The ICO exists to empower you through information.

Here's who the delegates heard from at DPPC 2024.

Check back soon for recordings of them in action in the seminars and panel sessions.

Host

""

Andrew Rimmer has hosted the DPPC each year since 2021. He has been Private Secretary to the Information Commissioner since 2019.

Keynote speakers

John Edwards

John Edwards began his role as UK Information Commissioner on 4 January, 2022.

Mr. Edwards, who joins on a five year term, spent eight years as New Zealand Privacy Commissioner from 2014-2021.

Mr. Edwards was educated in New Plymouth, New Zealand and achieved a Bachelor of Laws and Masters in Public Policy at the University of Wellington.

He worked as a solicitor and barrister in public law and policy for more than 20 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information.

""

Jeni Tennison is the founder and Executive Director of Connected by Data, a campaign that aims to give communities a powerful say in decisions about data and AI. She has a PhD in Psychology and AI; was the chief architect and lead developer of legislation.gov.uk; CEO of the Open Data Institute, where she worked for nine years; and a co-chair of GPAI’s Data Governance Working Group. She is a Senior Fellow at the Centre for International Governance Innovation, adjunct Professor at Southampton’s Web Science Institute, and a Shuttleworth Foundation Fellow. She sits on the Board of Creative Commons and the Information Law and Policy Centre. She loves Lego and board games and is the proud co-creator of the open data board game, Datopolis.

Guest speaker

""

Baroness Jones of Whitchurch was appointed Parliamentary Under-Secretary of State at the Department for Science, Innovation and Technology and the Department for Business and Trade, and Baroness in Waiting (Government Whip) on 9 July 2024.

Baroness Jones joined the House of Lords in 2006. She has previously served as Shadow Spokesperson for:

  • Science, Innovation and Technology from 2023 to 2024
  • Environment, Food and Rural Affairs from 2015 to 2022
  • Education from 2011 to 2015
  • Culture, Media and Sport from 2010 to 2014

She was previously a trade union official, including as Director of Policy and Public Affairs for UNISON from 1994 to 2006.

Baroness Jones was previously Chair of Rothamsted Enterprises at the Rothamsted research institute, a Board member at Ombudsman Services, a member of the General Medical Council Fitness to Practice Panel, and Vice chair of Circle Housing Group.

Panel speakers

""

Stephen Bonner, Deputy Commissioner Regulatory Supervision, is responsible for leading supervision and enforcement matters across the organisation. His work includes ensuring that the ICO is positioned to effectively regulate in the digital landscape; and the ICO’s investigative, regulatory cyber, audit and assurance teams deliver their strategic plans. He fronts communications, public and stakeholder engagement on how taking a pragmatic and balanced approach to privacy can help organisations thrive whilst protecting the rights of the most vulnerable.

Stephen sits on the UK National Cyber Advisory Board, to challenge, support and inform the UK’s strategic approach to cyber security and is a fellow and board member of CIISec, the chartered institute for cyber security professionals.

Tim Court is the Head of Operations in the National Cyber Crime Unit, within the National Crime Agency. His role is to lead and develop investigations teams conducting proactive and reactive operations tackling the highest harm criminal cyber offences impacting the UK. In addition, he leads the incident management response team (TICAT), which co-ordinates the law enforcement response to cybercriminal incidents. This work includes management of cyber ransomware incidents, often alongside the NCSC, and leading the national ‘Cyber Choices’ Prevent programme. Tim’s experience is drawn from extensive law enforcement service and continual professional development, including work to expand academic insight into law enforcement methodology.

Tim is privileged to have been able to support and lead on many high risk operations in the NCA and policing. This included helping to protect the NHS from a cyber extortion and bomb threat during the COVID 19 national lock down.

""

Gary Davis, Global Senior Director, Privacy & Law Enforcement Requests, Apple. Joined Apple in February 2013 where as part of the global team he helps lead Apple's world-wide approach to privacy across all product and services. He also acts as Apple’s Data Protection Officer. Previously he served as Ireland's Deputy Data Protection Commissioner for seven years and as a civil servant worked in the Irish Prime Minister's Office for ten years.

