About Us

At the Enterprise Privacy Group we help you to control the issues arising from the management of personal information.

 The Enterprise Privacy Group (EPG) is an independent consultancy providing strategic thought leadership in privacy and identity assurance. EPG offers a unique, independent and ethical service for organisations that wish to set the highest possible standards for the handling of personal information.

Our expertise covers:


As one of the UK’s leading voices in the privacy and data protection arena, EPG provides a focal point for the development of Privacy Impact Assessments (PIAs) and Data Protection Audits, and the resolution of conflicting viewpoints between those organisations that control personal information and the individual stakeholders about whom information is processed.

Identity Assurance

We have a strong track record in the development and implementation of identity and authentication policy, and have worked with the UK government, European Commission, and private companies to facilitate debate, develop innovative policy solutions, and raise awareness of the implications of population-scale identity schemes.

EPG’s team regularly works in sensitive and high-profile roles to support clients and nurture public awareness about privacy and identity issues.

Our clients benefit from services that include:


Working closely with clients, normally from their premises, to deliver cost-effective subject matter expertise when and where it is required. Unburdened by the overheads associated with major consulting companies, we deliver that expertise within tight budgets and timescales, and never fail to delight our clients.

Sales Support

We have considerable skills in preparing and delivering sales support on behalf of our clients, particularly when bidding for major public sector contracts. Working either as partner bidders, or as ‘behind the scenes’ subject matter experts, we are accustomed to preparing high-quality bid materials at short notice and to a quality that consistently impresses buyers.

Thought Leadership

EPG develops policy recommendations for government, private sector clients and independent think tanks including the likes of the Information Commissioner’s Office and the European Commission.

Training and Awareness

We have developed and delivered tailored awareness and training for client organisations that need to improve staff performance in privacy and security, to ensure compliance with regulatory requirements, and to change long-established behaviours as part of a broader business re-engineering programme.

Who We Are



Privacy Impact Assessment (PIA), Privacy by Design, Identity Assurance, Data Protection, Information Security, Risk Management, Governance, Training, Public Speaking, Business Development


A leading figure in the privacy, identity assurance and information security communities, Toby has delivered innovative governance and risk management solutions in the UK, Europe, Far East and Australia for technology, government and financial services clients including the likes of Post Office, Vodafone and Visa Europe. As an experienced trouble-shooter for challenging identity and privacy strategies, his clients’ high-profile projects include Cross-Government Identity Assurance, the National Identity Scheme, E-Borders and Road User Charging.

Toby is known for developing pragmatic and innovative privacy management solutions within commercially and technically complex environments, where his clients need to deliver best of breed risk management against tight deadlines, whilst remaining flexible to support business objectives. A regular conference speaker and media interviewee, he assesses funding applications for the Technology Strategy Board, sits on the RSA Europe Conference Programme Committee, and is a blogger for IT trade journal Computer Weekly.

Our Clients