THOUGHT LEADERS
Data 2022
Interviews with the pinnacle of the profession
Read interviews with the world’s leading lawyers and experts.
Available now @whoswholegal
whoswholegal.com
Who’s Who Legal
THOUGHT LEADERS
Introduction
Contents
I am delighted to present WWL Thought Leaders: Data 2022, which brings together the insight, expertise and wisdom of some of the world’s foremost data lawyers and experts in a single book. Through thousands of votes and nominations in the course of our research, the market has identified that the practitioners in the following pages are among the very best in the world in their field, without exception. Who’s Who Legal has been researching legal markets since In total, only one in every six individuals 1996 and now covers 35 practice
Data Privacy & Protection
considered for inclusion in WWL: Data
areas and over 150 countries. 2022 were invited to take part in WWL Entry into our guides is, of itself, no easy feat, with fewer than half Thought Leaders: Data 2022 of those nominated obtaining a listing. The bar to be considered a thought leader for data is even higher: only those listed lawyers who obtained the highest number of nominations from peers, corporate counsel and other market sources in our most recent research cycle were considered. In total, only one in every six individuals considered for inclusion in WWL: Data 2022 were invited to take part in WWL Thought Leaders: Data 2022. Through interviews with the practitioners themselves, WWL Thought Leaders: Data aims to shine a light on what puts these practitioners at the apogee of the global data market. They are worthy of special mention owing not only to their expertise and experience advising on some of the world’s most significant and cutting-edge matters, but also their ability to innovate and inspire. Their experience and understanding of the legal world and their unique insights into the area will no doubt be illuminating and instructive to a wide spectrum of readers, whether clients, corporate counsel, established practitioners, those starting out in the law, or anyone with an interest in the practice of law at the very highest level. This edition of WWL Thought Leaders: Data features Q&As with 14 practitioners with hundreds of years of combined experience in the field between them. I would like to thank the participants who gave us their valuable time to answer our questions and make the book possible. It is rare to have so much Data expertise concentrated in one place and we hope you will agree that their responses make fascinating reading.
2
Lukas Bühlmann
Data Security 4
Carmen De la Cruz
Information Technology 6
Nicola Benz
8
Steven De Schrijver
12
Lukas Morscher
14
Michael Schmittmann
16
Directory
Data Experts 24
Jason Coyne
26
Erick Gunawan
28
Paul Jackson
30
David Kalat
32
Richard Kershaw
34
Shelly Mady
36
Christopher Raske
38
David S Turner
40
Directory
Rupert Wilson Head of research & analytics, Who’s Who Legal June 2022
Head of research & analytics Rupert Wilson
Content production manager Robert Harris
Business development manager Kiteria Yiu
Head of research: US Penelope Williams
Senior production editors Katie Adams, Harry Turner, William Holt
Deputy head of research Charlotte Riley
Production editor Ellen Desmond
Account managers Nick Townsend, Bilikis Olowolekomoh, Sam Limbu, Leon Hartley, Hadassah Maitaram
Senior research analysts Conor Manders, Alex Bottomley
Junior production editor Nathaniel Balch
Research analysts Ammara Saleem, Tabia Lui, Olivia Harrison, Kirsty Carvalho, Johana Shony
Head of business development Adam Landes
Customer service executive Harry Marloe Publisher Tom Barnes
Cover photography: istockphoto.com/kenishirotie Printed and distributed by Encompass Print Solutions Tel: 0844 2480 112
ISSN 2516-1261 © 2022 Law Business Research Ltd
Also a Thought Leader in Information Technology
Lukas Bühlmann
MLL Legal
Zurich www.mll-legal.com lukas.buehlmann@mll-legal.com Tel: +41 58 552 04 80
Biography Lukas Bühlmann is partner and co-head of the firm’s digital, data privacy and e-commerce group. Before joining MLL Legal in 2017, Lukas spent more than 10 years building up his own boutique firm with an international practice specialised in digital legal matters. He advises and represents clients in the internet and e-commerce sector, in the health sector and in the tourism and transportation industry. He regularly advises clients in e-commerce, data protection, advertising and all legal aspects of the digital economy.
2
Data Privacy & Protection
What have been the most notable changes to the data sector within the past five years?
The data-based economy has literally exploded. The related legal challenges are becoming increasingly complex and interdisciplinary. This presents an increasing difficulty not only for clients, but also for us lawyers. The whole picture is accentuated by increasingly complex national and international regulation. In Switzerland, the paradigm shift brought about by the EU GDPR and the revision of the Swiss Data Protection Act were, of course, dominant. Finally, the importance of cybersecurity and cybercrime has also increased massively.
hardly any other country. At the same time, Switzerland is a small country. Accordingly, Swiss law has always been strongly influenced by the legal systems of its largest economic partners. In the area of data protection, it is vital for the Swiss economy that no additional market barriers are created by differing regulation. The new Swiss data protection law accordingly is based on the fundamental principles of the EU GDPR.
To what extent have you noticed an increase in the amount of data protection cases since the outbreak of the coronavirus pandemic and the drive In what ways are data-driven towards remote working? technologies such as AI having If there is one good thing about the coronaan impact on the Swiss legal virus pandemic, then it is the great driving market? force for digitisation. We do see this when The targeted and efficient use of data-driven technologies (including AI) will rapidly develop into a core competence of law firms. The international verticalisation of the legal market in combination with the accentuating client expectations on the efficiency of legal services will lead to law firms having to be able to use these tools in all areas of their activities. This will become a prerequisite for survival in competition. However, the digitalisation of law firm processes will also lead to law firms gaining a new, much more comprehensive understanding of their clients. This is to the benefit of both the clients and the law firm itself. It is therefore crucial that law firms openly embrace this development.
To what extent are privacy laws in Switzerland developing in accordance with other countries? Switzerland lies at the heart of Europe; its economy is internationally networked like
looking at our clients’ businesses, the way we interact with clients and the way we operate as a law firm. The rapid increase in digitisation naturally leads to an increased need for advice on data protection compliance. At the same time, however, it has also led to a significant increase in the awareness of data protection issues in businesses’ day-to-day work. Both factors lead to an increasing importance of data protection law in our team’s practice. But it is digitalisation that is decisive, not the pandemic. The latter is only an accelerator.
What is your biggest concern for the future regarding privacy and people’s ability to interact online?
personal rights. If we do not manage to get a grip on this threat, the unlimited possibilities of digital interaction might quickly be de facto massively restricted, because the risks associated with enabling these digital solutions will become too big, both for companies and for all of us. But I am afraid that the law will be of very limited help.
How does MLL Meyerlustenberger Lachenal Froriep set itself apart from competitors in the Swiss legal market?
We have one of the largest teams in ICT and digital. At the same time, we are part of one of the largest law firms in Switzerland with a clear focus on technology, regulated industries, IP and ICT. We are virtually the big tech boutique law firm in Switzerland.
In what ways has MLL Meyerlustenberger Lachenal Froriep implemented the use of datadriven technologies within its own practice?
MLL has digitalised a comparatively large part of its processes and systems. Last year, we moved our communication and data storage to one of the large public clouds and we have a LegalTech department at management level with the mission to continuously evaluate and implement new application areas of datadriven processes for internal and external use. We have formed partnerships with software developers with the aim of developing our own solutions in certain areas for ourselves and our clients.
I see the enormous increase in cybercrime as a great concern. With increasing digitalisation, the vulnerability of our society to cybercrime is also growing, and with it, of course, the threat to our
Peers and clients say: “Lukas has built up a strong and committed team” “Lukas has comprehensive know-how of the key issues of data protection law” whoswholegal.com/thought-leaders
3
Carmen De la Cruz
LEXcellence AG
Baar / Canton of Zug www.lexcellence.swiss delacruz@lexcellence.swiss Tel: +41 76 596 77 25
Biography Carmen De la Cruz is a technology lawyer and notary public based in Crypto Valley / Zug in Switzerland. Carmen has worked for many years as an IT lawyer in tech and telecommunciation companies before starting her own business. Carmen’s focus is on new technologies such as AI, IOT or blockchain linked with all commercial activities. With her broad experience in technology, data protection, commercial law etc. she supports clients to start, grow and develop business.
4
Data Security
What do clients look for in an effective data lawyer?
In general, in-depth know how on AI and on the hardware and software side are very important for customers. Although common knowledge regarding what data is may be known. However, to be able to support customers with all possible means, it is necessary to have know-how on AI systems, neural networks, deep learning, AI ecosystems etc.
What data trends have been most prominent during the past year?
There is a trend towards more analysis and use of data to do marketing and product development. There is also a tendency to use cloud services to extend services and combine it with new techniques such as deep learning to gain more insights and set up new products. Last but not least, there is also a trend to regulate further as AI systems may also pose a certain threat to society depending on the way these are put in place.
of services, may be attacked as well. Breach of security may also lead to data protection issues which are in scope of customers’ measures to protect data as well.
How do you stay informed and up to date with the latest technological advances?
Newsletters, conferences and continuous education provide the necessary background. Furthermore, we have access to a large network of experts in the technical and legal area to support customers from a Swiss and international perspective.
How do you see the AI regulatory frontier developing over the next five years?
The proposed EU regulation will have a significant impact on the global regulatory framework of AI services. However, a lot of aspects are still open and need to be discussed such as human rights, including but not limited to the rights of individuals related to consumer protection and civil rights.
How can rising instances of ransomware and other cyberattacks be effectively addressed by In a global environment of clients? increased data regulation and Customers need to put adequate operational legislation, what does levels of and technical measures in place to move enforcement from authorities look forward. Data helps to drive analysis further like? and be faster in detecting malware and attacks. However, as it is an industry behind, customers and suppliers need to constantly work on the corresponding analysis of patterns, data etc. to avoid further attacks. Last but not least new parts of business activities need to be included in the analyses which are operational services (OT). Data gained out of the OT area need to be further explored, as attacks do not stop at the IT network as such.
What are the biggest data threats your clients currently face, and how are you helping tackle them? As mentioned above, security issues related to data is one of the biggest threats for customers in general. Furthermore, the connectivity as such, including but not limited to the offering
So far Switzerland does not seem to aim for an extended regulatory framework. However, based on the experience of the past, Switzerland may be influenced significantly by the EU regulation and regulate AI systems in a similar way. From a global perspective, the EU regulation and enforcement with its focus on extraterritorial scope of the legislation will have a significant impact on the global markets. Companies around the world will be obliged to follow EU rules if they want to access and provide services on the EU market.
What is the best piece of advice you’ve ever received?
Concentrate on your passion and services – and go for it!
Peers and clients say: “Carmen has a good mix of technical expertise” “Carmen is a top lawyer in the data privacy area” “She is pragmatic and easy to deal with” whoswholegal.com/thought-leaders
5
Nicola Benz
MLL Legal
Zurich www.mll-legal.com nicola.benz@mll-legal.com Tel: +41 58 552 04 90
Biography Nicola Benz is co-head of MLL’s IT and digitalisation practice group and one of the founders of the Cyber Incident Hub, a multidisciplinary response team for data security issues of which MLL is the legal partner. She has more than 20 years of experience as a practising lawyer in the field of technology, advising on transactions, disputes and compliance matters and associated issues in IP, competition and contractual law. Nicola is an active member of the iTechLaw Association and is fluent in English and German.
6
Information Technology
What motivated you to special- face, and how are you helping ise in data law? tackle them? Data is an essential resource in our digitalised world. It plays a central role in the business of many of our clients. My motivation comes from an interest in whatever is new and a desire to support clients in tackling the legal challenges and opportunities of using data.
