Established in 2012, Kaleidoscope Consultants are subject matter experts in information law, privacy and regulatory policy in health and social care. We provide expert advice on strategies to enable data exchanges, and development of national guidance for public and private sector organisations on the lawful use of Personal Confidential Data. We have in-depth knowledge of all aspects of the lawful utilisation and sharing of Personal Confidential Data and have created lean and robust governance approaches and systems that provide effective technical and organisational control.

Our broad range of clients consult us for the reassurance and enjoyment of working with authoritative and enthusiastic subject matters experts in information governance. We are active in our support for organisations in their understanding and preparation for the Data Protection Act 2018, incorporating the General Data Protection Regulation (GDPR).

Kaleidoscope works directly with organisations, and frequently through non-specialist consultancies and legal advisers.

We have produced guidance for NHS England and NHS Improvement, delivered training for Department of Health, helped Public Health England, supported Commissioning Support Units and Clinical Commissioning Groups. We have worked with all types of NHS and private sector care providers and local authorities, including public health, as well as software houses, app developers and other NHS services. Our clients and projects are spread across the UK, EU, USA, and the Middle East.

Our work has included:

  • Governance arrangements and deployments of Health and Social Care Integrated Digital Care Records
  • Initiatives to enable information sharing
  • Privacy Impact Assessments for major procurements, joint ventures and large-scale processing
  • Data Protection Impact Assessments for large-scale processing
  • Developing national policy, section 251s and supporting guidance
  • Helping commissioners develop information strategies and CQINNS
  • Interim management in both payers and providers
  • Gaining access to NHS Digital services for local authorities, software houses and independent providers
  • Training, workshops and public speaking
  • Supporting health researchers including completion of Section 251 applications.

We are enthusiastic about our subject and delighted to have opportunities to share our knowledge and enthusiasm with our clients.


David Stone BA(Hons), DipM, MBA

Managing Director

David Stone is a well-known practitioner in the field of health and social care information governance.

After successfully delivering a national information governance programme at NHS Connecting for Health from 2007. David joined Apira in 2010, where he established the information governance practice area, delivering a number of national and regional information governance projects, before leaving to establish Kaleidoscope Consultants in 2012.

Kaleidoscope is now the leading information governance consultancy in health and social care in England, helping to develop many national policy initiatives, as well as regional and organisational level projects. Kaleidoscope partners with most of the major non-specialist consultancies in the field as subject matter experts of choice, as well as working internationally, principally as IG architects for technology companies in the USA, Middle East and Europe.

Recently, Kaleidoscope have been the lead IG consultants on a number of national programmes, notably NHS England Test Beds in partnership with KPMG, and STP-level data sharing in multiple regions.

Where appropriate, Kaleidoscope consultants utilise the Flowz tools to map, risk assess and promote organisational understanding of information risk and to promote accountable, responsible and ethical handling of personal data.


Amy Ford

Managing Consultant

Before joining Kaleidoscope as a senior consultant, Amy Ford was Head of Information Governance at NEL CSU (and before that South East CSU). For a few months she was on secondment as Senior Confidentiality Adviser at the Health Research Authority – Confidentiality Advisory Group (CAG)

She is a highly skilled and experienced information governance practitioner with a keen interest in information law and best practice. She has led an expert team to support the use of innovative digital solutions to exploit ‘Big Data’ in a lawful and secure manner.

Amy is an expert in application of information rights law through data protection impact assessments and risk assessment. She is passionate in ensuring new, innovative uses of data are lawful and within the expectations and of benefit to the individual. She has been responsible for delivering Data Protection strategies and supervising designated teams to ensure on-time and to budget delivery.

Amy has led on complex Data Protection/Information Governance Programmes and projects, as well, as operational compliance with legislation. This has included ensuring she works with stakeholder engagement strategies to meet transparency requirements.

Amy has an LL.M in Corporate Governance and Law.


David Birkinshaw LLM Information Rights Law and Practice

Senior Consultant

David Birkinshaw began his NHS career in 2003, working in ICT for Bromley Primary Care Trust, having previously worked for Egton Medical Information Systems (EMIS) from 1998. In Bromley, he helped over 50 GP Practices through their first few Information Governance Toolkit returns, whilst also supporting them with their ICT needs.

