Cybersecurity

Cybersecurity

Organisations’ critical infrastructure systems are essential to their bottom line, ability to innovate and dailyoperations. It is an important part of an organisation’s overall risk management framework. The Cybersecurity module uses the US National Institute of Standards and Technology (NIST) Cybersecurity Framework to show how organisations can implement governance structures to align and prioritise their cybersecurity activities with their business requirements, risk appetite and resources. The module will also draw on guidance from Australia, New Zealand, the European Union, United Kingdom and the United States given the often extra-jurisdictional impact of cybersecurity activities and consequences.

Regulatory Compliance Webinar Series

 

Topic: To pay or not to pay – the rise of ransomware in 2021

Speaker: Dudley Kneller l Partner, Gadens

Hong Kong

Core Obligations
  • Overview
  • The Safety of Information System and Data Assets
  • Consistency in Security Risk Assessment and Audit
  • The Handling of Information Security Incidents
  • Guidelines on Public Wi-Fi Services
  • Privacy and Personal Data of Individuals
  • Access to and the Misuse of Computers in Cybersecurity
  • Theft in Cybersecurity
  • E-Commerce and Electronic Transactions
Legal Landscape
  • Telecommunications Ordinance (Cap. 106)
  • Crimes Ordinance (Cap. 200)
  • Personal Data (Privacy) Ordinance (Cap. 486)
  • Personal Data (Privacy) (Amendment) Ordinance 2012
  • and 31 other compliance sources
Regulators
  • Office of the Government Chief Information Officer
  • Office of the Telecommunications Authority
  • Office of the Privacy Commissioner for Personal Data
  • Hong Kong Productivity Council
  • Organisation for Economic Co-operation and Development
  • Hong Kong Police Force
  • Commerce and Economic Development Bureau
  • Department of Justice Hong Kong
  • Hong Kong Customs and Excise Department
  • Intellectual Property Deartment of Hong Kong
Legal Expert

CARMEN TANG

Partner | Hugill & Ip Solicitors

PRACTICE AREAS: Data Privacy, Dispute Resolution

CARMEN is a partner who heads Hugill & Ip’s Data Privacy Practice and Dispute Resolution Team. She has been practising law in Hong Kong for over 15 years. In 2010 Carmen was appointed as a Legal Counsel of the Office for the Privacy Commissioner for Personal Data, HKSAR. She then expanded her legal expertise further in 2012 when she became Investigation Counsel for the Law Society of Hong Kong, leading probes into alleged professional misconduct cases for the Compliance Department. Carmen’s practice touches on all aspects of data protection compliance. She also represents clients in complex commercial court proceedings and advises on legal malpractice and professional ethics issues. Carmen is a member of the International Association of Privacy Professionals. She has been credited as Certified Information Privacy Professional / Asia and Europe.

Australia

Core Obligations
  • Overview
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes
  • Maintenance
  • Protective Technologies
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communication
  • Mitigation
  • Respond - Improvements
  • Recovery Planning
  • Recover - Communications
Legal Landscape
  • Privacy Act 1988 (Cth)
  • Protective Security Policy Framework
  • Information Security Manual
  • Commonwealth Risk Management Policy
  • Trusted Digital Identity Framework Authentication Credential Guideline
  • Australian Cyber Security Centre — Strategies to Mitigate Cyber Security Incidents
  • Privacy Act 1993 (NZ)
  • Regulation (EU) 2016/679 (General Data Protection Regulation)
  • Data Protection Act 2018 (UK)
  • United States Code 2012 Ed. (USA)
  • Gramm-Leach-Bliley Act 1999 (USA)
  • National Institute of Standards and Technology — Framework for Improving Critical Infrastructure Cybersecurity
  • Centre for Information Security Controls (USA)
  • COBIT 5
  • ISA 62443-2-1:2009
  • ISA 62443-3-3:2013
  • ISO/IEC 27001:2013
  • includes over 370 compliance sources
Regulators
  • Centre for Internet Security (United States of America)
  • Information Commissioner's Office (United Kingdom)
  • Ministry of Justice (New Zealand)
  • Office of the Privacy Commissioner (New Zealand)
  • National Institute of Standards and Technology (United States of America)
  • Australian Prudential Regulation Authority (Australia)
  • Attorney General's Department (Australia)
  • Australian Cyber Security Centre (Australia)
  • Australian Signals Directorate (Australia)
  • Australian Taxation Office (Australia)
  • Department of Home Affairs (Australia)
  • The Treasury (Australia)
  • Department of Finance (Australia)
  • Office of the Australian Information Commissioner (Australia)
  • and 24 other regulators
Legal Expert

DUDLEY KNELLER

Partner | Gadens

DUDLEY is a highly experienced lawyer with international and domestic experience advising on commercial, regulatory and technology matters with specialisations in financial technology, cyber risk, privacy and strategic sourcing and supply projects. Dudley has over 20 years’ experience practising across Australia, Europe and the UK, and has worked on projects based in a range of countries, including the Philippines, India and across South America.

