The ICO exists to empower you through information.

Keynote speakers

John Edwards

John Edwards began his role as UK Information Commissioner on 4 January, 2022.

Mr. Edwards, who joins on a five year term, spent eight years as New Zealand Privacy Commissioner from 2014-2021.

Mr. Edwards was educated in New Plymouth, New Zealand and achieved a Bachelor of Laws and Masters in Public Policy at the University of Wellington.

He worked as a solicitor and barrister in public law and policy for more than 20 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information.

Eva PenzeyMoog is a principal designer at 8th Light and the author of Design for Safety whose work brings together her expertise in domestic violence, sexual assault survivor advocacy, and technology. Eva helps technologists prevent and mitigate the interpersonal harm that we often enable through tech, with a focus on prioritising the safety and privacy of our most vulnerable users.

Guest speakers

A generalist civil servant for the past 20 years, Eleanor Fairford has undertaken a range of policy and security roles, at home and overseas, in immigration, security policy and corporate services.

Eleanor previously led cyber threat assessment in NCSC and now heads up the Incident Management function where she is responsible for managing the NCSC’s response to nationally significant incidents that hit the UK.


Mike Garside is a Director of Information Security for Oracle focussing on Governance, Risk and Compliance across their business in Europe, Middle East and Africa. Mike joined Oracle in 2013 with an initial focus on Cloud Security and prior to that he spent 7 years in Defence.

Francis Katamba

Francis Katamba is a partner at the law firm Browne Jacobson. He began his career working at magic circle law firms in London, Tokyo and Hong Kong. He has significant experience of advising on a diverse range of corporate and commercial matters and speaks Chinese, Japanese and French. He has also held senior inhouse roles at a global technology brand and as DPO of an international financial services regulator, where he implemented a highly successful GDPR compliance programme.

Francis has substantial experience of advising on subject access requests, breach handling, international data transfers, cookies, direct marketing, DPIA’s, legitimate interest assessments, privacy notices, data mapping, records management, risk assessments, audits, policies, procedures, training and all other day-to-day aspects of GDPR/ PECR compliance. He is also very experienced in advising clients on contract negotiation, change management, data strategy and the adoption of new technologies (including AI).

Before joining Browne Jacobson, Francis spent three years at the ICO as a senior commercial lawyer where he advised on a wide range of domestic and international transactions. He also advised on commercial law issues relating to complex policy and enforcement matters.

James Snook is Director of Data Policy at the Department for Science, Innovation & Technology (DSIT). He has spent much of his civil service career working in digital and security policy, particularly cyber security and data. In his current role he is responsible for DSIT's work to deliver the National Data Strategy and its goal of unlocking the power of data for the UK. His team is responsible for UK Government policy covering data rights and data protection, including the Data Protection and Digital Information Bill. His portfolio also covers data security policy, global data flows and the government's work on data's role in the economy and society.

Kevin Yong is the head of Coram-i, Coram’s pioneering children's social care consultancy. Kevin has worked as a management consultant in children's social care for over 20 years and is one of the country's leading experts on data and systems relating to children in care. He has worked at national, regional and local level to improve the quality of children's social care services in England, delivering individual, organisational and system-wide change.


ICO panel with Live Q&A

Paul Arnold

Paul Arnold, Deputy Commissioner, Deputy Chief Executive and Chief Operating Officer, has over 25 years’ experience regulating data protection and freedom of information rights. His modern approach to regulation combines supporting economic growth whilst protecting people from harm. This means empowering people to confidently share their information to use the products and services that drive our economy and our society, while helping organisations to responsibly use information to invest and innovate. 

Angela Balakrishnan, Executive Director – Strategic Communications and Public Affairs, oversees the development and delivery of the ICO’s strategic communication and engagement activities across the organisation, ensuring we grow awareness of the value and impact of the work the ICO does; gather insight to inform our work; and influence behaviour on information rights.

Stephen Almond, Executive Director – Regulatory Risk, leads the ICO’s teams charged with engineering information rights into the fabric of new ideas, technologies and business models as part of our dynamic digital economy, including through the Digital Regulation Cooperation Forum.

