Managing Director, Privcore
Annelies’ vision is to make privacy core business – a discipline as integral to business and government as finance, with the chief privacy officer role as important as the chief financial officer role. With nearly 20 years' experience, Annelies is a widely recognised global privacy expert and thought leader, trusted by business executives, government and privacy professionals.
Prior to founding Privcore, Annelies was Deputy Managing Director at Information Integrity Solutions where she led with her consulting team hundreds of client deliverables over six years, including privacy impact assessments, privacy health checks, developing privacy strategies, data breach notification, privacy by design, cloud and cross-border data flow advice, including the APEC Cross Border Privacy Rules System (CBPR). Her work on CBPR influenced the Australian government’s decision to sign up Australia as a participant in the System.
Annelies’ privacy career started in 2001 at the Australian privacy regulator, now the OAIC. In her regulatory role over five years, she built extensive assurance and complaint handling expertise and led audit and investigation teams as Deputy Director of Compliance. In 2008 Annelies co-founded the International Association of Privacy Professionals in Australia and New Zealand and held elected roles, including as its President in 2011-2012. Her previous roles have also included working as a Group Manager and Chief Privacy Officer at the Copyright Agency Limited and External Relations Manager at AustLII.
Annelies has presented on privacy at many national and international events, including the Asia Pacific Economic Cooperation business and government forums, Asia Pacific Privacy Authorities, International Association of Privacy Professionals, Centre for Information Policy and Leadership, Australian Institute of Company Directors (AICD) and at Standards Australia. She has been featured on the Femeconomy as a global thought leader and in the Journal of Data Protection & Privacy for her article on “Data is your organisation’s core business: Are you prepared to govern it?” which she presented at the AICD’s Governance Summit in 2018.
With an MBA in general international management (distinction) from the Vlerick Business School in Belgium, Annelies also has a First Class Honours Law degree, Arts (majoring in computer science) and Science degrees with emphasis on artificial intelligence and machine learning from The University of Queensland. Annelies is admitted as a legal practitioner in NSW. She is a Fellow of the Australian Institute of Company Directors, a Chartered Manager and Fellow of the Institute of Managers and Leaders Australia | New Zealand, and an International Association of Privacy Professionals (IAPP) Fellow of Information Privacy. She is a Certified Information Privacy Technologist and Certified Information Privacy Professional for European data protection law through the IAPP. Annelies has a Certificate in Advanced Dutch and understanding of French, Italian and Spanish.
Dr John Selby
Head of Research & Training
An academic at Macquarie University in the Faculty of Business and Economics researching and teaching cybersecurity and privacy, John is also a member of the Optus-Macquarie Cybersecurity Hub. The Hub promotes an interdisciplinary understanding of cybersecurity by bringing together technology, business, legal, policy, security intelligence and psychology perspectives. John has been awarded multiple grants and consultancies on cutting edge issues, such as: how company boards can build trust in the face of cybersecurity risks, online browser privacy, and the evaluation of software feedback systems. He is also the recipient of an iappANZ Legacy grant to administer an annual $1,000 academic prize over 10 years at Macquarie University for his privacy course.
John has researched, written, trained and presented on many topics including: differences and tensions between cybersecurity and privacy, responding to data breaches and mitigating risks, privacy obligations locally and globally, including the EU’s General Data Protection Regulation (GDPR), assessing compliance and risk, data localisation laws globally, enhancing trust in online auctions, spam, WHOIS, biases in artificial intelligence (AI) and the governance risks of AI-based decisions. His audiences have included the United Nations Internet Governance Forum, the Asia Privacy Scholars Network, Australia-India Youth Dialogue, Australian Institute of Company Directors, Australian Internet Governance Forum, NSW Society for Computers & the Law, Macquarie Park Innovation District and many global Universities. He has been a Visiting Professor at the University of Oslo, Norway, the University of Zürich, Switzerland and was a Postel Research Fellow at the University of Southern California.
John’s interdisciplinary legal career started in 1999 at what is now the law firm King & Wood Mallesons. In his role as solicitor, John advised telecommunications companies, Internet Service Providers and start-ups on a range of Internet-law issues, including cybersecurity, data protection, privacy, online contracting and mergers and acquisitions. He also worked in-house at Telstra on commercial agreements and monitored vendor compliance with software licence agreements.
John has prepared policy submissions to government on the metadata retention scheme and the Parliamentary Joint Committee on Intelligence and Security cited him in its Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. The Sydney Morning Herald, The Conversation, The Project, ABC Radio, Triple J Radio and the Australian Financial Review have all interviewed John. The Lowy Institute has recognised John as one of Australia’s “New voices in technology and international relations”.
With a PhD on the regulation of the .au domain name space from the University of New South Wales, John also has a First Class Honours Law degree and Bachelor of International Business and University Medal from Griffith University. John is admitted as a legal practitioner in NSW. He is a member of the Asia Privacy Scholars Network, Australian Domain Name Administration and the Internet Society of Australia. John has completed the GDPR training course offered by the Vrije University Brussels in June 2018 and is currently undertaking the Certified Information Security Specialist credential (CISSP).