Steve’s practice is in the areas of non-contentious and contentious Data Protection, Information Technology, Intellectual Property, Cybersecurity, Communications and Digital Media / Entertainment law. He has been recognised as a Highly Recommended lawyer for TMT by leading publications such as Chambers Asia-Pacific from 2013 to 2024. The Legal 500 Asia Pacific from 2010 to 2024, Best Lawyers from 2013 to 2023 and asialaw from 2011 to 2023.
Steve has also been named Lawyer of the Year for Information Technology Law in Singapore by Best Lawyers 2022, and a Global Leader in Data Privacy & Protection and Data Security by Who’s Who Legal 2023. He was also recognised as Telecommunications Lawyer of the Year by Corporate LiveWire Global Awards 2020.
According to Chambers Asia-Pacific 2024, Steve is “a well-reputed lawyer”. In the publication’s 2023 edition, Steve is noted to have “always displayed himself standing among the top of the data protection practice. His knowledge on the topic is immense and extensive, he is well-liked and trusted by his customers. His sense of professionalism and responsibility is at the highest level expected by any client”, a client notes according to The Legal 500 Asia Pacific 2022.
Steve is also among the first set of accredited lawyers announced by the Singapore Academy of Law announced in March 2023, achieving Senior Accredited Specialist status in Data & Digital Economy.
In 2019, Steve has been appointed Adjunct Professor of the Faculty of Law of the National University of Singapore, to teach its Privacy & Data Protection law course.
Steve co-founded Rajah & Tann Technologies Pte Ltd, a company that, among various services, specialises in providing technical services to organisations to prevent data breaches as well as technical incident responses services to deal with data breaches. Further details at https://www.rttechlaw.com/
In the 2nd half of 2020, Steve also co-founded Rajah & Tann Cybersecurity Pte Ltd, a business that provides pre data incident and post data incident technical security and cyber security services. Services include technical security assessment of an organisation’s IT systems and data systems, incident response, technical forensic investigations, vulnerability assessment and penetration testing, to name a few. Further details at https://www.rtcybersec.com/
Steve is at the forefront of data privacy law work and developments in Singapore as well as in Asian regional countries. His leadership in data privacy work has resulted in Steve being frequently invited to share his insights on IT/IP/data protection/Entertainment law and developments, at speaking engagements around the world such as Europe, USA including Singapore. As a further indicator of his passion and ingenuity for data privacy law, Steve conceived an inaugural three days international data privacy conference (sited in Asia but with international reach) called ‘Data Privacy Asia’ which was held in August 2015 in Singapore and featured speakers from around the world. Steve continues to be involved in the subsequent runs of Data Privacy Asia. Steve has advised and assisted multiple organisations on compliance with Singapore’s new personal data protection law, which fully came into force on 2 July 2014. They include organisations from the banking/financial, insurance, property, health & wellness, retail, education, logistics, IT sectors. Steve has assisted many organisations with investigations by the Personal Data Protection Commission (Singapore’s Regulator for personal data protection).
EXPERIENCE
Data Protection Compliance (Illustrative)
- Assisted and/or advised a global consumer electronics powerhouse on data protection law compliance and documentation for its commercial operations across 11 countries namely Singapore, China, Hong Kong, Indonesia, Japan, Malaysia, Philippines, South Korea, Taiwan, Thailand and Vietnam.
- Advised and carried out a full suite of compliance activities for banks to deal with Singapore personal data protection law.
- Advised and carried out a full suite of compliance activities for a listed leading healthcare company, with outlets in multiple jurisdictions, on compliance with Singapore personal data protection law.
- Advised and carried out a full suite of compliance activities for a significant corporate group with businesses in recreation and food and beverage, on compliance with Singapore personal data protection law.
- Advised and carried out a full suite of compliance activities for the Singapore subsidiary of a global leading supply chain management group on compliance with Singapore personal data protection law.
- Advised and carried out Singapore personal data protection law compliance activities for a Singapore subsidiary of a global nutrition company.
- Advised insurance companies on compliance with Singapore personal data protection law.
- Advised various international clients on data protection and privacy laws in Singapore.
- Advised and carrying out a full suite of compliance activities for a leading educational institution, on compliance with Singapore personal data protection law.
- Advised a global consulting leader in talent, health, retirement and investments on data protection related issues, across 15 jurisdictions, namely Bangladesh, China, Hong Kong, India, Indonesia, Japan, Malaysia, Myanmar, Pakistan, Philippines, Singapore, Sri Lanka, Taiwan, Thailand, Vietnam.
- Advised a global technology company whose parent is listed on NASDAQ, on data protection laws across ten countries namely Singapore, Malaysia, Indonesia, Japan, Korea, Australia, Hong Kong, India, China, New Zealand, in particular relating to the banking and telecommunications sectors.
- Advised the Singapore subsidiary of a global footwear company on various personal data protection related issues.
- Advised a bank with corporate and retail arms, on Singapore personal data protection law and certain documentation related thereto.
