Information Security & Data Privacy

Information Security & Data Privacy
Information Security and Data Privacy — Russel Fielding

Resources / Information Security and Data Privacy

Information security and data privacy are connected disciplines, but they are not the same thing. Both have matured significantly in the last decade, and both are areas where the gap between policy and operational reality is often where things go wrong.

These guides cover data protection law, privacy programme delivery, information security frameworks, and the practical controls that meet regulatory expectations. Written for privacy officers, information security leaders, and senior managers in regulated organisations.

Available guides

Three guides on security and privacy

Security framework

Information Security in Practice

Information security is not a technology problem. It is a governance, risk, and organisational behaviour problem that happens to involve technology. This guide covers what an effective information security programme looks like, the role of frameworks such as ISO 27001, third-party and supply chain risk, incident response, and how to build security into the organisation rather than bolting it onto existing operations.

ISO 27001:2022 · Supply chain risk · Incident response
Read the guide →

Privacy programme

Data Privacy in Practice

Privacy law has matured. The operational discipline required to run a genuinely compliant privacy function has not always kept pace. This guide covers the legal architecture (GDPR-led, with notes on the NZ Privacy Act and Australian reforms), and the high-friction parts of day-to-day delivery: lawful bases, rights requests, DPIAs, breach response, and vendor controls. Written for privacy officers, compliance professionals, and risk managers.

UK GDPR · NZ Privacy Act 2020 · Australian reforms
Read the guide →

Privacy role

The Privacy Officer's Handbook

The Privacy Officer sits at the intersection of law, operations, and organisational culture, and the role is frequently misunderstood. This handbook covers what the role actually involves, the difference between the GDPR DPO and a broader Privacy Officer, governance and reporting structures, the daily reality of running a privacy function, and the practical judgements that matter most. Written for people in the role and the leaders building the function around them.

GDPR Article 37–39 · DPO independence · Programme delivery
Read the guide →

Browse other resources

More practical guides on compliance, transformation, and financial crime.

Information security and privacy obligations sit alongside a wider compliance landscape. Browse the full library of practical guides covering AML, fraud and financial crime, and transformation and risk.

All resources →