Privacy and Data Protection

Privacy and Data Protection

Regardless of which industry you are in, privacy and data protection issues affect us all. The Privacy and Data Protection module identifies and guides your organisation through the compliance obligations surrounding the secure collection, management and maintenance of personal information within the Australian legal framework.

To pay or not to pay – the rise of ransomware in 2021

A recent spate of ransomware attacks has brought into sharp relief the critical question – to pay or not to pay. With some notable but limited exceptions, traditional advice from law enforcement and cyber experts has always largely been don't pay the ransom.

Regulatory Compliance Webinar Series


Topic: GDPR After The Pandemic - Do you need to review your privacy obligations?

Speaker: Michael Rasmussen l The CURA Pundit

Regulatory Compliance Webinar Series


Topic: Compliance Conversations on Privacy in Hong Kong

Speaker: Dominic Wai | Partner, ONC Lawyers

Complementary International Privacy Checklist


Knowing your international privacy compliance requirements is vital to ensure your business is meeting its obligations. This complimentary checklist has been developed in conjunction with Dudley Kneller, Partner at Gadens.

Hong Kong

Core Obligations
  • Objectives, Definitions and Governing Principles
  • Data Protection Principles
  • Access to Personal Data
  • Correction of Personal Data
  • General Maintenance
  • Codes of Practice
  • Qualifying Criterion for Matching Procedures and Transfer of Personal Data
  • Provision of Personal Data in Direct Marketing
  • Grievances Protocol
  • Offences and Penalties
  • Interpretation of Prescribed Public Officer
  • Governing Rules covering PDPO
  • Interpretation of Prescribed Public Officer and Ex Officio Member
  • Performance of the Administrative Appeals Board
  • Who can perform a Transfer of Record
  • General Matters
  • General Secrecy
  • Provision of Prescribed Information on Demand
  • Inspection of Company’s Records
  • Parameters that cover PDPO
  • Code of Confidentiality and Protection of Council
  • Permitted Disclosure of Information by Authority
  • Delegation of Powers of the Ombudsman
Legal Landscape
  • The District Court Ordinance Chapter 336
  • The Personal Data (Privacy) Ordinance Chapter 486
  • The Insurance Ordinance Chapter 41
  • The Communications Authority Ordinance Chapter 616
  • The Securities and Futures Ordinance Chapter 571
  • The Construction Industry Council Ordinance Chapter 587
  • The Companies Ordinance Chapter 622
  • The Electronic Health Record Sharing System Ordinance Chapter 625
  • The Independent Police Complaints Council Ordinance Chapter 604
  • and 9 other compliance sources
  • Cap.397 Ombudsman Ordinance
  • Publications_2nd Edition Data Protection Principles
  • Cap.136 Mental Health Ordinance
  • Cap.221 Criminal Procedure Ordinance
  • Compliance with Data Access and Correction Requests
  • Data Access Request Form (Form OPS003)
  • PCPD Compliance Guide for Data Users
  • PCPD Codes of Practice/ Guidelines - Index
  • PCPD Code of Practice on the Identity Card Number and other Personal Identifiers – Compliance Guide for Data Users
  • PCPD Code of Practice on the Identity Card Number and Other Personal Identifiers (Revised April 2016)
  • Cap.177 Registration of Persons Ordinance
  • Cap.115 Immigration Ordinance
  • Hong Kong Monetary Authority - Money Laundering Guidelines
  • PCPD Compliance Guide for Employers and Human Resource Management Practitioners
  • PCPD Code of Practice on Human Resource Management (Revised April 2016)
  • PCPD Code of Practice on Consumer Credit Data (Revised Jan 2013)
  • PCPD – Understanding the Code of Practice on Consumer Credit Data – Frequently Asked Questions on the Sharing of Mortgage Data for Credit Assessment Purpose
  • Cap.155 Banking Ordinance
  • PCPD Monitoring and Personal Data Privacy at Work: Points to Note for Employers of Domestic Helpers
  • PCPD Privacy Guidelines: Monitoring and Personal Data Privacy at Work (Revised in April 2016)
  • PCPD Resources Centre Information Leaflet - What is a Matching Procedure?
  • PCPD – Common Questions on Matching Procedure
  • PCPD – Past Seminars on Direct Marketing
  • PCPD Guidance Note – Guidance on the Collection and Use of Personal Data in Direct Marketing
  • PCPD – Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the PDPO
  • PDPO – Complaint Handling Flowchart
  • Cap. 589 Interception of Communications and Surveillance Ordinance
  • Cap. 561 Human Reproductive Technology Ordinance
  • Cap. 227 Magistrates Ordinance
  • The Department of Justice – Legal System in Hong Kong
  • Mission, values and roles of the Financial Reporting Council
  • PCPD on Data Privacy Law – The Personal Data (Privacy) Ordinance
  • Criminal offences and respective penalties under the PDPO
Legal Expert


