Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

Data Privacy and Cybersecurity: Are You Prepared for the Challenges?

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Community

Offices

Careers

Stay Connected

In an era when data is considered an asset and is processed through a growing number of rapidly developing digital technologies,...

<h3>Sorry, we weren’t able to find the terms you entered.</h3>Please try a different term or keyword.

People

Capabilities

Resources

Not Found Cards

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

In an era when data is considered an asset and is processed through a growing number of rapidly developing digital technologies, data privacy and cybersecurity have emerged as a significant area of law and focus of compliance regimes.While data privacy and cybersecurity may not be the first thing that comes to mind in relation to ESG, they are inherently relevant to ESG and are already playing a crucial role in the ESG framework. <ul><li>The “Governance” component of privacy is most obvious. It means maintaining a corporate governance structure that keeps data secure and is processed lawfully, in accordance with a fast evolving and complex regulatory regime. This is underpinned by the accountability principle (i.e., a business is responsible for demonstrating its compliance with the law) and effectuated through data protection by design and by default requirements. In a sense, responsible data is sustainable data.</li></ul><ul><li>It is also apparent that businesses have a “Social” responsibility to protect the personal data that they collect and use. Use of personal data requires respecting the right of the individuals to control their personal data, which itself constitutes a human right. While businesses may have legitimate interests in using personal data collected through its operations, they are required to ensure that such interests do not override the fundamental rights and freedoms of individuals, and organizations must uphold individuals’ rights in their data.</li></ul><ul><li>The “Environmental” element in ESG involves saving resources and reducing waste. Within the data context, this is achieved through, on one side, the data minimization principle that requires that data collected be limited to what is truly necessary for the intended purpose, and be stored for the shortest period of time needed to achieve such purpose. On the other side, it means optimizing the use of resources and exploring energy-saving ways to implement privacy practices, through physical digital infrastructure that minimizes environmental impact. </li></ul>It should be clear that data privacy and cybersecurity are both about complying with relevant laws and regulations and also mitigating many of the risks associated with any misuse of data. Most Asian jurisdictions, including Mainland China, Hong Kong, Singapore, and Japan, have fast-evolving legislative and regulatory regimes related to data protection and cybersecurity. Asia-based private equity funds should conduct thorough privacy due diligence on any target business before an investment is made. After investing, funds should require portfolio companies to adopt the fund’s own policies on privacy, data responsibility, and cybersecurity to the portfolio company’s ESG program, and review compliance with that policy regularly. In this regard, it is important to note that a one-size-fits-all approach might not work in practice; instead, bespoke and customized solutions taking into account different region-specific, sector-specific requirements may need to be made for the relevant portfolio business. Funds  should also require portfolio companies to purchase cyber liability insurance to protect portfolio companies from monetary losses resulting from potential data breaches or other cyberattacks.Read more in the <a href="/asia-funds-esg-report" target="_self">Asia Funds ESG + Sustainability Survey 2025 Report</a>.

Sign Up

Chuan Sun is Managing Partner of the Shanghai office and Co-Managing Partner of the Hong Kong office.Chuan focuses his practice on cross-border M&A transactions; sophisticated technology, media, and telecom (TMT) transactions; and complex IP/commercial matters across Greater China.With more than 20 years of experience in both Asia and the U.S., Chuan regularly advises multinational corporations, state-owned enterprises, private companies, and PE/VC firms in complex cross-border M&A transactions, joint ventures, strategic alliances, and business separation transactions.Chuan has extensive experience in complex corporate-commercial and technology transactions across the Fintech, e-commerce, and broader TMT sectors. His work covers payment technology, eKYC, credit technology, blockchain, e-platform arrangements, R&D, co-development, technology collaborations, and IP licensing. He also advises on strategic outsourcing, manufacturing, distribution, supply, and franchising arrangements across various industries.Chuan regularly counsels clients on cutting-edge technology and IP regulatory matters, including Fintech, data privacy, cybersecurity, data localization, cross-border data transfers, cloud computing, telecommunications, telematics, and third-party payment services.Prior to joining MoFo, he worked in the Hong Kong office of a Magic Circle firm and the Chicago office of another leading international firm.Chuan co-authored the Hong Kong & mainland China chapters of Getting the Deal Through – Telecoms and Media, 2014, 2015 & 2016; the Hong Kong & mainland China chapters of Getting the Deal Through: Market Intelligence – Telecoms and Media, 2015; and the Hong Kong chapter of Sourcing World 2nd Edition 2015.Chuan is fluent in Mandarin and English.“Chuan Sun has a wealth of knowledge on his clients’ existing products and services offerings and a good understanding of what terms they are or are not willing to accept. This helps tremendously with contract negotiations.”“Chuan Sun has extensive experience in the technology space. Many other competitor firms in the technology space are not really pure IT lawyers, as they are more focus on privacy and trade marks or other related fields, as opposed to technology contracts such as SAP or Microsoft software license agreements. A normal general commercial lawyer would not be able to identify the same issues or raise the right questions, as they are not equipped with the technology know-how of the products and services, their benefits, and general industry standard terms and trending patterns in the market.” Legal 500 Asia Pacific 2020Chuan’s recent blockchain experience includes:<ul><li>Leading Global, China-Headquartered Fintech Company. Advise the company in connection with its first provision of blockchain and Real World Asset solutions in the fintech industry to a leading Chinese securities company for the latter’s first launch of structured product tokens, enabling secure, transparent, tamper-proof transactions for fixed-income and principal-protected tokenized products linked to US equity ETFs.</li><li>Leading Global, China-Headquartered Fintech Company. Advise the company in connection with the international expansion of its various business operations that are based on cutting-edge technologies, including blockchain and crypto, into multiple jurisdictions. </li></ul>

