Patron & Committee

Dame Marie Shroff CVO, DNZM

Patron

Dame Marie Shroff, DNZM, CVO was the inaugural Chair of Privacy Foundation New Zealand from its inception in 2017 until 2019. She is currently Chair of the Electoral Commission, is a member of the Consumer New Zealand Board, and a Member of the New Zealand Media Council. Marie was New Zealand’s Privacy Commissioner from late 2003 until early 2014, a period of great technological and social change. Her responsibilities included providing independent commentary on significant information privacy issues, providing opinions on privacy complaints made against the government and businesses, monitoring government data matching and promoting good personal information handling practices in New Zealand.

She also played a key role in bringing privacy regulators from the region together to address the challenges they face. From 1987 to 2003 Marie was Secretary of the Cabinet and Clerk of the Executive Council where she undertook and implemented major reforms of policy and practices. She continues to be involved with privacy-focused associations and was the first appointment to the IAPP ANZ Privacy Hall of Fame.

Marie was awarded a CVO in 1995 and a CNZM in January 2004. In 2022, Marie was made a Dame Companion of the New Zealand Order of Merit, for services to the State and the community.

Katrine Evans

Chair

Katrine is a founding member of the Privacy Foundation. She has been working in privacy for more than 30 years: first as an academic with Victoria University of Wellington’s law faculty; then as Assistant Privacy Commissioner; then in the operational space working for a variety of government clients, often on multi-disciplinary teams; and most recently as Government Chief Privacy Officer.

Katrine is now returning to private legal practice with Hayman Lawyers in Wellington, focusing exclusively on privacy issues.

Izaak Lynch

Secretary

Izaak Lynch is a Law Clerk currently working at JB Morrison Lawyers (Wellington’s office), being admitted to the bar in mid September. Izaak is in the Employment Law team which also provides privacy law advice for clients. He has taken it upon himself to become the resident “privacy wizard”, assisting a number of partners across teams to resolve privacy matters. He has run seminars on privacy law including both the Privacy Act 2020 and the GDPR, alongside writing a data privacy law guide as a summer clerk.

Before joining JB Morrison Lawyers, Izaak began his legal career at Thomson Reuters. He worked on their WestLaw database during university break by writing summaries for criminal and employment law cases. He then began volunteering at Worker’s Rights, a free employment law advice clinic. It was here, while assisting representation of a client through mediation, that he had his first display of data privacy. This sent him down a rabbit hole which culminated in his third year politics class, where he presented a speech on Marxism and the regulation of AI. From then on, he knew that he wanted to pursue a career in data privacy, taking Marcin Betkier’s data privacy class the following year. Marcin and Izaak have known each other since 2020, as Marcin was attending a criminal law lecture alongside Izaak (who, as having transferred from Otago University, had mistaken Marcin for a student and gratefully befriended him).

Looking forward, Izaak will be chairing a segment of Amanda Reilly’s data privacy workshop at the end of this year. He is also working on further data privacy seminars, aiming to go into greater detail about AI regulation, particularly with recent developments in the EU.

Ashley Xiong

Treasurer

Ashley Xiong is a Chartered Accountant working as a Finance Manager. She recently completed a Masters degree in Financial Regulation at London School of Economics and Political Science and has previously worked as a Senior Auditor at Audit New Zealand under the Auditor-General of New Zealand.

In 2015/16, she was a Summer Research Scholar at the University of Auckland Business School, researching settlements brought by the US Federal Trade Commission. This research was subsequently published in the paper she co-authored with Gehan Gunasekara in 2016: “Gunasekara, G., & Xiong, J. (2016). Lost in Translation? Privacy and Unfair or Deceptive Acts or Practices in Commerce in the United States. New Zealand Business Law Quarterly, 22 (3), 162-187.

Annette Mills

Committee Member

Annette is particularly excited about research on the potentials, challenges, and impacts of new and emerging technologies on people and society, in particular the privacy concerns raised through pervasive data collection, digital monitoring and surveillance, profiling and automated decision-making. Technologies include wearables, AI-enabled applications, and biometrics.

Her work seeks insights into how individuals adapt (or not) to and use new technologies, and are impacted by IT (both positive and negative), with a view to providing insights into the concerns raised and how these may be redressed.