Partner | ONC Lawyers

PRACTICE AREAS: Litigation & Dispute Resolution, Regulatory, Compliance & Internal Investigations, Criminal Litigation, Trade & Customs Litigation, Shareholders’ Dispute and Insolvency matters, Domestic and International Arbitration, Cybersecurity & Privacy Law matters

Before joining the legal profession, DOMINIC has worked in the banking sector and as well as in the Independent Commission Against Corruption (ICAC).

Dominic’s practice focuses on advising clients on matters relating to anti-corruption, white collar crime, law enforcement, regulatory and compliance matters in Hong Kong, including advice on anti-money laundering. He also handles cases involving corporate litigation, shareholders’ disputes and insolvency matters, defamation cases, domestic and international arbitration cases, cybersecurity, data security and privacy law issues, competition law matters, e-Discovery and forensic investigation issues as well as property litigation. His expertise includes:

  • Advised Hong Kong listed, US multinational companies and money service operators (MSO) on anti-money laundering matters and practices.
  • Advised major international companies and Hong Kong listed companies on anticorruption and bribery and other white-collar crime issues.
  • Advised and assisted clients on urgent asset freezing injunctions and liaising with law enforcement agencies concerning fraudulent fund transfers due to business email scams and hacked email systems.
  • Advised the joint and several liquidators of a liquidation matter for over 10 years with considerable recovery for the creditors over the years.
  • Advised a major broadcasting company on defamation issues, judicial review applications, investigation by regulators and shareholders’ dispute issues.

Dominic is currently a board member of a charity that provides a home service for sick children and their families. He is supportive and actively participating in the activities of the charity.


Core Obligations
  • Privacy & Data Protection Overview
  • Applicability of Data Privacy Laws
  • Organisational Governance
  • Consumer Data Rights
  • Openness and Transparency
  • Collecting Personal and Sensitive Information
  • Anonymity and Pseudonymity
  • Using and Disclosing Personal Information and Identifiers
  • Cross-border Transfers of Personal Information
  • Ensuring the Quality of Personal Information
  • Ensuring the Security of Personal Information
  • Enabling Access and Correction of Personal Data
  • Managing Complaints and Investigations
  • Confidentiality
  • Surveillance
  • Health Information and the My Health Record System
  • Workplace Privacy
  • Complying with the Payment Card Industry Data Security Standard
Legal Landscape
  • Archives Act 1983 (Cth)
  • Crimes Act 1914 (Cth)
  • Criminal Code Act 1995 (Cth)
  • Do Not Call Register Act 2006 (Cth)
  • Freedom of Information Act 1982 (Cth)
  • Privacy Act 1988 (Cth)
  • Privacy Regulation 2013 (Cth)
  • Privacy (Tax File Number) Rule 2015 (Cth)
  • Spam Act 2003 (Cth)
  • Surveillance Devices Act 2004 (Cth)
  • Taxation Administration Act 1953 (Cth)
  • Telecommunications Act 1997 (Cth)
  • includes over 110 compliance sources
  • State Records Office of Western Australia (WA, Australia)
  • Information Commissioner's Office (United Kingdom)
  • Payment Card Industry Security Standards Council (International)
  • NSW State Archives (NSW, Australia)
  • ACT Territory Records Office (ACT, Australia)
  • State Records of South Australia (SA, Australia)
  • Queensland Public Records Review Committee (QLD, Australia)
  • Attorney General's Department (Australia)
  • Australian Communications and Media Authority (Australia)
  • Australian Competition and Consumer Commission (Australia)
  • Australian Taxation Office (Australia)
  • Department of Home Affairs (Australia)
  • Department of Communications and the Arts (Australia)
  • The Treasury (Australia)
  • Office of the Australian Information Commissioner (Australia)
  • Public Record Office Victoria (VIC, Australia)
  • and 50 other regulators
Legal Expert


Partner | Gadens

DUDLEY is a highly experienced lawyer with international and domestic experience advising on commercial, regulatory and technology matters with specialisations in financial technology, cyber risk, privacy and strategic sourcing and supply projects. Dudley has over 20 years’ experience practising across Australia, Europe and the UK, and has worked on projects based in a range of countries, including the Philippines, India and across South America.

