Keynote speakers
John Edwards began his role as UK Information Commissioner on 4 January, 2022.
Mr. Edwards, who joins on a five year term, spent eight years as New Zealand Privacy Commissioner from 2014-2021.
Mr. Edwards was educated in New Plymouth, New Zealand and achieved a Bachelor of Laws and Masters in Public Policy at the University of Wellington.
He worked as a solicitor and barrister in public law and policy for more than 20 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information.
Guest speakers
Claire Archibald is a Legal Director at Browne Jacobson solicitors, in their Education Data Protection specialism. Claire previously acted as a Service Lead at the Education Data Hub, providing data protection consultancy to schools across England. She has experience in project management, counselling and working as a School Business Officer which gives her a unique understanding of the challenges schools face with data protection and freedom of information compliance.
Gary Davis, Global Senior Director, Privacy & Law Enforcement Requests, Apple. Joined Apple in February 2013 where as part of the global team he helps lead Apple's world-wide approach to privacy across all product and services. He also acts as Apple’s Data Protection Officer. Previously he served as Ireland's Deputy Data Protection Commissioner for seven years and as a civil servant worked in the Irish Prime Minister's Office for ten years.
Lisa Greaves is an attorney-at-law of over 20 years, experience. As Data Protection Commissioner, Lisa has the overall responsibility of developing and implementing a regulatory framework for the processing of personal data which is a burgeoning regime within Barbados and the wider Caribbean. Prior to being Data Protection Commissioner, Lisa worked with the Barbados Financial Intelligence Unit in the Anti-Money Laundering/Countering of Financing of Terrorism (AML/CFT) space. She has been a featured speaker at Conferences both on data privacy and anti-money laundering and is the mother of 2 beautiful children.
Paul Mutch is Deputy Head of Policy & Information with the Scottish information Commissioner. The Policy and Information Team has a wide range of responsibilities, working to promote FOI rights and good practice to a range of stakeholders, including the public, public authorities, elected representatives the third sector and the media. Paul’s current work areas include supporting the Commissioner’s engagement with proposals to amend FOI in Scotland, developing recommendations to update Scotland’s FOI codes of practice and working on the Commissioner’s intervention to improve the FOI performance of the Scottish Government. Paul previously led on work to support Scottish housing associations as they prepared for FOI designation. Paul has been working at the Commissioner’s office since 2003.
Aimee Smith's almost “quarter century” career in the Metropolitan Police Service (MPS) is a testament to her dedication to integrating good data into police decision-making. She began in 2001 as an Intelligence Analyst, and by 2014, she was leading UK Policing’s largest Confidential Intelligence Unit. After a “light-bulb moment” about the importance of data management to operational decision-making, Aimee spearheaded the MPS data transformation program. As the first Director of Data for the MPS, she established the inaugural Data Office in law enforcement in 2019.
Aimee's role extends beyond the MPS; she is the current co-chair of the National Police Data & Analytics Board and leads initiatives on Data across all police forces. Aimee champions the view that data is a valuable asset. Her efforts focus on simplifying data usage to get maximum value for policing and promoting openness and transparency with the public regarding police data access. She advocates for high-quality data and proper investment in Data Professionals to ensure the right balance between data rights, building trust in policing, preventing crime, and driving criminal justice outcomes. Her passion and leadership continue to shape the future of data-driven policing. If life wasn’t busy enough, she has two children in Primary School, two-step kids and a very brainy husband who is a Police Officer in the MPS.
Workshops
Sapna Arora is a Regulatory Enforcement Solicitor at the ICO. She joined the ICO in 2017. She manages a caseload of Tribunal appeals against the Commissioner’s Decision Notices. Sapna also conducts other civil litigation and provides advice to other departments. Sapna is a Mental Health First Aider and a member of the out of hours personal data breach team. She qualified as a Solicitor in 2014 and has a personal injury and regulatory background.
Emma Bate is a Legal Director at the Information Commissioner’s Office, overseeing the Data Privacy Advice and Contracts and Compliance legal teams.