Stephen Bonner, Deputy Commissioner (Regulatory Supervision), is responsible for leading supervision and enforcement matters across the ICO. His work includes ensuring that the ICO is positioned to effectively regulate in the digital landscape; and the ICO’s investigative, regulatory cyber, audit and assurance teams deliver their strategic plans. He fronts communications, public and stakeholder engagement on how taking a pragmatic and balanced approach to privacy can help organisations thrive whilst protecting the rights of the most vulnerable.

anulka clarke

Anulka Clarke, Director of Regulatory Design, has 20 years’ experience of regulating the full range of information rights legislation that the ICO is responsible for. In her current role, she is focussed on regulatory implementation of legislative reform, with particular emphasis at the moment on the implementation of the Data Protection and Digital Information (DPDI) Bill.


Viv Adams is a Principal Policy Adviser in the Public Affairs team and has a particular interest in data sharing. She has been with the ICO since 2005, working in both data protection and freedom of information, in policy, legal and casework.

Freddie Baker is a Senior Policy Officer in the Regulatory Policy Projects team and has been with the ICO since January 2018. He has significant experience of public sector issues and specialises in health and social care policy.

Emma Bate is a Director overseeing the Regulatory Advice and Commercial departments. She joined the ICO in 2017 from private practice where she had practiced as a data protection lawyer for 20 years. Emma has been leading on the ICO’s work in relation to international transfers and the development of both the IDTA and the TRA tool.

Caroline Callaghan is a Senior Policy Officer in the Regulatory Policy Projects Department. She writes data protection guidance for organisations, and is experienced in advising on information rights and other regulatory matters.

Gillian Cartwright

Gillian Cartwright is a lead case officer in the public advice and data protection complaints department where she has worked for seven years. Gillian was in the education and legal sectors previously. She is the department’s sector lead for schools with a detailed knowledge of data protection issues relevant to the education sector.

Deborah Clark is currently managing the ICO’s FOI Upstream Regulation team – a team designed to provide more support for public authorities dealing with FOI requests and to promote good practice. Deborah has worked in freedom of information since its implementation. She spent 9 years as a Senior Case Officer in ICO before moving onto management roles which have included the Casework team dealing with complaints about the police and justice sector, the Insight and Compliance Team and the FOI Policy team.

Clara ClarkNevola leads the anonymization and encryption policy group within the ICO’s Technology Department. Clara’s recent work at the ICO includes co-producing guidance on privacy enhancing technologies, leading a citizen engagement project on the use of biometric technologies and analysing the data protection implications of dark patterns.

Prior to joining the ICO, Clara worked as a data protection solicitor at an international law firm. She has also spent time as a secondee in the ICO's Policy Legal team and as the European legal counsel at a large pharmaceutical company.


Sarah Coggrave is a Senior Information Access Officer and a member of the ICO’s Information Access Team. She specialises in handling information requests made by current and former ICO employees, but also deals with requests made by the public.


Rob Cole has been with the ICO since 2002. In this time he has worked mostly within our customer facing, advice giving teams as well as our investigation and regulatory action departments.

After being a team manager for many years, Rob took up the role of Senior Engagement and Policy Officer within Business Services in September 2022, This role looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.


Steve Connolly is Group Manager for the Network and Information Systems (NIS) Audit Team focusing on cyber security controls and processes in digital service providers. Steve joined the ICO in 2016 and has worked in Customer Contact, the Personal Data Breach Service and GDPR Assurance teams.

Catie Galgut

Catie Galgut is a Senior Policy Officer working across the Data Protection Impact Assessment and Innovation Advice teams. She has been at the ICO for almost 5 years helping organisations overcome data protection compliance issues. She has previously worked in the Personal Data Breach and Business Advice Services.

Alice Gradwell

Alice Gradwell has worked at the ICO for five years, beginning as a Case Officer in PADPCS where she dealt exclusively with complaints about the Ministry of Justice. Now a Senior Case Officer in the FOI Complaints and Transparency department, she deals with complaints within the health and education sector and is also an active trainer at the ICO.


Debbie Heaton is a Senior Policy Officer in Public Affairs. She has a particular interest in data sharing to tackle debt and fraud, including use of the powers under the Digital Economy Act. Debbie is also a network trainer, providing data protection training to new members of ICO staff.


Kristina Holt is the Principal Cyber Security Lawyer at the ICO. She joined the ICO in March previously having worked as a DPO in higher education and banking sector. Kristina has over 10 years of experience across a range of sectors: as a lawyer in private practice, as an inhouse lawyer in banking sector, the FCA and in a number of central government departments including HM Treasury and Foreign and Commonwealth Office.