Dudley publishes and presents extensively. He has been nominated and selected as a ‘Best Lawyer’ in Australia in the area of Information Technology Law since 2020 and has been listed as a Recommended Technology, Media and Telecommunications Lawyer in Victoria in Doyle’s Guide every year from 2015 to 2020.

China

Core Obligations
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes
  • Maintenance
  • Protective Technologies
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communication
  • Mitigation
  • Respond - Improvements
  • Recovery Planning
  • Recover - Communications
Legal Landscape
  • Tort Law of the People’s Republic of China
  • Law of the People’s Republic of China on Penalties for the Violation of Public Security Administration
  • Cybersecurity Law of the People’s Republic of China
  • E-commerce Law of the People’s Republic of China
  • Decision of the Standing Committee of the National People’s Congress on Internet Security Protection (Revised in 2009)
  • Decision of the Standing Committee of the National People’s Congress on Strengthening Network Information Protection
  • and 78 other compliance sources
Regulators
  • Cyberspace Administration of China
  • Ministry of Industry and Information Technology
  • Central Leading Group for Cyberspace Affairs
  • and 28 other regulators
Legal Expert

HAO YUAN

Partner | Jiangsu Zhuhui Law Firm

PRACTICE AREAS: Compliance/Regulatory, IPR, Data Protection and Cyber Security

Researcher of Cyber and Hi-tech Legal Professional Committee ACLA, Council of China Law Association on Science & Technology, Legal Expert of Jiangsu Provincial Information and Cybersecurity Association, Executive Director of Suzhou Information Security Legal Research Center of Xi'an Jiaotong University.

Co-editor of “The Security Development Lifecycle” (SDL), “The Legal Practice of Chinese Lawyers Annual Report (2015)”, “Applicable Guide of China Cybersecurity Law”, “Content Security Management of Cyberspace”, and published Papers in “the Legal Frontier of Information, Cyberspace and Hi-tech”.


LIXIN ZHU

Associate Professor | Xi’an Jiaotong University

PRACTICE AREAS: Compliance/Regulatory, Data Protection and Cyber Security, Transnational Strategic Research

LIXIN ZHU, Associate Professor, PhD, Director of Academy of Science and Education Development; Institute of Rule of Law in Cyber Security, Xi'an Jiaotong University; Associate director of Suzhou Information Security Law Research Centre, Suzhou Institute XJTU; Vice President of Information Security Law Research Institute of Shaanxi Law Society.

Japan

Core Obligations
  • Overview
  • Cybersecurity Governance and Principles
  • Policy Making
  • Cybersecurity Risk Management
  • Budget and Resources
  • Risk Assessment
  • Risk Response Development
  • PDCA Framework for Implementing Cybersecurity Measures
  • Safety Principles and Detailed PDCA Guidelines for Critical Infrastructures
  • Emergency Response
  • Supply Chain Risk Management and IT Systems Management Outsourcing
  • Communication
Legal Landscape
  • Act on Prohibition of Unauthorized Computer Access
  • The Basic Act on Cybersecurity
  • Act on Special Provisions to the Civil Code Concerning Electronic Consumer Contracts and Electronic Acceptance Notice
  • Act on Electronic Signatures and Certification Business
  • and 72 other compliance sources
Regulators
  • National center of Incident readiness and Strategy for Cybersecurity
  • Information-technology Promotion Agency
  • Ministry of Economy, Trade and Industry
  • and 12 other regulators
Legal Expert

YUKI KURODA

Partner | Oh-Ebashi LPC & Partners

PRACTICE AREAS: Data Protection & Data Security, Life Science, Intellectual Property, Technology & Communication, Corporate

MR KURODA is a partner at Oh-Ebashi LPC & Partners and in charge of data protection and data security issues. He has handled a number of law and technology cases throughout his legal career. His practice includes Japanese and international data protection cases such as the GDPR and the Chinese Cybersecurity Law. He regularly guides clients from planning a new data-intensive business to implementing a robust data protection/security compliance program.

