IIS maintains close contacts with Australian and International privacy regulators and practitioners. Malcolm Crompton and Annelies Moens co-founded the International Association of Privacy Professionals in Australia and New Zealand. IIS is also involved in high-level policy forums such as the APEC data privacy subgroup and European research programs.
Many privacy issues today are about more than compliance with privacy legislation. They extend to the ethics of how personal information is used and disclosed. Citizens and customers are expecting a higher level of accountability from business and government use of their data. IIS differentiates itself from its competitors in that it is not only well placed to deal with what is required to meet minimum compliance, it also understands the nature of higher citizen and customer expectations.
IIS is pleased to announce we will merge with Cyber Risk Advisors (CRA), based in Melbourne, effective 1 January 2018 and will continue to trade under the IIS brand.
This merger further strengthens IIS as the largest provider of privacy consulting services in Asia Pacific and its global reputation for the quality of its insights and advice by adding cyber security governance, management, transformation, and data protection services. It will also signal a new phase in IIS’ growth by establishing a full-time presence in Melbourne as well as complementary industry competencies.
These increased capabilities will help IIS clients to further understand and define the desired privacy and security outcomes, with respect to regulatory, industry, and company policy compliance and to protect what matters most in terms of loss of value, regulatory sanctions, or brand and reputation. In addition, CRA clients will be able to access the full capabilities of IIS’ privacy expertise.
The merger is very timely, with the Notifiable Data Breaches (NDB) scheme established by the Privacy Amendment (Notifiable Data Breaches) Act 2017 coming into effect in Australia on 22 February 2018.
As with all important strategic business decisions, we will continue to work closely with clients, staff, and business partners to make the integration over the next three months as smooth and beneficial as possible, while delivering the same high quality of service our clients have come to expect over the past 13 years.
Malcolm Crompton, AM, FAICD, CIPP will continue his involvement in the company as Lead Privacy Advisor, focusing on privacy solutions and innovation. As Founder, he has led the company to where it is today.
Michael Trovato, CISA, CISM will assume the role of Managing Director and focus on growth and adding cyber security capabilities that complement IIS privacy solutions. Michael is an internationally recognised cyber security executive in financial services, government, and critical infrastructure industries. His background includes ICG Group, Global Cyber Security Practice Leader; Cyber Risk Advisors, Managing Partner; EY Cyber Security, Lead Partner; NAB Group, GM Technology Risk and Security; KPMG, Partner, Information Risk Management; and MasterCard International, Principal.
Annelies Moens, CIPT, FAICD, CMgr FIML has served IIS as Deputy Managing Director. After six successful years with IIS, she has decided to leave on 31 December. Annelies has led substantial development of IIS’ capabilities and we wish her well in her new endeavours.
Mike Trovato is the Managing Director and Lead Security Advisor, having commenced his role in 2018. Malcolm Crompton is the Lead Privacy Advisor, having served as Managing Director from 2004 to 2017. Robin McKenzie and Christine Cowper are IIS' most experienced privacy consultants, Robin first joined in 2005 and Christine in 2007. Chong Shao joined IIS in 2010, while Natasha Roberts and Joshua Ngai joined IIS in 2016.
Malcolm, Robin, Christine and Natasha first met at the then Australian Office of the Federal Privacy Commissioner where they worked for a number of years.
Mike is a cyber security and technology risk advisor to boards, board risk committees, and executive management. He focuses on assisting key stakeholders with understanding the obligations and outcomes of effective privacy and cyber security. This includes solving an organisation’s greatest issues with respect to regulatory, industry, and company policy compliance and to protect what matters most in terms of availability, loss of value, regulatory sanctions, or brand and reputation impacts balanced with investment.
He is ICG’s Global Cyber Practice Leader; and the Founder and Managing Partner of Cyber Risk Advisors. Prior to joining IIS, he was Asia Pacific, Oceania and FSO Lead Partner EY Cyber Security; GM Technology Risk and Security for NAB Group; a Partner within Information Risk Management at KPMG in New York, and has held financial services industry roles at Salomon Brothers and MasterCard International.
At EY, he was the lead partner responsible for the strategy, direction, and management of an Advisory Risk Cyber Security team, creating the largest, sustained Big-4 cyber security practice. He was also responsible for EY becoming a Payments Card Industry (PCI) Qualified Security Assessor (QSA) for APAC region and developing and deploying Privacy and Data Protection solutions.