Craig Ineson

Craig Ineson joined the ICO in 2021 as a Senior Information Access Officer. He handles high profile and complex information requests to the ICO. Prior to the ICO, he worked as a technical expert for an ombudsman, specialising in private parking appeals, escalated complaint handling, and specialised investigatory casework.

Victoria James

Victoria James is a Senior Case Officer in FOI Casework. She specialises in cases relating to the local government sector. She is also part of the ICO’s internal information rights trainers network, delivering training in FOIA and the EIR across the organisation. Prior to joining FOI Casework she was a Team Manager in Public Advice and Data Protection Complaints Services. Victoria joined the ICO in 2018.

Mihaela Jembei

Mihaela Jembei is the Director of Regulatory Cyber at the UK Information Commissioner’s Office (ICO). She is responsible for co-ordinating its regulatory cyber activity and leading on the development of the ICO’s internal cyber capabilities.

Mihaela is an experienced cyber security professional with a career spanning consulting, the public, and private sector. Mihaela has worked with some of the largest organisations to advise them on their cyber security risks and supported them through cyber incidents and responses, bringing a unique insight into the UK’s regulatory and threat landscape.

Will Johnson joined the ICO in April 2020 as a Senior Policy Officer. He works in the Regulatory Policy Projects directorate supporting the ICO's regulatory activity with policy development, and has experience in financial services, education, and health & social care.

Shannon Keith is a Group Manager in the ICO’s Information Access Team, representing the ICO as a public authority and data controller in meeting our information rights responsibilities and obligations. She joined the ICO in 2019 from the Australian Federal Police, where she worked extensively within the Australian freedom of information regime.

Zarka Khan joined the ICO in 2018 as a Lead Auditor in the Regulatory Assurance Department. She has led and participated in data protection audits primarily of health trusts, local authorities and government departments.

Lizzie Longmore

Lizzie Longmore is a Lead Case Officer in the Personal Data Breach Service and has been with the team for 2 years. The teams predominant work is assessing personal data breach reports and providing relevant advice to organisations. She also provides advice on a range of data protection compliance issues to businesses.

Fabiana Marinaro

Fabiana Marinaro is a Senior Policy Officer in the FoI&Transparency Directorate since October 2020. Prior to that, she worked as a Lead Policy Officer in the ICO’s International Regulatory Co-operation Department In this role, she acted as a rapporteur on the European Data Protection Board’s opinion on the European Commission Draft Implementing Decision on the adequate protection of personal data in Japan.

Laura Middleton became Group Manager for the Personal Data Breach Service in 2017. Laura was previously a Team Manager in Investigations – she now has over 10 years’ experience in dealing with personal data breaches. Laura joined the ICO in 2005.


Grace Morgan is a Senior Auditor within Assurance, working within the Criminal Justice Team. She has extensive experience auditing competent authorities against Part 3 of the DPA18 and UKGDPR.

Daniel Morgan has recently started a new position on the BCRs and International Transfers team, providing assurance on international transfers of personal data. Before this, he worked as a Lead Auditor and carried out data protection and Freedom of Information audits of a wide range of organisations. Daniel started out at the ICO in Business Services, advising organisations from across the economy on their data protection obligations.

Keivan Navaie

Dr. Keivan Navaie is a Principal AI Technology Advisor at the ICO, and a Chair Professor in Intelligent Networks and Privacy Preserving AI at the School of Computing and Communications, Lancaster University. He has contributed to evidence-based policymaking through involvement with the United Nations’ International Telecommunications Union (ITU), EU Environment Agency, and EU Parliament. Keivan is a Fellow of IET and a Chartered Engineer.

Daniel Newbury is a Lead Policy Officer in the Public Affairs Team and joined the ICO in January 2018. Daniel has experience engaging with government departments and agencies, providing advice on matters relating to data protection and privacy, including advising on projects/programmes that involve significant sharing of personal data.

Sharon Nuttall joined the ICO in 2021 and is a Senior Policy Officer in the Regulatory Policy Projects team. Sharon has policy experience across a range of sectors including in the health sector.