In 2008, David joined a small consultancy as part of their Information Governance practice, working with David Stone from 2009, and spending the next seven years working in many different areas of health IG including General Practice, Acute, Mental Health and private organisations supporting healthcare.

David joined David Stone at Kaleidoscope in 2015 as a senior consultant, and completed his law masters (LLM) in Information Rights Law and Practice in 2016.

David continues to assist many health organisations in the privacy and confidentiality arena and has recently been working with the privacy team at Bupa, primarily in the Bupa Dental Care sphere supporting their extensive GDPR programme and helping translate new ways of working into business as usual. Other areas of work include the continuing development of the Flowz information assets tool which helps companies with their Article 30 Records of Processing compliance requirements.


Joe Stock

Senior Consultant

Joe is a qualified Data Protection Practitioner, with an in-depth knowledge of the Data Protection Act (1998) (DPA), General Data Protection Regulation (GDPR) and Information Management.

Prior to joining Kaleidoscope Consultants, Joe was the Information Governance SME for the NEL Commissioning Support Unit where he was the Subject Matter Expert for four Clinical Commissioning Groups (CCGs).

He was the lead advisor on information law compliance for the Kingston Care Record, a system designed to connect health records from GP Practices, Hospitals, Social Care and Community Care in Kingston.

Joe was lead information governance advisor to the South West London Sustainability and Transformation Plan for projects and programmes of work with multi-agency health and social care providers across South West London and was responsible for setting up the South West London Information Governance Working Group, bringing together Information Governance providers from across health providers to agree a collaborative approach to data sharing agreements.

He has also been responsible for delivering data protection training to staff of all levels including organisational Governing Boards and Senior Management Teams.

Joe holds a PGCert and PGDip in Information Rights Law & Practice with six years of experience across multiple organisations.


John Curtis


John is a highly skilled Information Governance Subject Matter Expert with over 20 years working in information management across Local and Central Government (LA’s, Police, Fire & Rescue and Central Government).

He is an experienced Information Management professional who, throughout his career has been a Home Office Assessor, Chair of regional and national groups to support information management, a Data Protection Officer (DPO) and Senior Information Risk Owner (SIRO).

He is an expert in Information Management strategies, procedures and policies including audits and discovery, data flow and process mapping as well as Programme and Project Management.

Prior to joining Kaleidoscope Consultants, John was Head of Information Management (Data Protection Officer) for Sheffield City Council where he was the lead officer within the Council for Information Management which included the initiation and deployment of Council-wide Information Management strategies, procedures and policies.

He was accountable for the compliance towards the General Data Protection Regulation (GDPR) across the Council. This included putting in place a project plan, establishing a working group and focusing resources to reduce risks organisationally.  For example, assessing large-scale, high-risk processing activities; data processing by third parties and contracts, as well as general privacy and consent.


Aparnaa Balamurali

Project Consultant

Aparnaa has recently completed the LLM in IP and Information Law at King’s College London, with a particular focus on data privacy and the information society, having previously graduated with an LLB from City University London.

Her studies maintained a considerable focus in privacy and information law, providing Aparnaa with an in-depth understanding of the requirements and technicalities of the GDPR, as well as the comparative details of the new EU data protection standards in relation to the United States as well as the preceding Directive.

This is Aparnaa’s first role in IP and Information Law but through her previous experience in recruitment management, Aparnaa has confidently developed skills in communication and client/customer relations, strong organisational abilities and attention to detail. Through management of all stages of the recruitment process and training of junior consultants, she has also developed an adaptable, versatile and leading demeanour which will be a great asset to the Kaleidoscope Consultants team.


Katie Stone BA (Hons), DMS, Chartered MCIPD

Head of Resourcing and Operations

Katie has over 20 years’ experience in public sector HR, originally specialising in learning and development, and then quickly broadening her work to all aspects of HR. Since 2016 she has worked as a consultant supporting clients with broader operations and business development helping with proposals, tenders, finance, system support, HR, recruitment and anything that helps a business run effectively.

Katie is a Practitioner in the Data Protection Act 1998 (BCS). She works as secretariat for the North London Collaboration of CCGs Information Governing Group and data access sub groups

Katie was Head of HR and Internal Communications for the Competition Commission and, after working on the transition into the new non-ministerial department, was a Senior HR Business Partner for the Competition and Markets Authority. Earlier in her career, Katie worked in communications, publishing and administration at the King’s Fund and the National Union of Teachers.