Dudley publishes and presents extensively. He has been nominated and selected as a ‘Best Lawyer’ in Australia in the area of Information Technology Law since 2020 and has been listed as a Recommended Technology, Media and Telecommunications Lawyer in Victoria in Doyle’s Guide every year from 2015 to 2020.


Core Obligations
  • Overview
  • Scope of Application of Privacy and Personal Information Protection Laws
  • Corporate Governance
  • Public Disclosure of Policy
  • Collection of Personal Information and Sensitive Personal Information
  • Retention of Personal Information
  • Use of Personal Information
  • Protection of Users’ Personal Information Rights
  • Third-Party Handling, Sharing, Transfer and Disclosure of Personal Information
  • Cross-Border Transfers of Personal Information
  • Emergency Response and Reporting of Security Incidents
Legal Landscape
  • Cybersecurity Law of the People’s Republic of China
  • General Rules of the Civil Law of the People’s Republic of China
  • Amendment IX to the Criminal Law of the People’s Republic of China
  • Tort Law of the People’s Republic of China
  • Law of the People’s Republic of China on the Protection of Consumer Rights and Interests
  • E-commerce Law of the People’s Republic of China
  • Decision of the Standing Committee of the National People’s Congress on Strengthening Network Information Protection
  • Surveying and Mapping Law of the People’s Republic of China
  • Law of the People’s Republic of China on Resident Identity Cards
  • Law of the People’s Republic of China on Public Libraries
  • and 36 other compliance sources
  • Cyberspace Administration of China
  • Ministry of Industry and Information Technology
  • National Information Security Standardization Technical Committee
  • and 14 other regulators
Legal Experts


Managing Partner | Merits & Tree

PRACTICE AREAS: Private Equity/Venture Capital, Mergers & Acquisitions, Cross Border Transaction

Mr. Wang is a managing partner of Merits & Tree. Prior to founding Merits & Tree, Mr. Wang served as an attorney at Han Kun Law Office and Jun He Law Firm, and as a partner at Zhonglun W&D Law Office.

Mr. Wang has substantial experience in cybersecurity and data protection, PE/VC, M&A, and blockchain. Mr. Wang advises on a broad range of privacy and data protection matters and helps clients navigate a range of complex data issues. Mr. Wang provides compliance advise on rapidly changing field of blockchain technology as well, including reviewing white papers and SAFT, and establishment of cryptocurrency fund. Mr. Wang presented some of the most prestigious private equity funds and venture capital firms in China, as well as numerous startups and emerging companies. His experience includes representing these clients in structuring, formation, investment, acquisition and sale transactions, and general compliance. He provides pragmatic advice regarding industry trends and deal structures, with broad industry experience in key areas such as finance, TMT, big data, minerals and real estate.

Mr. Wang was named by Legal Band as the Top 10 Chinese lawyers Special Recommendation in New Economic Sector (2018), the Top 10 Chinese lawyers Special Recommendation in Fintech Sector (2019), Investment Funds Tier 2 (2019), and Investment Funds Tier 2 (2018).

Mr. Wang is the lead author of the “Blockchain Compliance White Paper 1.0”, “Blockchain Compliance White Paper 2.0”, “Blockchain Compliance White Paper 3.0”, and “Digital Transformation of Chinese Enterprises White Paper 1.0”, which have been widely recognized in the industry.


Partner | Merits & Tree

PRACTICE AREAS: Dispute Resolution, Intellectual Property

Ms. Zhu is a partner in the Cybersecurity & Data Privacy and Dispute Resolution practices at Merits & Tree Law Offices.

Ms. Zhu has extensive experience helping clients comply with privacy and data protection requirements and is well versed in comprehensively using dispute-solving methods for legal compliance, with particular focus on regulatory compliance of TMT industries, including: security breaches, regulatory investigations, data breach incident response, and litigation.

