How to Build and Deploy Responsible, Trustworthy, and Ethical AI Systems

AI can improve productivity, support better services and unlock social benefit at scale. However, if it is deployed without good governance, it can automate discrimination, intensify inequality, undermine privacy and damage public trust. 

In Episode 7 of the Guardians of Data podcast, AI expert Tahir Latif argued that ethical and responsible AI cannot remain a collection of impressive slogans. Principles such as fairness, transparency, accountability and safety only matter if organisations can translate them into practical governance, day-to-day 
decision-making and evidence of responsible deployment. This is an urgent challenge because AI is being adopted faster than many organisations are maturing.  

Defining the Use Case 

Tahir says that businesses and public bodies often see AI as a strategy in itself:
an answer to cost reduction, efficiency, competitive advantage or service improvement. But AI is not a strategy. It is a tool. The question is not simply “Can we deploy this?” but “Why are we deploying it, who may be affected, what could go wrong, and how will we know whether it is working fairly?” 

A responsible AI programme starts with a clearly defined use case. Organisations should resist the temptation to apply “AI everywhere for everything”. A use case should explain the problem being solved, the people affected, the intended benefits, the lawful basis for processing data, the decision points where AI will be used and the limits of the system. This matters because the ethical risk of AI depends heavily on context. A tool that recommends music is very different from one that influences access to housing, healthcare, benefits, policing or credit. 

Strong Information Governance  

The next foundation a responsible AI programme is data quality. AI systems inherit the strengths and weaknesses of the data on which they are trained, tested and deployed. If data is biased, incomplete, unlawfully sourced, poorly classified or disconnected from its original purpose, the organisation is not innovating on solid ground; it is scaling risk. Ethical AI therefore requires strong information governance: clear data provenance, lawful and fair processing, purpose limitation, data minimisation, retention controls, accuracy checks and ongoing monitoring for bias or drift. 

Governance should begin at the ideation stage, not after a model has been purchased, built or released. Organisations need an AI governance framework that identifies ownership, risk appetite, approval routes, documentation standards, testing requirements, escalation processes and independent review. The UK’s regulatory approach highlights five relevant principles: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. The OECD AI Principles similarly emphasise human-centred, trustworthy AI that respects human rights and democratic values. 

The Human in the Loop 

Governance cannot be a paper exercise. Tahir warns against organisations claiming to have “human in the loop” oversight when the human does not understand what they are reviewing or lacks authority to stop a problematic deployment. Responsible oversight requires trained and empowered people. They must understand the limits of AI outputs, be able to challenge results, know when to escalate concerns and have permission to say no where risks are disproportionate. 

This is particularly important because AI systems can be fluent, persuasive and wrong. A confident output is not the same as a reliable one. AI often produces plausible answers rather than verifiable truth. That creates a risk of misplaced reliance, especially where users assume that machine-generated outputs must be objective or authoritative. Organisations should therefore build in validation, sampling, audit trails, performance monitoring and clear thresholds for human review. 

Transparency and Explainability 

Tahir says that central to trustworthy AI is transparency and explainability. But these terms must be understood realistically. Transparency means being open about when and how AI is used, what data it relies on, what role it plays in decisions and what rights affected individuals have. Explainability is about providing a meaningful account of how a system reaches or supports an outcome. In low-risk settings, a simple explanation may be enough. In high-impact contexts, such as credit, employment, welfare or healthcare, people need understandable reasons, routes to challenge and access to human review. 

Tahir’s mortgage example makes the point. If an applicant with a strong credit history, stable income and low debt is refused by an AI-assisted system, “computer says no” is not acceptable. The organisation must be able to explain the relevant factors, identify whether the decision was fair and provide a meaningful mechanism for contesting it. The more opaque the model, the stronger the justification must be for using it, especially where simpler and more interpretable methods would achieve the purpose. 