Annette has also collaborated on projects in knowledge management, IT use in SMEs, and deception detection.

Clare Ruru

Committee Member

Clare has worked across a wide range of government sector agencies, alongside five years at the Ombudsman’s Office. She started her professional career working in Intelligence and regulatory investigation roles before falling into privacy and information sharing 10 years ago.

Clare is passionate about lifting the maturity of government’s information sharing practices, and has a special interest in children’s privacy, information sharing within the social sector, and data protection and use from a te ao Maori perspective.

Over the last 18 months Clare has led the Lifting Information Sharing Maturity across Government work programme for the Chief Government Privacy Officer including the development of meaningful guidance to help agencies and their frontline staff embed best practice, people-focused information sharing practices. Clare is now back at Ministry of Education specialising in information sharing, privacy and information management and ensuring the management of student information and data is appropriate and mana enhancing. Clare is also actively involved in cross agency work programmes across the Children’s Agencies to help improve health, wellbeing, safety, and educational outcomes for our tamariki and rangitahi.

Gehan Gunasekara

Committee Member

Gehan was, together with Marie Shroff, instrumental in launching Privacy Foundation New Zealand, serving as its inaugural Secretary and Deputy-chair and then chair from 2019 until 2022.

He is an Associate Professor and deputy head of the Department of Commercial Law at the University of Auckland Business School, where he specialises in the areas of franchising law and privacy law.

He has published extensively on information privacy in New Zealand and overseas and is a regular commentator in national media. He was a member of the academic reference committee for the Review of Privacy by the New Zealand Law Commission completed in 2011 and has subsequently been involved in advising the Government on the legislation to replace the Privacy Act 1993 which occurred in 2020.

His research on cross-border personal information flows has been cited by both the New Zealand and Australian Law Commissions as well as by the Canadian Privacy Commissioner.

Jesse Porter

Committee Member

Jesse Porter is currently a Senior Privacy Advisor working at Oranga Tamariki — Ministry for Children, where his primary focus and experience relates to the real-world application of privacy principles to contexts that are often complicated, sensitive, and urgent. His work is, in his own words, “often challenging but never dull” and includes the development and implementation of legislation, policy, protocols and processes both internally and cross-agency; conducting robust privacy impact assessments; providing practical advice and support for front line and back office colleagues; and managing privacy breaches and complaints, including at times coordinating responses to immediate safety risks.

Jesse affiliates with Ngāti Porou and Ngāti Kauwhata, and is actively engaged with the academic theory and practical application of Māori Data Sovereignty and Māori Data Governance principles and practices within the public sector and more broadly. He also has lived experience within
the disability and rainbow/takatāpui communities.

Jesse’s range of practical experience working within and alongside marginalized communities brings a unique perspective on privacy and its rapidly growing relevance – the more vulnerable members of society are often the most impacted by poor privacy practices and, in turn, often have the least control over how their personal information is collected, used, and disclosed, particularly by government and corporate entities. Jesse has held a CIPM qualification from IAPP since 2021.

Lisa Patterson

Committee Member

Lisa Patterson researches and lectures in the areas of privacy and cyber security at Te Herenga Waka, Victoria University of Wellington. She is nearing completion of a PhD focusing on human factors, developing a model to explain how everyday New Zealanders behave when faced with various cybersecurity risks, including online privacy.

Lisa is co-convener of the newly formed Security Working Group which aims to look at various privacy issues through a security lens. Passionate about privacy, Lisa leads the Privacy in the Public Sector micro-credential, developed by the Government Chief Privacy Officer, and Kapuhipuhi Wellington Uni Professional.

Louisa Joblin

Committee Member

Louisa Joblin is a Senior Associate at Duncan Cotterill in Wellington, specialising in privacy law. Louisa has worked as a commercial lawyer both in-house and in private practice.

She has considerable experience advising clients on all their privacy concerns, including Privacy Act compliance, dealing with data incidents and privacy breaches (including urgent advice as and when a breach is happening), access and correction requests, notification requirements, compliance training, and privacy policy and procedure.

Louisa regularly writes and speaks about privacy law, including as a media commentator on topical privacy issues. She is currently the convenor of the Legislation and Regulatory Reform Working Group of the Privacy Foundation.

