Anna Johnston, our founder and Principal, is one of Australia’s most respected experts in privacy law and practice.
With her qualifications in law, public policy and management, and over 25 years’ experience in legal, policy and research roles, Anna brings a breadth of perspectives and a wealth of experience to dealing with our clients’ privacy and data governance challenges.
Since establishing Salinger Privacy in 2004, Anna has provided advice on managing privacy risks to clients including tech start-ups, established businesses and government agencies. She has conducted Privacy Impact Assessments on large and highly complex cross-jurisdictional projects for government including on the launch of the NDIS and the design of the My Health Record scheme. Her private sector clients cross the economy, including the health, banking, human services, education, media, pharmaceutical, technology, insurance and professional services sectors.
Anna’s advice on data ethics and the application of privacy design strategies to complex data linkage projects has assisted clients including at the establishment of the NSW Centre for Education Statistics & Evaluation and the Victorian Centre for Data Insights. She has also guided clients grappling with privacy and data management issues in the research and data analytics space across non-profit medical research institutes, for-profit data analytics companies, health service providers, universities and governments conducting multi-agency research and evaluation projects.
Anna’s influential and widely-read blog has prompted reforms to NSW privacy laws and a boycott of the 2016 Census, and introduced a new concept – individuation – into the privacy lexicon. She also writes about privacy law and practice for various other publications including the Law Society Journal, and tweets at @SalingerPrivacy. In 2022 Anna presented as a guest lecturer in Data Privacy Law for the Faculty of Law and Justice at UNSW.
As the former Deputy Privacy Commissioner for NSW, Anna also knows the regulator’s perspective. Since establishing Salinger Privacy, she has also been commissioned to write privacy guidance publications, and deliver presentations and training, on behalf of other regulators including the Australian, NSW and Victorian Privacy Commissioners. Given the depth of her experience in the sector, Anna is known as ‘the’ expert on NSW privacy laws. She has read and annotated hundreds of NSW cases for our ‘PPIPA in Practice’ guide, and since 2001 has provided a pro bono caselaw update to NSW privacy practitioners at their quarterly meetings. Anna also authors most of our range of guidance publications.
Anna has been called upon to provide expert testimony before various Parliamentary inquiries, the Productivity Commission and the European Commission, spoken at numerous conferences, and is regularly asked to comment on privacy issues in the media. She is a lifetime member of the Australian Privacy Foundation, a member of the International Association of Privacy Professionals (IAPP) since 2008, and in 2019 was recognised as an industry veteran by the IAPP with the designation of Fellow of Information Privacy (FIP).
In 2022, Anna was honoured for her ‘exceptional leadership, knowledge and creativity in privacy’ with the IAPP Vanguard Award, one of five privacy professionals recognised globally whose pioneering work is helping to shape the future of privacy and data protection. While her day-to-day work involves assisting clients to develop innovative approaches to privacy protection, the Vanguard award was bestowed in reflection of Anna’s contributions to the privacy profession, and to the protection of privacy for the benefit of all. In particular, the award recognised Anna’s contributions in a voluntary capacity over 20 years, including both formal and informal advocacy on key issues, multiple pro bono advisory positions, and knowledge-sharing through speaking and writing about privacy. Her passionate pursuit of law reform to improve protection against digital harms was called out in particular.