Privacy and data protection also sit at the heart of responsible AI. The healthcare example discussed in the podcast shows both the opportunity and the caution required. AI can assist radiographers by reviewing large volumes of labelled X-ray images quickly and accurately, helping clinicians identify patterns that may be difficult for the human eye to detect. But the same sector also illustrates why governance matters: patients must be able to trust that sensitive data is used lawfully, securely and proportionately, and that AI supports rather than replaces accountable clinical judgment. 

Lifecycle Management 

Tahir emphasise that AI risk does not end at product launch. Models can degrade, data can change, users can misuse outputs and social impacts may emerge over time. Organisations should monitor performance, fairness, security, complaints, incidents, and unintended consequences. They should also be prepared to suspend, retrain, restrict or retire systems that no longer meet legal, ethical or operational standards. 

Respecting Rights 

Copyright and training data add another ethical dimension. AI systems depend on data, but innovation cannot simply override the rights of creators, authors, artists and performers. Organisations should ask whether training data has been lawfully obtained, whether rights holders have been respected, whether outputs may reproduce protected material and whether transparency is owed to users or creators. Ethical AI is not only about avoiding biased outputs; it is also about respecting the labour and rights embedded in the data ecosystem. 

IG Officer Skills 

For information governance professionals, the message is clear: AI governance is not a side issue. It is becoming a core professional responsibility. The most valuable skills will include judgment, translation, evidence and humility.  

Judgment means asking whether a system is proportionate, fair, defensible and wise. Translation means communicating risk across technical, legal, governance and executive audiences. Evidence means documenting decisions, testing, approvals, safeguards and monitoring. Humility means recognising that AI is developing quickly and that continuous learning is essential. 

Tahir says that ultimately, building responsible, trustworthy and ethical AI systems is not about choosing between innovation and regulation. It is about designing the conditions for AI to serve people well. That means clear use cases, good data, meaningful accountability, trained humans, transparent explanations, privacy by design, challenge mechanisms and ongoing assurance. AI may be powered by technology, but trust is built by people, governance and the choices organisations make before, during and after deployment. 

Listen to the full Episode 7 with Tahir Latif.

AI and Cyber Security 

In recent weeks, governments, regulators and cyber security professionals have been gripped by the emergence of Mythos, the powerful AI model developed by Anthropic. Touted as capable of identifying software vulnerabilities at a level that rivals some of the world’s most skilled human researchers, the model has generated excitement, concern and intense debate.   

Against this backdrop, our guest in Episode 11 of the podcast is an internationally renowned cybersecurity leader, educator and technology strategist, Caroline Wong

In this conversation, Caroline explains how cybercriminals are using AI to launch sophisticate cyber-attacks. We also discuss how organisations can use the same technology to strengthen their cyber defences. But this conversation goes beyond the technical. We discuss why trust is becoming the central battleground in cybersecurity, how deepfakes and AI-generated content are reshaping the way we verify information, and why human judgment remains critical despite rapid advances in automation. We also take a closer look at Mythos itself and what it means for the future of cybersecurity.    

Listen to Episode 11 with Caroline Wong 

New Podcast: The Impact of AI on Cybersecurity  

“Today, it’s actually very, very easy for attackers to take a piece of malware and effectively launch one hundred different versions all at once.” 

Caroline Wong, Author and Cybersecurity Expert 

Episode 11 of the Guardians of Data Podcast is out now. In this episode we discuss how AI is reshaping trust, identity, cybersecurity, and organisational accountability.  

In recent weeks, governments, regulators and cyber security professionals have been gripped by the emergence of Mythos, the powerful AI model developed by Anthropic. Touted as capable of identifying software vulnerabilities at a level that rivals some of the world’s most skilled human researchers, the model has generated excitement, concern and intense debate.   

Against this backdrop, our guest on this podcast is an internationally renowned cybersecurity leader, educator and technology strategist. Caroline Wong is Chief Strategy Officer at Axari and the author of The AI Cybersecurity Handbook.  

