Ross Phillipson

Norton Rose Fulbright Australia

T:+61 8 6212 3449
T:+61 8 6212 3449
Ross Phillipson

Ross Phillipson



Ross Phillipson is a partner in our risk advisory practice and is based in Perth.  He provides integrated digital and technology operations risk advice.  Digital and technology operations risks include privacy, cybersecurity, information governance, artificial intelligence, crypto-assets and distributed ledger technology.  Ross is experienced in the critical infrastructure reforms and operational resilience.  Ross joined the firm after nearly 19 years working for global multinational Procter & Gamble in London and Geneva.

Ross has deep expertise in legal and compliance risk management in digital and technology operations.  His experience spans data protection and privacy, cybersecurity governance and incident management, eCommerce (including consumer protection, antitrust and trade relations), digital media and distributed ledger technology.  This unique and highly specialised skillset in both legal and operational risk management was developed while working for P&G, a leading multinational Fortune 10 FMCG company.

Ross advises clients across all sectors on matters relating to privacy governance, compliance, operations and breaches, cybersecurity governance and incident management, critical infrastructure security reforms, compliance obligations and foreign investment, crypto-currency regulation and reporting, artificial intelligence governance and related corporate and compliance matters.  Ross is involved in ESG matters, including the ethical and social impacts of digital technology and governance expectations of businesses using emerging technologies.

Prior to joining the firm, Ross created P&G's first eBusiness legal group, focusing on complex legal and operational issues at the intersection of data, algorithms, consumer protection, antitrust, privacy and cybersecurity.  In doing so, Ross was responsible for legal and operational risk advice across all P&G businesses from the UK to New Zealand.  From the end of 2012, Ross led P&G's European and APAC Data Protection, Privacy and Cybersecurity practice, guiding P&G through its GDPR and cybersecurity journey, as well as business tech law counselling and enterprise privacy and cybersecurity issues.  From 2006- 2012, he spent six years in P&G's Transactions group, supporting and leading M&A transactions, procurement, licencing and outsourcing deals and prior to this role, Ross worked in intellectual property, supporting P&G's Pharmaceuticals, Healthcare and Beauty Care businesses from 2002 to 2006.

Ross is regularly sought after for industry speaking engagements, often commenting on the drafting and implementation of privacy laws like GDPR, their impact and implementation.  He has also been involved in tech regulation and policy in Europe for nearly a decade and has worked in partnership with industry associations and government relations groups to ensure new legislation in the tech arena is fit for purpose.

Professional experience

Expand all Collapse all
  • Bachelor of Law (Hons), University of Law, London (2008)
  • Bar Vocational Course, University of Law, London (2008)
  • Graduate Diploma in Law, College of Law, London (2006)
  • PhD Molecular and Cellular Biology, Lancaster University, Lancaster UK (2002)
  • Bachelor of Science (Hons), Biochemistry and Genetics, Lancaster University (1999)
  • European Patent Attorney 2006
  • Called to the Bar of England and Wales 2008
  • A multinational consumer goods company - advised on its privacy and cybersecurity obligations.
  • A leading global insurer - reviewed and advised on its privacy governance operating model.
  • A major energy infrastructure client - advised on the Security of Critical Infrastructure reforms including operational and project management advice.
  • A major international energy client - advised on its privacy governance framework and response to critical infrastructure reforms.
  • A rapid growth tech company - advised on the regulatory framework and consequences in relation to novel crypto-currency offerings within an M&A context.
  • Insurance clients - reviewed and advised on their information governance and privacy frameworks.
  • Procter & Gamble – advised on the establishment of its direct to consumer selling operations in UK, France, Germany, Australia and Saudi Arabia and the creation of the framework agreements, operational risks and governance structures.
  • Procter & Gamble – advised on connected devices and apps in a healthcare setting and regulatory approach as medical devices.
  • Procter & Gamble – created the framework, operational processes and culture program to step change and drive P&G's Data Protection and Cybersecurity culture and compliance.
  • Procter & Gamble – advised on the sale of its Pharmaceutical business to Warner Chilcott.
  • Procter & Gamble – advised on the creation of its Joint Venture with Teva Pharmaceuticals related to the production and sale of Personal Health Care Over-the-Counter products.
  • English