Cybersecurity incidents and data breach can be an existential risk to a business. The gravity and frequency of cybersecurity incidents have moved cybersecurity to the high priority level of executive concerns. The proliferation of cybersecurity regulations concern all businesses. The cybersecurity team at Tanner De Witt has experienced lawyers, and a professional network, to rapidly respond in a crisis situation to help clients meet multi-jurisdictional regulatory requirements and strategically manage legal risks. We work and collaborate with our clients to provide guidance before an incident to mitigate cyber risk, and support incident response teams prepare for cybersecurity incidents and data breaches. We also advise on cybersecurity regulations in many jurisdictions through the Asia Pacific region (and throughout the world), including those in the PRC, EU and US (working with experienced local counsel that we recommend and instruct).

We are the exclusive law firm member in Hong Kong of PrivacyRules, an international alliance of cybersecurity experts that combines legal, technical, and data related expertise to assist clients globally with a multi-disciplinary and multilingual approach.

We regularly advise on:

  • data breaches and cybersecurity issues, including advice to board directors and C-suite executives and review in guidance of crisis communications
  • enforcement actions, regulatory inquiries, investigations or litigation following a cybersecurity incident or data breach
  • selection, engagement and supervision of technical experts and other key service providers in the incident response
  • issue identification, applicable law assessment, risk and harm assessment, notification assessment, and reporting requirement review
  • information and data collection, chain of evidence protection and preservation of legal professional privilege
  • training, preparation and exercise programmes in respect of incident and breach response
  • policy and plan drafting and reviews in respect of incident and breach response
  • cybersecurity and related laws and regulations in various jurisdictions including the PRC, and in particular their potential and actual impact on business operations


Lawyers in our Cybersecurity team have advised on:

  • rapid response data breach notification advice in respect of a data breach occurring to a global textiles manufacturer and supplier
  • coordinating the global response to a data breach involving multiple jurisdictions occurring to a financial services company
  • establishing a data breach response policy for a global information and communications technology company
  • training the management and employees of a multinational automobile manufacture in how to respond to a data breach
  • various M&A transactions, where the purchaser was interested in assessing the cyber risk associated with the target