My Practice

I’ve been practising law for nearly 25 years, for the majority of them in the privacy, data protection and cyber and data security field. In… Read More

I’ve been practising law for nearly 25 years, for the majority of them in the privacy, data protection and cyber and data security field. In this time I have worked on every kind of project imaginable, for some of the world’s biggest companies and key government departments.  Illustrative projects include:

  • ‘Mobile Wallet’ roll-out for Vodafone, on the Weve joint venture with O2 and EE
  • Roll-out of data loss prevention technologies for Sony
  • Global business transformation for the handling of customer data at Unilever
  • Business-wide ‘data handling review’ for Marks and Spencer
  • Launch of Barclay’s Pingit m-payment service
  • British Gas’ joining of Nectar loyalty scheme
  • Improving data security in the NHS.
  • Data protection audit for BSkyB.

Other clients include McDonald’s, NBC Universal, BNP Paribas, Post Office, NHS England, Public Health England, BBC, Pearson, BSkyB, Cancer Research, Thomson Reuters, EMC, Symantec, HP, Dell, Oracle, Investec, Credit Suisse, News International, Reckitt Benckiser, Department of Transport, Cancer Research, LinkedIn and Orange, to name a few.

A lot of my work is in the cyber and data security space, where I am known for handling big security breaches and the legal fall out, including regulatory investigations, enforcement actions and civil and criminal litigation. Clearly, the details of this work remains confidential, but I trusted by the boards of big business to handle the hardest jobs. Among a list of firsts in this area, I led the legal teams that handled:

  • The first successful appeal against an enforcement notice for data security issued by the Information Commissioner, under section 40 of the Data Protection Act.
  • The first successful defence of criminal proceedings brought by the Commissioner against private detectives for ‘data theft’, under section 55 of the Data Protection Act.
  • The first appeal against a data security fine issued by the Commissioner, under section 55A of the Data Protection Act.
  • The first security audit of a telecommunications company, the Privacy and Electronic Communications Regulations.

I also provide strategic advice to technology companies, on how the law can help them to position their products and services in the market. In 2008 I was named as the Financial Times Legal Innovator of the Year for this work. Over the years I have supported many of the world’s leading technology companies, such as EMC, Symantec, RSA, Dell, HP, Oracle, IBM,  Sophos, Trend Micro and CA with their market positioning, as well as many newer businesses, such as Intralinks, Vormetric, Wave, Mimecast and Imprivata.

In September 2024 I took up practice as a partner at PwC Legal LLP, where I lead the cyber security and data protection practice, which is closely aligned with PwC LLP’s wider offerings in this space and those of the PwC network internationally. As well as handling security breaches, regulatory investigations and litigation, I will provide strategic advisory and consulting services to support business transformations including the implementation of global projects such as ‘Binding Corporate Rules’ and full data protection officer support.