His most prominent expertise is in processing medical information for both research and business purposes. His in-depth knowledge and experience about data protection rules and life science sector-specific issues enable him to give clients accurate advice in the complex maze of regulations. His clients in this area range from pharmaceutical and medical device companies and health data processing companies to municipal governments and major research universities.

Mr. Kuroda received his Juris Doctor’s degree at Osaka University and his Master’s degree at the University of California, Berkeley School of Law. He is licensed to practice law in Japan and New York. He is also the Specially Appointed Associate Professor (Part-time) at the Artificial Intelligence Centre for Medical Research and Application of Osaka University Hospital.


TAKAHIRO NAKAYAMA

Senior Associate | Oh-Ebashi LPC & Partners

PRACTICE AREAS: Data Protection & Data Security, Technology & Communication, Corporate, M&A, Dispute Resolution

MR NAKAYAMA is a senior associate at Oh-Ebashi LPC & Partners. He has extensive experience in data protection matters, including information and privacy governance and data management, internal compliance policies, privacy and security-related compliance strategies and programs and technology issues, such as IOT and DX, including Smart City and blockchain technologies. In particular, he has continuously advised numerous domestic and international companies regarding their usage of personal data. He also has substantial expertise in M&A and dispute resolution.

Mr. Nakayama has previously worked as a visiting attorney at the German office of Taylor Wessing, a major international law firm. Based on this experience, he gained substantial practical skills in advising companies on how to comply with international data protection laws, such as the GDPR.

Mr. Nakayama received his Bachelor’s degree in law and Juris Doctor’s degree at Kobe University and his Master’s Degree at the University of California, Los Angeles School of Law. He is licensed to practice law in Japan and is certified as a Certified Information Privacy Professional (Europe) by the IAPP.


TAKUYA UEHARA

Associate | Oh-Ebashi LPC & Partners

PRACTICE AREAS: Data Protection & Data Security, Technology & Communication, Risk Management & Compliance, Dispute Resolution

MR UEHARA is an associate at Oh-Ebashi LPC & Partners. He has been advising various companies on their technology-related matters, including how to operate systems for e-commerce, crypto assets exchanges and other blockchain-related businesses. In particular, he has extensive experience in advising on how to comply with regulations on electronic data usage and protection. He also has substantial expertise in risk management and compliance, including how to respond to data security incidents.

Mr. Uehara has previously worked as a visiting attorney for Weil, Gotshal & Manges LLP in New York, where he mainly dealt with international antitrust and consumer protection matters including privacy and cybersecurity.

Mr. Uehara received his Bachelor’s degree in law and Juris Doctor’s degree at the University of Tokyo and his Master’s degree at the University of Pennsylvania Law School. He is licensed to practice law in Japan and New York.

New Zealand

Core Obligations
  • Overview
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes
  • Maintenance
  • Incident alert threshold
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communications
  • Mitigation
  • Improvements
  • Recovery Planning
  • Recovery Communications
Legal Landscape
  • Harmful Digital Communications Act 2015 (NZ)
  • Privacy Act 2020 (NZ)
  • Crimes Act 1961 (NZ)
  • and 18 other compliance sources
Regulators
  • Ministry of Justice
  • Office of the Privacy Commissioner
  • European Data Protection Supervisor (EU)
  • and 4 other regulators
Legal Expert

TANIA GOATLEY

Partner | Bell Gully

PRACTICE AREAS: Media, Consumer law, Intellectual property, Litigation and dispute resolution, Privacy and data protection, Information, communications and technology, Food, Beverage and Hospitality, Cybersecurity, Anti-Bribery and Corruption

TANIA advises on all aspects of advertising promotions, including impacts of the Gambling Act, Fair Trading Act and Privacy Act. She is also experienced in advising on food and wine labelling issues, involving advice on the Food Standards Australia New Zealand (FSANZ) Code, the Food Act, the Wine Act and related regulations and industry codes.

She has a strong media law background, advising on defamation claims, appearing in Court on name suppression issues, and providing media law training to journalists. She advises on all aspects of intellectual property law, including copyright, passing off and trade mark infringement disputes and litigation.