Marcin Betkier

Committee Member

Marcin Betkier is currently the Lead Information Assurance Advisor at the Ministry of Social Development. Previously, he was a Lecturer at the Faculty of Law, Victoria University of Wellington, where he taught Data Privacy. He continues to teach as an Adjunct Lecturer. Marcin joined the Faculty after completing his doctoral studies there. In addition to his PhD from Victoria University, he holds a Master’s degree in Law from Koźmiński University in Warsaw, a Master’s degree in Computer Science from Warsaw University of Technology, and has completed postgraduate MBA studies at Koźmiński University.

His research and publications focus on the regulation of online services, data privacy and protection, computer security, and the regulation of modern technologies such as Artificial Intelligence and Facial Recognition Technology.

Marcin has 15 years of experience in the ICT sector in various roles, including technical, commercial, and legal. He has also advised New Zealand companies on implementing the General Data Protection Regulation. Marcin has been a member of the Privacy Foundation since its inception and is the Convenor of the Foundation’s Privacy in Digital Economy Working Group, as well as a member of several other working groups. Was serving as a Chair of the Foundation from September 2022 until September 2024.

Additional information is available on his LinkedIn profile: https://www.linkedin.com/in/mbetkier

Nathan Akhavan-Moossavi

Committee Member

Nathan Akhavan-Moossavi is a Senior Compliance & Assurance Manager, Privacy & Data Protection at ANZ based in Te Whanganui-a-Tara Wellington. Nathan has specialised in privacy for over 8 years in both the UK and Aotearoa New Zealand, and in a variety of client-facing and in-house roles.

Prior to ANZ, Nathan worked as a Senior Privacy Advisor at Vodafone (now One NZ). Originally from London, Nathan began his privacy career at Baker McKenzie, a law firm advising clients on a variety of projects, largely getting ready for GDPR. He became a Certified Information Privacy Professional, Europe (CIPP/E) in 2016. Deciding privacy was definitely the career path for him, Nathan moved to KPMG where he focused on operationalising privacy. It was here he gained his Certified Information Privacy Manager (CIPM) designation in 2018. For his first in-house move, Nathan worked at ITV, a lot of that time spent in the UK lockdown. In February 2020 Nathan earned the Fellow of Information Privacy designation from the International Association of Privacy Professionals (IAPP). Since arriving on our shores in April 2021, Nathan has been a member of the Privacy Officers Roundtable network, is an IAPP Wellington KnowledgeNet Chair and sits on the IAPP Australia & New Zealand Advisory Board. In November 2023 he moderated a panel on the Consumer Data Right at the IAPP ANZ Summit in Sydney.

Outside of work, he is finishing off a house renovation, enjoys getting up to Hawke’s Bay when he can, walking, good food and exploring New Zealand.

Polly Ralph

Committee Member

Polly leads PwC Legal New Zealand’s privacy and data protection law practice. She has specialised in privacy for 20 years. She started her privacy career in 2004 working in the investigations team at the Office of the NZ Privacy Commissioner, and then as Privacy Legal Adviser at the New Zealand Police National HQ. Polly then spent 12 years in the UK. During that time, she was Senior Privacy Counsel at the BBC, Group DPO at a UK / EU insurance company, and a Director at PwC UK for six years, where she advised some of the world’s largest brands on global data privacy matters.

Polly returned home to NZ in 2022 to take up the role of Director at PwC Legal NZ. She heads up the privacy legal practice, advising clients on the full range of privacy issues including breach response, GDPR / Privacy Act compliance projects, cross border data transfers, outsourcing, and contracting.  She holds CIPM and CIPP/E, and is an IAPP Wellington KnowledgeNet Chair.

Rebecca Hawkins

Committee Member

Rebecca Hawkins is a privacy professional currently working as a Privacy Advisor in the health sector. She has a law degree, and in 2021 attained the International Association of Privacy Professionals Certified Privacy Technologist accreditation. She has previous experience in the regulatory and compliance environment, working in the UK in Complaints Investigator Roles for accountancy and telecommunications regulatory bodies.

Rebecca heads up the Southern Privacy Network, providing opportunities for Privacy Officers and Professionals to network and hear presentations from experts in the field of privacy and security.

Previous Privacy Officer work has led her to have a keen interest in children’s privacy issues, and more recently to focus on health technologies and privacy.