What is it about data security that you enjoy most?
In order to effectively advise clients in relation to data security, it is not enough to just look at the legal aspects. There are technical considerations, communications challenges and governance issues to be dealt with and that requires an interdisciplinary team. I really enjoy working with professionals from different fields to deliver solutions and provide assistance on data security issues. MLL has partnered with technical experts, communications specialists and an asset recovery service provider to create the Cyber Incident Hub. It is very rewarding to be able to learn from our partners in the Hub and to work as a team with them to help clients improve their readiness for a data security incident and to tackle the consequences if hit by this type of incident.
Cyberattacks are a huge threat. The incidence of attacks has risen sharply over the last two years and continues to do so. The nature of the attacks ranges from social engineering scams - collecting password information or having payments initiated by clever use of email and other communication tools – to ransomware attacks that result in systems being rendered inaccessible through encryption of data and the threat of disclosure to a broad public if the ransom is not paid. We help clients prepare for these types of attacks, through training of staff, drawing up response plans in the event of an attack, ensuring data protection compliance is up-to-date, reviewing contracts to establish what notification duties a client has towards its contractual partners in the event of an attack and checking insurance policies to be sure of the scope of coverage. We also provide assistance if an attack does happen, advising on data breach notification requirements and helping with any notifications that need to be made, discussing with the client whether a ransom can and should be paid, looking at questions of liability and insurance and supporting the communications professionals and technical experts in their work immediately after an incident and at the post-incident review stage.
How do you establish a detailed understanding of a client’s business to advise them effectively? What are the advantages and Taking time to listen to a client is the best challenges of the EU’s new way to start understanding their business. standard contractual clausOf course, that is not always possible due es (SCCs) in a data transfer to time and budget constraints and so context? we also rely on experience gained from working with other clients in the same or similar fields. We have established industry groups at MLL to focus on certain industries and businesses from a client perspective, to share knowledge and experience in particular business sectors across the firm.
What are the biggest data threats your clients currently
In a nutshell, the new SCCs do better reflect the different relationships that can arise in a data-processing context, which is an advantage compared to the previous one-size-fits-all approach. However, the task of putting in place SCCs for all relevant data transfers can be daunting for clients. Additionally, the uncertainty of whether any given data transfer is lawful remains, even with the right sets of SCCs in place and after completion of a data transfer risk
assessment and implementation of additional measures. Clients understandably like certainty and the current lack of that for international data transfers is highly unsatisfactory.
Adtech providers Google and Amazon received significant fines in France. Is this a sign of things to come in the European and/or global market(s)?
I do believe we will continue to see significant fines from data protection authorities in the EU. Also, as more countries around the world introduce data protection legislation, the fines will probably start coming from different directions. Most Latin American countries have privacy legislation in place and many African countries are now introducing legislation too, all with competences to issue fines. In my own jurisdiction, Switzerland, a revised data protection statute will enter into force in 2023, also providing for much larger fines than under the present legislation. The figures involved (up to CHF 250,000) are not nearly as high as in the EU, but the fines will be directed towards the responsible individuals and not to companies and it will be unlawful for the sanctioned individuals to have their employer pay on their behalf.
How does your membership in the International Technology Law Association enhance your practice?
Having been a member of iTechLaw for around 15 years, I have built a network of expert colleagues from around the world. This helps greatly when dealing with international data security issues.
What advice would you give to someone starting out in the data security field?
Keep an open mind and don’t just focus on the issues in your field. There is so much to be gained from an interdisciplinary approach.
Peers and clients say: “Nicola is a highly experienced IT lawyer” “She is a brilliant thinker” “She is very active in new technologies” whoswholegal.com/thought-leaders
7
Also a Thought Leader in Privacy & Protection and Security
Steven De Schrijver
Astrea
Brussels www.astrealaw.be sds@astrealaw.be Tel: +32 476 609 182
Biography Steven De Schrijver is a partner with the Belgian law firm Astrea. He has almost 30 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation, video platform and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.
8
Information Technology
What inspired you to pursue a career in law?
I always had a passion for writing. When I was 18 it was less evident I become a literary author than a lawyer.
What qualities make for a successful corporate lawyer?
Knowing the law, willingness to go the extra mile, keenness to learn, attention to detail and commercial awareness.
How has your work in data affected your approach to your corporate and media practice?
Apart from being an interesting field of law in itself to explore and advise on, data law is an important addition to my corporate and media practice. It makes one much more aware of how privacy and data protection law work across all other fields of law, including corporate law (e.g., when conducting due diligence within the framework of an M&A transaction) and media law (e.g., when advising on advertising rules for new media platforms or telecommunications providers).
How can clients best continue to innovate given the increasing complexity of data regulations in the US, EU, China and Brazil?
The technology industry will of course always be ahead of regulation when introducing very innovative products. Certain general rules will always remain applicable, but very specific legal questions that may arise in respect of the technology concerned may be unanswered for a certain time. Clients should keep themselves aware of proposed or upcoming regulation to amend their processes and products where required. While the final set of rules may be different from initial proposals, it is always good to bring a business in the direction in which the law is heading. For instance, while the draft of the AI regulation is still likely to change, developers of AI products can already prepare themselves for certain certification procedures or by implementing measures to comply with the future obligations for high-risk AI systems. Taking these steps
now, perhaps in the planning phase of a new project, may save costs, as these can be higher when a process has to be redesigned entirely from the very beginning. This is also where technology lawyers who are closely following legal developments will be important to innovators: it is good to advise a client that their product is not yet regulated, but it is even better if you can tell your client (if possible) what you expect to be the law soon and what steps can be taken by the client to achieve compliance and perhaps gain a better position in the market than their competitors.
What are the biggest data threats your clients currently face, and how are you helping tackle them?
Malware, ransomware and phishing remain the global security threats that clients currently face and will have to continue to tackle. These have many implications for clients, ranging from preventive measures to reactive actions. Lawyers can assist in preparing internal procedures regarding security measures, data breach notification procedures and data processing. With the future entrance into force of the NIS 2.0 Directive, that will lead to a very broad scope of application across many sectors, more and more businesses will have to take important steps to ensure a high level of cybersecurity of their business. Clients may also review the possibility to enter into a cyber insurance contract. If things go wrong, clients must be assisted in assessing if a data breach must be notified to the competent authority, in eventual negotiations with cybercriminals and possible steps towards law enforcement.
What does the EU’s Artificial Intelligence Regulation draft do well, and what are its limitations?
The benefits of AI should not be overshadowed by its potential risks that could corrode European values and human rights. The EU therefore intends to regulate AI in a balanced way, as to not limit innovation more than necessary, by banning certain potentially harmful AI solutions
whoswholegal.com/thought-leaders
such as a social credit scoring system, while subjecting high-risk categories – potentially creating an adverse impact on people’s safety or fundamental rights – to mandatory requirements and obligations, and encouraging self-imposed codes of conduct on others. It is good that this legal text will ensure that this innovative technology is made subject to certain important principles. The scope of these categories is however subject to criticism since the discrepancies between these demarcations are quite large. An important topic is the interpretation of transparency. This overarching principle encompasses the need for subjects to know when they are confronted with AI, its modus operandi and goals (transparency sensu stricto), a clear explanation of the algorithm so that one can understand how a particular decision was made (explainability) and the possibility to sufficiently understand and use the output generated by AI (interpretability). Although each term has a different connotation, the overarching term of transparency is used throughout the text without further clarification and sometimes contradictorily. The lack of clear liability rules in the AI regulation may pose a further criticism, especially when a product is based on algorithms from different developers. After all, the characteristic features of AI systems – such as autonomous learning and the unknown quality of data sets – challenge current schemes of allocating liability. Perhaps a solution will be found through an amendment of the Product Liability Directive, which is currently under review as it may not entirely be suitable to challenges posed by emerging technologies such as AI. For example, it is unclear whether unpredictable outcomes of an AI algorithm that lead to damage can be treated as “defects” under the Directive. Even if they can be, the “development risk defence” may exempt developers from liability for defects that were undiscoverable when the AI product was put into circulation, which would hinder injured parties in getting compensation. The current legal liability landscape needs to be revised in order to keep up with the pace at which AI technologies emerge.
9
It is clear that a lot of work has still to be done in respect of the proposed AI regulation. Is the definition of AI adequate or too broad? What is the regulation’s relation to the GDPR? And what about individual rights for persons that are made subject to an AI system?
AdTech is a sector coming under increasing scrutiny from regulators. How do you see this developing?
The introduction of new privacy laws such as the GDPR have already brought important changes to the AdTech industry. The future introduction of the ePrivacy Regulation will certainly further impact the industry’s use of cookies. Third-party cookies will be phased out to a large extent
in the coming years due to decisions of Google and other browser providers. A recent decision by the Belgian DPA to fine IAB Europe, which facilitates the management of users’ preference for online personalised advertising, due to GDPR violations will further impact the industry. The sector will have to look at alternatives. AI may be an interesting solution, as may IoT with connected TVs and AR. Even the metaverse may be interesting with the AdTech sector. In any way, the industry will have to move to a privacycentric and consumer-focused approach, whereby data is collected directly from the consumer in accordance with all privacy laws. Another novelty is anonymous identifiers, which may make it possible to, following the user’s consent, tie an
anonymous identifier to the user’s identity which can then be used for advertising. Consent-based approach may indeed prove the best way to be compliant with new regulations in multiple jurisdictions.
Looking back over your career, what has been your proudest achievement to date?
Being recognised by my peers as a thought leader in my field is certainly one of the proudest achievements in my career. Besides that, we as lawyers are highquality service providers and providing the best possible high-quality service regardless of the size or importance of the assignment remains the best possible achievement a lawyer can achieve each day.
Peers and clients say: “An extremely savvy lawyer, with a special knack for Tech M&A transactions” “He is an outstanding lawyer” “A very experienced tech lawyer who I would very quickly recommend to clients” 10
Information Technology
Global Data Review (GDR) is the trusted source of worldwide news and analysis on the use and trade of data. It keeps practitioners up to speed with the global issues and trends that matter, giving you the detail and depth you need to operate successfully. Know more GDR is an editorial-first product that keeps you informed with the latest news, research and opinion, so you can stay connected, advise with confidence and compete effectively. Find the edge Connect and collaborate with your peer group, clients and colleagues. Get the full cross-border view from leaders in the field, to help you identify opportunities and research your position. Lead the market Understand the trends and harness the data, tools and insight you need to guide strategy, streamline decision-making, and keep your practice in front.
Find out more: GDR-SUBSCRIPTIONS@GLOBALDATAREVIEW.COM
globaldatareview.com lbresearch.com
Lukas Morscher
Lenz & Staehelin
Zurich www.lenzstaehelin.com lukas.morscher@lenzstaehelin.com Tel: +41 58 450 80 00
Biography Dr. Lukas Morscher is head of the technology and outsourcing practice group in Zurich and an expert on corporate M&A and financial services. He advises regularly on international and domestic transactions, and is considered a leading lawyer in technology, digitisation and business sourcing in Switzerland. He is a frequent lecturer at seminars and conferences. Dr. Morscher is an alumnus of Harvard Business School (AMP) and board member of several companies in the technology, telecoms, and fashion industries. He is author of multiple publications in the fields of technology, outsourcing, software and data protection/privacy.
12
Information Technology
What do you enjoy most about working in the TMT space?