In addition, Ms. Zhu is committed to academic research on regulatory compliance in the field of data protection. She participated in the “Personal Information Protection” project launched by the Credit Information Center of the People’s Bank of China and Shanghai New Finance Research Institute. She also co-authored the International Comparative study of Personal Information Protection (China Financial Publishing House). Ms. Zhu co-authored the “Digital Transformation of Chinese Enterprises White Paper 1.0” and is lead author of “Digital Transformation of Chinese Enterprises White Paper 2.0”.

Ms. Zhu received her Bachelor’s degree in law and Master’s degree in law at China University of Political Science and Law, and is a JD candidate of Beihang University. She is licensed to practice law in P.R.China.


Partner | Merits & Tree

PRACTICE AREAS: Investment Fund, Private Equity/Venture Capital, Mergers & Acquisitions, Intellectual Property

Ms. Zeng is a partner in the Cybersecurity & Data Privacy and Entertainment Law practices at Merits & Tree Law Offices.

Ms. Zeng’s offers strategic and innovative legal advice that is crucial for helping clients navigate the ever-evolving legal landscape of data protection and assists clients in structuring comprehensive compliance programs to satisfy regulatory requirements under Chinese law regime, including privacy policies and procedure, commercial transactions, cross-border data transfers, compliance audits, regulatory investigations, and data breach incident response. She advises on the privacy and cybersecurity aspects for a broad range in key areas, including finance, healthcare, smart vehicles, wearables, AI, blockchain, gaming companies, cybersecurity, or the synergy in TMT industries. Ms. Zeng co-authored the “Digital Transformation of Chinese Enterprises White Paper 1.0” and “Digital Transformation of Chinese Enterprises White Paper 2.0”.

Ms. Zeng received her Bachelor’s degree in law at Peking University Law School and Master’s degree in law at Harvard Law School. She is licensed to practice law in P.R.China and the New York State of the United States.


Core Obligations
  • Overview
  • Related Laws
  • Personal Information Utilisation Restriction, Acquisition, Control
  • A Third-Party Provision
  • Anonymously Processed Information
  • Guidelines for each field
  • Specific Personal Information
Legal Landscape
  • Act on the Protection of Personal Information
  • Act on the Use of Numbers to Identify a Specific Individual In Administrative Procedures
  • Cabinet Order to Enforce the Act on the Protection of Personal Information Act
  • General Rules Guidelines for the Act on the Protection of Personal Information
  • and 25 other compliance sources
  • Personal Information Protection Commission
  • Financial Services Agency
  • Ministry of Economy, Trade and Industry
  • and 4 other regulators
Legal Expert


Senior Associate | TMI Associates

PRACTICE AREAS: IT and Communications Matters, M&A, Alliances, Corporate Finance, Corporate Governance

SHOHEI is a Senior Associate at TMI Associates, one of the largest law firms in Japan. He has extensive experience in helping clients comply with privacy and data protection requirements. In particular, he has continuously advised numerous domestic and international advertising technology companies and advertisers with regard to their usage of consumers’ personal information as well as with contract negotiations. He also has
substantial expertise in M&A transactions targeting companies utilizing consumers’ personal data.

Shohei has previously served as a legal counsel for a company operating one of the largest web portals and advertising networks in Japan. Due to this background, he is qualified to advise his clients based on not only his legal knowledge but also on his deep understanding of the mechanisms of online advertising. Shohei has substantial experience helping companies to comply with international privacy laws, such as the GDPR, the California Consumer Privacy Act and China’s Cybersecurity Law, which enables him to effectively approach legal issues arising out of the uniqueness of each country’s privacy law.

Shohei received his Bachelor’s degree in law at Waseda University, his Juris Doctor’s degree in law at Chuo University Law School and his Master’s Degree at the University of Texas School of Law. He is licensed to practice law in both Japan and California state and has also been certified as a Certified Information Privacy Professional (United Sates) by the IAPP.