In this conversation, Caroline explains how cybercriminals are using AI to launch sophisticate cyber-attacks. We also discuss how organisations can use the same technology to strengthen their cyber defences.  

But this conversation goes beyond the technical. We discuss why trust is becoming the central battleground in cybersecurity, how deepfakes and AI-generated content are reshaping the way we verify information, and why human judgment remains critical despite rapid advances in automation. We also take a closer look at Mythos itself and what it means for the future of cybersecurity.  

Whether you’re a privacy practitioner, cybersecurity professional or simply interested in understanding how AI is transforming the digital world around us, this is a conversation packed with practical insights and thought-provoking ideas.   

Listen on your preferred platform via our podcast page, or download the episode directly.

This podcast is sponsored by Phaselaw – a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn’t designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the World are using it to cut response times from weeks to days. 

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment. 

Head to https://www.phase.law/guardians to claim your free trial.  

Previous episodes of the Guardians of Data podcast have featured Tahir Latif talking about responsible AI deployment, Jen Persson, a privacy campaigner, explaining the privacy implications of the Government’s new plans for children’s data, Naomi Mathews and Ibrahim Hasan explaining the law on filming people in public for social media and Olu Odeniyi analysing recent cyber breaches and discussing the lessons learnt.

New Podcast: Beyond GDPR – The Real Purpose of Data Protection 

“Think clarity of purpose. Find your why. Find the reason that you’re doing what you do. It just puts fire in my belly every day knowing that I have such a clarity of purpose.” 

Emma Martins, Former Data Protection Commissioner for Guernsey 

Episode 10 of the Guardians of Data Podcast is out now. It is a fascinating and deeply human conversation with one of the most thoughtful voices in the world of privacy and information governance.  

Emma Martins served as Data Protection Commissioner for the Bailiwick of Guernsey for over a decade. In our conversation, Emma reminds us that data protection is about far more than compliance checklists, privacy notices, or subject access requests.
At its core, data protection is about people, power, democracy and human dignity. 

We explore the historical roots of data protection law, including the lessons Europe learned from surveillance and authoritarianism after World War Two, and why those lessons matter now more than ever in the age of AI, predictive policing, algorithmic bias, and mass data collection. 

Emma also shares her reflections on: 

  • The need for data protection professionals need to reconnect with their “why” 
  • The importance of diversity, curiosity, and collaboration in the IG profession 
  • And how we can all move from being seen as blockers to becoming trusted cultural leaders inside our organisations 

This is not a conversation about technology or the minutiae of data protection law; it’s a conversation about humanity and why we are here as data protection professionals.  

Listen on your preferred platform via our podcast page, or download the episode directly.

Emma also shared her recommended books and films/dramas about privacy, AI and data protection. You can find these in the episode show notes.

This podcast is sponsored by Phaselaw – a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn’t designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the World are using it to cut response times from weeks to days. 

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment. 

Head to https://www.phase.law/guardians to claim your free trial.  

Previous episodes of the Guardians of Data podcast have featured Tahir Latif talking about responsible AI deployment, Jen Persson, a privacy campaigner, explaining the privacy implications of the Government’s new plans for children’s data, Naomi Mathews and Ibrahim Hasan explaining the law on filming people in public for social media and Olu Odeniyi analysing recent cyber breaches and discussing the lessons learnt.

New Podcast: Learning from a Journalist’s Use of FOI  

The Freedom of Information Act 2000 (FOI) is an essential tool for the journalist seeking to  hold public institutions to account. But for those handling FOI requests from journalists, the challenge is to balance minimising the resource burden on the organisation with maintaining opennesss and transparency. This requires a good understanding of journalists’ motivation, tactics and pressures. 

In the latest episode of the Guardians of Data podcast we are joined by Martin Rosenbaum. Martin spent 16 years at the BBC as the organisation’s leading specialist in using FOI for journalism. Over that time, he broke major stories, trained reporters, and took cases all the way to tribunal hearings. His investigations have covered everything from private conversations between Tony Blair and Bill Clinton, to the policing of Greenham Common protests, to the flaws in the honours system. 