TMT related work is in its very nature interdisciplinary and almost always involves technical, commercial and legal issues alike. Our technology practice is often closely involved in our clients’ business operations in order to create new business models and value chains along with practicable, effective solutions.
What makes Lenz & Staehelin’s practice in this area stand out from the competition?
Supporting clients across the full TMT spectrum requires a deep understanding of the business models and underlying technologies on top of legal expertise in a wide range of areas, including regulatory, corporate and transactional, contract, intellectual property, competition, technology-enabled innovation and data protection/privacy. We provide tailored services through a dedicated and multidisciplinary team. Drawing from experts of various practice groups, as required in the individual case for effective and costefficient advice, we strive for long-term trusted relationships with our clients.
How has the growth of technology and a greater focus on issues of data protection impacted the world of corporate transactions?
Data analytics and data-based services are driving digital disruption of the physical world. This not only impacts data privacy triggering new legislation around the globe but also has major effects on the corporate structure of multinational groups and their transfer pricing as well as customer and intra-group contracting. The dependency on physical locations is more and more reduced, service delivery geographically
flexible, and revenue streams modified and more centralised. I usually refer to such new corporate structures as “star designs” that can be seen in any industry.
How has the technology and data space evolved since you began your career?
System and service availability have strongly increased (low latency, high redundancy) and service offerings have became far more attractive (collaborative tools, platform businesses etc.). Important drivers of technological advancement and actual use by businesses are also encryption technologies, interoperability of cloud services (easy data retention and retrieval, easy migration) and availability of multiple cloud suppliers (plug-and-play).
What risks and benefits have been generated by the growth of outsourcing? The business risks involved with outsourcing have generally decreased over past years, mainly as a result of standardisation and increased interoperability. Thus, project requirements and transaction costs, even for complex outsourcings (infrastructure and data management as well as business process outsourcings such as securities custody and execution, finance & accounting, HR payroll, network communication, facility management and other managed services) have decreased to (almost) plug-and-play.
Fintech is playing an increasingly crucial role in financial services. What is its future?
Technology in finance is not at all new, but rather the financial industry has been a frontrunner in technological advancement and value chain perfection. FinTech (as usually understood) however brings new
features to the financial industry through small and agile players, and will have a bright future mainly through further development and implementation of business models based on blockchain and enhanced customer experience. Still, the cooperation between FinTech startups and established players will eventually make FinTech not more than (but still) an important part of (further developed) technology in finance.
As a lawyer practising in the sector, what one aspect of data privacy law would you like to see improve within the next five years?
Data subjects must be empowered to (re)gain control over their privacy and personal data. Individual data protection rights, such as the ones granted under the GDPR, should be further developed and implemented within the companies’ and large organisations’ standard operating procedures around the world, making the GDPR almost a global privacy standard. New applications will so empower the data subjects and at the same time also help the companies to fulfil their duties and to grant their customers’ individual rights.
What advice would you give to aspiring lawyers who are interested in building a career in the data and TMT space? Be and think interdisciplinary (tech/business/legal), stay curious, understand IP rights and transactional contracting aspects as well as corporate matters, follow technological advancement, try to understand software development and the relevant technology features such as convergence, data analytics, mobile internet applications and platforms – and of course blockchain!
Peers and clients say: “Lukas is a top attorney in the data sector” “A real expert when it comes to cloud computing and outsourcing” whoswholegal.com/thought-leaders
13
Michael Schmittmann
Heuking Kühn Lüer Wojtek Düsseldorf www.heuking.de
m.schmittmann@heuking.de Tel: +49 211 600 55-165
Biography Michael Schmittmann is partner and was head of the firm’s IP, media and technology practice group for more than two decades. He has 30 years of experience in broadcasting, telecommunications and IT law, today with an emphasis on content platforms and online gambling law, mostly for international clients. He is newsletter editor of the IBA Communications Law Committee and chairman of the ITechLaw Interactive Media and Entertainment Committee. Michael started his career at the European Commission in Brussels and he never took off his “European glasses”.
14
Information Technology
What inspired you to pursue a legal career?
A functioning constitutional state with rule of law that is independent of politics is a gift of history. This gift has not existed for long and must be nurtured with great personal commitment. This fascinated me and became my professional goal in life.
a price. However, it is gratifying if there is a compromise at all, and it is also gratifying that the regulation now also affects companies based outside the EU.
Business orientation: We regard law as a tool for success – not as self-purpose. Deep market know how: We are specialists in some areas where we work for decades in the same matters and legal areas and for the same type of clients. Size: We are among the top five in Germany with our IP, media and technology group of about 60 specialists.
In a global environment of increased data regulation and legislation, what does increased levels of enforcement from What do you enjoy the most authorities look like? about working in data law? Cherry-picking of authorities at the begin- What is the best piece of advice The constant technical, social and ning, battles of comity among authori- you’ve ever received? economic changes in communication are a mandate for lifelong re-learning. What could be more exciting and varied?
ties, both interstate and intrastate. Lots of wasted time and inefficiency. But after a while, the work gets better and more efficient.
What did you find most challenging about becoming a data How do you see your data praclawyer? tice developing over the next To communicate with scientists, techni- couple of years? cians and other experts who are not from the legal profession. They prefer nonverbal communication - we prefer the opposite. It is not easy to have a common understanding of the same subject matter.
Look for the story behind the mandate it is not just what you hear, read or learn from the client. You need to know the real interests and goals in order to anticipate the opponent’s next steps. I gathered this advice from my wife, a historian of art. She always researches the story behind the painting. . .
Just like at the beginning of our media and telecommunications group in 1989: ever bigger, ever younger. As in the past years, we will invest a lot in the knowledge of what is going on in the market.
How could the EU’s ePrivacy How does Heuking Kühn Lüer Regulation impact the market Wojtek distinguish itself from if finalised in 2022? the competition? After an implementation period, everything becomes more complex and complicated - data protection comes at too high
Independence: We are a strong national German player without belonging to a US or UK firm or the Big Four.
Peers and clients say: “I highly recommend Michael’s data practice” “He is an excellent telecommunication lawyer” whoswholegal.com/thought-leaders
15
Thought Leaders in Data 2022 | Data Privacy & Protection Albania
Shpati Hoxha, Hoxha, Memi & Hoxha
Argentina
Diego Fernández, Marval O'Farrell Mairal Pablo Palazzi, Allende & Brea
Australia
Philip Catania, Corrs Chambers Westgarth
Austria
Axel Anderl, DORDA Rechtsanwälte GmbH Sonja Dürager, bpv Hügel Rechtsanwälte GmbH Rainer Knyrim, Knyrim Trieb Attorneys at Law Roland Marko, Wolf Theiss Gerald Trieb, Knyrim Trieb Attorneys at Law
Belgium
Cédric Burton, Wilson Sonsini Goodrich & Rosati Steven De Schrijver, Astrea • Q&A Jan Dhont, Wilson Sonsini Goodrich & Rosati Hans Graux, time.lex CVBA Christopher Kuner, Wilson Sonsini Goodrich & Rosati Henriette (Jetty) Tielemans, Covington & Burling LLP Tim Van Canneyt, Fieldfisher Patrick Van Eecke, DLA Piper UK LLP
Bosnia and Herzegovina
Tanja Savičić, Dimitrijević & Partners
Brazil
Gustavo Artese, Artese e Advogados Paulo Marcos Rodrigues Brancher, Mattos Filho Fábio Luiz Barboza Pereira, Veirano Advogados Thiago Luís Sombra, Mattos Filho
16
Directory
Bulgaria
George Dimitrov, Dimitrov Petrov & Co Desislava Krusteva, Dimitrov Petrov & Co
Canada
Nova Scotia
David TS Fraser, McInnes Cooper
Ontario
Alex Cameron, Fasken Adam Kardash, Osler Hoskin & Harcourt LLP Lisa R. Lifshitz, Torkin Manes LLP Daniel J Michaluk, Borden Ladner Gervais LLP Peter Ruby, Goodmans LLP
Quebec
Hélène Deschamps Marquis, Deloitte Legal Canada Éloïse Gratton, Borden Ladner Gervais LLP Charles S Morgan, McCarthy Tétrault LLP
Czech Republic
Robert Nešpůrek, HAVEL & PARTNERS, Attorneys-at-law Richard Otevřel, HAVEL & PARTNERS, Attorneys-at-law
Denmark
Tina Brøgger Sørensen, Plesner Advokatpartnerselskab Tue Goldschmieding, Gorrissen Federspiel Michael Hopp, Plesner Advokatpartnerselskab Tanja Blichfeldt Johnsen, NOVI Attorneys Pia Kirstine Voldmester, Bruun & Hjejle