""

Lisa Greaves is an attorney-at-law of over 20 years, experience. As Data Protection Commissioner, Lisa has the overall responsibility of developing and implementing a regulatory framework for the processing of personal data which is a burgeoning regime within Barbados and the wider Caribbean. Prior to being Data Protection Commissioner, Lisa worked with the Barbados Financial Intelligence Unit in the Anti-Money Laundering/Countering of Financing of Terrorism (AML/CFT) space. She has been a featured speaker at Conferences both on data privacy and anti-money laundering and is the mother of 2 beautiful children.

Detective Superintendent Ian Kirby is CEO of the National Cyber Resilience Centre Group (NCRCG).

Prior to taking up his position as CEO in October 2023, Ian spent five years at the Eastern Region Special Operations Unit, where he became Head of Cybercrime, Technical Surveillance and Development. In this role, Ian gained extensive experience as a Senior Investigating Officer, leading specialist teams in the investigation and mitigation of serious and complex cybercrime cases across the seven East of England counties.

Ian began his career in 1990 as a police officer in the Royal Air Force. In 2000, he joined Hertfordshire Constabulary, where he worked in operational policing and serious and organised crime for over two decades. He also trained and served as a Hostage and Crisis Negotiator.

""

Jenny McEneaney - Senior Improvement Policy Advisor - Cyber, Digital and Technology

Jenny McEneaney has over ten years experience in promoting inclusive governance and political processes, particularly through digitalisation. Formally working for civil society and the United Nations Development Programme in Northern Ireland, South Africa and New York, Jenny has since been with the Local Government Association supporting local government with cyber resilience, the responsible use of emerging technologies, including leading on the organisation’s AI response and support, and strategic supplier engagement. Jenny is also a lifelong Atlantic Fellow for Social and Economic Equity at the London School of Economics.

""

Dr Emma Philpott is CEO of the IASME, a company which focuses on information assurance for small companies and the supply chain. IASME worked with the UK government to develop the Cyber Essentials scheme and was awarded the contract to be the sole NCSC Cyber Essentials Partner from April 2020. IASME and their network of more than 350 Certification Bodies certify around 3,000 companies per month.

IASME runs an initiative to train unemployed neurodivergent adults in cyber security and support them to find employment. IASME is proud to be a diverse organisation with 50% women and 49% neurodivergent individuals within the company.

""

Aimee Smith's almost “quarter century” career in the Metropolitan Police Service (MPS) is a testament to her dedication to integrating good data into police decision-making. She began in 2001 as an Intelligence Analyst, and by 2014, she was leading UK Policing’s largest Confidential Intelligence Unit. After a “light-bulb moment” about the importance of data management to operational decision-making, Aimee spearheaded the MPS data transformation program. As the first Director of Data for the MPS, she established the inaugural Data Office in law enforcement in 2019.

Aimee's role extends beyond the MPS; she is the current co-chair of the National Police Data & Analytics Board and leads initiatives on Data across all police forces. Aimee champions the view that data is a valuable asset. Her efforts focus on simplifying data usage to get maximum value for policing and promoting openness and transparency with the public regarding police data access. She advocates for high-quality data and proper investment in Data Professionals to ensure the right balance between data rights, building trust in policing, preventing crime, and driving criminal justice outcomes. Her passion and leadership continue to shape the future of data-driven policing. If life wasn’t busy enough, she has two children in Primary School, two-step kids and a very brainy husband who is a Police Officer in the MPS.

""

Vikki Woodfield was a former school Head of ICT and local authority ICT consultant, before joining Entrust in 2013 as a computing and online safety consultant. Vikki works with education settings to inform digital strategies, teach in the classroom and train staff. Vikki is passionate about working in partnership with schools, supporting them to successfully use technology to deliver the curriculum, keep pupils safe, and meet ever-changing statutory requirements. As keeping staff and students safe is often number one priority for schools, Vikki supports this by delivering training and providing consultancy support in both online safeguarding, cyber and data security. She has had the privilege of supporting a working party organised by the DfE to produce Teaching Online Safety in Schools guidance and has been a guest speaker at online safety events, including SEBDA and Local County Council events, to share her knowledge and expertise in maintaining wellbeing in a digital world. Vikki also partners with SWGfL to carry out assessments in schools for 360 Degree Safe Online Safety Mark, and she is also a certified EU GDPR Practitioner.

