Sue Cullen is a solicitor and co-founder and director of Amberhawk Training Limited.

Sue specialises in data protection and freedom of information law and has contributed thechapter on Freedom of Information and Personal Data in the fourth edition of the leading textData Protection Law and Practice by Rosemary Jay. She is also a member of the EditorialBoard of the Encyclopaedia of Data Protection. She designs and delivers public training courses and customised training for clients on site, and also speaks and writes on informationlaw topics. She was, with Chris Pounder, one of the specialist trainers in Pinsent Masons’ legaltraining business, and Course Director for the Certificate in Freedom of Information.

Sue also advised clients on privacy, data protection, human rights, and related information lawissues. She was Pinsent Masons’ data protection officer, providing internal advice oncompliance, and delivering training, to the firm. She was a member of the European PrivacyOfficers Network, contributing to meetings with other privacy specialists working in industry andwith European Privacy Commissioners and their staff in other European jurisdictions. Shewrote case reports for the Encyclopaedia of Data Protection, and contributed a chapter to theLaw Society’s Data Protection Handbook, edited by Peter Carey.

Dr. Chris Pounder has been a Director in Amberhawk Training Limited since the company was founded in 2008. In 2012, Chris was appointed to two Government Advisory Committees. He is a member of the Identity Assurance, Privacy and Consumer Advisory Group (advising the Cabinet Office on “privacy friendly” use of identity assurance techniques) and the Data Protection Advisory Panel (advising the Ministry of Justice on its approach to the EU’s Data Protection Regulation andDirective in the field of law enforcement).

Chris’s career in data protection dates back to 1978  He has spoken at numerous conferences on data protection and related matters and also writes the occasional freelance article for the IT-related Press and the academic journals in the field of security and data protection. He has also given oral and written evidence before various Parliamentary Select Committees where issues of privacy, data protection and security have arisen (e.g. ID Cards, Surveillance, Computer Misuse Act, data retention policies, supervision of the national security agencies).

Prior to Amberhawk, Chris joined Masons Solicitors in July 1999 as part of its growing Data Protection and Privacy Team; Masons merged with Pinsents to form PinsentMasons in 2006.He is mentioned by name in Chambers 500, where the latter recognised PinsentMasons’ DataProtection team as being in the “First Tier”. Prior to that, Chris held the Data Protection Officerpost at Cap Gemini and the Greater London Council where he advised MPs on the Data Protection Act 1984

Example Subject Areas

1. Access to information under FOI/FOISA/EIRs or the DPA
2. Auditing data protection
3. FoI requests for personal data
4. FOI and public procurement, contracts and confidentiality
5. Data Protection Act and CCTV
6. Data Protection Act and data sharing (e.g. child protection)
7. Data Protection Act and Employee data
8. Data Protection Act and Finance service delivery
9. Data Protection Act and Health
10. Data Protection Act and Housing
11. Data Protection Act and a Law firm
12. Data Protection Act and Marketing
13. Data Protection Act and Social Services
14. Data Protection Act overview in a day
15. Data Protection and Outsourcing
16. Data Protection Officer training (BCS DP Foundation or Practitioner courses; 5 or 7 days of training)
17. Data Protection Update on the latest enforcement issues
18. Environmental Information Regulations in a day
19. Exemptions from the right of access to information
20. Freedom of Information/EIR overview in a day
21. General Data Protection Regulation
22. Handling requests for access to personal data
23. Handling requests for information
24. Information Security and the law
25. Privacy Impact Assessments in data protection
26. Refusing requests for information
27. Regulation of Investigatory Powers Act in a day
28. Re-use of public sector information