England
Paul Barton, Fieldfisher Susan Barty, CMS Cameron McKenna Nabarro Olswang LLP Ann Bevitt, Cooley (UK) LLP Ruth Boardman, Bird & Bird LLP
Robert Bond, Privacy Partnership Law Rob Bratby, Bratby Law Daniel P Cooper, Covington & Burling LLP Toby Crick, Bristows LLP Marc Dautlich, Bristows LLP Sam De Silva, CMS Cameron McKenna Nabarro Olswang LLP Robbie Downing, Baker McKenzie Jane Finlayson-Brown, Allen & Overy LLP Nicola Fulford, Hogan Lovells International LLP Nick Graham, Dentons Hazel Grant, Fieldfisher Victoria Hordern, Bates Wells Rosemary Jay, Hunton Andrews Kurth LLP Richard Kemp, Kemp IT Law Phil Lee, Fieldfisher William RM Long, Sidley Austin LLP Renzo Marchini, Fieldfisher Christopher Millard, Bristows LLP Cynthia O'Donoghue, Reed Smith LLP Nuria Pastor, Fieldfisher Sarah Pearce, Paul Hastings LLP Michael Peeters, DAC Beachcroft LLP Graham Smith, Bird & Bird LLP Simon Stokes, Blake Morgan Bridget Treacy, Hunton Andrews Kurth LLP Eduardo Ustaran, Hogan Lovells International LLP Ian Walden, Baker McKenzie Mark Watts, Bristows LLP
Finland
Tobias Bräutigam, Bird & Bird Attorneys Ltd Pia Ek, Castrén & Snellman Attorneys Ltd Johanna Lilja, Roschier, Attorneys Ltd Eija Warma-Lehtinen, Castrén & Snellman Attorneys Ltd
France
Claire Bernier, ADSTO Florence Chafiol, August & Debouzy Raphaël Dana, Dana Avocats
Bradley Joslove, Joslove Digital Law Ariane Mole, Bird & Bird AARPI Alexandra Neri, Herbert Smith Freehills LLP Marie-Hélène Tonnellier, Oyat Law
Germany
Peter Bräutigam, Noerr PartGmbB Isabell Conrad, CSW Rechtsanwälte Christian Frank, Taylor Wessing PartG mbB Jürgen Hartung, Oppenhoff & Partner Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB Truiken J Heydn, TCI Rechtsanwälte München Thomas Heymann, Covington & Burling LLP Peter Huppertz, Hoffmann Liebs Partnerschaft von Rechtsanwalten mbB Niko Härting, HÄRTING Rechtsanwälte Philip Kempermann, Heuking Kühn Lüer Wojtek Flemming Moos, Osborne Clarke Matthias Nordmann, SKW Schwarz Rechtsanwälte Matthias Orthwein, SKW Schwarz Rechtsanwälte Daniel Rücker, Noerr PartGmbB Stefan C Schicker, SKW Schwarz Rechtsanwälte Martin Schirmbacher, HÄRTING Rechtsanwälte Philipp Schröder-Ringe, HÄRTING Rechtsanwälte Stefan Schuppert, Hogan Lovells International LLP Stefan Weidert, Gleiss Lutz Tim Wybitul, Latham & Watkins LLP
Hong Kong
Gabriela Kennedy, Mayer Brown Mark Parsons, Hogan Lovells
Hungary
Tamás Gödölle, Bogsch & Partners
India
Probir Roy Chowdhury, JSA Sajai Singh, JSA Salman Waris, TechLegis Advocates & Solicitors
Ireland
Rob Corbet, Arthur Cox LLP Maureen Daly, Beauchamps
Philip Nolan, Mason Hayes & Curran LLP Pearse Ryan, Arthur Cox LLP
Serbia
Israel
Bryan Tan, Reed Smith Pte Ltd Joyce A Tan, Joyce A Tan & Partners LLC
Dan Or-Hof, Or-Hof Law Ariel Yosefi, Herzog Fox & Neeman
Italy
Marco Berliri, Hogan Lovells Studio Legale Laura Liguori, Portolano Cavallo Massimiliano Masnada, Hogan Lovells Studio Legale Rocco Panetta, Panetta & Associati Massimiliano Pappalardo, Ughi e Nunziante Studio Legale
Luxembourg
Gary Cywie, Elvinger Hoss Prussen
Macedonia
Svetlana Trendova, Apostolska, Aleksandrovski & Partners
Netherlands
Quinten Kroes, Brinkhof NV Elisabeth Thole, Van Doorne NV Nicole Wolters Ruckert, Allen & Overy Gerrit-Jan Zwenne, Pels Rijcken & Droogleever Fortuijn Hester de Vries, Kennedy Van der Laan
Norway
Kristian Foss, Bull & Co Arve Føyen, Advokat Arve Føyen Thomas Olsen, Advokatfirmaet Simonsen Vogt Wiig AS Rune Opdahl, Advokatfirmaet Wiersholm AS Espen A Werring, Advokatfirmaet Thommessen AS
Portugal
Luís Neto Galvão, SRS Advogados Ricardo Henriques, Abreu Advogados Mónica Oliveira Costa, Coelho Ribeiro e Associados Daniel Reis, DLA Piper
Saudi Arabia
Nick O'Connell, Al Tamimi & Company
Scotland
Tijana Žunić Marić, Zunic Law
Singapore
Slovenia
Matej Perpar, Kirm Perpar
Spain
Belén Arribas Sánchez, Andersen Tax & Legal
Sweden
Henrik Bengtsson, Advokatfirman Delphi Johan Kahn, Advokatfirman Kahn Pedersen Agne Lindberg, Advokatfirman Delphi Hans Nicander, Nicander Advokatbyrå AB Peter Nordbeck, Advokatfirman Delphi Caroline Olstedt Carlström, Cirio Advokatbyrå AB Caroline Sundberg, Hannes Snellman Attorneys Ltd Erica Wiking Häger, Mannheimer Swartling
Switzerland Vaud
Jürg Schneider, Walder Wyss Ltd
Zug
Nicole Beranek Zanon, HÄRTING Attorneys-at-law Ltd
Zurich
Rolf Auf der Maur, VISCHER AG Nicola Benz, MLL Legal • Q&A Lukas Bühlmann, MLL Legal • Q&A Clara-Ann Gordon, Niederer Kraft Frey Ltd Michael Isler, Walder Wyss Ltd Christian Laux, LAUX LAWYERS AG Roland Mathys, Schellenberg Wittmer Mark A Reutter, Walder Wyss Ltd David Rosenthal, VISCHER AG David Vasella, Walder Wyss Ltd
Turkey
Batu Kinikoglu, HHK
David Gourlay, MacRoberts LLP
whoswholegal.com/thought-leaders
17
USA
California
Ian C Ballon, Greenberg Traurig LLP Lothar Determann, Baker McKenzie LLP Tanya Forsheit, Frankfurt Kurnit Klein & Selz Heather J Meeker, O'Melveny & Myers LLP Denis T Rice, Arnold & Porter Kai Westerwelle, Bird & Bird
District of Columbia
James Halpert, DLA Piper LLP (US) Edward R McNicholas, Ropes & Gray LLP Lydia Parnes, Wilson Sonsini Goodrich & Rosati
Mark E Plotkin, Covington & Burling LLP Randy V Sabett, Cooley LLP Robert Stankey, Davis Wright Tremaine LLP Christopher Wolf, Hogan Lovells US LLP Marc J. Zwillinger, ZwillGen PLLC
Illinois
Thomas J Smedinghoff, Locke Lord LLP
New York
William B Bierce, Bierce & Kenerson PC Peter Brown, Peter Brown & Associates PLLC Jenna F Karadbil, Law Office of Jenna F Karadbil, P.C.
Rory J Radding, Mauriel Kapouytain Woods LLP Dov H Scherzer, Polsinelli PC Lisa Sotto, Hunton Andrews Kurth LLP Alan Sutin, Greenberg Traurig LLP William A Tanenbaum, Moses & Singer LLP Miriam Wugmeister, Morrison & Foerster LLP
Pennsylvania
Sandra A Jeskie, Duane Morris LLP
Washington
Miriam Farhi, Perkins Coie LLP Susan Lyon-Hintze, Hintze Law Privacy & Security Data
Thought Leaders in Data 2022 | Data Security Albania
Canada
Australia
Adam Kardash, Osler Hoskin & Harcourt LLP Lisa R. Lifshitz, Torkin Manes LLP
Shpati Hoxha, Hoxha, Memi & Hoxha
Philip Catania, Corrs Chambers Westgarth
Austria
Quebec
Rainer Knyrim, Knyrim Trieb Attorneys at Law Roland Marko, Wolf Theiss
Hélène Deschamps Marquis, Deloitte Legal Canada Charles S Morgan, McCarthy Tétrault LLP
Belgium
Czech Republic
Cédric Burton, Wilson Sonsini Goodrich & Rosati Steven De Schrijver, Astrea • Q&A Christopher Kuner, Wilson Sonsini Goodrich & Rosati Tim Van Canneyt, Fieldfisher
Richard Otevřel, HAVEL & PARTNERS, Attorneys-at-law
Denmark
Tanja Savičić, Dimitrijević & Partners
Michael Hopp, Plesner Advokatpartnerselskab Tanja Blichfeldt Johnsen, NOVI Attorneys Pia Kirstine Voldmester, Bruun & Hjejle
Bulgaria
England
Bosnia and Herzegovina
George Dimitrov, Dimitrov Petrov & Co Desislava Krusteva, Dimitrov Petrov & Co
18
Ontario
Directory
Francesca Blythe, Sidley Austin LLP Robert Bond, Privacy Partnership Law Daniel P Cooper, Covington & Burling LLP Toby Crick, Bristows LLP Marc Dautlich, Bristows LLP
Sam De Silva, CMS Cameron McKenna Nabarro Olswang LLP Richard Kemp, Kemp IT Law Phil Lee, Fieldfisher William RM Long, Sidley Austin LLP Christopher Millard, Bristows LLP David Naylor, Wiggin LLP Geraldine Scali, Bryan Cave Leighton Paisner LLP Bridget Treacy, Hunton Andrews Kurth LLP Joanne Vengadesan, Penningtons Manches Cooper LLP
Finland
Eija Warma-Lehtinen, Castrén & Snellman Attorneys Ltd
France
Claire Bernier, ADSTO Florence Chafiol, August & Debouzy Raphaël Dana, Dana Avocats
Germany
Peter Bräutigam, Noerr PartGmbB Christian Frank, Taylor Wessing PartG mbB Peter Huppertz, Hoffmann Liebs Partnerschaft von Rechtsanwalten mbB Niko Härting, HÄRTING Rechtsanwälte
Stefan C Schicker, SKW Schwarz Rechtsanwälte Philipp Schröder-Ringe, HÄRTING Rechtsanwälte Thomas Thalhofer, Noerr PartGmbB
Scotland
Turkey
Serbia
USA
David Gourlay, MacRoberts LLP
Uroš Popović, Bojović Drašković Popović & Partners
Hong Kong
Anna L Gamvros, Norton Rose Fulbright Gabriela Kennedy, Mayer Brown
Slovenia
India
Sweden
Probir Roy Chowdhury, JSA
Hans Nicander, Nicander Advokatbyrå AB Erica Wiking Häger, Mannheimer Swartling
Ireland
Philip Nolan, Mason Hayes & Curran LLP
Switzerland
Italy
Laura Liguori, Portolano Cavallo Rocco Panetta, Panetta & Associati
Igor Aleksandrovski, Apostolska, Aleksandrovski & Partners
Zurich
Rolf Riisnæs, Wikborg Rein Advokatfirma AS
Magda Cocco, VdA Mónica Oliveira Costa, Coelho Ribeiro e Associados
David Z Bodenheimer, Nichols Liu LLP Edward R McNicholas, Ropes & Gray LLP Robert Stankey, Davis Wright Tremaine LLP Christopher Wolf, Hogan Lovells US LLP
New York
Nicole Beranek Zanon, HÄRTING Attorneys-at-law Ltd Carmen De la Cruz, LEXcellence AG • Q&A
Norway
District of Columbia
Vaud Zug
Joost Linnemann, Kennedy Van der Laan Jens van den Brink, Kennedy Van der Laan
Denis T Rice, Arnold & Porter Stephen S Wu, Silicon Valley Law Group
Massachusetts
Jürg Schneider, Walder Wyss Ltd
Netherlands
California
Berne
Ursula Widmer, Dr Widmer & Partners, Attorneys-At-Law
Macedonia
Portugal
Andrej Kirm, Kirm Perpar
Ceylin Beyli, CBL Law Office
Nicola Benz, MLL Legal • Q&A Julia Bhend, PROBST PARTNER AG Clara-Ann Gordon, Niederer Kraft Frey Ltd Michael Isler, Walder Wyss Ltd Christian Laux, LAUX LAWYERS AG Roland Mathys, Schellenberg Wittmer
whoswholegal.com/thought-leaders
Peter F McLaughlin, Burns & Levinson LLP
Peter Brown, Peter Brown & Associates PLLC Jenna F Karadbil, Law Office of Jenna F Karadbil, P.C. Dov H Scherzer, Polsinelli PC Lisa Sotto, Hunton Andrews Kurth LLP Alan Sutin, Greenberg Traurig LLP William A Tanenbaum, Moses & Singer LLP Miriam Wugmeister, Morrison & Foerster LLP
19
Thought Leaders in Data 2022 | Information Technology Albania
Shpati Hoxha, Hoxha, Memi & Hoxha
Argentina
Diego Fernández, Marval O'Farrell Mairal
Australia
Philip Catania, Corrs Chambers Westgarth
Austria
Axel Anderl, DORDA Rechtsanwälte GmbH Johannes Juranek, CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH Roland Marko, Wolf Theiss Wolfgang G Tichy, Schoenherr Attorneys At Law Stephan Winklbauer, Aringer Herbst Winklbauer Rechtsanwaelte