Workshops

""

Claire Archibald (ext) is a Legal Director at Browne Jacobson solicitors, in their Education Data Protection specialism. Claire previously acted as a Service Lead at the Education Data Hub, providing data protection consultancy to schools across England. She has experience in project management, counselling and working as a School Business Officer which gives her a unique understanding of the challenges schools face with data protection and freedom of information compliance.

Sapna Arora is a Regulatory Enforcement Solicitor at the ICO. She joined the ICO in 2017. She manages a caseload of Tribunal appeals against the Commissioner’s Decision Notices. Sapna also conducts other civil litigation and provides advice to other departments. Sapna is a Mental Health First Aider and a member of the out of hours personal data breach team. She qualified as a Solicitor in 2014 and has a personal injury and regulatory background.

Freddie Baker is a Senior Policy Officer in the Regulatory Policy Projects team and has been with the ICO since January 2018. He has significant experience of public sector issues and specialises in health and social care policy.

Emma Bate is a Legal Director at the Information Commissioner’s Office, overseeing the Data Privacy Advice and Contracts and Compliance legal teams.

She joined the ICO in 2017 from private practice where she had practiced as a data protection lawyer for 20 years. Emma often complains that her work is always interesting, important, and urgent! She supported the development of the ICO Sandbox, leads the ICO’s legal work on international transfers, and advised on ICO’s approach to controllers, processors and joint controllers for AI, cloud and other complex technology solutions.

""

Rebecca Carleton-Bland is Head of the BCR team and has been with the ICO since June 2021. She was a solicitor in the Legal Service (Data Privacy Advice, Contracts & Compliance) previously.

""

Roger Cawthorne is a Senior Case Officer at the ICO. He joined the ICO in 2017 and has handled well over 1,000 FOIA and EIR complaints. His current primary focus is on complaints to organisations in the health, education and transport sectors. Roger is making his DPPC debut.

Deborah Clark has worked in freedom of information since its implementation. She spent 9 years as a Senior Case Officer in ICO before moving onto management roles which have included the Casework team dealing with complaints about the police and justice sector, the Insight and Compliance Team and the FOI Policy team. Deborah Clark is currently managing the ICO’s FOI Upstream Regulation team – a team designed to provide more support for public authorities dealing with FOI requests and to promote good practice.

Clara ClarkNevola leads the AI Compliance group within the ICO’s Technology Department, which provides AI technical and policy expertise to the ICO’s stakeholder engagement and supervision activities. Clara’s recent work at the ICO includes the generative AI call for evidence series, co-producing guidance on privacy enhancing technologies and on anonymisation and leading on the G7 DPAs' Emerging Technologies Working Group case study on synthetic data.

""

Sarah Coggrave is a Senior Information Access Officer and a member of the ICO’s Information Access Team. She specialises in handling information requests made by current and former ICO employees, but also deals with requests made by the public.

""

Rob Cole has been with the ICO since 2002. In this time he has worked mostly within our customer facing, advice giving teams as well as our investigation and regulatory action departments.

""

Steve Connolly is Group Manager for the Network and Information Systems (NIS) Audit Team focusing on cyber security controls and processes in digital service providers. Steve joined the ICO in 2016 and has worked in Customer Contact, the Personal Data Breach Service and GDPR Assurance teams.

""

Charlotte Dean joined the ICO in 2022, working in Legislative Reform. She moved into the FOI & Transparency Directorate later that year and has been working in the Upstream Regulation team ever since. The team aims to support public authorities in their compliance with the legislation and promoting good practice. 

""

Nomalungelo Dlodlo joined the ICO as a Case Officer in the business advice services team in 2023. She provides advice and support to organisations about the legislations we oversee. She previously worked in the financial services industry for a bank and a mortgage broker.