Martin is also the author of Freedom of Information: A Practical Guidebook– a comprehensive, hands-on guide that explains the law, the process, and the tactics for using FOI effectively. 

In this podcast episode, we talk about: 

  • How journalists use FOI to uncover the truth and inform the public 
  • The tactics that make the difference between a successful request and a dead end 
  • How FOI has evolved since its introduction  
  • And what information professionals can learn from the media’s use of this powerful tool 

Whether you work in information governance, public service, or the media, or you simply believe in transparency and accountability, this conversation will give you practical insights into how FOI really works and why it still matters today. 

Listen on your preferred platform via our podcast page, or download the episode directly.

This podcast is sponsored by Phaselaw – a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn’t designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the World are using it to cut response times from weeks to days. 

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment. 

Head to https://www.phase.law/guardians to claim your free trial.  

Previous episodes of the Guardians of Data podcast have featured Tahir Latif talking about responsible AI deployment, Jen Persson, a privacy campaigner, explaining the privacy implications of the Government’s new plans for children’s data, Naomi Mathews and Ibrahim Hasan explaining the law on filming people in public for social media and Olu Odeniyi analysing recent cyber breaches and discussing the lessons learnt.

New Podcast: The Government’s Plans For Our Children’s Data

“I think privacy is often given a bad name. We talk about it in abstract terms; we should abandon thinking about it in that way. What you do to my data, you do to me. There is no real distinction anymore between our online life and our offline life. So whatever you know about me through my digital footprint, you know about my real life.” 

Jen Persson, Director of Defend Digital Me 

Children today are growing up in a world where almost everything they do leaves a data trail. From the apps they use, to the schools they attend and the healthcare they receive; data is being collected, analysed and increasingly connected and shared.
But at what cost? 

Recent initiatives from the UK Government, such as the Schools White Paper and the Children’s Wellbeing and Schools Act 2026, have major implications for children’s privacy; from age verification to plans for a “Data Spine” to link information across the public sector.  

In our latest Guardians of Data podcast, we analyse the Government’s plans for our children’s data, discuss children’s privacy in the internet age and the role Big Tech is playing in the collection storage and analysis of all our data.  We ask if the government is simply trying to do a better job of protecting children or if it is quietly building a surveillance system which will impact all of us. 

Our guest is Jen Persson, Director of Defend Digital Me,  a not-for- profit organisation that advocates for children’s privacy and digital rights in UK education and the wider public sector. Jen said: 

“Everybody wants to keep children safe… I think the important thing in the Children’s Wellbeing and Schools [Act], is that there is so much going through it that is untested and unevidenced. So some of our work has been to analyse that as it went through Parliament. For example, the single unique identifier is only part of the data aspects of the [Act], but it’s very vague and there’s been very little explanation in writing or in Parliament.” 

Listen on your preferred platform via our podcast page, or download the episode directly.

This podcast is sponsored by Phaselaw – a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn’t designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the world are using it to cut response times from weeks to days. 

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment. 

Head to https://www.phase.law/guardians to claim your free trial.  

Previous episodes of the Guardians of Data podcast have featured Tahir Latif talking about responsible AI deployment, Naomi Mathews and Ibrahim Hasan explaining the law on filming people in public for social media, Maurice Frenkel looking back at 20 years of the Freedom of Information Act and Olu Odeniyi analysing recent cyber breaches and discussing the lessons learnt.

New Podcast: Building Trustworthy and Responsible AI Systems

“Information governance professionals are the bedrock for deploying good governance of AI. We need to be there at the start of the actual thinking process.” 

Tahir Latif, Global Practice Lead for Data Privacy & Responsible AI at Cognizant 

The last two years has seen a massive increase in AI deployment. Previously the domain of Science Fiction, AI is now everywhere – in our workplaces, our personal lives, and in the systems that shape society. From healthcare to security and law enforcement. But alongside the opportunities, there are some big risks: including lack of accuracy and transparency as well as bias and discrimination. 