Belgium
Steven De Schrijver, Astrea • Q&A Geert Glas, Allen & Overy LLP Hans Graux, time.lex CVBA Christopher Kuner, Wilson Sonsini Goodrich & Rosati Geert Somers, time.lex CVBA Erik Valgaeren, Stibbe Patrick Van Eecke, DLA Piper UK LLP Gerrit Vandendriessche, ALTIUS Thomas Vinje, Clifford Chance LLP
Brazil
Paulo Marcos Rodrigues Brancher, Mattos Filho Renato Opice Blum, Opice Blum, Bruno, Abrusio e Vainzof Advogados Associados
Bulgaria
George Dimitrov, Dimitrov Petrov & Co Desislava Krusteva, Dimitrov Petrov & Co
Canada Ontario
Richard Austin, Deeth Williams Wall LLP
20
Directory
Wendy Gross, Osler Hoskin & Harcourt LLP Mark S Hayes, Hayes eLaw LLP Donald B Johnston, Aird & Berlis LLP Lisa R. Lifshitz, Torkin Manes LLP Peter Ruby, Goodmans LLP Barry B Sookman, McCarthy Tétrault LLP George S Takach, McCarthy Tétrault LLP Amy-Lynne Williams, Deeth Williams Wall LLP
Quebec
Sunny Handa, Blake, Cassels & Graydon LLP Charles S Morgan, McCarthy Tétrault LLP
Czech Republic
Robert Nešpůrek, HAVEL & PARTNERS, Attorneys-at-law Richard Otevřel, HAVEL & PARTNERS, Attorneys-at-law
Denmark
Niels M Andersen, Bech-Bruun Niels Christian Ellegaard, Plesner Advokatpartnerselskab Tue Goldschmieding, Gorrissen Federspiel Jette Hessellund Lauridsen, Kromann Reumert Ole Horsfeldt, Gorrissen Federspiel Lau Normann Jørgensen, Bird & Bird Advokatpartnerselskab Mads Nygaard Madsen, Horten Søren Skibsted, Kromann Reumert
England
Paul Barton, Fieldfisher Susan Barty, CMS Cameron McKenna Nabarro Olswang LLP Roger Bickerstaff, Bird & Bird LLP Robert Bond, Privacy Partnership Law Rob Bratby, Bratby Law John Buyers, Osborne Clarke LLP Michael Chissick, Fieldfisher
Daniel P Cooper, Covington & Burling LLP Toby Crick, Bristows LLP Marc Dautlich, Bristows LLP Sam De Silva, CMS Cameron McKenna Nabarro Olswang LLP Robbie Downing, Baker McKenzie Hazel Grant, Fieldfisher Paul Hinton, Deloitte Legal Chris Holder, Bristows LLP Steve Holmes, Baker McKenzie Richard Kemp, Kemp IT Law Phil Lee, Fieldfisher Amanda Lewis, Dentons Vanessa Marsland, Clifford Chance LLP Christopher Millard, Bristows LLP Nigel Miller, Fox Williams LLP Jeremy Morton, Temple Bright Deirdre Moynihan, Kemp IT Law Diane Mullenex, Pinsent Masons LLP David Naylor, Wiggin LLP Jeremy Newton, Technology Law Alliance Cynthia O'Donoghue, Reed Smith LLP Michael Peeters, DAC Beachcroft LLP Danny Preiskel, Preiskel & Co LLP Harry Small, Baker McKenzie Graham Smith, Bird & Bird LLP Simon Stokes, Blake Morgan Rob Sumroy, Slaughter and May Daniel Tozer, Harbottle & Lewis LLP Eduardo Ustaran, Hogan Lovells International LLP Joanne Vengadesan, Penningtons Manches Cooper LLP Mark Watts, Bristows LLP
Finland
Sakari Aalto, Merilampi Attorneys Ltd Arto Linnervuo, Roschier, Attorneys Ltd Topi Lusenius, Inventio Attorneys Ltd Jesper Nevalainen, Hannes Snellman Attorneys Ltd Mika Puittinen, Krogerus Samuli Simojoki, Borenius Attorneys Ltd Martin von Willebrand, HH Partners, Attorneys at law, Ltd
France
Alain Bensoussan, Lexing Alain Bensoussan Avocats Claire Bernier, ADSTO Alexander B Blumrosen, Polaris Law Florence Chafiol, August & Debouzy Raphaël Dana, Dana Avocats Béatrice Delmas-Linel, Osborne Clarke Thierry Dor, Gide Loyrette Nouel AARPI Christiane Féral-Schuhl, Feral-Schuhl / Sainte-Marie Bradley Joslove, Joslove Digital Law Stéphane Lemarchand, DLA Piper Benjamin May, Aramis Alexandra Neri, Herbert Smith Freehills LLP Fabrice Perbost, Harlay Avocats Mahasti Razavi, August & Debouzy Marie-Hélène Tonnellier, Oyat Law
Germany
Peter Bräutigam, Noerr PartGmbB Isabell Conrad, CSW Rechtsanwälte Alexander Duisberg, Bird & Bird LLP Christian Frank, Taylor Wessing PartG mbB Axel Funk, CMS Hasche Sigle Detlev Gabel, White & Case LLP Malte Grützmacher, CMS Hasche Sigle Sven-Erik Heun, Bird & Bird LLP Thomas Heymann, Covington & Burling LLP Marc Hilber, Oppenhoff & Partner Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB Peter Huppertz, Hoffmann Liebs Partnerschaft von Rechtsanwalten mbB Niko Härting, HÄRTING Rechtsanwälte Philip Kempermann, Heuking Kühn Lüer Wojtek Lars Lensdorf, Covington & Burling LLP Jan Geert Meents, DLA Piper Flemming Moos, Osborne Clarke Matthias Nordmann, SKW Schwarz Rechtsanwälte Matthias Orthwein, SKW Schwarz Rechtsanwälte Andreas Peschel-Mehner, SKW Schwarz Rechtsanwälte Fabian Reinholz, HÄRTING Rechtsanwälte Daniel Rücker, Noerr PartGmbB Stefan C Schicker, SKW Schwarz Rechtsanwälte Martin Schirmbacher, HÄRTING Rechtsanwälte
Michael Schmittmann, Heuking Kühn Lüer Wojtek • Q&A Jochen Schneider, CSW Rechtsanwälte Philipp Schröder-Ringe, HÄRTING Rechtsanwälte Stefan Schuppert, Hogan Lovells International LLP Thomas Thalhofer, Noerr PartGmbB Stefan Weidert, Gleiss Lutz Jörg Wimmers, Taylor Wessing PartGmbB
Macedonia
Igor Aleksandrovski, Apostolska, Aleksandrovski & Partners
Mexico
Juan Daniel Rodríguez Cardoso, Rodríguez Rueda SC
Netherlands
Tamás Gödölle, Bogsch & Partners
Herald Jongen, Greenberg Traurig LLP Judica Krikke, Stibbe Quinten Kroes, Brinkhof NV Wouter Seinen, Baker McKenzie Amsterdam NV Reinoud Westerdijk, Kennedy Van der Laan Patrick Wit, Kennedy Van der Laan Eliane de Vilder, Brinkhof NV Polo van der Putt, Vondst Advocaten NV
India
Norway
Hong Kong
Gabriela Kennedy, Mayer Brown Gordon A Milner, Morrison & Foerster LLP
Hungary
Probir Roy Chowdhury, JSA Pavan Duggal, Pavan Duggal Associates Stephen Mathias, Kochhar & Co Rahul Matthan, Trilegal Nikhil Narendran, Trilegal Sajai Singh, JSA
Ireland
Maureen Daly, Beauchamps Wendy Hederman, Mason Hayes & Curran LLP Philip Nolan, Mason Hayes & Curran LLP John O'Connor, William Fry Pearse Ryan, Arthur Cox LLP
Israel
Naomi Assia, Naomi Assia & Co Law Offices David Mirchin, Meitar Law Offices Haim Ravia, Pearl Cohen Zedek Latzer Baratz
Italy
Ernesto Apa, Portolano Cavallo Domenico Colella, Orsingher Ortu Avvocati Associati Laura Liguori, Portolano Cavallo Francesco Portolano, Portolano Cavallo Italo de Feo, CMS Adonnino Ascoli & Cavasola Scamoni
Japan
Takashi Nakazaki, Anderson Mori & Tomotsune
whoswholegal.com/thought-leaders
Nils Kristian Einstabland, Advokatfirmaet Selmer AS Kristian Foss, Bull & Co Arve Føyen, Advokat Arve Føyen Ståle L Hagen, Advokatfirmaet Selmer AS Rolf Riisnæs, Wikborg Rein Advokatfirma AS Espen A Werring, Advokatfirmaet Thommessen AS
Poland
Mikołaj Sowiński, Sołtysiński Kawecki & Szlęzak
Portugal
Magda Cocco, VdA Jaime Medeiros, Coelho Ribeiro e Associados Mónica Oliveira Costa, Coelho Ribeiro e Associados Daniel Reis, DLA Piper Fernando Resina da Silva, VdA
Scotland
David Flint, Inksters Solicitors David Gourlay, MacRoberts LLP Valerie Surgenor, MacRoberts
Serbia
Uroš Popović, Bojović Drašković Popović & Partners
Singapore
Joyce A Tan, Joyce A Tan & Partners LLC
21
Slovenia
Andrej Kirm, Kirm Perpar
Spain
Belén Arribas Sánchez, Andersen Tax & Legal José Ramón Morales, Garrigues Carlos Pérez, Ecija
Sweden
Henrik Bengtsson, Advokatfirman Delphi Eva Fredrikson, Advokatfirman Vinge Johan Kahn, Advokatfirman Kahn Pedersen Agne Lindberg, Advokatfirman Delphi Hans Nicander, Nicander Advokatbyrå AB Peter Nordbeck, Advokatfirman Delphi Jim Runsten, Synch Erica Wiking Häger, Mannheimer Swartling
Switzerland Berne
Ursula Widmer, Dr Widmer & Partners, Attorneys-At-Law
Vaud
Jürg Schneider, Walder Wyss Ltd
Zug
Nicole Beranek Zanon, HÄRTING Attorneys-at-law Ltd Carmen De la Cruz, LEXcellence AG • Q&A
Zurich
Rolf Auf der Maur, VISCHER AG Nicola Benz, MLL Legal • Q&A Lukas Bühlmann, MLL Legal • Q&A Gianni Fröhlich-Bleuler, Gianni Fröhlich-Bleuler Rechtsanwalt
22
Directory
Clara-Ann Gordon, Niederer Kraft Frey Ltd Michael Isler, Walder Wyss Ltd Christian Laux, LAUX LAWYERS AG Roland Mathys, Schellenberg Wittmer Lukas Morscher, Lenz & Staehelin • Q&A Peter K Neuenschwander, Suffert Neuenschwander & Partner Mark A Reutter, Walder Wyss Ltd Alexander Schmid, epartners Attorneys-at-Law
Turkey
Ceylin Beyli, CBL Law Office
USA
California
Ian C Ballon, Greenberg Traurig LLP Morgan Chu, Irell & Manella LLP William Sloan Coats, Independent Gordon K Davidson, Fenwick & West LLP Lothar Determann, Baker McKenzie LLP David L Hayes, Fenwick & West LLP Stephen N Hollman, Business & Technology Law Group Ronald L Johnston, Arnold & Porter Robert G Krupka, Krupka Law Group PC Heather J Meeker, O'Melveny & Myers LLP Stuart P Meyer, Fenwick & West LLP Rajiv P Patel, Fenwick & West LLP Mark F Radcliffe, DLA Piper LLP (US) Denis T Rice, Arnold & Porter William I Schwartz, Morrison & Foerster LLP
District of Columbia
Edward R McNicholas, Ropes & Gray LLP Robert Stankey, Davis Wright Tremaine LLP
Georgia
Diana J P McKenzie, Hunter Maclean Exley & Dunn PC
Illinois
Kenneth K Dort, Faegre Drinker Thomas J Smedinghoff, Locke Lord LLP Robert M Weiss, Barnes & Thornburg LLP
New York
David Bender, Law Office of David Bender William B Bierce, Bierce & Kenerson PC Peter Brown, Peter Brown & Associates PLLC John F Delaney, Perkins Coie LLP Jenna F Karadbil, Law Office of Jenna F Karadbil, P.C. Rory J Radding, Mauriel Kapouytain Woods LLP Richard Raysman, Holland & Knight LLP Harry Rubin, Kramer Levin Naftalis & Frankel LLP Dov H Scherzer, Polsinelli PC Lisa Sotto, Hunton Andrews Kurth LLP Alan Sutin, Greenberg Traurig LLP William A Tanenbaum, Moses & Singer LLP Miriam Wugmeister, Morrison & Foerster LLP
Pennsylvania
Sandra A Jeskie, Duane Morris LLP
Washington
Miriam Farhi, Perkins Coie LLP
THOUGHT LEADERS
Data Experts
Jason Coyne
Kroll
London www.kroll.com jason.coyne@kroll.com Tel: +44 7976528324
Biography Jason Coyne is an expert information technology (IT) and digital forensics consultant with over 30 years’ experience spanning government, telecommunications, manufacturing, healthcare, energy, wholesale and distribution, retail, and gaming. He specialises in the forensic examination of system delivery performance, digital evidence, discovery compliance and intellectual property (IP) matters. Jason has testified in the Technology and Construction Court (TCC) as well as various high courts, criminal courts and international arbitrations. It is said that Jason has the rare ability to simply explain complex technical systems.
