Data protection, privacy and cybersecurity

Our dedicated global practice is composed of more than 80 data protection, privacy and cybersecurity lawyers based in many of the world’s key risk jurisdictions.

Our dedicated global practice is composed of more than 80 data protection, privacy and cybersecurity lawyers based in many of the world’s key risk jurisdictions.

“A respected name in technology and telecoms matters, including regulatory issues relating to data privacy, cloud services, mobile payments, big data, cybersecurity and telecoms financing.” Chambers Asia-Pacific, 2020

We help clients manage legal risks related to cybersecurity, privacy, data governance, eDiscovery, information technology, eCommerce and intellectual property. Our clients include large corporates, government and specialist internet and data-rich companies operating across a broad range of sectors including financial services; aviation; life sciences, healthcare and pharmaceuticals; retail; insurance; energy; telecommunications and technology.

We advise our clients across multiple jurisdictions and regions, including Europe, the United States, Canada, Latin America, Asia, Australia, Africa and the Middle East. As an integrated cross-border group, we provide our clients with an integrated worldwide service.

Data protection and privacy

Our deep industry experience and global perspective means that we can advise our clients at each stage of the data lifecycle. At the front end, we help our clients assess and reduce their privacy and security risks and comply with applicable laws. When developing marketing programs or new products and services, we assist clients by advising on privacy and security at the outset to maximize the effectiveness of their offerings and avoid legal and regulatory pitfalls. We advise clients on complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction. We counsel clients on legal compliance and business strategy relating to privacy and security risk management, cybersecurity and technology transactions.

Data breach and cybersecurity incident response

We are able to draw upon our global experience to advise clients on the investigation, containment and remediation of a broad range of data breaches and other cybersecurity incidents and have acted in relation to many of the world’s most high-profile incidents in this area in recent years. Minimizing financial loss and reputational damage is our highest priority, and we have an established reputation of achieving that objective for our clients. We frequently provide immediate incident response services across multiple jurisdictions and have advised clients in the context of cyber incidents with implications in over 120 jurisdictions and affecting many millions of individuals. We know the key regulators well across a broad range of jurisdictions and have developed a deep understanding of those regulators’ priorities from a data protection, privacy and cybersecurity perspective.

In addition to assisting clients in their response to regulator investigations, we advise on class action lawsuits and other claims that arise out of privacy violations and security breaches. We are available to our clients on a 24/7/365 basis, and provide immediate assistance via our incident response team members across the globe. 

Our areas of work include

  • Bankruptcy proceedings involving personal information
  • Cloud services and computing
  • Cross-border data flow requirements, including Safe Harbor certification, EU Binding Corporate Rules and other solutions
  • Cybersecurity and privacy contract development and negotiation
  • Cyber risk management and incident response solutions
  • Data hub relocation projects
  • Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation
  • Data protection program development, including supporting consumer engagement activities such as marketing and advertising
  • Data security, privacy and technology regulatory response and litigation
  • Development of security and privacy policies, best practices and procedures
  • Leveraging personal information for advertising and marketing
  • Management of employee information and patient medical records
  • M&A transactions
  • Mobile privacy issues
  • Privacy breaches
  • Privacy policies for organizations and their websites
  • Proactive incident response planning
  • Restrictions on collection and use of consumer information
  • Security incident investigation, response, and remediation
  • Strategic regulatory compliance advice
  • Technology transactions
  • Vendor management program development and implementation

Awards and accolades

  • Chambers Asia-Pacific, Asia-Pacific Region: TMT, Chambers and Partners, 2020
  • Chambers Global, Asia-Pacific Region: TMT, Chambers and Partners, 2020
  • Legal 500 Asia-Pacific, Hong Kong: TMT, The Legal 500, 2020


Computer screen with digital lock on it


A conversation with Stephen K.Y. Wong, former Hong Kong Privacy Commissioner for Personal Data

Earth with global network visuals


Global: Contact tracing apps: A new world for data privacy

blue screen with GDPR


Asia Pacific: Schrems II


Related services