In this episode, we dive into one of the biggest questions of our time: How do we build trustworthy and responsible AI systems? 

To help us answer this question, we are joined by someone who is right at the heart of the conversation. Tahir Latif is a distinguished expert on building responsible and transparent AI systems. He was formerly the Global Practice Lead for Data Privacy & Responsible AI at one of the largest global professional services companies. Tahir has led complex privacy and AI programmes across multiple industry sectors both in the UK and globally. He is also the Chief AI and Governance Officer and board member at the Ethical AI Alliance, a not for profit body which promotes ethical standards in AI development. Tahir is the co-author of Data Privacy – A Practical Handbook on Governance and Operation.

In this conversation, we explore how to cut through the complexity of ethical AI, what the future holds, and most importantly, what practical steps IG professionals can take to succeed in this new landscape. 

Listen on your preferred platform via our podcast page, or download the episode directly.

This podcast is sponsored by Phaselaw – a purpose-built solution for document disclosures, like subject access requests and FOI requests. Instead of redacting PDFs one by one, or forcing litigation software to do a job it wasn’t designed for, with Phaselaw you get collection, review, and redaction in one workflow. Teams across the World are using it to cut response times from weeks to days. 

For Guardians of Data listeners, Phaselaw is offering a two-month free trial; run it on live requests, see what it does to your backlog, decide from there. No card, no commitment. 

Head to https://www.phase.law/guardians to claim your free trial.  

Previous episodes of the Guardians of Data podcast have featured  Naomi Mathews and Ibrahim Hasan explaining the law on filming people in public for social media, Maurice Frenkel looking back at 20 years of the Freedom of Information Act, Olu Odeniyi analysing recent cyber breaches and discussing the lessons to learn and Raz Edwards talking about how to succeed as an IG leader. 

How to Succeed in Information Governance

Seasoned IG professionals offer invaluable advice, having tackled data protection hurdles and shaped best practices over years in the field. By listening to their journeys, new IG professionals can better prepare themselves to face tomorrow’s IG challenges with confidence. 

In Episode 1 of the Guardians of Data podcast our guest was Jon Baines who is a senior data protection specialist at Mishcon de Reya LLP, a law firm where he advises on complex data protection and freedom of information matters. Jon isn’t a lawyer in the traditional sense, yet he has been listed in Legal 500 as a rising star in the data protection, privacy and cybersecurity category. Jon is also the long standing chair of the National Association of Data Protection and Freedom of Information Officers.  

In the podcast, our conversation ranges widely and goes into Jon’s route to the law, what sort of work a non-lawyer like gets involved in at a law firm, whether young professionals need to or should qualify as solicitors in order to develop a career in information law, some of the specialisms and the history of Mishcon de Reya LLP; and developments of data protection in the age of AI. 

The following is an abridged version of the podcast focusing on Jon’s advice to IG professionals.  

Question: You’ve proved that you don’t need to be a lawyer to work at the cutting edge of information law. What skills or perspectives can non-lawyers bring that make them particularly valuable in this field? 

Answer: Critical thinking. I’m a big advocate for seeing both sides. I nearly always, when I approach a task or an instruction, think “if I were advising the other side, what would I be doing?” Because I think it’s really important that you don’t just see the positives on your side; that ability to see across the issue and be able to challenge yourself is important. And that’s part of critical thinking.  

In a lot of data protection matters, it’s important to remember that a data subject is all of us effectively; we are all data subjects. Data protection is about a fundamental right, let’s call it the right to respect for our personal information and a limited right to control that information. So a certain amount of empathy is important.  

It’s also important to understand how commerce works; data protection law doesn’t exist in a vacuum. As I say, it’s about us; it’s about our information. It’s also about how that information, operates and can be used within a commercial world, a business world, a public service world. We don’t have a complete right to privacy, let alone privacy of our information. It’s a qualified right. So I think an understanding of business and understanding that business needs data in order to operate is important. 