Sarah O’Cathain has worked for the ICO since 2005, first in policy and then complaints handling.  She is currently a senior case officer, investigating FOIA and EIR complaints involving public authorities across central government department, Northern Ireland public authorities and London Boroughs.  Sarah is also an internal FOIA/EIR trainer.


Harry Powell became a Senior Engagement and Policy Officer within Business Services in September 2022, a role which looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.

Prior to this, Harry was a Lead Case Officer in the Personal Data Breach Service. Harry joined the ICO in 2018.

Helena Quinn is a Principal Policy Adviser for AI & Data Science at the ICO. She has worked at the intersection of policy and AI in academia, industry, and the public sector for the last eight years. Helena was a principal author of the ICO’s guidance, ‘Explaining decisions made with AI’, and has produced a paper on the harms that algorithms can bring about for competition and consumers in her previous role at the Competition and Markets Authority. She has also led work on the role algorithm audits can play in the regulation of AI through the Digital Regulation Cooperation Forum.

Julie Quinn

Julie Quinn is a Lead Policy Officer within Regulatory Policy Projects. She joined the ICO in 2017 as a case officer in Public Advice and Data Protection Complaints Department and moved to Regulatory Policy Projects in 2020.

Dominic Smith

Dominic Smith is a Group Manager in the public advice and data protection complaints department. He has worked at the ICO for nine years and has experience of covering most sectors, currently with a focus on the policing sector and retail. Dom is also a key lead in driving one of the ICO25 shifts of approach; empathising with customers.

Jo Stones

Jo Stones joined the ICO in 2005 and currently works in the Investigations Directorate as a Group Manager. Jo has overseen the investigation of a number of high-profile files during her time at the ICO, leading a team of expert colleagues examining UKGDPR and Data Protection Act 2018 infringements.


Stilyana Stoyanova is a Senior Policy Office in the Innovation Hub and has been at the ICO for almost 4 years. She offers advice and support to innovators who are using personal data in new and novel ways. Some of the areas that Stilyana is currently working on include online safety technologies, geolocation data, and smart data.

Alex Sykes

Alex Sykes is a Senior Auditor in the Assurance Department and is responsible for carrying out some of our more complex or high priority audits. He has completed engagements with a wide range of data controllers in both public and private sectors.

Helen Thomas

Helen Thomas joined the ICO’s team in Wales in 2013, where she is a Senior Policy Officer. Her main areas of interest include the health, education and central government sectors. Prior to that Helen was a civil servant for 17 years in Westminster and the Welsh Government, working mainly in health and sustainable development.

Ben Tomes is a Group Manager in the ICO’s FOI Casework department, with particular responsibility for the local government sector. Ben has occupied various FOI related roles within the ICO since 2005.

Heather Toomey recently joined the ICO as Principal Cyber Specialist in the Regulatory Cyber Directorate. As a cyber security professional with 18 years’ experience, mostly in local or central government, her focus is on empowering organisations to improve their cyber resilience and developing strategy in relation to cyber data and cyber regulatory activities.

Sophie Turner

Sophie Turner is a Senior Upstream Regulation Officer in the ICO’s FOI & Transparency directorate. The Upstream team works to provide tools and guidance to support public authorities in complying with FOIA and the EIR. Sophie joined the ICO in 2016 and was previously a Senior Case Officer in FOI Casework.

  • Section 40(2) FOIA - the personal data exemption - a practical approach
Terna Waya

Terna Waya is a Senior Upstream Regulation Officer with over 10 years’ experience at the ICO. He was worked predominantly in Freedom of Information related roles including, casework, policy, and engagement. Recently, Terna spent 12 months on secondment with the Freedom of Information Policy team at the Scottish Information Commissioner’s Office.


Tom Wilkinson is a Principal Cyber Investigations Officer in the Cyber Incident Response and Investigations Team.

Emma Wright

Emma Wright is a Group Manager in the public advice and data protection complaints department. She has worked in the ICO for five years, previously having worked in the Civil Service for over 10 years. Emma has worked in the same department throughout her ICO career and has knowledge of issues relating to several sectors although her group’s current areas of focus are the local government, housing, and gambling sectors.

Christopher Yost is a Senior Policy Officer in the Policy Projects team and has been at the ICO for five years. He primarily focuses on the health and social care sectors and was previously a member of the Personal Data Breach team where he served as health sector specialist.