- Advised a leading global organisation in the consumer products space on compliance with data protection law across eight Asian countries.
- Personally appointed as Data Protection Officer for organisations.
Advising Clients with respect to Singapore’s Data Privacy Regulator (Illustrative)
- Assisted a global conglomerate with regard to investigations by Singapore’s Personal Data Protection Commission on alleged breach of Singapore’s data protection law for which a positive result was obtained.
- Advised a financial institution on dealing with investigations by Singapore’s Personal Data Protection Commission including assisting on submissions and defending the investigations.
- Advised a significant organisation in the F&B industry on investigations by Singapore’s Personal Data Protection Commission for which a positive result was obtained.
- Assisted a global organisation to file a submission to Singapore’s Personal Data Protection Commission for clarification on a point of law in Singapore’s data protection law for which the objective was achieved.
- Assisted an organisation that is part of a global group in the health products/health care industry on investigations by Singapore’s Personal Data Protection Commission for which a positive result was obtained.
- Assisted an organisation that is part of a global group in the consumer products space on investigations by Singapore’s Personal Data Protection Commission for which a positive result was obtained.
- Assisted a global conglomerate with regard to investigations by Singapore’s Personal Data Protection Commission on alleged breach of Singapore’s data protection law.
- Advised an organisation with regard to a potential data breach incident and on whether to notify the incident to the Personal Data Protection Commission.
- Assisted a leading FCMG organisation with regard to investigations by Singapore’s Personal Data Protection Commission on alleged breach of Singapore’s data protection law.
- Assisted a leading organisation with significant volume of individuals’ data with regard to investigations by Singapore’s Personal Data Protection Commission on alleged breach of Singapore’s data protection law.
Cybersecurity, Data Breach Readiness, Data Breach Response (Illustrative)
- Conducted cyberbreach simulation exercise for participation by the management of a reputable organisation.
- Advised a leading organisation on managing a data breach including notification requirements, and conducting monitoring of the Dark Web and public Internet for possible traces of exfiltrated personal data.
- Advised a leading organisation on handling a data breach, dealing with enquiries after notification, dealing with investigations by Singapore’s Personal Data Protection Commission.
- Advised a potential acquirer of an e-commerce company on the implications of a data breach that had occurred for the e-commerce company.
- Advised a global retail company on a data breach incident that occurred impacting several countries and analysis on whether there was a need to make notifications to the relevant data protection authorities and data subjects under the laws of those countries.
- Advised a leading investment company on data breach readiness including preparation of a data breach management plan.
TMT, IP, Media & Others (Illustrative)
- Advised a major global bank on various Singapore law aspects of an online trading/transaction/information capital markets platform, including media/broadcasting laws related to video content or that of an internet content provider, spam related legislation, intellectual property related law (including hyperlinking issues), MAS guidelines on outsourcing and internet banking applicable to banks, electronic contracting issues including enforceability related thereto, electronic signature and authentication (digital certificates) issues, data protection and privacy related issues.
- Advised a foreign multi-national conglomerate with subsidiaries in a multitude of end markets throughout the world on outsourcing of IT services.
- Prepared for a foreign financial institution template outsourcing services agreement that the organisation may use in engaging service providers.
- Advised financial institution(s)/corporation(s) on the admissibility and legal recognition of electronic records.
- Acted for IDA International and the International Finance Corporation (a division under the World Bank) to develop and/or review Bangladesh’s digital signature regulatory framework.
- Advised a major global bank on legal issues relating to and the feasibility of its intended e-commerce business offering.
- Acted for Singapore Technologies Electronics Limited together with other colleagues from the Corporate & Capital Markets Practice, being a wholly owned subsidiary of Singapore Technologies Engineering Ltd, which is listed on the Main Board of the SGX-ST, in its S$162.8 million acquisition of shares in Nera Telecommunications Limited, also listed on the Main Board of the SGX-ST, pursuant to a privatization and delisting scheme of arrangement under Section 210 of the Companies Act (Cap 50).
- Advised on and drafted the agreement(s) for an IT project for a global MNC headquartered in France, to be entered into with a PRC company.
- Advised various international clients on data protection and privacy laws in Singapore.
- Acted for and advised banks and other financial institutions including funds/investment/brokerage company(ies) on various information technology and/or intellectual property related matters/projects.
- Advised a leading bank on electronic contracting, financial instruments and customer authentication issues arising from the implementation of a new technology platform.
- Advised a company headquartered in Japan on virtual payment and other legal issues arising from the implementation of its ecommerce offering.
- Advised a software vendor on its intended contractual relationship with a bank relating to a software trading system.
- Advised on and drafted the agreements for an IT project for a large scale listed Singapore company, to be entered into with a French company.
- Advised a public listed company on its e-commerce portal service offering and various legal issues relating thereto.
- Advised a public listed company on the validity and admissibility of emails under the Electronic Transactions Act in relation to its new business offering.
- Advised a prominent global company in the insurance industry on its IT related contract(s).