As founding partner of the EY Melbourne Advanced Security Centre (ASC), specializing in attack and penetration testing and cyber threat management, he built a large Council of Registered Ethical Security Testers (CREST) certified team.
As the NAB’s Group Technology Risk and Security GM he was responsible for risk assessment, strategy, and the security program with a budget of AU$6 million, 11 direct reports, 40+ team members. He focused on enhancing technology risk, security governance and functional security analysis capabilities and establishing key regulatory and compliance activities for a three year build out plan.
He is a Graduate of the Australian Institute of Company Directors (GAICD); ISACA Melbourne Chapter Board Member, and Heide Foundation Board Member - Museum of Modern Art, Heide.
Professional credentials include being a Certified Information Systems Manager (CISM); Certified Information Systems Auditor (CISA); and PCI DSS Qualified Security Assessor (QSA). He has an MBA, Accounting and Finance and BS, Management Science, Computer Science, and Psychology.
Malcolm Crompton is the Lead Privacy Advisor and former Managing Director of Information Integrity Solutions Pty Ltd (IIS), a global consultancy based in Asia Pacific, specialising in data protection and privacy strategies. IIS assists companies increase business value and customer trust and governments meet the high standards expected of them in the handling of personal information.
As Australia's Privacy Commissioner from 1999 to 2004, Malcolm led the implementation of the nation's private sector privacy law. He hosted the 25th International Conference of Data Protection and Privacy Commissioners in Sydney in 2003.
Malcolm was the founding President of of the International Association of Privacy Professionals Australia New Zealand (iappANZ), an affiliate of the International Association of Privacy Professionals (IAPP). He served as a Director of iappANZ until 2016. He was a Director of IAPP from 2007 to 2011 and is an IAPP Certified Information Privacy Professional.
Through IIS, Malcolm has advised a wide range of industry sectors. He has also consulted to the Asia-Pacific Economic Cooperation forum (APEC) regularly on implementation of the APEC privacy framework and to the Organisation for Economic Cooperation and Development (OECD).
Malcolm is a Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services. He is Chair of PRAXIS Australia Ltd, also a private not-for-profit company, established to promote the conduct of ethical research involving human participants. Malcolm is a member of the NSW Data Analytics Centre Advisory Board. He is also a Fellow of the Australian Institute of Company Directors.
Between 1996 and 1999, Malcolm was Manager of Government Affairs for AMP Ltd. In the previous 20 years, Malcolm held senior executive positions in the Federal Department of Finance, served as both a superannuation scheme trustee and scheme founder and worked in the Transport and Health portfolios. Malcolm has degrees in Chemistry and Economics.
He was made a Member of the Order of Australia in the 2016 Queen's Birthday Honours for significant service to public administration, particularly to data protection, and identity management, and to the community. Malcolm received the 2012 Privacy Leadership Award in Washington DC from the IAPP in recognition of his global reputation and expertise in privacy. He received the inaugural Chancellor's Medal for distinguished contribution to the Australian National University in 2004.
Robin McKenzie is Principal Consultant with Information Integrity Solutions Pty Ltd (IIS). Over the last 15 years she has gained extensive knowledge and experience working in the privacy field. Robin distils issues and develops practical solutions that work for both the organisation and the individuals about whom they hold personal information. She has particular expertise in buiding privacy by design into new IT based initiatives and prides herself on writing reports and documents that are concise and enable the client to easily act on recommendations. The wide ranging projects she has worked on during her 10 years with IIS include:
Between 1999-2005 Robin was in senior roles at then Office of the Federal Privacy Commissioner where she developed guidelines for privacy in the private sector and oversaw its review of the private sector provisions of the Privacy Act 1988 (Cth). She was a partner in a highly respected legal policy consulting company, Kearney McKenzie and Associates between 1994 and 1999. This was preceded by 5 years at the Australian Law Reform Commission where Robin was Associate to the President Justice Elizabeth Evatt and senior law reform officer where work included developing a uniform approach to privacy across the federal human services and health departments.
Robin has a law degree from the University of Adelaide, an honours arts degree majoring in social anthropology from Monash University, and Masters Degree (with merit) in Art History from Sydney University. She was admitted to practice as a Barrister and Solicitor in the Supreme Court of South Australia in 1982.
Christine Cowper is Principal Consultant with Information Integrity Solutions Pty Ltd (IIS). She has worked in privacy and data protection for over twenty-one years and is a specialist in privacy regulation, management and practice. Christine combines her strong background in Australian and International privacy regulation with a strategic and practical focus honed in her years of regulatory and consulting experience working closely with clients in a range of industries and environments.
