What do you do?
I am a Hong-Kong based in-house lawyer and my practice spans M&A (focusing predominantly on the tech and financial services sectors), data privacy and technology.
Why data?
In relation to the tech aspect of my practice, I ‘fell into the sector’ during my private practice days in Hong Kong by being lucky enough to be seconded to one of Australia’s biggest telecommunications companies. I was on secondment there for over 12 months and was exposed to a myriad of different issues that I had had little exposure to in the past. Technology and data privacy were two topics that were fascinating and my practice extended to include those areas of law ever since. Data protection and personal data privacy at that time was a fairly new concept in Asia and it was a topic that Telstra was very alive to, so I made a point of learning a lot about it very quickly.
What’s keeping you busy?
The market in Asia is hot at the moment and sometimes when I think about it, I can hardly imagine we are living in the midst of a pandemic.
Companies are investing in technology at the rate of knots and innovating in ways that would not have been conceivable three or five years ago. I am also finding that while the deals have not slowed down, they are taking a longer time to consummate as there is greater scrutiny at senior levels on the potential risks involved in the transaction. One of those risks is data protection. Data due diligence is increasingly front of mind and now a boardroom issue, particularly in light of GDPR. It is critical to ascertain the integrity of IT systems and if any data breaches have occurred, and what protections can we weave into the relevant transaction documents to address these risks.
What mentors or other influential figures have helped you get where you are today?
I have been fortunate to have worked with some wonderful people over the course of my career. I started my career in Melbourne, Australia and some of the partners of the law firm I worked at for many years to this day I would still call for career advice, or to bounce ideas off despite having not worked in Melbourne for almost a decade now. I have been lucky to have been given many opportunities throughout my career, including transferring to the Hong Kong office of the firm, and three secondment opportunities.
If you could change one data-related law, how and why would you change it?
To make reporting data breaches mandatory within a short amount of time after discovering a breach. Companies have a duty to let their customers and employees know when there is a data breach so customers can take all necessary precautions to protect their data as soon as possible. Data is a fundamental right and companies need to do more to protect it and to report breaches as soon as they occur.
How has covid-19 affected what you do?
Covid-19 has forced companies to accelerate their digitalisation strategies, and has changed the way they can interact with customers. A traditionally face-to-face industry, such as insurance, has really had to quickly evolve to one where the entire customer journey may be conducted entirely online in places where governments have placed entire populations into lockdown or restricted the ability to interact in person. This has meant the rapid adoption of technology, and one example is artificial intelligence to enhance the user experience including through chatbots where face-to-face interaction is not possible.
In addition, some financial services companies are looking to partner with e-commerce companies (not a typical partner for a traditional financial services company) where their products can be sold to customers online. An example of this is the changing landscape of the distribution of insurance products and looking to enter into long term partnerships and collaborations with these online retailers and even to acquire or invest in them.
What’s the next big thing – what data opportunities are companies now looking at?
Artificial intelligence and data analytics. In my view these could enhance the entire customer journey, from customer engagement, improving quality of service, enable targeting of customers with tailored products and services, intelligent management of customer data and automation of operations creating efficiencies and better customer experiences.
What’s keeping companies worried at the moment – what are some key data risks?
With more and more companies looking at the use of cloud and data in increasing their processes and efficiencies, improving the customer experience and targeting new customers, cybersecurity risks are a huge concern; they not only may result in huge financial penalties but may cause significant reputational harm, the latter which may result in a higher financial impact than the amount of the fine itself. The risk of being harmed indirectly by cyberattacks or security breaches of vendors’ IT systems is an equal risk, and companies (particularly companies in a regulated industry, such as financial services) need to ensure that they build in appropriate protections in their contracts with vendors.
High-profile cases like the Cathay Pacific data breach in Hong Kong has really put personal data in the spotlight here, and there is a lot of uncertainty how the data privacy laws in Hong Kong and elsewhere in Asia will evolve and expand in scope over time, including by looking to the GDPR as a basis. Singapore has recently introduced new changes to its data privacy legislation with more to come into effect over time.
What do you do to relax?
When I have time to relax, I unwind by going for a run, or doing pilates or a HIIT workout. For something a little less intense, I love curling up with a book and a cup of tea (or a red wine), or chasing after my three small children (which, at times, is not all that relaxing!).