Data, Privacy & Cybersecurity

Expertise

We have extensive experience advising on privacy law compliance, cybersecurity, and complex data agreements. Through our diverse global client base and relationships with international law firms, we have particular expertise in international data protection regulation and compliance, and the transfer of data across borders.

We regularly advise on data breaches, including assessing the impact of breaches, advising on notification and mandatory reporting obligations, managing media interest, implementing new information security management programmes, and responding to enforcement actions.

Our lawyers are experts in emerging technologies and emerging data privacy law, including relating to artificial intelligence, biometric technology, and consumer data rights.

‍

Experience

• Regularly advising two large scale, high growth technology companies on data protection terms and data processing agreements across a wide range of SaaS, professional services, and other arrangements. We work closely with each client’s in-house data privacy teams and often provide data protection advice on a cross-border basis.
• Advising a large New Zealand bank on the development and negotiation of agreements to enable its institutional customers to access their bank account data via APIs.
• Advising a major New Zealand supermarket on its trial of facial recognition technology to assist in mitigating increasing risks to the safety and security of staff and customers – the first in New Zealand. This included advising on privacy law compliance, preparing its Privacy Impact Assessment of the proposed technology solution, consultation with New Zealand’s privacy regulator, and advising on the regulatory inquiry initiated by the regulator.
• Advising a regional public transport agency on its participation in a national public transport solution, including on various issues relating to the privacy of passenger data.
• Assisting a major New Zealand broadcaster with the procurement and implementation of a cloud-based customer data platform.
• Advising a global tech business on the use of biometric identification as part of access management to key data centres.
• Advising a major energy company on the launch of a metering app that captured data from electricity meters installed remotely.
• Advising a Chinese vehicle for hire company with over 550 million users on its obligations under New Zealand privacy law and recommendations to update its processes and procedures.
• Assisting a leading global software company (through its UK lawyers) with various matters relating to compliance with New Zealand law, including ensuring that it had appropriate data sharing and data processing agreements in place and that any email or telemarketing activity did not infringe.
• Advising two global technology and medical device companies on reviews of their privacy and data policies to ensure compliance with New Zealand law, including advising on data security and incident management.
• Advising a non-profit organisation that provides the infrastructure, security and support needed to operate the internet domains on the licensing of a new registry system, including updating its terms of service to be compliant with New Zealand privacy and spam regulations.
• Advising a New Zealand based provider of digital ID verification solutions on a comprehensive review of their customer terms, privacy policy and data processing agreement.
• Advising an ASX-listed digital business on the launch of its new open data platform, which allowed customers to build applications that plug in a wide range of business data from multiple integration partners.
• Assisting a global technology company with the launch of a service that serves retail transaction data to financial institutions to enhance customer experience.
• Assisted a leading medtech company with negotiating two critical agreements to enhance its ability to connect users with better healthcare, including advising on data licensing and sub-licensing, data security, ownership of data and derivatives, and the restricted use of data.