Anna’s pro bono advisory, advocacy, academic and editorial positions have included:
- Visiting Scholar at the Research Group on Law, Science, Technology and Society of the Faculty of Law and Criminology of the Vrije Universiteit Brussel (VUB), 2018
- Advisory Board Member for the EU’s STAR project, to develop training on behalf of European Data Protection Authorities, 2017 to date
- Member of the Asian Privacy Scholars Network (APSN), 2017 to date
- Editorial Board Member, Privacy Law Bulletin, 2010-16
- Advisory Committee Member, the Australian Law Reform Commission’s Inquiry into the Invasion of Privacy, 2013-14
- Board member, the International Association of Privacy Professionals, Australia & New Zealand, 2010-11
- Advisory Committee Member, the Australian Law Reform Commission’s expert advisory group on health privacy for the Review of the Privacy Act, 2006-08
- Project Team Member, University of New South Wales’ Interpreting Privacy Principles project, 2006-09
- Campaign Director, NoIDCard, the successful campaign against the proposed Access Card, 2006-07
- Chair of the Australian Privacy Foundation, 2005-06; Member of the International Committee 2018 to date
- Consumer Representative Member, National E-Health Transition Authority’s Consumer & Clinician Forum, 2005-06
- Primary Author, Australian country reports for Privacy International’s Privacy and Human Rights, 2005-06
- Editorial Board Member, Privacy Law & Policy Reporter, 2004-06
Anna holds a first class honours degree in Law, a Masters of Public Policy with honours, a Graduate Certificate in Management, a Graduate Diploma of Legal Practice, and a Bachelor of Arts. She is a Certified Information Privacy Professional, Europe (CIPP/E) and a Certified Information Privacy Manager (CIPM). She was admitted as a Solicitor of the Supreme Court of NSW in 1996. However since she no longer practices as a solicitor, she won’t mind your lawyer jokes at all.
Melanie Casley, our Senior Privacy Consultant, has deep experience in the application of privacy laws, having worked in the field since 2002, across both regulatory and advisory capacities.
At Salinger Privacy Melanie has led Privacy Impact Assessments into complex, multi-jurisdictional projects, such as a project to develop a real-time national information-sharing system for child protection, and data linkage and analytics projects in the health and disability sectors.
In 2021 Mel completed a three-month secondment to Rio Tinto in its Global Data Privacy Team to assist with the completion of PIAs and a range of data privacy advices spanning Rio Tinto’s world-wide operations. At Rio Tinto, Mel worked closely with the existing Data Privacy Team, Rio Tinto’s Global Cyber Security Team, broader Information Security and Technology members and other key business operations including Procurement, Human Resources and Exploration operations based in Australia, New Zealand, Canada, Utah, France, Singapore, Serbia, Kazakhstan, India, Zambia and Mongolia. Each of these PIAs required Melanie to use Rio Tinto’s existing risk management platform, Global Data Privacy Standard, local data privacy laws, and rely on local knowledge of Rio Tinto staff to develop her advice.
Other notable engagements with public sector clients include Mel’s development of a framework for privacy management for the Queensland Government’s Unify program, along with a series of seven PIAs on different aspects of the Unify program. The Unify program is a four-year project to replace legacy client-management systems and improve information sharing and collaboration across the social services and justice sectors, led by the Department of Child Safety, Youth and Women, in partnership with the Department of Youth Justice. Mel has also conducted privacy compliance reviews for clients needing a health check of their existing operations.
Mel has previously served as Manager of the Information and Privacy Unit in the Victorian Department of Justice and Regulation (now known as the Department of Justice and Community Safety), overseeing the compliance of both the Department, and statutory agencies within the Justice portfolio, in relation to privacy and related laws. She has also managed the secretariat functions for the Justice Human Research Ethics Committee, and coordinated a Whole of Victorian Government approach to privacy governance and policy. Prior to her role with the Victorian Department of Justice and Regulation, Mel performed a number of policy, training and compliance roles with the Office of the Victorian Privacy Commissioner (now known as OVIC).
Melanie is also the editor of the privacy law section of the Fitzroy Legal Service’s Law Handbook.
Melanie holds a Bachelor of Laws, a Bachelor of Arts, and a Graduate Diploma of Educational Psychology. She is also an accredited mediator, a member of the IAPP, a Certified Information Privacy Manager (CIPM) and Certified Information Privacy Professional – Europe (CIPP/E). In 2022 Melanie was recognised as an industry veteran by the IAPP with the designation of Fellow of Information Privacy (FIP).
Andrea Calleia, our Director of Learning, has extensive experience in the learning and development field, and has specialised in privacy training since 2003 when she managed the privacy education program for the NSW Privacy Commissioner’s Office. Since joining Salinger Privacy in 2008 Andrea has managed our e-learning privacy training program, and delivers most of our face to face training. She has developed and delivered customised privacy training on behalf of clients including QANTAS, Sage Software, the Office of the Australian Information Commissioner, and PRAXIS Australia.
