Ryan Mackie FIP CIPPE CIPM CDPSE LLB MBA
Ryan is a qualified Lawyer specialising in Cyber Security and Data Protection Law and he is also a professional member of the International Association of Privacy Professionals (IAPP), having been awarded the following certifications by this professional body:
- Fellow of Information Privacy (FIP)
- Certified Information Privacy Professional (CIPP/E)
- Certified Information Privacy Manager (CIPM)
Ryan was recently granted the ISACA certification as a Certified Data Privacy Solutions Engineer (CDPSE) – the first experience based, technical certification of its kind, ISACA’s CDPSE certification assesses a technology professional’s ability to implement privacy by design to enable organisations to enhance privacy technology platforms and products that provide benefits to consumers, build trust and advance data privacy.
Ryan’s most recent work experience includes:
- Working as a Consultant DPO, Data Protection & Cyber Security Lawyer for Nexa Law.
- Helping several software vendors to design software and tools to help clients to assess and manage their Cyber Security and GDPR compliance efforts and he’s also working on developing an artificial intelligence (algorithmic) audit tool which he hopes to bring to market shortly to help clients manage and audit algorithmic risks.
- Working as an advisor (and Angel investor) in a tech start up called Tapmydata which uses blockchain technology and Privacy by Design principles to manage data subject rights requests (DSARs) under the GDPR and related legislation – so Ryan has extensive knowledge of software design in the Data Privacy / Information Security and AI sectors.
- In his previous role as Managing Executive for GRCI Law (a subsidiary of GRC International Group plc (GRCI Group), Ryan singlehandedly helped to design and build the outsourced DPO-as-a-Service (DPOaaS) function for the business, starting with only one DPO (i.e. himself) and then building a team of 9 DPOs spread across the UK & EU.
- Acting as the DPO for clients such as Dominos Pizza, BFC Bank, MyDrive Solutions (part of the Generali Group), Keoghs Solicitors, Circle Health, Abercrombie & Kent Travel and Somerville and Wadham Colleges, Oxford University.
Chris is a highly skilled and pragmatic Information Security Leader with over 10 years’ experience in driving and developing first class information and cyber security solutions and transformation
programmes, and defining effective strategies to ensure the confidentiality, integrity and
availability of critical business services and data.
Chris’ skills include:
- Privacy, data protection and information security experience gained within global
and highly regulated tech environments.
- Leading and empowering large, cross-functional teams, shaping the strategy and
providing leadership and execution oversight on a range of data privacy projects.
- Creating security policies and standards to modernise governance and guidance;
experience in auditing frameworks and international standards including ISO 27001.
- Building relationships with stakeholders from operational to C-Level, translating
complex security issues into clear, concise guidance.
- Technologies – Network Security (IDS/IPS, DDoS protection, web/mail proxies, Firewalls, PCAP) Endpoint Security (EDR, HIPS, Anti mallard, FIM, DLP, Application Control, Orchestration/Mgmt) Cloud Security (CASB, Azure, AWS, GCP) Central Management Systems (SIEM, ITSM, Vulnerability Management, Risk Management) Application Security (SDLC, CI/CD)
Together we have a rich background of experience to draw upon that spans a variety of industry sectors including – Financial Services, Education, Healthcare, Central Government, Defence, Pharmaceutical and Retail.
Ryan & Chris are supported by a Team of highly experienced cyber security and data protection practitioners and we also work closely with two carefully selected law firms in the UK (Nexa Law) and EU (Prighter IURO) to provide you with the broadest possible protection and support.
So, why not invite us to become a part of your advisory team?
AI-CyberPriv is a specialist AI/ML Legal, Risk, and Compliance Consultancy Firm, offering an array of virtual support services including algorithmic audits.
Our team comprises highly-trained professionals with extensive knowledge in AI, machine- and deep-learning, among other related fields, such as cybersecurity and data privacy. We provide personalised, professional service to clients in numerous business sectors, including large multinationals, financial institutions, investment firms, insurance firms, healthcare providers, and more.
So, why not invite us to become a part of your advisory team?
