Ross Phillipson

Ross Phillipson


Ross is an experienced data protection, cybersecurity and information governance lawyer.

His experience spans data protection and privacy, cybersecurity governance and incident management, artificial intelligence, critical infrastructure and operational resilience, eCommerce (including consumer protection, antitrust and trade relations), digital media, distributed ledger technology, as well as technology transactions. This unique and highly specialised skillset was developed in Europe initially, while working for Procter & Gamble, a leading multinational Fortune 10 FMCG company, and more recently in a law firm in the Asia Pacific region.

Ross advises clients across all sectors on matters relating to privacy governance, compliance, operations and breaches, cybersecurity governance and incident management, critical infrastructure security reforms, compliance obligations and foreign investment, crypto-currency regulation and reporting, artificial intelligence governance and related corporate and compliance matters.Ross is involved in ESG matters, including the ethical and social impacts of digital technology and governance expectations of businesses using emerging technologies. In addition, Ross helps pro bono clients build and maintain their cybersecurity and privacy programs.

Ross is highly sought after for his pragmatic and commercial approach, particularly on matters of high complexity such as complicated human-technology systems and cross-border operations. Ross focusses on ensuring clients receive advice that is practical and can be operationalised to support them in achieving their commercial goals, as approach which stands him apart. Ross has advised clients across the full end to end spectrum of cyber, data and security issues, from legal and compliance advisory, critical infrastructure risk management and operational resilience programs, complex transactions and due diligence, through to full-service incident management and subsequent regulatory engagement and remediation.

Ross is regularly sought after for industry speaking engagements, often commenting on the drafting and implementation of privacy laws like GDPR, their impact and implementation. He has also been involved in tech regulation and policy in Europe for nearly a decade and more recently in Australia and has worked in partnership with industry associations and government relations groups to ensure new legislation in the tech arena is fit for purpose.


Representative matters

A major resources client on end-to-end management of two significant data breaches, including privileged data analysis, advice on notification obligations, strategic advice on notification obligations, strategic advice in relation to immediate rectification activities to prevent further harm, review and advice in relation to root cause and remediation and regulator communication. (previous firm experience)

A major Australian headquartered international resources client on its global Privacy program, including multi-country compliance gap analyses and uplift, privacy program design and policy suite review and uplift. (previous firm experience)

An international infrastructure and renewable energy client on its critical infrastructure, cybersecurity and privacy compliance programs, including designing risk management policies and process frameworks, strategic advice on specific data-based use cases, as well as third party risk management and contractual uplift. (previous firm experience)

An Australian energy infrastructure client on its critical infrastructure, cybersecurity and privacy compliance programs, including strategic advice across all domains of risk management, control environments, policies and process frameworks, strategic advice on specific data-based use cases, as well as helping design a full end-to-end third-party risk management system, and associated contractual template uplift and commercial negotiation playbooks. (previous firm experience)

Pro bono

Advising Settlement Services International on its data protection and privacy compliance obligations.
Commended for his knowledge of global privacy requirements and specialises in... operational resilience issues.
Legal 500, 2024
Approachable, has global experience, is responsive to our needs, provides flexibility to meet our timeframes, and is a very engaging personality who is supportive and understanding.
Legal 500, 2024



Admitted as a Solicitor (Western Australia) 2022

Called to the Bar of England and Wales, 2008 (non-practising)

European Patent Attorney (lapsed) 2004


LLB (Hons), University of Law, 2008

PhD Biochemistry, Lancaster University, 2002

BSc (Hons), Lancaster University, 1999

A&O Shearman was formed on May 1, 2024 by the combination of Shearman & Sterling LLP and Allen & Overy LLP and their respective affiliates (the legacy firms). Any matters referred to above may include matters undertaken by one or more of the legacy firms rather than A&O Shearman.