- Drafted and negotiated various IT and project related agreements for a large scale Singapore listed company’s IT project in Kazakhstan.
- Advising clients on import and other legal issues relating to a point‐of‐sale system which it intends to market in Singapore.
- Advised a foreign broadcasting company on Singapore media content and broadcasting laws.
- Advised a significant foreign pay tv, cable and media broadcasting company on Singapore broadcasting laws in Singapore and the setting up of business in Singapore.
- Acted for a film production/investment company in various deals including film rights buyback, investment (media fund).
- Advised the producers of a Hollywood action blockbuster sequel.
- Advised an international film group on the setting up of a multi-million dollar film fund in Singapore.
- Drafted, reviewed and negotiated various digital media related agreements such as co-production agreements, investment agreements and related agreements for ST Electronics (Training & Simulation Systems) Pte Ltd’s digital media business including the Ten Commandments animated movie. The Ten Commandments was screened in more than 500 cinemas in the USA in October 2007 and opened theatrically in Singapore on 6 December 2007.
- Advised ST Electronics (Training & Simulation Systems) Pte Ltd’s on its co-production deal (including ancillary documentation) for the ‘Future is Wild’ 3D animated television series.
- Advising a foreign education institution in the digital media industry on setting up a school in Singapore.
- Acted for AIPRO (the Association of Independent Television Production Companies (Singapore)) in an industry related deal.
- Instrumental in arranging for the firm to be the appointed law firm for Asia Factual Forum 2007 (a forum bringing together various key TV/production factual programming players).
- Acted for a significant computer games company in Singapore on its various game publishing/distribution deals, game development deals for various platforms including PC, mobile, Nintendo DS, online; and advising the same on strategies relating to registration of trademarks including for the games developed.
- Acted in various operational deals for a regional computer game company.
- Acted for a foreign Bank in arbitration proceedings in Singapore against a foreign software developer in a dispute arising out of a software development and implementation contract for a core banking application software.
- Acted for a major global US financial entity against a software company relating to a dispute arising from a software licence agreement.
- Acted for a foreign telecommunications company in court proceedings in Singapore against a company and an individual for internet / email defamation.
- Acted for one of the largest local distributors of movie video compact discs in a variety of matters relating to intellectual property issues – commencing criminal prosecution, applying for search warrants, commencing civil proceedings.
- Assisted a well-known organisation in starting an e-commerce shopping business in Singapore including advice on trade and import laws and consumer laws relating to different categories of products, such as telecommunications equipment, cosmetics, food products etc.
MEMBERSHIPS / DIRECTORSHIPS
- Member, International Association of Privacy Professionals (IAPP)
- Member, International Technology Law Association (ITechLaw)
PUBLICATIONS
- Lawlines (Vol 9, Issue 4), All Abuzz about Games (Dec 2007)
- Lawlines (Vol 9, Issue 3), Animation and Games: Finding the Cauldron of Gold (Sep 2007)
New Venture
- Co-founder and Director of Rajah & Tann Technologies Pte Ltd, a company established in January 2018, that provides a suite of much needed multi-disciplinary services to assist organisations to embrace and navigate the digital economy including cybersecurity, data breach readiness and response services, e-discovery, virtual law academy, legaltech, regtech.
PRESENTATIONS / SPEAKING ENGAGEMENTS / TV INTERVIEWS
- Interviewed and quoted in a The Straits Times article on “Is your confidential info safe?” – published on 29 January 2024.
- TV interview on Channel 5 News and on Channel News Asia to discuss the effectiveness of data protection law in curbing unsolicited marketing communications, such as voice calls and text messages – broadcasted on TV on 22 May 2021.
- TV appearance and interview for the Channel News Asia 1-hour Docu-Programme called “Cyber Punk’d” focusing on the insecurity of personal data in the digital world, where Steve discussed the laws and consequences of cyber-hacking activities as well as Singapore’s data protection laws – broadcasted on TV on 1 December 2019 with a repeat on 2 December 2019.
- TV interview on Channel 5 News and on Channel News Asia to discuss the implications of the Personal Data Protection Commission’s Advisory Guidelines on the Personal Data Protection Act for NRIC and other National Identification Numbers that came into force on 1 September 2019 on businesses which are required to collect identification numbers by law – aired on 1 September 2019.
- Appeared on Singapore’s Channel 5 News 9pm News and Channel News Asia’s 10pm News where he was interviewed on privacy law relating to Go-Jek. It aired on 7 February 2019.
- Today Online article interview on “The Big Read: What’s the big deal with data privacy? Thorny, complex issues confront citizens and governments” published on 16 January 2021 and also published on Channel News Asia on 18 January 2021.
- Quoted on Today Online article “How should personal data be used and shared by firms? New rules on data protection up for review”, published 22 May 2019.
- SPH Chinese newspaper article on Child Privacy, published October 2019
- The Straits Times Article “Dangers of Being Smart”, published 17 July 2019