24
Data Experts
Describe your career to date.
I started my professional career as a computer systems developer, writing code for business control and accounting systems. This progressed into systems design and business process re-engineering. It was during this time that I started to discover the different technology project failure modes. In 2000 I set up a consultancy to focus on smart technology procurement to avoid the project failure modes that I had observed. During this time I was approached to act as expert witness in several technology disputes.
about the business change and user adoption of technology – rather than the technology itself. But more recently, the years of work that my team and I put into the Post Office Horizon investigation for Alan Bates and the Justice for Postmasters. The range of different systems, telecommunications and technologies employed within Horizon was far reaching. Being the preferred expert after being cross-examined for four days in the high court was exhilarating.
video conferencing and document creation. Many of the digital forensic tasks run for many hours of system processing until results can be observed so having the ability to start a process, have an early dinner with the family and check back in to see the results or start another process later in the evening has really reduced investigation timeframes – which is often key in IP and white-collar investigations.
‘computer expert’ on a dispute, but that is less effective when looking at enterprise systems because there are usually many potential lines of enquiry which benefit from multiple team members with different specialisms. We have developed very good processes and standardised tools for mapping reoccurring elements such as timelines, roles and responsibilities, change control, impact analysis, etc., which typically feature in many disputes.
data centres across the globe featuring full service digital forensics, data analytics and litigation support services catering for the most popular jurisdictional data regulations.
How do you expect the expert services practice at Kroll to From a disputes resolution develop over the coming years standpoint, how do you effec- in response to rapidly changing tively coordinate on cases when data regulations? What is it about IT and digital working alongside experts with I’m now a managing director in Kroll’s forensics consultancy that you other areas of expertise? data insights and forensics division and enjoy most? In the early days I was often the only before the end of 2022 we will have nine It’s the detail at the low level, in the zeros and ones. Understanding how the systems operate and then observing the layers of data created during their operation continues to fascinate me.
What qualities make for a successful data expert?
I believe it’s experience in a wide range of systems, with underlying engineering principles. Whilst much can be gained from the theory and teachings, you must roll your sleeves up and start taking elements apart.
What challenges has the shift to remote working preLooking back over your career, sented from a digital forensic what has been the most inter- standpoint? esting case you have been a I have found that the team is more efficient part of? working remotely for at least 80 percent of NHS patient records was a very interesting investigation, because it was as much
What advice would you give to someone starting out in expert consultancy?
Start slow, don’t take on too many matters concurrently. Whilst the dispute process is often projecting 18 months into the future, there are many phases where expert input is required and your agility to consider and turn around interim opinions will be tested.
the time. We have very good collaboration tools for evidence management, team chat,
Peers and clients say: “Jason has a great depth of expert knowledge in the data sector” “He has the ability to focus in on the key issues even in very complex matters” whoswholegal.com/thought-leaders
25
Erick Gunawan
BRG
Singapore / Sydney www.thinkbrg.com egunawan@thinkbrg.com Tel: +65 8726 6489 | +61 2 8005 0707
Biography Erick Gunawan is the head of BRG’s e-discovery and forensics practice in Asia–Pacific. He has over 18 years of experience in computer forensics, compliance investigations, crypto tracing and investigations, dawn raid readiness, eDiscovery, and management of document review in both contentious and non-contentious matters. Mr. Gunawan is a testifying expert in the area of computer forensics and e-discovery and has sworn in Australia, United Kingdom, United States and most recently Grand Cayman courts. He is a certified Legal Lean Sigma practitioner and holds various computer forensics accreditations.
26
Data Experts
What inspired you to pursue a career as a data expert?
I got into the e-discovery and computer forensics industry by chance, working as a programmer in one of the leading data mining companies in Sydney in the early 2000s. Let’s be honest, no kid would grow up thinking that they wanted to be an e-discovery expert! Having dealt with large amounts of data day in and out made me think that there was so much potential in terms of managing, grouping, transforming and presenting data in a more accessible format. I have remained in the industry ever since and worked with a number of legal and consultancy firms, trying to help clients and colleagues to find ways to collect, process and present data in the most useful ways.
Looking back over your career, what is the most memorable case you have been a part of?
My first ever court attendance is when I was working with a law firm as an analyst and I spent my first day setting up around 10 laptops and monitors in the courtroom for one of the hearings of one of the biggest media disputes in Australia. I also had the privilege to deliver trolleys of paper boxes containing court bundles into the courtroom for the same matter. I was thinking, surely a lot of these papers could have been digitised and stored as files for barristers and legal teams to view on screen when they are in court. It would have been a much better use of their laptops than just checking their emails! Funnily enough, that case turned into an electronic proceeding about six months later, and I had the opportunity to be part of a team that worked on one of the first court cases in the country, delivered fully electronically.
What challenges has remote working presented to your forensic technology practice?
Performing forensic data collection remotely can present challenges,
especially in cases where target custodians are uncooperative. Since mid-2020, my team and I have developed various in-house technologies to conduct remote collection sensibly and with minimal interaction required from the receiving end. This includes deployment of automated searching and extraction technology targeting specific evidence on an individual’s devices and development of connectors to various email servers to allow a mass collection of email data with just a press of a button.
your report and the actual deposition. You want to ensure you are prepared to answer any questions that might arise regarding your qualifications. Visual aids can also be helpful for the audience to understand complex issues that otherwise cannot be explained clearly in words. Practice with example scenarios, including both those that support and contradict your arguments, and present answers in a succinct and clear manner. Practice your body language in front of a mirror and always portray confidence!
How have the roles of corporate counsel evolved over the past few years in the context of litigations and investigations?
As the head of BRG’s e-discovery and forensics practice, what are your main priorities for the next five years?
Corporate clients are becoming more aware of how new technologies can ease litigation costs, such as tools that cut down review timeframes. Instead of junior lawyers racking up billable hours manually reviewing documents, corporate clients are asking law firms for innovations in this area. Consequently, law firms are taking on risk, developing new tools and hiring innovation managers to incorporate technology for these processes. Corporate counsel are increasingly focused on legal operations rather than providing legal advice. They work constantly with other business units within the organisation and sometimes even project manage the whole data collection and document review processes. This workflow makes robust data governance even more critical, ensuring efficient data identification and retrieval exercises in the event of a litigation or regulatory response.
How do you effectively prepare for testimony?
I started the practice back in 2020 right at the start of the pandemic. The support from our clients and the wider BRG network has been fantastic. We have since invested heavily in expanding our technology capabilities to include remote collections, crypto investigations, and virtual hearings. We have also expanded our e-discovery hosting footprints in Australia, Hong Kong, Singapore and mainland China. We are also increasing our investment in our forensic accounting capabilities, which allows ourselves to deliver end-to-end investigation services, also with our valuation and damages experts on the dispute side. I also see us continuing to grow our regional footprints in APAC, with Japan and Korea being the key priorities.
What has been the best piece of advice you’ve ever received?
Build and nurture your relationships early in your career as your network will grow with you.
Obviously, a thorough understanding of the matter is essential but there are other key areas that are equally important. Ensure your CV is up to date and accurate! Often, there is a delay between when you write
Peers and clients say: “Erick provided excellent practical, timely and commercial solutions on e-discovery issues” “He has strong customer engagement skills and very strong technical skills” “He has dedication to his clients and the ability to engage directly with clients” whoswholegal.com/thought-leaders
27
Paul Jackson
Kroll
Hong Kong www.kroll.com paul.jackson@kroll.com Tel: +852 2884 7763
Biography Paul Jackson is the regional managing director for Kroll’s cyber risk practice in Asia Pacific. Starting his career in APAC, Paul has more than 30 years of service in some of the region’s highest levels of law enforcement such as the Hong Kong Police Force and Interpol, and corporate enterprise, where he has earned a stellar record of achievement as a cyber security practitioner, strategist, and thought leader.
28
Data Experts
What motivated you to pursue a career in cyber security?
As a police officer with an engineering background, the changing world in the mid-90s made me realise that everything was moving towards digital. This brought with it huge shifts from a security perspective as criminals sought to exploit the new ways of working and communicating. These challenges certainly motivated me to learn how to respond and adapt to the dynamic new environment.
What is it about working in cyber security that you enjoy most?
Nothing in cyber stays the same for long. Staying ahead of the curve means never being complacent and constantly adapting, which never fails to keep life interesting!
What are the biggest data How do you see your practice threats your clients currently developing over the next five face, and how are you helping years? tackle them? The complexities of cyber security mean The biggest threats today are the unknowns. Cyber risks and criminal ingenuity are developing at such a rapid pace that the most overlooked component of any defence is the human component. The software/hardware solutions alone are not the answer. Building this all into an effective governance program with monitoring and detection at the core is something that we do to help our clients achieve a sustainable security posture. Lastly, ensuring that plans are in place for managing potential incidents is key. We assist clients by helping to assess and test their plans and by providing external incident response retainers to ensure that the impact of any breach is minimised.
that an increasing number of companies are turning to practices such as those at Kroll to help build, assess and test programs. This is regardless of whether there is already an in-house capability as validation is key. Boards and executives are aware that one person (or even a small team) cannot know everything, and external expertise is critical. This is where the biggest growth will take place.
The introduction of new regulations and laws (especially around data protection and privacy) has meant rapid change over the past few years, and the respective authorities are gradually getting to grips with their enforcement. This in turn drives greater corporate responsibility and is having a positive effect on a more proactive approach to cyber security with increased leadership involvement.
My proudest achievement has always been building world class teams. Firstly, in the Hong Kong Police, then in JP Morgan which is still regarded as the gold standard in corporate cyber investigations, and now with the APAC leading team in Kroll.