In addition to her particular areas of expertise, Tania provides general advice on commercial and contractual disputes and litigation with successful outcomes for her clients.

Tania is recommended for intellectual property by The Legal 500 Asia Pacific 2020, which notes her specialties as media, advertising, privacy law and IP matters. Tania is also recommended as a recognised practitioner by Chambers Asia Pacific 2020 for Technology, Media and Telecoms.

Singapore

Core Obligations
  • Overview
  • Critical Information Infrastructure
  • Governance
  • Cybersecurity Strategies
  • Risk Management
  • Data Security
  • Personal Data Protection
  • Cybersecurity Threats / Incidents
Legal Landscape
  • Companies Act 1967 (Cap 50) (SNG)
  • Cybersecurity Act 2018 (SNG)
  • Cybersecurity (Confidential Treatment of Information) Regulations 2018 (SNG)
  • Cybersecurity (Critical Information Infrastructure) Regulations 2018 (SNG)
  • International Standards Organisation (ISO) 17799/27001
  • Personal Data Protection Act 2012 (SNG)
  • Securities and Futures Act 2001 (Cap 289) (SNG)
  • and 20 other compliance sources
Regulators
  • Cyber Security Agency
  • Cyber Security Advisory Panel
  • SME Digital Tech Hub
  • Personal Data Protection Commission
  • Ministry of Communications and Information
  • Minister-in-Charge of Cybersecurity
Legal Expert

KEN CHIA

Principal | Baker McKenzie Wong & Leow

PRACTICE AREAS: IT, Telecommunications, Intellectual Property, Trade and Commerce, Competition Law

KEN is a partner with Baker McKenzie.Wong & Leow and is a member of the Firm's IPTech, International Commercial & Trade and Competition Practice Groups.

He is regularly ranked as a leading ITC and competition lawyer by top legal directories, including Chambers and Asia Pacific Legal 500. Ken is a regular speaker on data protection laws and is an IAPP Certified International Privacy Professional (FIP, CIPP(A), CIPT, CIPM). He participates regularly in meetings of the Joint Cyber Security Working Group.

Ken has more than 30 years of practicing in the areas of IT, telecommunications, intellectual property, trade and commerce, and competition law matters. He routinely assists clients, mostly governments and multinational corporations, in large-scale procurement, outsourcing and regional transactions, and provides sound advice on privacy and e-commerce matters.

He is admitted as a solicitor in both Singapore and England & Wales.

United Kingdom

Core Obligations
  • Overview
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes
  • Maintenance
  • Protective Technologies
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Communication
  • Mitigation
  • Improvements
  • Recovery Planning
  • Recovery Communications
Legal Lanscape
  • Data Protection Act 2018
  • The Network and Information Systems Regulations 2018
  • General Data Protection Regulation 2016/679
  • Civil Contingencies Act 2004
  • and 26 other compliance sources
Regulators
  • Information Commissioner’s Office
  • Financial Conduct Authority
Legal Expert

DEAN ARMSTRONG

Barrister, QC

PRACTICE AREAS: Cyber Law, Blockchain, Crypto-currencies, Cyber Litigation

DEAN ARMSTRONG QC is the UK’s leading barrister and Queen’s Counsel on cyber law. He advises governments and multinationals around the world on all aspects of cyber law, Blockchain, crypto-currencies, and cyber litigation. He is the author of two seminal textbooks on the subject, with two more to come: “Cyber Litigation-Law and Practice” and “Cyber Insurance”.

He has advised Barclays Bank, The Bank of England, Vodafone, Whitbread, and Bosch.

He has advised the Government and Prime Minister of Pakistan, the Government and Prime Minister of Bermuda, and the Government of Slovakia on Blockchain and crypto-currencies.

He was consulted by the UK Law Commission on the changes to data protection law, which eventually formed part of the forthcoming Data Protection Act 2018.

He has written numerous articles that have been published in The Global Legal Post, The New Law Journal and The Telegraph, and he has been quoted as an expert in the field in The Times, The Telegraph, The Financial Times, and Forbes magazine.

He has assisted Dubai corporates with data management and compliance. He was admitted to, and remains a member of the Dubai International Financial Court.

He is the only UK lawyer sponsored by an international government to be involved in drafting the travel rules for virtual asset service providers.

He is currently advising on the treatment of data in respect of international sportsmen and women, which involves cross-jurisdictional issues.