Today, more and more companies are introducing complex algorithmic and machine learning-based systems into their business processes to help improve efficiencies, accelerate performance, and differentiate themselves from their competitors. Consumers are also becoming more informed about the dangers associated with using automated decision-making systems. That’s why there are increasing calls from consumers, governments, users, and regulators for AI vendors to explain how their “black box” algorithmic decision-making systems operate. Vendors should also be held accountable if anything goes wrong as a result of using their technologies.
Legal and regulatory changes are already in motion (particularly in the US, UK, and EU) to ensure that ALL vendors of automated decision-making systems conduct algorithmic audits (AI Audits). If you are one of these vendors, you need to consider conducting an AI Audit. Do your systems rely on data analytics and cognitive technology-based software algorithms? Do you use these systems to make decisions which could somehow affect human beings, including algorithmic systems that are used in recruitment and to decide credit worthiness, like linear regression, neural networks, decision trees, and other learning algorithms? Here’s why you need an AI audit:
- To evaluate the impact of automated decision making systems by helping you to identify and mitigate any legal and ethical issues. These could include failure to monitor for unintended outcomes, potential for bias or potential procedural fairness violations.
- To facilitate compliance with legal and regulatory requirements (e.g. local employment laws, GDPR, and other relevant legal regulations /standards.
- To help identity and recommend the appropriate governance, oversight and/or design recommendations for their respective ”black box” automated decision-making systems
- To identify and provide a mechanism for greater openness and transparency for public consultation, along with an external review of the design and deployment of automated decision systems in both the public and private sectors.
On 19 February 2020 the European Commission (EC) published a package of initiatives (the AI and Data Package) on Europe’s “digital future” which includes an “AI White Paper ” in which the EC suggests that a new EU regulatory framework is required which would:
- apply to products and services “relying on AI”; and
- need to be defined with sufficient flexibility to accommodate technical progress, while being precise enough to provide legal certainty.
“a risk-based approach in which new mandatory obligations would apply to AI applications identified as “high risk,” while the current regulatory framework (and potentially a voluntary certification approach) would apply to non-high-risk applications.
AI applications would normally be considered “high risk” only when they are employed: (i) in a sector where significant risks can be expected to occur (e.g., healthcare, transport, energy and parts of the public sector); and (ii) in such a manner that significant risks are likely to arise (e.g., those that produce legal or other significant effects on individuals, pose a risk of injury, death or significant damage or produce effects that cannot reasonably be avoided). However, the EC suggests that certain applications may be defined as high risk per se, mentioning as examples recruitment, workers’ rights and remote biometric identification (e.g., facial recognition).
The AI White Paper lays out a range of features that could be included in future mandatory requirements for high-risk applications. These include training data, data and record-keeping; information to be provided; robustness and accuracy; human oversight; and specific requirements for particular applications, such as remote biometric identification.
Data used to train AI systems would be required to meet EU safety standards, not lead to prohibited discrimination and protect privacy and personal data.
Companies could also be required to keep records regarding the data used to train and test AI systems and in some cases the data sets themselves.
Companies could be required to provide information on AI systems’ capabilities and limitations; to inform citizens when they are interacting with AI systems; and to ensure that AI systems are robust and accurate, that outcomes are reproducible and that AI systems can deal with errors and inconsistencies.”
AI-CyberPriv can help you to get ahead of the curve by conducting an algorithmic audit (AI Audit) and/or algorithmic impact assessment (AIA) of your automated decision-making systems (AI/ML systems).
Our Algorithmic Bias Auditors will review your new and existing apps and systems, logging and tracking each significant algorithm, its objectives, its input and output, related human value judgments and consequences.
AI-CyberPriv can also help you to develop a framework to improve your understanding of, and mitigate any risks associated with, the AI/ML system. Our experienced team of experts can also assist by assessing, identifying, and providing you with the resources and tools you need to design, implement, and meet the appropriate governance, oversight reporting, and audit requirements.
Our AI Audits and AIAs can be designed to be integrated or run alongside your existing annual IS/GDPR audits, systems, and processes.
AI-CyberPriv is a consultancy firm dedicated to providing virtual support in the United Kingdom and European Union.
We offer an array of AI legal, risk, and compliance support services and advice.