What advice would you give to someone starting out in cyber security? Experience is everything. No course or training can properly prepare you, so find opportunities wherever possible to do internships and learn as much as possible. Never expect to be spoon-fed and demonstrate that you are self-motivated via your own research projects!
How has the role of a cyber specialist changed since you started your career? In a global environment of The past three decades since I became increased data regulation involved in cyber security and investiga- and legislation, what does tion have seen enormous changes. Whilst increased levels of enforcetechnology was limited in the early days, so ment from authorities look Looking back over your career, were the tools and training, so early cyber like from your stance as an what has been your proudest specialists had to do their own research and expert? achievement? development of skills. The modern cyber environment is of course far more complex, but with that, the training, certifications, tools and techniques have also evolved, so today’s specialists no longer need to develop their skills alone. The benefits of this are that cyber specialists have access to a huge pool of resources. The downsides are that it reduces the motivation to research and truly understand what is going on under the hood of tools used for security and investigation.
Peers and clients say: “I highly recommend Paul’s data expertise” “He’s a true expert” whoswholegal.com/thought-leaders
29
David Kalat
BRG
Chicago www.thinkbrg.com dkalat@thinkbrg.com Tel: +1 (312) 429-7907
Biography David Kalat is a professional investigator and a testifying expert in information science and electronic evidence. His work includes digital forensics, data analytics, and information security. Mr. Kalat is a certified fraud examiner, certified computer examiner, certified information systems security professional, certified telecommunications analyst, and a licensed private detective. Mr. Kalat has been qualified as an expert in electronic evidence and digital forensics in civil and criminal matters in state and US federal courts.
30
Data Experts
What motivated you to specialise a career as a data expert?
Data analysis and digital forensics satisfy my puzzle-solving interests. I’ve written before about how the game “Wordle” is derived from information theory, and in the same way that people start their days with a spark of joy playing Wordle, I get a continual thrill from working through the puzzles of complex analytics to solve my clients’ problems.
users. Whatever high-tech solutions are deployed at an enterprise level to create a digital moat around an impenetrable fortress, we still give individual users inside that “castle” the ability to let strangers in the door. So we have this paradox where businesses are expected to protect individual personal data and individual persons are expected to protect business data. There’s an imbalance in that equation that still needs to get worked out.
In what ways has AI affected What do clients look for in an “entropy” in data analytics? effective data expert in today’s The challenge that AI brings is that increas- environment? ingly data is generated and/or processed by intelligent systems through what is functionally a “black box” about which we know little. Because so much of data analysis in civil consulting is concerned with making deductions about how systems work, this lack of transparency is problematic. I’m reminded of the famous cartoon by Sidney Harris where a scientist has written out a complex equation on a blackboard but the middle of the equation is just “then a miracle occurs.”
A lot of what we now think of as the field of data expertise was codified in the 2007 revisions to the Federal Rules of Civil Procedure and the creation of explicit expectations with respect to electronically stored information. Back in those “good old days” the landscape of data systems was more uniform and predicable than what we face today. To be a data expert today means being an expert in an ever-evolving environment of new technologies and unfamiliar platforms. Clients are looking for someone who can make sense out of that chaos, and keep the unique technological anomalies of each case from getting in the way.
How has the notion of data privacy and cybersecurity from the regulators’ perspective developed over the past decade? What challenges has the There’s a really interesting tension between shift to remote working predata privacy and cybersecurity right now. sented from a digital forensic On the one hand, regulatory pressure has standpoint? increased on businesses to responsibly manage the personal data in their care—to minimise collecting personal data, limit the ways it is exploited, and so on. On the other, businesses face cybersecurity risks that are significantly influenced by individual
The shift to remote working corresponded to a shift to remote collections, which are actually more burdensome on the clients and individual subjects. In an on-site data collection scenario, the technologist is solely responsible for preserving
the subject’s devices. In a remote collection scenario, however, the technologist is far from the device and dependent on the subject to perform any hands-on interactions. This is asking a lot of subjects, who are not always comfortable with even fairly simple technical tasks.
How would you like your practice and skills to develop over 2022-2023?
I have described my practice as being a digital fireman - I am there to limit the consequences of an existing crisis. I am excited to have the opportunity now to also assist in information governance and data privacy compliance to help clients avoid the crises in the first place. It is a very different mindset, and it will take some getting used to, but I am excited about how this change in perspective will expand my skills.
What is the best piece of advice you’ve ever received?
I am especially fortunate to have been around many people wiser than me, whose guidance and insight have helped at many critical junctures. Of all those inspirational figures, my son is the wisest and most mature person I’ve ever known. As an endurance athlete and a two-time competitor on behalf of Team USA at the World Triathlon Championship, he has quite literally been knocked down time and again. He once said that if you’re not being bandaged in the medical tent for a grisly injury, you’re not getting your money’s worth for your race fee. I think that’s a fabulous outlook. If you’re not facing adversity, pain, and loss in life, you’re not getting your money’s worth.
Peers and clients say: “David keeps his focus on the project goal and is a practical problem solver and effective manager” “His demeanour is highly credible in deposition and in the courtroom” “He is a well-rounded subject matter expert, combining technical knowledge, communication skills, project management and practical problem solving” whoswholegal.com/thought-leaders
31
Richard Kershaw
Deloitte
Hong Kong www.deloitte.com rwkershaw@deloitte.com.hk Tel: +852 2740 8808
Biography Richard is a partner in Deloitte’s forensic practice, where he leads the forensic technology team in China. He also supports the discovery practitioners in Japan. He specialises in technology strategies for complex investigations and disputes and policy frameworks for information governance and security. His primary focus is the life science and healthcare sectors and he also has experience assisting technology and media companies responding to litigation and regulatory enquiries.
32
Data Experts
What do clients look for in an effective data and e-discovery expert?
In China, our clients could be described as being in two very different situations. We have multinational corporations, who usually require digital forensics and e-discovery in the context of their internal investigations portfolio. They are looking for in-country technology capabilities and credible experience from practitioners. To them, understanding of the types of issues which face their industry in China is important, combined with language-enabled technology enablers, both of which are critical for efficient and complete investigative review. Our other client group is Chinese companies with global operations, sometimes overseas listed, who are involved in (primarily US) litigation. They are usually new to the requirements of a discovery process and are looking for guidance and help to minimise impact on their operations, ensure the security of their data and for us to be able to speak the same language technically as their offshore external counsel.
What are the advantages and disadvantages of having a global practice?
Certainly we live in a world of sometimes conflicting regulatory obligations, not least laws on data residency and data protection. Having data centres in key global locations helps clients and counsel conduct review onshore, which helps mitigate some of those challenges, as does our ability to
report on data overlap between document populations in multiple locations. In addition to data centres, we also have digital forensic labs from which we can deploy in many jurisdictions around the world, without the need to fly in – which in this era of covid-19 has been more of a logistical benefit than a pure cost consideration. It is also a considerable advantage having colleagues well experienced in language and local considerations. In terms of challenges, because we are large and global, inevitably sharing knowledge, tips and techniques in a timely way is something we actively need to consider. Also, our coverage does mean we get to work on large, multi-jurisdictional cases, which means multiple time zones and so often calls early morning and late at night. Making sure we manage our team and keeping an eye out for burnout, is very important.
In your experience, how are restrictions arising from covid-19 affecting the investigation process?
Getting data got harder. Our forensic tech teams are based in Hong Kong and Shanghai. We were unable to travel from Hong Kong to southern China and there were periods we could not travel to certain areas within the PRC even from Shanghai. Some clients had the option of collecting from their enterprise sources, but even then, if their offices were closed, nobody could put data onto physical media to ship to us. We have been working with clients on better ways to collect and transmit data,
which in turn has led to opportunities to discuss efficiencies both from a process and an automation perspective.
In your experience, how has the trend towards home and virtual working affected clients? We see three areas clients need to consider when considering home or remote working: obtaining data for investigations, data exfiltration and external cyberattacks. If staff are working from home and their data is needed for an investigation, that needs to be considered in the triage process: do we have sufficient data from enterprise sources? If we need the endpoint, can we ask them to come in and what are the risks associated? If we want to use network forensic tools, how are the staff connecting to the network and can the enterprise forensic tool “see” data through that connection? Similarly, if an organisation is allowing remote access, is that limited to specific endpoint devices which they can monitor and control? And finally, we have seen cyberattacks trying to exploit the home working trend, and as ever, training (and pre-planned steps to respond quickly) are key here.
What are your personal objectives as the world reopens after covid-19?
During this long year or so of no travel, I have had the opportunity to go hiking in Hong Kong’s many and varied islands and parks. I very much hope to continue doing so.
Peers and clients say: “Richard has long-standing expertise in this area” “He is an exceptional practitioner who really knows what he’s doing” whoswholegal.com/thought-leaders
33
Shelly Mady
Ankura
New York www.ankura.com shelly.mady@ankura.com Tel: +1 646 291 8527
Biography Shelly Mady is a senior managing director in Ankura’s New York office and brings over 13 years of experience leading complex forensic data analytics engagements in response to regulatory driven investigations and litigation. Shelly has led and supported teams in a variety of cases involving sales reporting practices, improper financial disclosures, vendor kickbacks and improper payments, sanctions violations, trading improprieties, and FCPA investigations and monitorships. In addition, Shelly has led the development of continuous monitoring analytics and protocols for internal audit and compliance teams across a variety of industries.
34
Data Experts
What do you enjoy most about acting as a data expert?
I enjoy many aspects of the work I do as a data expert. In the reactive nature of the work that I do, I love using data to put the pieces of the puzzle together. To solve these problems, it requires more than just using data, but thinking through processes, how information is captured, what is the source of truth and identifying the “right” data. I find it exciting to put the fact patterns together to bring understanding and clarity to my client teams. With the proactive and strategy work that I do, I love to see information come together to tell a story or drive business decisions. Information can be extremely powerful when used appropriately and I enjoy helping companies realise the potential of the data that they capture. Data is everywhere and can be used at companies of all sizes and across industries. I appreciate the opportunity to work across a diverse range of companies to achieve varied goals and objectives.
What common pitfalls are you seeing when companies strive to build a data-driven culture and how might they be overcome?
The proliferation of data over the last decade has forced companies to recognise the power of data to inform decisions and drive value across the organisation. At the same time, tools and technologies are advancing rapidly driving many companies to request advancements such as process
automation and machine learning/artificial intelligence in their organisation. A few common pitfalls that I have observed include 1) lack of organisational buy-in, 2) business needs not clearly defined, and 3) unrealistic expectations. A data-driven culture is influenced by the tone at the top. Without proper organisational support, it will be hard to achieve the proper results because a data shift requires monetary and resourcing needs. Additionally, a data-driven culture requires a partnering of the IT/technical elements to business operations. Understanding the business needs and objectives and clearly defining goals and use cases with realistic timelines is important for the success of your data program. Furthermore, it is important to start with an understanding of your company’s IT landscape and data maturity; what information is currently being captured, the locations of your data, and how data is currently utilised. Even though predictive analytics, AI/ML may sound intriguing it is important to start with the basics and ensure data is harmonised and the quality is sound. Focus on the low hanging fruit. Even the centralisation and aggregation of information in itself can create significant value for an organisation.
How does Ankura distinguish itself from the competition?
