Your data. Your protection. Our focus.

Privacy and Cybersecurity expertise in APAC

Grow | Protect | Operate | Finance

December 2022
 Legal expertise
you can depend on

Our Privacy and Cybersecurity

group works across all sectors
offering a full complement of
counseling and advice, regulatory
and litigation services, including:

• Data breach and cybercrime

• Global data transfer solutions

• Compliance with local privacy laws

• Privacy class actions and regulator

proceedings and liaison

• Information governance
and records management

• Privacy impact assessments

and risk management

• Security policies and bring your

own device (BYOD) policies

• Government/law enforcement data requests

and data subject access

• Public sector freedom of information

• Digital media privacy and CRM/electronic

marketing strategy

• Outsourcing and HR solutions

• Litigation and e-discovery

• Mergers and acquisitions including

database acquisitions

• Advising on artificial intelligence and

automated decision making.

2 • Your data. Your protection. Our focus.

 Key risks include loss of
data, systems downtime,
disruption to BAU, significant
fines and litigation risk
as showcased by recent
high-profile regulatory
investigations and
court cases.
Data and cyber security
breaches are a top
corporate concern,
exposing an organisation
to significant
reputational risks.

Every organisation has

a business interest and
a legal obligation to take
appropriate steps to protect
its data and systems and
deal with incidents swiftly
and effectively
Taking the when they happen.
right approach to
cybersecurity compliance
and dealing with incidents
swiftly and efficiently when
they happen is essential,
but can be challenging,
especially if approached
across borders.

Privacy and Cybersecurity expertise in APAC • 3

Our solutions

Integrated Data Breach

Response Solution

When a breach occurs, our integrated global team, together

with our trusted specialist partners, will help you respond
swiftly, efficiently and proportionately, in accordance with
legal obligations and consistent with regulatory expectations.

Global cover Partnerships

We can act rapidly when cross-border data breaches
occur. Our global team includes leading privacy and
cybersecurity lawyers in 100+ jurisdictions worldwide,
with an additional external network of privacy and
cybersecurity specialists in regions where we do not
have office locations.
Multidisciplinary teams
Our cybersecurity team includes experts across legal
practices, such as financial regulatory, litigation, asset
recovery, investigations, technology, competition
and workplace law relations. Together, we are well
positioned to help you identify and implement
the optimal business solution.
We have partnerships and
trusted relationships with leading
cybersecurity consultancies,
digital forensics, strategic
communications and PR service
providers, as well as providers of
other services that may be required
when dealing with a serious
breach, such as, investigations,
insurance, e-discovery, legal
tech solutions, call centre and
other fulfilment support. We also
leverage Dentons Global Advisors,
an independent multidisciplinary
business consultancy, to develop
communications strategies to
prepare for and navigate crises
and other complex issues when
they arise.

4 • Your data. Your protection. Our focus.

We work together with your in-house team
and other partners to support you through
all stages of incident response, including:
1.
Immediate response out preliminary impact
and containment
3.
Breach notification requirements
and strategy, drafting and
handling notifications to
2. regulators, data subjects
Triaging and carrying and other stakeholders
assessments and risk
assessments

6.
Working with PR to help
5. ensure consistency of internal
Engaging specialist and external messaging,
4.
service providers, such as preserve the legal position
Remedial action
providers of forensics, and protect the brand
investigations, call centres,
notifications and fulfilment,
fraud prevention,
credit monitoring

7.
9.
Handling regulatory
Dispute resolution
liaison 8.
and litigation
Advising on data
support
subject requests, 10.
complaints and claims Designing and running
lessons learnt sessions

Cybersecurity Compliance
and Preparedness

Our integrated global team ensures that you are
compliant with all obligations in preparing your
company and incident response team to respond
to a data breach effectively and efficiently, taking
into account regulatory expectations and
market practice.
• Cybersecurity and incident response policies,
processes and plans
• Compliance with legal, regulatory, contractual
and industry requirements
• Cybersecurity governance frameworks
• Incident response team, insurance and
partnering with service providers
• Fixed price products
• Preparing templates and tools
• Training and supporting awareness initiatives
• Senior stakeholder workshops, simulations
and table-top exercises
• Data and cyber security due diligence
and audits
• Strategic and Intelligence Services
• Data subject access request compliance
• Reviews of automated decision making
and artificial intelligence solutions advice
• Negotiating data transfer agreements
• Privacy Impact and Data Transfer
Impact Assessments.