Iman ElMehdawy joined the ICO in 2005. She has worked in a number of different roles across the ICO, advising on compliance with the Data Protection Act 1998, the GDPR and the UK GDPR.

Iman took the position of Group Manager- Information Management and Compliance in November 2018. She is a certified data protection/GDPR practitioner, an Information Rights Network Trainer, a qualified ICO Internal Coach, a certified information management practitioner, and an ISO27001 certified lead auditor.

catherine evans o'brien

Catherine Evans O’Brien is the Head of Communities at the ICO. She is provides strategic direction, coordination and oversight for the ICO’s work with communities, with a particular focus on those who may be in a vulnerable situation, or with unmet needs.

Catherine has extensive experience across both policy and engagement. Before coming to the ICO, Catherine worked within health and social care policy, with a particular interest in older people, people living with dementia, and the introduction of new health technologies.

""

Alison Fletcher is a Senior Policy Officer and a member of the Public Advice and Data Protection Complaints department. She focusses on updating and creating new guidance for the ‘For the Public part of the ICO website, as well as continuous improvement within the department.

""

Adam Freedman is Policy, Research & Influencing Manager at the National AIDS Trust, the UK’s HIV rights charity. His work focuses on ensuring that official legislation and guidance are effective in tackling HIV discrimination and bolstering the human rights of people living with HIV. One of his key work priorities is ensuring that the data protection rights of people living with HIV are effectively protected

Alice Gradwell

Alice Gradwell began her career at the ICO six years ago, as a Case Officer in Public Advice and Data Protection Complaints Services where she dealt with complaints about the Ministry of Justice. She moved to the FOI complaints department four years ago, where she specialises in complaints about the health and education sector and is part of the training network. This is her second year speaking at the DPPC.

Abigail Hackston

Abigail Hackston, Senior Policy Officer in the ICO’s Innovation Advice team, is responsible for engaging with organisations and providing regulatory certainty in response to questions submitted to the Innovation Advice service. Abigail has been with the ICO for over seven years, and has worked on a variety of projects, including helping to draft the “Explaining decisions made with AI” guidance. She helped develop and shape the Innovation Advice service, joining the team in advance of the testing phase of the service.

Catherine Halaas has worked at the ICO as a Group Manager in Assurance for 8 years. Her role is to lead audit teams in both consensual and compulsory audits. Prior to the ICO, she worked for 15 years in telecoms; in contact centres and quality compliance.

""

Rosina Harrison is a Lead Case Officer in the Personal Data Breach Service who has worked at the ICO since July 2021. Her work mainly involves assessing breach reports and providing advice to organisations. Rosina has acted as sector specialist in relation to Cyber Incidents, NIS and the Online Technology sector.

Debbie Heaton joined the ICO in 2018 and is a Senior Policy Officer in Public Affairs. She manages the ICO's relationships with key central government stakeholders, and she is also leading on an ICO project that is looking into the challenges for people and organisations arising from requests for information from care records.

Will Johnson joined the ICO in April 2020 as a Senior Policy Officer. He works in the Regulatory Policy Projects directorate supporting the ICO's regulatory activity with policy development, and has experience in financial services, education, and health & social care.

Hafeeza Joorawan is a Senior Policy Officer in the Public Affairs Department, working in the Sectors Team, managing a portfolio of education sector stakeholders.

Sarah Kennedy

Sarah Kennedy is a Senior Policy Officer in the ICO’s Regulatory Sandbox team, which supports organisations who are creating products and services utilising personal data in innovative and safe ways by embedding data protection by design. Sarah has worked in the Sandbox cultivating the operational processes since 2018 during the original Beta phase of the service. Over that time, she has worked with a number of organisations across all sectors developing products and services in healthcare, charities, the gambling industry, law enforcement, and central government. Prior to the Sandbox, Sarah worked in the ICO’s Public Advice and DP Complaints Directorate.