She joined the ICO in 2017 from private practice where she had practiced as a data protection lawyer for 20 years. Emma often complains that her work is always interesting, important, and urgent! She supported the development of the ICO Sandbox, leads the ICO’s legal work on international transfers, and advised on ICO’s approach to controllers, processors and joint controllers for AI, cloud and other complex technology solutions.
Stephen Bonner, Deputy Commissioner, Regulatory Supervision, is responsible for leading supervision and enforcement matters across the organisation. His work includes ensuring that the ICO is positioned to effectively regulate in the digital landscape; and the ICO’s investigative, regulatory cyber, audit and assurance teams deliver their strategic plans. He fronts communications, public and stakeholder engagement on how taking a pragmatic and balanced approach to privacy can help organisations thrive whilst protecting the rights of the most vulnerable.
Stephen sits on the UK National Cyber Advisory Board, to challenge, support and inform the UK’s strategic approach to cyber security and is a fellow and board member of CIISec, the chartered institute for cyber security professionals.
Deborah Clark has worked in freedom of information since its implementation. She spent 9 years as a Senior Case Officer in ICO before moving onto management roles which have included the Casework team dealing with complaints about the police and justice sector, the Insight and Compliance Team and the FOI Policy team. Deborah Clark is currently managing the ICO’s FOI Upstream Regulation team – a team designed to provide more support for public authorities dealing with FOI requests and to promote good practice.
Aiden Clarkson joined the ICO in 2015. Starting on the helpline, he’s held various roles, including working in the ICO’s own Information Access team, handling FOI and SAR requests. Now he works in the FOI & Transparency Directorate’s Upstream Regulation team, which devises and develops resources to support compliance and good practice.
Clara ClarkNevola leads the AI Compliance group within the ICO’s Technology Department, which provides AI technical and policy expertise to the ICO’s stakeholder engagement and supervision activities. Clara’s recent work at the ICO includes the generative AI call for evidence series, co-producing guidance on privacy enhancing technologies and on anonymisation and leading on the G7 DPAs' Emerging Technologies Working Group case study on synthetic data.
Charlotte Dean joined the ICO in 2022, working in Legislative Reform. She moved into the FOI & Transparency Directorate later that year and has been working in the Upstream Regulation team ever since. The team aims to support public authorities in their compliance with the legislation and promoting good practice.
Iman ElMehdawy joined the ICO in 2005. She has worked in a number of different roles across the ICO, advising on compliance with the Data Protection Act 1998, the GDPR and the UK GDPR.
Iman took the position of Group Manager- Information Management and Compliance in November 2018. She is a certified data protection/GDPR practitioner, an Information Rights Network Trainer, a qualified ICO Internal Coach, a certified information management practitioner, and an ISO27001 certified lead auditor.
Catherine Evans O’Brien is the Head of Communities at the ICO. She is provides strategic direction, coordination and oversight for the ICO’s work with communities, with a particular focus on those who may be in a vulnerable situation, or with unmet needs.
Catherine has extensive experience across both policy and engagement. Before coming to the ICO, Catherine worked within health and social care policy, with a particular interest in older people, people living with dementia, and the introduction of new health technologies.
Alice Gradwell began her career at the ICO six years ago, as a Case Officer in Public Advice and Data Protection Complaints Services where she dealt with complaints about the Ministry of Justice. She moved to the FOI complaints department four years ago, where she specialises in complaints about the health and education sector and is part of the training network. This is her second year speaking at the DPPC.
Abigail Hackston, Senior Policy Officer in the ICO’s Innovation Advice team, is responsible for engaging with organisations and providing regulatory certainty in response to questions submitted to the Innovation Advice service. Abigail has been with the ICO for over seven years, and has worked on a variety of projects, including helping to draft the “Explaining decisions made with AI” guidance. She helped develop and shape the Innovation Advice service, joining the team in advance of the testing phase of the service.
Rosina Harrison is a Lead Case Officer in the Personal Data Breach Service who has worked at the ICO since July 2021. Her work mainly involves assessing breach reports and providing advice to organisations. Rosina has acted as sector specialist in relation to Cyber Incidents, NIS and the Online Technology sector.
