What do you do?
I am a bridge between the East and the West, assisting multinational clients with their expansions into APAC while ‘translating’ the data laws of Asia for them.
Why data?
It chose me! During my training in Singapore as an intellectual property, tech, media and telecommunications lawyer, the Singapore Personal Data Protection Act was passed. This was the first data protection law of its kind in Singapore, and it just fell naturally under the umbrella of what was already an multi-hyphenate practice. As you can imagine, I was kept extremely busy at the time as every organisation in Singapore tried its best to get its house in order in time for the coming into force of the Act!
What’s keeping you busy?
Advising clients on new and changing data laws – how to remain compliant with them while still advancing their commercial initiatives. Keeping up to date with the data protection laws in this part of the world, their obligations and having a good handle on the risk profile in each jurisdiction is a concern for clients, particularly as they start to roll-out new commercial initiatives or expand into new territories in APAC.
What mentors or other influential figures have helped you get where you are today?
My mentor, Lam Chung Nian of WongPartnership LLP, who always remains cool under fire, has deep knowledge of every aspect of a multi-hyphenate practice and still makes time to teach and train young lawyers. Also, every female lawyer whom I have ever worked with, including in particular Carolyn Bigg of DLA Piper – for always being gracious, courteous and kind, an absolutely amazing lawyer, and somehow managing to fit family life (and the rest of life) into her busy schedule.
If you could change one data-related law, how and why would you change it?
Overly prescriptive notification requirements. Every jurisdiction requires companies processing personal data to provide adequate notice to individuals. But some data laws have extremely prescriptive requirements. This has led to some notifications reading like the telephone directory, and is not helpful to an individual who actually wants to know how their data is used. One way to change this would be to encourage the use of technology when preparing privacy notices, so that individuals are able to navigate to the sections that they are most interested in.
How has covid-19 affected what you do?
Data has only become more important during the pandemic. With the prevalence of contact tracing and now the vaccination drives that are happening in many places, data, its use and processing, are first and foremost on the minds of clients.
What’s the next big thing – what data opportunities are companies now looking at?
Everyone always talks about the intersection between artificial intelligence and data. I don’t disagree – but I think more specifically, companies are looking at how to utilise and process data to provide ever more personalised services and advertisements to individuals. As companies continue to push the boundaries of data processing, the focus is increasingly on how clients can continue providing their services while still complying with legal requirements in as painless a way as possible.
What’s keeping companies worried at the moment – what are some key data risks?
Given the number of people working from home at the moment, some key data risks that have come up in conversation include: (1) how to effectively monitor employees who are working from home, especially if employees are beginning to use personal devices for work purposes, and (2) the increased security concerns that come with remote working – and the corresponding rise in cybersecurity breaches.
What do you do to relax?
Go for a long run by the water – cheap, easy and accessible – and before the pandemic, travel to Mongolia to go horse-riding with my friends. Where running and visits to Mongolia are not so plausible due the pandemic, I like working with my hands – I picked up knitting recently out of curiosity and have now started on my second project: a blanket that is longer than I am tall.