""

Sarah Lawrence is a Senior Policy Officer in the Central Government team. She manages the ICO's relationships with key central government stakeholders, and also works with a variety of stakeholders on data sharing, including for safeguarding children.

Sarah Laws is the Data Protection Manager at London Borough of Camden where she is the FOI and data protection lead. Her team won FOI Team of the Year 2023 and Camden are well known for their innovative approach to FOI and transparency. Sarah is a popular speaker on FOI and data protection, and is an advocate for a pragmatic customer focussed approach to information rights.

Kimberly Mai is a Principal Technology Adviser in AI Compliance at the Information Commissioner’s Office She joined in March 2024. She is also a PhD researcher at University College London. Her PhD research on how humans cannot reliably detect speech deepfakes was featured in international news outlets including the BBC, New Scientist, and The Guardian. Kimberly holds a bachelor’s degree in mathematics and economics from the London School of Economics and a master’s degree in data science and machine learning from University College London. Her research interests include anomaly detection, data protection, and AI governance.

David Meller is a Lead Case Officer in the Personal Data Breach Service and has been with the team since May 2023. The Personal Data Breach team’s predominant work is assessing personal data breach reports and providing advice to organisations. David has a background in education, politics and local government.

Daniel Morgan has recently started a new position on the BCRs and International Transfers team, providing assurance on international transfers of personal data. Before this, he worked as a Lead Auditor and carried out data protection and Freedom of Information audits of a wide range of organisations. Daniel started out at the ICO in Business Services, advising organisations from across the economy on their data protection obligations.

Paul Mutch is Deputy Head of Policy & Information with the Scottish information Commissioner. The Policy and Information Team has a wide range of responsibilities, working to promote FOI rights and good practice to a range of stakeholders, including the public, public authorities, elected representatives the third sector and the media. Paul’s current work areas include supporting the Commissioner’s engagement with proposals to amend FOI in Scotland, developing recommendations to update Scotland’s FOI codes of practice and working on the Commissioner’s intervention to improve the FOI performance of the Scottish Government. Paul previously led on work to support Scottish housing associations as they prepared for FOI designation. Paul has been working at the Commissioner’s office since 2003.

Daniel Newbury is a Lead Policy Officer in the Public Affairs Team and joined the ICO in January 2018. Daniel has experience engaging with government departments and agencies, providing advice on matters relating to data protection and privacy, including advising on projects/programmes that involve significant sharing of personal data.

Ribia Nisa joined the ICO in 2018 and worked in Business Advice Services as a Case Officer and then as a Lead Fees Officer.

Currently, working as a Team Manager in Public Advice and Data Protection Complaints department. Ribia’s current areas of focus includes local government, housing, and the gambling sector.

Sharon Nuttall joined the ICO in 2021 and is a Senior Policy Officer in the Regulatory Policy Projects team. Sharon has policy experience across a range of sectors including in the health sector.

""

Sarah O’Cathain has worked for the ICO since 2005, first in policy and then complaints handling. She is currently a senior case officer, investigating FOIA and EIR complaints involving public authorities across central government departments, Northern Ireland public authorities and London Boroughs. Sarah is also an internal FOIA/EIR trainer.

Kerry O’Donnell is a Senior Case Officer in the BCR and International Transfers team. She joined the ICO in 2011 and worked in Business Services and as a Lead Auditor leading a number of data protection audits before joining the BCR and International Transfers team in 2018.

""

Nick Patterson, Senior Policy Officer in the ICO’s Innovation Hub advises innovators proposing to use personal information in new and novel ways on how to embed data protection by design and on key areas of data protection compliance. Nick’s specialism is innovation in financial services, and he’s also worked on privacy enhancing technologies and smart data. Nick previously worked in the ICO’s Digital Firms team on policy level engagement with big-tech stakeholders.

""

Harry Powell became a Senior Engagement and Policy Officer within Business Services in September 2022, a role which looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.
Prior to this, Harry was a Lead Case Officer in the Personal Data Breach Service. Harry joined the ICO in 2018.

After being a team manager for many years, Rob took up the role of Senior Engagement and Policy Officer within Business Services in September 2022, This role looks to maintain and increase the knowledge and understanding of the organisations which contact the ICOs Business Advice department.