What is your advice for those who are new to the IG profession? 

I think one of the biggest skills you need is being able to be across the whole organisation that you work for. So don’t work in a silo. Your role might be part of Legal etc. but make sure that you get out and learn about your organisation. Make sure that people know who you are. It’s old fashioned internal networking, I guess. 

How should IG professionals, position themselves, to add value to AI projects? 

Well, it kind of makes me think of the old Data Protection Impact Assessment or prior to GDPR, when we called them privacy impact assessments. It’s not much use being part of that sort of project if you’re only brought in at the last moment. The whole idea of risk assessment is to assess in advance. So it’s important for IG professionals to remind those setting up AI projects that their input is needed from the start; indeed, even before a decision is taken to initiate a project. There are going to be few AI projects that will not involve data protection, in some way or another, or that don’t have the potential to do so in the future. So I think it’s as simple as that really. Try and make sure you’ve got your foot in the door at the start, because it’s going to be very difficult to do your job if you’re brought in at the last moment. 

If you could go back and give your younger self one piece of career advice, what would it be? 

I would probably tell myself that, just in the years after graduation, time goes quite quickly. And whilst I wouldn’t ever want to put pressure on my younger self, I think I would want to tell my younger self to “pull your socks up” a bit and start doing this sort of thing earlier. I think I drifted for a number of years and, as I get older, I increasingly find myself in this role of elder sage and telling young people, don’t waste time; it goes so quickly. 

How useful is NADPO in terms of professional development? 

NADPO is a venerable institution. It’s been going since 1993. We’re an association of information law professionals and by that I mean there are DPOs, there are FOI officers, there are lawyers, there are some journalist members, academics etc. So everyone is welcome. We exist to support the profession by providing an opportunity to learn from experts (whilst we don’t do direct training). So for a payment of, what’s rather an eccentric, membership fee of £130 for two years, you get to attend our in-person events, which includes our annual conference where we have seven or eight expert speakers talking on various areas of information law. We also have monthly webinars and a range of other member benefits. I’m very keen that NADPO is for its members. So I love it when members come to me with ideas for speakers or offers. Like I say, it’s open to anyone who’s working in or really interested in the area of data protection, FOI and IG.  

You can listen to the full Episode 1 podcast with Jon here.  

More valuable careers advice in Episode 5 where our guest is Raz Edwards, Head of Data Security and Protection at Wolverhampton NHS Trust. In our conversation, Raz shares her journey into Information Governance, the challenges she’s faced and overcome as an IG leader, her advice for both new starters and seasoned professionals and her perspective on the future of the profession.  She also reflects on what she’s learned through her tribunal role and what it takes to succeed as an IG leader. 

New Podcast: Filming the Public for Social Media

Act Now is pleased to bring you episode 6 of the Guardians of Data podcast.  

Think about the last time you walked down a busy street, sat in a pub, or queued for a train. Now imagine that moment, completely ordinary to you, being filmed by a stranger, uploaded to TikTok or YouTube and watched by millions. 
Maybe it’s monetised; maybe it’s mocked. One thing is for sure though, it never disappears. 

Filming people in public has now become second nature for some. But what happens when those images are shared, edited and turned into social media content? Can you stop someone filming you in public? What rights do you have when the footage is published? 

In this episode, we are joined by Naomi Mathews, a lawyer who specialises in Data Protection, Freedom of Information and Surveillance Law. Naomi helps us explore what the law actually says about filming people in public; where it falls short and how that affects real people who find themselves turned into content without consent. We’ll also ask the harder questions about ethics, power and whether the UK needs a new law to better protect the public. 

Download and listen here, or on your preferred podcast app. Available on Apple Podcasts, Spotify, and all major podcast platforms. 