Ankura distinguishes itself from the competition in its approach, flexibility, innovation and collaboration. Ankura seeks to provide the best expert(s) for the project
need. The firm does not throw bodies at a problem but rather focuses on bringing deep subject matter expertise to advise and support. From a data and technology perspective, Ankura is flexible in the tools and methods used and works with our clients to find the best fit across all factors (infrastructure, cost, etc.), as a result, our professionals have experience with a wide array of tools and technologies so that we can deliver the best job possible. The need for innovation and creative thinking is built into our company’s fibres and consistent knowledge sharing is the foundation of our innovative mindset. Our approach is to never settle and to be forward-thinking for our clients. The cross-border and business group collaboration has, in my opinion, stood out in comparison as we are working together with our diverse experiences in order to deliver our best.
What is the best piece of advice you’ve ever received?
When faced with multiple tough decisions, the worst decision is not making one at all. The best you can do is to trust yourself to make an informed decision based on what you know/gathered. Regardless of the outcome, you can always make a change. This was recent advice I received from a mentor in the industry and, in my opinion, can be applied in multiple scenarios whether it be a business or personal decision one may be encountering. Nothing is final and making an informed decision is better than making no decision at all.
Peers and clients say: “She is a clear leader” “Shelly is clearly an expert in interpreting and visualising data” “She is direct in her communication and quickly grasps the subject matter of the case” whoswholegal.com/thought-leaders
35
Christopher Raske
Kroll
Manchester www.kroll.com chris.raske@kroll.com Tel: +44 7551 685693
Biography Chris Raske is a senior director at Kroll, specialising in the analysis of major IT and telecommunications projects. He has worked on some of the largest technology disputes in the world, including the landmark Bates v Post Office trial, and other numerous private and public sector projects across a range of industries. His work involves analysing the causes of delay in technology projects, the fitness for purpose of software applications, and the analysis of source code.
36
Data Experts
Describe your career to date.
I have spent the whole of my career focused on the resolution of problems related to technology. Early on, this meant looking into low-level data relating primarily to governance and project management, requirements/change analysis, and software defect tracking. Later, it meant: (a) advising clients on the root causes of issues, delays, and overspend, and how those issues could be (or should have been) dealt with; and (b) leading teams of specialists to carry out the required analysis on huge sets of structured or unstructured data.
What do clients look for in an effective data expert?
There are two things which clients consistently appreciate: (a) an ability to drive the direction of analysis using a combination of specialist skills and experience, as opposed to simply being instructed to deal with a few specific things which, when the analysis is done, may turn out to be irrelevant; and (b) an ability to communicate effectively with non-specialists.
of industry standard tools, and we also use an in-house development team that can create custom software to deal with almost any type of data and provide otherwise unobtainable insights.
What are some of the most common issues in frustrated IT projects and transformation programmes that clients What advice would you give encounter? up-and-coming practitioners The key issues in technology projects are hoping to one day be in your often human issues. In particular, problems position? with change management, requirements gathering, and inter-party communications arise all the time. For example, customers will sometimes believe that a deliverable is in-scope and will query this with the supplier only to find out that the supplier considers it a change which will increase the overall cost of the project. The answer of course depends on the circumstances in each case. On the more technical side of things, problems with the integration of supplier products and software are very common. Where it arises, we will usually need to focus on defect-tracking systems or review the actual source code itself to identify issues.
What are the biggest data disputes your clients currently face, and how are you helping tackle them? At present, UK data legislation We often find that clients do not know is aligned with EU legislation. what data they should be analysing or even How could this diverge in the seeking. For example, software suppliers near future, and why? and customers (particularly in complex disputes with many subcontractors) will often have multiple management systems for tracking software defects. A legal team may not know to ask for this, and clients may only mention the system that they use for tracking, which can result in the loss of critical information. We are also at a point where datasets on projects are so vast that they cannot be effectively reviewed by humans without the assistance of technology. We use a number
However, this is a double-edged sword because that configurability means that many of these systems are only as good as their implementation. If, for example, a customer cannot properly articulate its requirements, or a supplier is unable to properly implement those requirements, then there will be problems.
This is not an area where I have any particular expertise, so I will leave the law to the lawyers.
What challenges has the shift to remote working presented from an IT and telecommunications standpoint?
This really depends on the business. Modern systems are quite capable of dealing with everyday remote working because they tend to be highly configurable.
This is perhaps a boring answer, but I believe it to be effective: focus on building three things: (1) technical skills; (2) commercial understanding; and (3) effective communication. All of these are equally important, each will take years to achieve proficiency, and you should never “finish” developing any of them.
Looking back over your career, what has been your greatest achievement?
I think the best moments were during a project I worked on a few years ago. I, along with several colleagues, was instructed to analyse a live project that had been suffering from delays and overspend over several years. The parties were locked in numerous commercial disputes and the project was in danger of collapse. Our analysis was used to inform the decisions of both the customer and the supplier and advise them on the correct course of action. Within a matter of months, the system was live and both parties were extremely happy with the results. This process really highlighted the benefits and cost-savings of proactive and forward-thinking dispute management in technology projects, and it is something I hope the industry as a whole will move towards in the coming years.
Peers and clients say: “Christopher has the ability to analyse and understand detailed technical issues” “He has the ability to facilitate difficult discussions and provide direction and clarity” whoswholegal.com/thought-leaders
37
David S Turner
FTI Consulting
Washington, DC www.fticonsulting.com david.turner@fticonsulting.com Tel: +1 202 728 8747; 312 399 1872
Biography David Turner is a senior managing director at FTI Consulting and is based in Washington, D.C. where he leads the data and analytics group for the Americas. For more than 24 years, he has provided consulting services to Fortune 500 clients in the areas of data analytics, focusing on event-based transactions. His concentrations have included complex data acquisition and analysis, dispute resolution, investigation, regulatory and litigation response (including experience with OCC, FCPA and OFAC violations), information technology consulting and business performance improvement.
38
Data Experts
The views expressed herein are those of the author and not necessarily the views of FTI Consulting, Inc, its management, its subsidiaries, its affiliates or its other professionals. FTI Consulting, Inc, including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
What inspired you to pursue a consulting career?
Coming out of the University of Virginia, I wanted a career with a variety of challenges that also provided great flexibility and growth opportunity. My in-person interview with Arthur Andersen was with a partner – who is ironically now a colleague of mine at FTI Consulting – who said that consulting was a tremendous opportunity for someone who wasn’t sure which industry or vocation they wanted to pursue. It turned out that a vocation in consulting was exactly what I wanted, and it has been a lovely match for 24 years. I’ve worked with amazing people and clients, and I have never had the same day twice in all of those years.
What do clients look for in an effective data and technology expert?
Without a doubt, clients are looking for effective communication. Having the technical capabilities to develop and deploy cutting-edge solutions is of critical importance, but being able to explain and defend your analytical approach to attorneys, corporate clients, and regulators is paramount. An analytics solution is only as effective as the method in which the results are presented.
What data trends have been most prominent during the past year?
The volume and variety of new and emerging data that is relevant to a client’s problem is now incredibly massive and complex. That’s been a game-changer – the days of working with a simple transactional dataset are squarely in the rear-view mirror. Being able to explain the “when, where, how, and why” now involves communications, publicly available open source data, and sentiment data, just to scratch the surface. The tools that we need to deploy now must be robust and flexible to be able to tell the story in a multi-dimensional, multi-variable way. Fortunately, I’m surrounded by incredibly talented data
analysts, data scientists, and other domain experts to be able to come to conclusions in an effective and efficient manner.
How have machine learning and artificial intelligence impacted how you approach data analytics and investigations?
AI/ML represent a seismic shift in how we approach problems. Looking at a problem through multi-dimensional datasets is now something we must consider in almost every new case. The convergence of unstructured and structured data has resulted in techniques such as natural language processing and continuous active learning to uncover answers. However, AI/ML are still best defined as one arrow in the quiver – those tools still require a human expert to produce logical and defendable conclusions. AI/ML and related techniques have allowed us to be smarter and more efficient in our analysis – but we have to be careful not to get caught up in the technology, doing analysis simply for its own sake.
What challenges has the shift to remote working presented from a digital forensic standpoint?
Did we face challenges when we shifted to remote work? Yes. However, we were able to quickly expand our methods of data aggregation and confirmation, since almost all forms of data can be collected and accepted securely through online channels. Through validation of the remote process (e.g., screen sharing during backend extractions and remote viewing into an SFTP upload) we have created acceptable custody processes and have substantially increased our efficiencies.
What challenges has the increased volume of data in modern cases posed? How have you ensured you are well equipped to handle them?
Fortunately, the increase in data size and
complexity has been met by the innovation and improvement in our tools and capabilities. Distributed computing and other turbocharged analytics engines have made it possible to collect, index and analyse previously unmanageable volumes. Being able to quickly distil datasets into a manageable size is now something that can be done in a matter of days, allowing us to focus on identifying the problem and developing the sort of visualisations that allow for efficient discussions on case strategy and resolution.
What areas of data risk do you see emerging in the next few years?
Data privacy and cyber incidents are a top concern for me – we have put a tremendous amount of pressure on employees and IT departments to keep their data safe, secure and private. Hackers and scammers are increasingly agile and leveraging some really clever techniques to access entry points and to deploy malware or other intrusive material. It’s great that our team can have work-life balance and get their work done using the Wi-Fi at the local coffee shop, but those situations make me very anxious.
Looking back over your career, what is the most interesting case you have been a part of?
I’ve had the privilege of working on so many fascinating cases over my career, traveling the world, seeing all different companies and cultures, and helping them through business-critical cases. In 2011 I had the privilege of working with the Toyota Motor Corporation serving as an expert for their work regarding issues with sudden acceleration of their vehicles. Managing significant data analytics across a global firm like Toyota and helping them get to a proper resolution for a massively important company issue was truly career-defining for me and for many of the team at FTI Consulting.
Peers and clients say: “My first choice for data and forensic analysis” “He has deep technical expertise” whoswholegal.com/thought-leaders
39
Thought Leaders in Data 2022 | Data Experts Australia
Christopher Hatfield, FTI Consulting
Austria
Werner Konezny, zeb Austria Thomas Schmutzer, KPMG AlpenTreuhand AG
Canada Ontario
Aniket Bhardwaj, Charles River Associates
China
40
Phil Beckett, Alvarez & Marsal Richard Chalk, FTI Consulting Jason Coyne, Kroll • Q&A Craig Earnshaw, FTI Consulting Christopher Raske, Kroll • Q&A Tony Sykes, Kroll
Hong Kong
Paul Jackson, Kroll • Q&A Richard Kershaw, Deloitte • Q&A
Singapore
Erick Gunawan, BRG • Q&A
Stephen Yu, AlixPartners
USA
England
Robert C DeCicco, Alvarez & Marsal
Directory
California
District of Columbia
Anthony J. Ferrante, FTI Consulting David S Turner, FTI Consulting • Q&A
Illinois
David Kalat, BRG • Q&A Cuyler Robinson, Charles River Associates
Massachusetts
Jerry Hausman, MIT
New York
Shelly Mady, Ankura • Q&A Jeffrey Seymour, PricewaterhouseCoopers LLP
events
Visit www.IPBC.com to see our upcoming events schedule.
IAM are excited to continue hosting ground-breaking digital events designed to ensure the IPBC message of sustainable and strategic IP value creation continues to be heard worldwide. Our virtual events portfolio allows for the widest reach of networking, benchmarking and learning opportunities within the IP community. Where it is safe and practical to do so, we plan to host live conferences across key regional markets in 2021 and beyond.
ISSN 2516-1261