Andrea is consistently rated “5 out of 5” by our training participants and has been described as “excellent and engaging”, “enthusiastic, clear and effective”. She developed our Privacy Management in Practice workshop program, which has been described by participants as “top notch”, “practical and informative” and “effective for all participants coming from varied organisations”. Andrea also delivers our CIPM training on behalf of the International Association of Privacy Professionals (IAPP).
Andrea has been appointed to the IAPP’s ANZ Advisory Board for 2020/2021, and again for 2022/2023, to promote and serve the privacy profession in Australia and New Zealand.
Andrea holds a Bachelor of Arts majoring in Education and Human Resources, and a Certificate IV in Training and Assessment. As an alumni of the University of New South Wales, she is a Mentor for students specialising in the fields of Human Resources and Learning and Development. Andrea is a Certified Information Privacy Professional – Europe (CIPP/E), Certified Information Privacy Manager (CIPM), a Certified Information Privacy Technologist (CIPT), a Certified Practitioner of Human Resources with the Australian Human Resources Institute, a Fellow of the Australian Institute of Training and Development (AITD), a member of the IAPP, and a member of the Australian Privacy Foundation. In 2021 Andrea was recognised as an industry veteran by the IAPP with the designation of Fellow of Information Privacy (FIP).
We often also collaborate with Stephen Wilson of Lockstep Consulting. Stephen is a leading international authority on digital identity and cyber security. His career spans more than 28 years in IT, software engineering and R&D management, in both Australia and the US, and since 1995 he has specialised in e-security. Stephen is Managing Director of ValidIDy and Lockstep Consulting, and has partnered with Salinger Privacy on a number of PIAs and other client engagements since 2005.
Stephen’s privacy experience is founded on many years working in the sensitive sectors of healthcare and government, and forged through highly original research into the complex interplay of privacy and security. He has pioneered privacy engineering and design techniques to tailor practical guidance for information architects, designers and project managers, to help build privacy controls into the formative stages of systems development. Stephen has helped organisations in government, health and finance throughout the Asia Pacific, with e-security strategy, policy, architecture, privacy, risk management, governance and technology selection.
Stephen has long been involved in public policy in privacy and security. He was a member of the ALRC’s Developing Technology Advisory Sub-committee (2007-08) and the Federal Privacy Commissioner’s PKI Reference Group (2000). He has served as Standards Australia’s Nominated Privacy Expert on the ISO Financial Services Security Technical Committee 68/SC 6. Stephen has authored numerous submissions to public inquiries into privacy, including the National Health Privacy Code (2003), the Privacy Act (2005), the Health & Welfare Access Card (2007), and Health Identifiers (2010).
Stephen holds an honours degree in Electrical Engineering, and a Bachelor of Science.
Depending on the nature of any given engagement, we may also bring on board Dr Chris Culnane of Castellate Consulting. Chris is an expert in cyber security and privacy, specialising in re-identification risk assessments. He has previously held academic posts at the University of Surrey and the University of Melbourne, where his research focus included the integrity of electronic voting, and the privacy and cyber security of open data releases.
Chris has partnered with Salinger Privacy on policy and research work in relation to online identifiers and developing law reform options. Chris also has a particular expertise in evaluating the privacy risks posed by large datasets, and has written extensively about de-identification and re-identification risks. His work led to the discovery of re-identification risks in the Federal MBS/PBS open data release, and more recently the Victorian government release of Myki data.
Whilst at the University of Melbourne Chris led consultancy contracts which undertook evaluations of privacy-preserving techniques, including for the Australian Bureau of Statistics and Transport for New South Wales. He was also the technical lead on the vVote project, which designed and implemented an end-to-end verifiable election system for the 2014 Victoria State Election, which at the time was the largest politically binding deployment of an end-to-end verifiable election.
In addition to his technical work, Chris has also led a number of consultation responses including in relation to Data Sharing and Release, and the Consumer Data Right, as well as appearing as a witness at both state and federal inquiries, including Electoral Matters Committees and the PJCIS inquiry into the Assistance and Access Bill (now TOLA).
Chris holds a first class honours Bachelor of Science in Computing, a Master of Science in Internet Computing, and a PhD in Computer and Information Systems Security.