He is also advising a Blockchain company on listing on the London Stock Exchange.

He is a regular commentator on television, radio and internet for Sky, the BBC, and Buzzfeed UK on matters of serious crime and fraud.

He is ranked as a leader in the field of cyber law in the current editions of Chambers and Partners UK, The Legal 500, and Forbes.


BEN SYMONS

Barrister

PRACTICE AREAS: Data Protection, Privacy Law

BEN SYMONS is a barrister at The 36 Group. He specialises in data protection and privacy law. Ben also advises on and undertakes litigation in relation to all aspects of data protection and privacy law that arise from cyber security incidents and data breaches. Ben also advises on litigation strategy in relation to defending shareholder class actions relating to data breaches. Ben has published numerous articles in relation to data protection and an organisation's obligations to comply with the GDPR.


ARVINDER SAMBEI

Barrister

PRACTICE AREAS: Anti-Corruption, AML/Financial Regulatory, Public International Law, International/Transactional Criminal Law

ARVINDER SAMBEI is a practising barrister of over 30 years’ experience and one of the directors of London-based Amicus Legal Consultants.

She has previously held the posts of Head of Criminal Law at the Commonwealth Secretariat, Legal Adviser to the Permanent Joint Headquarters (PJHQ) at the UK’s Ministry of Defence and Principal/Senior Crown Prosecutor (Crown Prosecution Service of England & Wales). As a prosecutor, she had conduct of many of the UK’s high profile extradition, counter-terrorism, transnational and war crimes cases. In addition, her responsibilities included liaison with other jurisdictions on treaty negotiations, extradition and mutual legal assistance requests.

As the Head of the Criminal Law Section at the Commonwealth Secretariat, she was responsible for ensuring design and delivery of programmes of assistance and training for member states to enhance criminal law systems.

Arvinder acts as an expert for many international and regional organisations (including Council of Europe, EU, IMF, and UN agencies) on anti-corruption & governance, AML/CFT, sanctions, international co-operation, asset recovery, economic crimes, corporate criminal liability, maritime crime and security, human rights and public international law. She has also been engaged in treaty and legislative drafting, state and project evaluation, and capacity building/technical assistance programmes.

She is a published author of legal texts (with Oxford University Press and others), an experienced trainer and has written articles, practitioner manuals and technical papers published by, inter alia, the Council of Europe, Commonwealth Secretariat, OECD, OSCE and UNODC on her areas of expertise.

United States

Core Obligations
  • Overview
  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes
  • Maintenance
  • Protective Technologies
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response Planning
  • Response Communications
  • Analysis
  • Mitigation
  • Recovery Planning
  • Improvements
  • Recovery Communications
Legal Landscape
  • Gramm-Leach-Bliley Act
  • Cybersecurity Information Sharing Act of 2015
  • NIST SP 800-53 Rev. 4 (Recommended Security Controls)
  • and 33 other compliance sources
Regulatory
  • Department of Commerce
  • Department of Homeland Security
  • Privacy Agencies of EU Member States
  • and 8 other regulators
Legal Expert

JOHN DAVIS

Senior Counsel | Crowell & Moring

PRACTICE AREAS: E-Discovery & Information Management, Commercial Litigation, Litigation & Trial, Privacy & Cybersecurity Investigations, Regulatory & Policy, Digital Transformation

JOHN DAVIS is co-chair of Crowell & Moring’s E-Discovery & Information Management Practice and a member of the Litigation Group. John has over 20 years of experience advising clients on cybersecurity and other data law issues – including data security, compliance, breach analysis and response, privacy, discovery, data analytics, cross-border transfers, information governance, and emergent technology – and representing companies in complex litigations. He leads responses to U.S. and foreign governmental inquiries, conducts international investigations of data breaches, and counsels companies on managing data risk in litigation and through their policies and procedures. John is an award-winning author and frequent lecturer on cybersecurity, investigations and data law.

John received his law degree magna cum laude from the Georgetown University Law Center, where he was admitted to the Order of the Coif and served as senior articles editor of the American Criminal Law Review. Before joining Crowell & Moring, John was counsel at UBS in its Litigation and Investigations functions in charge of Global Complex Cases. John is a member of the bars of the States of New York and California (inactive), the U.S. Supreme Court, the U.S. Courts of Appeals for the Second and Eleventh Circuits, and multiple federal district courts.

Contact Us