New Zealand

Core Obligations
  • New Zealand Privacy Overview
  • Collecting Personal Information
  • Using and Disclosing Personal Information and Identifiers
  • Ensuring the Security of Personal Information
  • Enabling Access and Correction of Personal Data
  • Workplace Privacy
  • Applicability of Privacy Laws
  • Cross-border Transfers of Information
  • Organisational Governance and Privacy Program
  • Managing Complaints and Investigations
  • Information Matching Programs
  • Ensuring the Accuracy of Personal Information
  • Protecting Confidential Information from Disclosure
  • Investigations and Enforcement
Legal Landscape
  • Privacy Act 1993 (NZ)
  • Official Information Act 1982 (NZ)
  • Contract and Commercial Law Act 2017 (NZ)
  • Crimes Act 1961 (NZ)
  • Criminal Procedure Act 2011 (NZ)
  • Criminal Records (Clean Slate) Act 2004 (NZ)
  • Data Protection Act 1998 (UK)
  • Harassment Act 1997 (NZ)
  • Protected Disclosures Act 2000 (NZ)
  • Unsolicited Electronic Messages Act 2007 (NZ)
  • and 20 other compliance sources
  • Office of the Privacy Commissioner
  • Office of the Ombudsman
  • Human Rights Commission
  • and 6 other regulators
Legal Expert


Partner | Bell Gully

PRACTICE AREAS: Media, Consumer law, Intellectual property, Litigation and dispute resolution, Privacy and data protection, Information, communications and technology, Food, Beverage and Hospitality, Cybersecurity, Anti-Bribery and Corruption

TANIA advises on all aspects of advertising promotions, including impacts of the Gambling Act, Fair Trading Act and Privacy Act. She is also experienced in advising on food and wine labelling issues, involving advice on the Food Standards Australia New Zealand (FSANZ) Code, the Food Act, the Wine Act and related regulations and industry codes.

She has a strong media law background, advising on defamation claims, appearing in Court on name suppression issues, and providing media law training to journalists. She advises on all aspects of intellectual property law, including copyright, passing off and trade mark infringement disputes and litigation.

In addition to her particular areas of expertise, Tania provides general advice on commercial and contractual disputes and litigation with successful outcomes for her clients.

Tania is recommended for intellectual property by The Legal 500 Asia Pacific 2020, which notes her specialties as media, advertising, privacy law and IP matters. Tania is also recommended as a recognised practitioner by Chambers Asia Pacific 2020 for Technology, Media and Telecoms.


Core Obligations
  • Overview and application of the data privacy
  • Compliance, police and practices
  • Collection, use and disclosure of personal data
  • Purpose of data collection
  • Access and correction of personal data
  • Care of personal data
  • Enforcement and penalties
  • Do not call registry
Legal Landscape
  • Personal Data Protection Act 2012
  • Computer Misuse Act
  • Cyber Security Act 2018
  • Official Secrets Act
  • The Electronics Transactions Act
  • and 51 other compliance sources
  • Personal Data Protection Commission
  • Intellectual Property Office of Singapore
  • Cyber Security Agency
Legal Expert


Partner | Clyde & Co

PRACTICE AREAS: Commercial, Corporate, Education, Employment, Pensions & Immigration, Insurance & Reinsurance

Described in The Legal 500 Asia Pacific as "extremely prompt and responsive", commanding "astounding legal knowledge" and being "genuinely interested in developing long term relationships with clients", Thomas is a corporate transactional, private equity and employment lawyer focusing on domestic and cross-border acquisitions and divestitures, corporate and asset finance and employment. As part of his practice, he also leads both the Employment in Singapore and the Corporate Secretarial practices in Singapore and Hong Kong.

United Kingdom

Core Obligations
  • Overview
  • Applicability of Data Protection Law
  • Organisational Governance
  • Lawfulness, Fairness and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy of Personal Data
  • Storage Limitation
  • Integrity and Confidentiality
  • Enabling Individuals' Rights
  • Managing Complaints and Investigations
  • Cross-border Transfers of Personal Information
  • Confidentiality
  • Surveillance
  • Workplace Privacy
  • Complying with the Payment Card Industry Data Security Standard
Legal Landscape
  • Data Protection Act 2018
  • Regulation (EU) 2016/679 (General Data Protection Regulation)
  • Freedom of Information Act 2000
  • and 57 other compliance sources
Regulators & Enforcement agencies
  • Office of the UK Information Commissioner
  • The Information Commissioner's Office - Scotland
  • Information Commissioner’s Office - Wales
  • The Information Commissioner’s Office - Northern Ireland
Legal Experts


Commercial Technology Partner | Hamlins

PRACTICE AREAS: Data Protection, Privacy, Cyber Security

MATTHEW has extensive experience advising businesses on the full ambit of data protection, privacy and cyber security matters. He works closely with companies advising them on the best practical and legal measures to mitigate and manage security breaches and ensure compliance with the EU General Data Protection Regulations. He advises CEOs and senior management on how to create the best legal, technological and security governance strategies for the business. Matthew has worked as a CEO and understands the commercial and budgetary pressures businesses face when implementing strategic projects.