Privacy and Cybersecurity expertise in APAC • 5

Representative experience
Global investment bank: Advised about its
policies and guidelines relating to fraud controls
(including data security) and the processes,
procedures and protections extended to
whistleblowers associated with the organisation.
This review was conducted across the 30
jurisdictions in which the organisations operates.
Avis Budget Group: Appointed sole legal
counsel in Australia advising on all aspects
of privacy and cybersecurity.
Reserve Bank of New Zealand: Advising the
Reserve Bank of New Zealand in connection
with a high-profile data breach relating to its use
of a file transfer application provided by Accellion
(including advising on the implementation of
the replacement system).
6 • Your data. Your protection. Our focus.
Major social media platform: Acting for a
major social media platform in connection with
its compliance with New Zealand privacy laws,
including advising on the privacy implications
of new products; advising on regulatory inquiries
and subject access requests; and advising on the
interface between privacy laws and interception/
surveillance laws.
Integrated Health Information Systems (“IHiS”):
Representing the central IT service provider for
public healthcare in Singapore in the Committee
of Inquiry convened to investigate the cyber attack
on Singapore Health Services. This was the largest
breach of personal data in Singapore’s history,
with 1.5 million patients’ records accessed and
copied while 160,000 of those had their outpatient
dispensed medicines’ records taken.
NASDAQ-listed Internet company:
Advising on a range of issues in data protection,
privacy and cybersecurity.
Publicly listed global real estate investment
trust: Acted in relation to a worldwide review of its
cyber security legislative compliance, specifically
advising on laws (state and federal) relating to notice
and disclosure of data breaches, liability relating
to data breaches, and other regulations that apply
to data breaches.
One of the world’s largest online retailers:
Advising on privacy and cybersecurity aspects
for the global acquisition of a new online business
and app software.
Dun & Bradstreet: Advising on personal privacy
and data protection under Hong Kong law in respect
of credit report database storage and file sharing
of information across servers located in
various countries.
A vendor of the Health Sciences Authority
(“HSA”): Representing the vendor on the blood
bank case where it was reported that the personal
details of 800,000 blood donors’ details were
illegally accessed. Dentons Rodyk was activated
the night of the cyber attack to advise on civil and
criminal liability and lead the crisis management
team by working with a PR firm and the client’s
computer forensic team.
Malaysian paper products manufacturing
company: Acting for a client in resisting a claim
for outstanding balance purchase price and freight
charges. The monies had been paid to third parties
on fraudulent instructions arising from
cybersecurity breaches.

Fresenius Medical Care AG & Co. KGaA group:

Advising on data protection and other implications
on Fresenius Medical Care group in the context of
implementation of a global whistle-blower hotline
to be approached by employees, business partners,
customers, patients and other external persons for
filing complaints.

Privacy and Cybersecurity expertise in APAC • 7

Key contacts

Australia

Ben Allen Robyn Chatwood

Partner Partner
Sydney Melbourne
D: +61 2 9035 7257 D: +61 3 9194 8330
ben.allen@dentons.com robyn.chatwood@dentons.com

Matthew Hennessy Harriet McCormick

Partner Special Counsel
Melbourne Sydney
D: +61 3 9194 8389 D: +61 2 9931 4801
matthew.hennessy@dentons.com harriet.mccormick@dentons.com

Hong Kong

Antonia Hudson Julianne Doe

Senior Associate Senior Consultant
Melbourne Hong Kong
D: +61 3 9194 8366 D: +852 2533 3688
antonia.hudson@dentons.com julianne.doe@dentons.com
Korea

Emma Park Andrew Park Nicholas Howon Park

Senior Managing Attorney Senior Managing Attorney Senior Managing Attorney
Seoul Seoul Seoul
D: +82 2 2262 6188 D: +82 2 2262 6070 D: +82 2 2262 6013
emma.park@dentons.com andrew.park@dentons.com nicholas.park@dentons.com

New Zealand

Hayley Miller Campbell Featherstone

Partner Partner
Auckland Wellington
D: +64 9 915 3366 D: +64 4 498 0832
hayley.miller@dentons.com campbell.featherstone@dentons.com

Malaysia

Pauline Ngiam Dennis Heng Kai Khong

Partner Partner
Kuala Lumpur Kuala Lumpur
D: +60 3 2698 6255 x163 D: +60 3 2698 6255 x139
pauline.ngiam@zain.com.my dennis.khong@zain.com.my

Privacy and Cybersecurity expertise in APAC • 9

Key contacts

Singapore and Myanmar

Gilbert Leong Catherine Lee Maw Jiun Foo

Senior Partner Senior Partner Partner
Singapore Singapore Singapore
D: +65 6885 3638 D: +65 6885 3687 D: +65 6885 3750
gilbert.leong@dentons.com catherine.lee@dentons.com mawjiun.foo@dentons.com

PRC

Desmond Chew Ling Yi Quek Ken Dai

Partner Partner Partner
Singapore Myanmar Shanghai
D: +65 6885 2895 D: +65 6885 3766 D: +86 21 58785888
desmond.chew@dentons.com lingyi.quek@dentons.com jianmin.dai@dentons.cn

Taiwan

Tom Lin Vivian Lin

Senior Counsel Senior Partner
Taipei Taipei
D: +886 2 25214583 D: +886 2 25214583
chiunjung.lin@dentons.com.tw shuchuan.lin@dentons.com.tw

10 • Your data. Your protection. Our focus.

Vietnam

Tran Duy Canh Vi Nguyen

Managing Partner Senior Associate
Ho Chi Minh City Ho Chi Minh City
D: +84 283824 8440 D: +84 283824 8440
canh.tran@dentons.com vi.nguyen@dentons.com

Indonesia

Andre Rahadian Al Hakim Hanafiah

Jakarta Jakarta
Senior Partner Partner
D: +62 21 5701837 D: +62 21 5701837 x105
andre.rahadian@dentons.com alhakim.hanafiah@dentons.com

Mika Isac Kriyasa

Jakarta
Partner
D: +62 21 5701837 x107
mika.kriyasa@dentons.com
ABOUT DENTONS

Dentons is designed to be different. As the world's largest law firm with 20,000 professionals in over
200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business.
Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity
and ESG, ensures we challenge the status quo to stay focused on what matters most to you.

www.dentons.com

© 2022 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates.
This publication is not designed to provide legal or other advice and you should not take, or refrain from taking, action based on
its content. Please see dentons.com for Legal Notices.

CSBrand-101684-A4-Flyer-APAC-Privacy-Cybersecurity-08 — 21/12/2022