Sarah Laws is the Data Protection Manager at London Borough of Camden where she is the FOI and data protection lead. Her team won FOI Team of the Year 2023 and Camden are well known for their innovative approach to FOI and transparency. Sarah is a popular speaker on FOI and data protection, and is an advocate for a pragmatic customer focussed approach to information rights.
Kimberly Mai is a Principal Technology Adviser in AI Compliance at the Information Commissioner’s Office She joined in March 2024. She is also a PhD researcher at University College London. Her PhD research on how humans cannot reliably detect speech deepfakes was featured in international news outlets including the BBC, New Scientist, and The Guardian. Kimberly holds a bachelor’s degree in mathematics and economics from the London School of Economics and a master’s degree in data science and machine learning from University College London. Her research interests include anomaly detection, data protection, and AI governance.
David Meller is a Lead Case Officer in the Personal Data Breach Service and has been with the team since May 2023. The Personal Data Breach team’s predominant work is assessing personal data breach reports and providing advice to organisations. David has a background in education, politics and local government.
Daniel Morgan has recently started a new position on the BCRs and International Transfers team, providing assurance on international transfers of personal data. Before this, he worked as a Lead Auditor and carried out data protection and Freedom of Information audits of a wide range of organisations. Daniel started out at the ICO in Business Services, advising organisations from across the economy on their data protection obligations.
Daniel Newbury is a Lead Policy Officer in the Public Affairs Team and joined the ICO in January 2018. Daniel has experience engaging with government departments and agencies, providing advice on matters relating to data protection and privacy, including advising on projects/programmes that involve significant sharing of personal data.
Ribia Nisa joined the ICO in 2018 and worked in Business Advice Services as a Case Officer and then as a Lead Fees Officer.
Currently, working as a Team Manager in Public Advice and Data Protection Complaints department. Ribia’s current areas of focus includes local government, housing, and the gambling sector.
Harry Powell became a Senior Engagement and Policy Officer within Business Services in September 2022, a role which looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.
Prior to this, Harry was a Lead Case Officer in the Personal Data Breach Service. Harry joined the ICO in 2018.
After being a team manager for many years, Rob took up the role of Senior Engagement and Policy Officer within Business Services in September 2022, This role looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.
Kitty Rosser is a Principal Lawyer at the Information Commissioner’s Office, working within the Data Privacy Advice team.
Kitty joined the ICO in 2023, having spent 15 years advising on data protection matters as a lawyer in private practice. Since joining the ICO, the focus of her work has been on international transfers under the UK GDPR and Part 3.
Dominic Smith is a Group Manager in the public advice and data protection complaints department. He has worked at the ICO since 2014 and has experience of covering most sectors, currently with a focus on the policing sector and retail. Dom is also a key lead in driving one of the ICO25 shifts of approach; empathising with customers.
Helen Thomas joined the ICO’s team in Wales in 2013, where she is a Senior Policy Officer. Her main areas of interest include the health, education and central government sectors. Prior to that Helen was a civil servant for 17 years in Westminster and the Welsh Government, working mainly in health and sustainable development.
Heather Toomey recently joined the ICO as Principal Cyber Specialist in the Regulatory Cyber Directorate. As a cyber security professional with 18 years’ experience, mostly in local or central government, her focus is on empowering organisations to improve their cyber resilience and developing strategy in relation to cyber data and cyber regulatory activities.
Paul Wilson has over 30 years of experience in the global medical communications industry, and now applies his experience and skills within Regulatory Assurance at the ICO. He joined the ICO in September 2023, transitioning from senior executive roles in global agencies where his responsibilities included data protection and information governance.
In his role at the ICO, Paul exercises considerable judgement in assessing the adequacy of data protection measures implemented by the organisations he audits. His background within agencies servicing the heavily regulated pharmaceutical sector significantly enhances this process.
Emma Wright is a Group Manager in the public advice and data protection complaints department. She has worked in the ICO for six years, previously having worked in the Civil Service for over 10 years. Emma has worked in the same department throughout her ICO career and has knowledge of issues relating to several sectors although her group’s current areas of focus are the local government, housing, and gambling sectors.