Meet the expert: James Wong to speak at #RISK London

Currently a digital lawyer at Clifford Chance, James’s wealth of sector expertise has seen him help global companies to navigate the opportunities and challenges associated with the Fourth Industrial Revolution. His work covers data protection and privacy, cybersecurity, cloud sourcing, artificial intelligence, the internet of things and the regulation of digital platforms.

Exclusively at #RISK London, James will be leading a panel debate concerning the new threats that organisations are facing this year. The experts will explore how companies can mitigate rapidly evolving data protection and privacy risks.

We caught up with James to discuss this vital issue and to learn more about his professional journey.

Could you describe your career pathway so far?

I work at Clifford Chance in the UK having previously worked in Australia at other law firms. I am part of the Data Protection Mapping Project (dpmap.org), providing an open-source tool for understanding data protection and privacy obligations across borders, and involved in the World Economic Forum’s Global Shapers Community, having previously led the Melbourne Hub. Occasionally I lecture on digital government and regulation at the University of Melbourne.

What privacy and data protection threats are dominating the threat landscape in 2022?

Compliance with data protection regulation across borders is a growing challenge as countries and states within countries introduce new laws. We can expect to see developments relating to digital sovereignty, data localisation, and emerging certification schemes and standards for digital infrastructure.

Some companies are reframing privacy and data protection as an ESG issue. However it is framed, there is increased awareness of the need to work through data-regulatory and ethical issues as part of product design, human resources, public relations, business process design, M&A strategy, political risk, etc. 

Even initiatives seeking to ‘do good’ need to be subjected to a balancing exercise against privacy and data protection imperatives. Ransomware remains a major threat and security of critical infrastructure and is now a key issue. 

Regulatory developments in cyber reflect current geopolitical uncertainty, and we are also seeing changes in the cyber-insurance market as underwriters develop a clearer picture of the risk landscape. 

What are data protection and security professionals doing to combat these threats?

Now that most companies have baseline policies and procedures in place, privacy and security professionals are focussing more on helping companies to ensure that these are embedded and operationalised across the organisation. 

This can be an uphill battle where resourcing is limited and/or where executive leadership does not understand the risks. In some cases, technology solutions to automate and ease aspects of compliance are being explored and implemented. 

Privacy and security professionals can support companies by offering their connectivity to other domain expertise, to ensure that data governance is not siloed within, say, the IT department.

What are the major regulatory changes coming over the horizon for UK organisations?

UK organisations need to start thinking about the likely impacts of the Data Reform Bill (officially, the Data Protection and Digital Information Bill) to their personal data processing activities. 

If passed, this will introduce changes that call for a recalibration of not only the GRC function but customer engagement strategy and data strategy. Other regulatory developments on the horizon include the EU Digital Services Act, EU Digital Markets Act, EU NIS2 Directive, EU ePrivacy Regulation and EU Artificial Intelligence Act.