“Matthew Pryke is both smart and focused with an ability to find solutions that add value”
- Legal500


Defamation and Privacy Partner | Hamlins

PRACTICE AREAS: Reputation Management

CHRISTOPHER is an industry leading expert in the field of reputation management and has helped businesses resolve problems that threaten the reputation of the business or the privacy and integrity of those behind it. He has considerable experience in handling unprecedented crisis situations and is used to working to pressurised timescales.

“Christopher is incredibly good. He is very well organised and gets things done.”
- Legal500



PRACTICE AREAS: Anti-Corruption, AML/Financial Regulatory, Public International Law, International/Transactional Criminal Law

ARVINDER SAMBEI is a practising barrister of over 30 years’ experience and one of the directors of London-based Amicus Legal Consultants.

She has previously held the posts of Head of Criminal Law at the Commonwealth Secretariat, Legal Adviser to the Permanent Joint Headquarters (PJHQ) at the UK’s Ministry of Defence and Principal/Senior Crown Prosecutor (Crown Prosecution Service of England & Wales). As a prosecutor, she had conduct of many of the UK’s high profile extradition, counter-terrorism, transnational and war crimes cases. In addition, her responsibilities included liaison with other jurisdictions on treaty negotiations, extradition and mutual legal assistance requests.

As the Head of the Criminal Law Section at the Commonwealth Secretariat, she was responsible for ensuring design and delivery of programmes of assistance and training for member states to enhance criminal law systems.

Arvinder acts as an expert for many international and regional organisations (including Council of Europe, EU, IMF, and UN agencies) on anti-corruption & governance, AML/CFT, sanctions, international co-operation, asset recovery, economic crimes, corporate criminal liability, maritime crime and security, human rights and public international law. She has also been engaged in treaty and legislative drafting, state and project evaluation, and capacity building/technical assistance programmes.

She is a published author of legal texts (with Oxford University Press and others), an experienced trainer and has written articles, practitioner manuals and technical papers published by, inter alia, the Council of Europe, Commonwealth Secretariat, OECD, OSCE and UNODC on her areas of expertise.

United States

Core Obligations
  • Overview
  • Applicability of Data Privacy Laws
  • Organisational Governance
  • Collecting Personal and Sensitive Information
  • Using and Disclosing Personal Information
  • Ensuring the Security of Personal Information
  • Enabling Access to and Correction of Personal Data
  • Workplace Privacy
  • Managing Complaints and Investigations
  • Protecting Confidential Information from Disclosure
Legal Landscape
  • Gramm Leach Bliley Act (15 USC 6801 - 6827)
  • Title X of Dodd-Frank Wall Street Reform and Consumer Protection Act (12 USC 5491 - 5603)
  • Fair Credit Reporting Act - Credit Reporting Agencies (15 USC 1681 et seq)
  • Family Educational Rights and Privacy Act (20 USC 1232g)
  • Heath Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104 -191
  • and 329 other compliance sources
  • Board of Governors of the Federal Reserve System
  • Federal Trade Commission
  • Securities and Exchange Commission
  • Attorney General (Federal)
  • and 122 other regulators
Experienced Attorney Author


Partner | Morris, Manning & Martin

PRACTICE AREAS: Corporate, Cybersecurity & Privacy, Internet of Things (IoT) Technology

ELIZABETH K. “Bess” HINSON makes planning for privacy and cybersecurity risks her top priority. As Chair of the Cybersecurity & Privacy Practice, her primary areas of concentration include cyber and data risk management and governance, breach preparedness and response, crisis management, and global data privacy compliance. Bess represents clients at all stages of incident response from investigation, notification, remediation, managing privacy class action risks, and defense of litigation and regulatory inquiry. She regularly counsels clients on cross-border data flows and navigating conflicts between foreign privacy laws and U.S. compliance obligations. She oversees and coordinates EU General Data Protection Regulation (GDPR) compliance assessment and implementation programs for clients. She has experience in privacy matters, including information governance and data management, online advertising, internal compliance policies, and consumer policies, including website and mobile application policies, vendor management, blockchain, and advising on privacy and security-related compliance strategies and programs.

Contact Us