Based in Queensland, Australia, Ground Up enhances organisational knowledge and practice around privacy and the protection of personal information.
Ground Up brings proactive, practical and purposeful solutions to organisational privacy challenges.
Whether assessing for privacy maturity (to help organisations uplift privacy practice over time), creating a foundational privacy program structure (on which organisations can build), conducting privacy impact assessments (for high privacy risk projects, or simply to take the burden off internal teams), reviewing third party vendor privacy practices (to support information security and procurement processes) or communicating and negotiating strategic privacy imperatives with the Board and executive leaders… Ground Up’s multidisciplinary team is focused on constructive and meaningful privacy outcomes for organisations, their clients and the wider community.
Nicole Stephensen – “Privacy Maven” and Managing Director
Ground Up’s founder, Nicole Stephensen, is well known for her work in strategic privacy risk management. Her privacy career spans more than two decades, and she is widely recognised for her extensive local and international expertise in privacy program management and acculturation. Her frank, candid and practical approach to privacy has established her as a trusted advisor to Boards and executive officers globally.
Nicole began her career overseas, with roles in privacy, freedom of information and information policy at the Offices of the Information and Privacy Commissioners of Alberta and British Columbia and other public sector agencies. She has been based in Brisbane, Queensland, since 2003 and, until moving into professional consultancy, held senior public sector policy leadership and regulatory oversight roles. Notably, she advised the policy development and drafting instructions for Queensland’s first privacy law, the Information Privacy Act 2009, and implemented the Queensland Ombudsman’s Complaints Management Program for public sector agencies, which continues successfully to this day.
Nicole is an active mentor for privacy and cybersecurity professionals and is a sought-after speaker about the interface between privacy, cyber security, risk management, ethics and trust. She is a subject matter expert and Guest Lecturer for tertiary course curricula in Australia and abroad and is well known for her privacy discourse on smart cities and critical infrastructure, IoT/ IIoT, public interest technologies and digital policy affecting young people.
In 2024, Nicole was nominated by the Organisation for Economic Cooperation and Development (OECD) Secretariat to serve on its expert communities for Data Free Flow with Trust (DFFT) and Privacy Enhancing Technologies (PETs).
She is a Fellow of the Australian Information Security Association (FAISA) and is a serving member of its Ethics Committee. Nicole was appointed to the International Association of Privacy Professionals (IAPP) ANZ Advisory Board in 2024, and co-chaired its KnowledgeNet Chapter for Queensland (Brisbane/ Gold Coast) for several years. Before its incorporation into the larger IAPP in 2019, Nicole was also a founding member of the International Association of Privacy Professionals ANZ Chapter (iappANZ) where she sat for three consecutive terms on the Board.
Nicole is an active member of the Smart Cities Council (SCC), through which she advises and supports the local government sector and supply chain on matters of privacy strategy and good decision-making. She is the SCC ANZ 2020 Leadership Award winner for her work in building privacy management frameworks and improving privacy acculturation in Australian local governments. She was Executive Director, Privacy and Data Protection at the Internet of Things Security Institute (IoTSI) from its inception until October 2020 and holds their Smart Cities and Critical Infrastructure Security Professional (SCCISP) designation.
Better together
Ground Up engages in partnerships to ensure organisations achieve privacy outcomes that integrate strategically with legal, cyber security, incident response, data governance and digital preparedness.
Our strategic partners:
 Helios provides combined legal, cyber and incident response services to illuminate the path forward for organisations. |