Kitty Rosser is a Principal Lawyer at the Information Commissioner’s Office, working within the Data Privacy Advice team.

Kitty joined the ICO in 2023, having spent 15 years advising on data protection matters as a lawyer in private practice. Since joining the ICO, the focus of her work has been on international transfers under the UK GDPR and Part 3.

""

Neil Ryan, Senior Policy Officer in the ICO’s Cross Economy Engagement team, is responsible for proactive engagement with trade bodies and other representative groups on high priority topics. Neil joined the ICO in 2018 and has also worked in the International Directorate, where he led on Children’s privacy, and he has previously managed the ICO’s long-term policy-level relationships with big-tech stakeholders as part of the Digital Firms team.

""

Dalbir Singh is a Principal Policy Adviser in the ICO’s Technology Department. His current work focuses on data protection in cloud services and international transfers. Dal joined the ICO in 2023 on secondment from the Office of the Privacy Commissioner of Canada. He is also conducting research in digital ethics at the University of Oxford.

Dominic Smith

Dominic Smith is a Group Manager in the public advice and data protection complaints department. He has worked at the ICO since 2014 and has experience of covering most sectors, currently with a focus on the policing sector and retail. Dom is also a key lead in driving one of the ICO25 shifts of approach; empathising with customers.

Alex Sykes

Alex Sykes is a Senior Auditor in the Assurance Department and is responsible for carrying out some of our more complex or high priority audits. He has completed engagements with a wide range of data controllers in both public and private sectors.

Helen Thomas

Helen Thomas joined the ICO’s team in Wales in 2013, where she is a Senior Policy Officer. Her main areas of interest include the health, education and central government sectors. Prior to that Helen was a civil servant for 17 years in Westminster and the Welsh Government, working mainly in health and sustainable development.

Heather Toomey recently joined the ICO as Principal Cyber Specialist in the Regulatory Cyber Directorate. As a cyber security professional with 18 years’ experience, mostly in local or central government, her focus is on empowering organisations to improve their cyber resilience and developing strategy in relation to cyber data and cyber regulatory activities.

""

Keith Turner is a Principal Cyber Specialist in the ICO Cyber Investigations team. He has an extensive background investigating cyber security incidents from his experience working in both cyber-crime law enforcement and in the cyber security industry.

Terna Waya

Terna Waya has been involved in freedom of information regulation at various levels for over 15 years. He is passionate about supporting public authorities with their FOI practice.

Tom Wilkinson  is a Principal Cyber Specialist in the Cyber Investigations Team. He joined the ICO in July 2023 and has been working on a number of high-profile incidents, working with a team of expert colleagues examining UKGDPR and Data Protection Act 2018 infringements.

""

Paul Wilson has over 30 years of experience in the global medical communications industry, and now applies his experience and skills within Regulatory Assurance at the ICO. He joined the ICO in September 2023, transitioning from senior executive roles in global agencies where his responsibilities included data protection and information governance.
In his role at the ICO, Paul exercises considerable judgement in assessing the adequacy of data protection measures implemented by the organisations he audits. His background within agencies servicing the heavily regulated pharmaceutical sector significantly enhances this process.

Emma Wright

Emma Wright is a Group Manager in the public advice and data protection complaints department. She has worked in the ICO for six years, previously having worked in the Civil Service for over 10 years. Emma has worked in the same department throughout her ICO career and has knowledge of issues relating to several sectors although her group’s current areas of focus are the local government, housing, and gambling sectors.

""

Michelle Wyatt is a Solicitor at the ICO currently working within the Data Privacy Advice team helping to provide legal advice to teams across the organisation on a variety of data protection topics.

Michelle joined the Codes of Conduct and Certification team at the ICO in 2018 as a Senior Case Officer. During this time she has represented the ICO on numerous occasions including at the European Data Protection Board sub-group meetings in Brussels. Prior to this Michelle worked in the legal sector for over 20 years specialising in criminal law, including both the investigation of crime and in private practice.