孙川律师的执业领域集中在大中华区的跨境并购交易，复杂的技术、媒体和电信(TMT)交易以及复杂的知识产权/商务事宜。孙律师在亚洲和美国有20多年工作经验，他经常代理跨国公司、国有企业、私人企业和私募股权/风险投资机构处理复杂的跨境并购交易、合资、战略联盟和业务拆分等交易。孙律师在战略性的公司商务和技术交易方面也拥有极为丰富的经验，包括外包、制造、分销、供应与特许经营安排，以及跨行业知识产权许可安排等。他在TMT和知识产权监管方面的经验包括电信、电子商务、互联网、网络安全、数据隐私、云计算以及车联网。在加入美富前，孙律师在一家 “魔法圈”律所(Magic Circle)的香港办事处和另一家领先的国际律所的芝加哥办事处工作。孙律师与他人合著了2014，2015和2016版《让交易推进下去––电信与媒体》(Getting the Deal Through – Telecoms and Media)中的香港和中国大陆章节，2015年版《让交易推进下去：市场情报––电信与媒体》(Getting the Deal Through: Market Intelligence – Telecoms and Media)中的香港和中国大陆章节，以及2015年《采购世界》第二版(Sourcing World 2nd Edition)的香港章节。2018年《亚太法律500强》指出“孙川律师十分高效、负责和实际。他非常擅长处理IT协议，包括软件许可和IT采购合同的相关事宜。他也十分善于处理跨境TMT交易。”孙律师精通普通话和英语。

Chuan Sun

Managing Partner, Shanghai and Hong Kong

Tingting is a member of Morrison Foerster’s preeminent Data, Cyber + Privacy practice and she advises on a diverse range of privacy, data protection, and cybersecurity compliance issues relevant to China across a wide spectrum of industries. Tingting has a deep understanding of, and extensive experience advising on, China’s fast evolving data regulatory regime.Tingting also helps clients with other regulatory compliance advisory matters, including TMT, AI, as well as labor and employment.Prior to joining Morrison Foerster, Tingting worked as an associate in a China joint operations office of a leading international law firm.Tingting is fluent in Mandarin and English.Tingting is designated as a Certified Information Privacy Professional (CIPP/Europe) by the International Association of Privacy Professionals (IAPP).<h4>Representative Experience</h4><ul><li>A multinational advanced-technology conglomerate corporation in regulatory and data protection compliance in China, including significant assistance to the client in successfully passing a provincial CAC’s review of its consolidated data export application that covers dozens of affiliates in China.</li></ul><ul><li>A multinational financial services corporation and bank card clearing brand in significant China and APAC regional data protection compliance strategies as well as general corporate matters.</li><li>A multinational auto brand as well as its financial leasing business segment in an extensive China data protection compliance review of country operations and data governance and strategies.</li></ul><ul><li>A leading global professional services company in an in-depth review of compliance with China’s revised national security and data security regimes and formation of compliance strategies.</li><li>A membership-based warehouse store in regulatory and data protection compliance in China, including significant assistance to the client in its consolidated data export application that covers all subsidiaries in China.</li><li>A multinational financial services corporation in regulatory and data protection compliance in China, including significant assistance to the client in its data export applications.</li><li>A foreign-invested telematics business in regulatory and data protection compliance in China, including significant assistance to the client in reaching agreements with auto brands on the treatment of vehicle data after expiry of telematics services.</li></ul>

高律师是美富久负盛名的隐私与数据安全（Data, Cyber + Privacy）业务组的成员。她协助客户处理与中国相关的隐私、数据保护以及网络安全合规等各类法律事宜，涉及的行业领域非常广泛。高律师对中国快速发展的数据监管制度有着深刻的理解，并在此方面拥有极为丰富的执业经验。高律师亦协助客户处理各类其他合规监管及咨询事宜，包括技术、媒体和电信（TMT）、人工智能以及劳动与雇佣。在加入美富之前，高律师曾是一家领先国际律所的中国联营办公室的律师。高律师精通普通话与英语。高律师是IAPP（International Association of Privacy Professionals）认证的欧盟信息隐私专家（Certified Information Privacy Professional/Europe）。<h4>具有代表性的项目 </h4><ul><li>代表一家跨国高科技企业集团处理其中国监管和数据保护事宜，包括协助客户顺利通过省级网信部门对其涵盖数十家在华关联公司在内的数据出境申请的审查。</li><li>代表一家跨国金融服务公司和银行卡清算品牌处理中国和亚太地区重要的区域性数据保护合规策略以及一般公司事宜。</li><li>代表一家跨国汽车品牌及其融资租赁业务部处理针对中国运营所进行的广泛的中国数据保护合规审查以及就数据治理和策略提供法律意见。</li><li>代表一家全球领先的专业服务公司深入评估其对中国新近修订的国家安全与数据安全相关法律的遵守情况，并提出合规策略。</li><li>代表一家会员制仓储量贩卖场处理其中国合规和数据保护事宜，包括为涵盖客户全部在华子公司在内的数据出境申请提供协助。</li><li>代表一家跨国金融服务公司处理其中国合规和数据保护事宜，包括协助其数据出境申请。</li><li>代表一家外资车联网公司处理其中国合规和数据保护事宜，包括协助客户与车企就车联网服务到期后的汽车数据处理事宜达成协议。</li></ul>