As principal consultant with IIS, Christine has worked with over 90 clients in the public and private sectors on areas including identity management, data analytics, e-health, health information, law enforcement and e-government. These projects have included:
Before joining IIS in 2007, Christine worked for 16 years with the Office of the Federal Privacy Commissioner (now the Office of the Australian Information Commissioner) managing its policy and compliance sections. Her achievements in these roles included key involvement in the implementation of the Privacy Act's private sector jurisdiction, leading consultations, development of guidance material and policy development and improving compliance and conciliation practice.
Christine has also held senior roles with the Department of Community Services and Health (now Health and Aged Care). Her other experience includes roles with the Federal Public Service Board and in credit management and commercial lending. Christine has a Graduate Certificate in Management from Macquarie University.
Chong Shao is a Consultant with Information Integrity Solutions Pty Ltd (IIS). He is interested in the intersection of technology with society and individuals. In particular, he brings a curious and critical perspective where privacy and broader ethical issues are at stake.
Since 2010, Chong has worked on many projects including:
Before joining IIS, Chong worked as a market researcher for ANOP Research Services Pty Ltd and as a legal assistant at Robert C. Minter Lawyers. He was the Deputy Editor of AERIS Magazine, a bilingual online lifestyle magazine for Chinese youth based in Hong Kong.
Chong is a graduate of Sydney Law School (Hons 1) and contributed to the Sydney Law Review as a student editor. He also holds an Honours Degree in Psychology and a Master of Teaching from the University of Sydney.
Natasha Roberts is a Consultant with Information Integrity Solutions Pty Ltd (IIS). She joined IIS in 2016. Natasha has significant experience with privacy law and policy. With close to ten years' experience working at the Office of the Australian Information Commissioner (OAIC), Natasha brings strong analysis and assessment skills in privacy. In 2008 she was awarded an Australia Day Achievement Medallion for her work supporting the Australian Privacy Commissioner.
Natasha has experience conducting privacy impact assessments, drafting major position and research papers, investigation reports, submissions, guidance material, statutory guidelines, executive briefs and speeches. She has researched and helped develop regulatory positions on new technologies and emerging privacy issues, including in relation to electronic health records, biometrics, smart infrastructure, smart phone technology, big data and social media.
Key projects Natasha has delivered include:
Along with an in-depth knowledge of privacy regulation, Natasha has expertise in information law and policy more generally including freedom of information law and trends in open government. Natasha holds a Bachelor of Arts (Hons 1) from the University of Sydney. She has also completed training courses on Fundamentals of internal audit; Administrative power and the law; Machinery of Government; and Policy Formulation.
Joshua Ngai joined Information Integrity Solutions Pty Ltd (IIS) as an Assistant Consultant in 2017. He assists clients by conducting privacy impact assessments, researching on privacy trends and laws globally, and providing written strategic and practical advice.
Before joining IIS, Joshua worked for the Privacy Commissioner for Personal Data, Hong Kong and was posted to the Policy and Research Division. He was directly supervised by the Privacy Commissioner of Hong Kong and was tasked with over 10 research projects (including comparative law) relating to the:
Joshua has also worked in China (as an intern at the Beijing Arbitration Commission), Kenya (as an intern at the United Nations) and Mexico (as a teacher for underprivileged children). In addition to English, Joshua speaks fluent Chinese, Spanish and Cantonese.
Joshua is a recent graduate from the Chinese University of Hong Kong, holding a Juris Doctorate degree with a scholarship and a Bachelor of Social Science (First Class Honours) in Sociology.
IIS has a wide network of strategic partners with whom it regularly teams to pool resources and deliver large or complex projects.
IIS is part of the TCG Group of companies, a group of independent, mutually supportive private enterprises that have been in operation since 1971, TCG® operates in five strategic areas - services, computers & communications, business accelerators & technology parks, land & food and the environment.
IIS partners with Global Access Partners, a proactive and influential network which initiates high-level discussions at the cutting edge of the most pressing commercial, social and global issues of today, such as identity management, new approaches to privacy and trust in the information age and cloud computing.
Open Forum is an independent collaborative think-tank built around an interactive discussion website hosted and moderated by Global Access Partners (GAP). It provides a platform for focused dialogue on social, political, economic, ecological and cultural issues and challenges. IIS has participated in initiatives such as Privacy and Trust as well as blogs on Open Forum.