Previous episodes of the Guardians of Data podcast have featured Jon Baines, reflecting on his career as a Data Protection Specialist and the hot issues in information governance,  Lynn Wyeth discussing the recent controversy around Grok AI, Maurice Frenkel looking back at 20 years of the Freedom of Information Act, Olu Odeniyi analysing recent cyber breaches and discussing the lessons to learn and Raz Edwards talking about how to succeed as an IG leader.

New Podcast: How to Succeed as an IG Leader 

Act Now is pleased to bring you episode 5 of the Guardians of Data podcast.  

In information governance, there is no substitute for learning from those who have walked the path before us. Experienced IG leaders bring a wealth of knowledge from years at the frontline of data protection and information rights – navigating challenges, overcoming obstacles and shaping best practice along the way.
By sharing their stories, lessons learned and practical advice, they help both new starters and seasoned professionals grow in confidence, strengthen their practice and prepare for the challenges of tomorrow. 

In this episode we are joined by Raz Edwards, Head of Data Security and Protection at Wolverhampton NHS Trust. Raz has over 17 years of experience as a Data Protection Officer, including more than a decade in the NHS. She is also Chair of the National Strategic Information Governance Network and serves as a member of the Upper Tribunal and First-Tier Tribunal in the Information Rights Jurisdiction. 

In our conversation, Raz shares her journey into Information Governance, the challenges she’s faced and overcome as an IG leader, her advice for both new starters and seasoned professionals and her perspective on the future of the profession.
She also reflects on what she’s learned through her tribunal role and what it takes to succeed as an IG leader. 

 Download and listen here, or on your preferred podcast app. Available on Apple Podcasts, Spotify, and all major podcast platforms. 

Previous episodes of the Guardians of Data podcast have featured Jon Baines, reflecting on his career as a Data Protection Specialist and the hot issues in information governance, Lynn Wyeth discussing the recent controversy around Grok AI, Maurice Frenkel looking back at 20 years of the Freedom of Information Act and Olu Odeniyi analysing recent cyber breaches and discussing the lessons to learn.

New Podcast: Lessons from Cyber Breaches

Act Now is pleased to bring you episode 4 of the Guardians of Data podcast. This is a show where we explore the world of information law and information governance; from privacy and AI to cybersecurity and freedom of information.  

The topic of this episode is cyber security. Every week we read about organisations being hacked, held to ransom or their data being stolen. The BBC recently discovered, through an FOI request, that around 10 million people had their data stolen when Transport for London (TfL) was hacked in 2024, making it one of the biggest hacks in British history. The so-called Scattered Spider crime group, breached TfL’s internal computer systems, disrupting its online services and causing £39m of damage. 

And the breakout of war in the Middle East has significantly increased the risk of cyber-attack. The National Cyber Security Centre (NCSC) recently warned that organisations should prepare for the risk of collateral damage from Iran-linked hacktivists. It said those with a presence in the region should consider boosting the monitoring of their IT systems and follow the centre’s guidelines for dealing with a heightened threat of cyber-attacks. 

In this podcast we talk about cyber security through the lens of the recent cyberattacks on major UK retailers. In just the past few months, household names like, Jaguar Land Rover, Gucci, Marks & Spencer and Co-op have suffered significant disruption from ransomware attacks and other cyber incidents. These caused empty shelves, disrupted online orders and shook customer trust. 

To help us unpack what happened and what lessons we can all take away, we are joined by Olu Odeniyi a Cyber Security expert and trusted advisor with more than 30 years’ experience in this field. In our conversation, we also explore how businesses can build resilience and trust in the face of growing threats, the future of cybersecurity and practical tips for all of us to stay ahead of the hackers.  

Download and listen here, or on your preferred podcast app. 
Available on Apple Podcasts, Spotify, and all major podcast platforms. 

Previous episodes of the Guardians of Data podcast have featured Jon Baines, talking about his career as a Data Protection specialist and the hot issues in information governance, and Lynn Wyeth discussing the recent controversy around Grok AI and Maurice Frenkel talking about 20 years of the Freedom of Information Act.