Ken Tsz Lok Lam

• Represented life insurers in assisting regulatory investigations by the Insurance Authority relating to suspected regulated activities carried on by unlicensed referrers.
• Supported the representation of a former executive director of a company listed on the Hong Kong Stock Exchange in responding to an investigation by the Securities and Futures Commission (SFC) and Hong Kong Exchanges and Clearing Limited (HKEX) concerning alleged breaches of fiduciary duties and duties of skill, care, and diligence in respect of certain transactions and suspected misappropriation.
• Supported the representation of a former director of a company listed on the Hong Kong Stock Exchange in relation to proceedings brought by the SFC alleging conduct involving defalcation, misfeasance, or misconduct towards its shareholders and false or misleading disclosures in the company’s previous Annual Report.
• Advised a multinational insurer in assisting an investigation commenced by the Independent Commission Against Corruption (ICAC) concerning suspicious invoices submitted by certain service providers.
• Represented a shopping mall on prosecution by the Labour Department in relation to offences under Occupational Safety and Health Ordinance (Cap. 509).
• Represented Registered Social Workers as defence counsel in multiple disciplinary proceedings at the Social Workers Registration Board.
• Advised clients in defending against complaints involving allegations of disability discrimination, and responding to investigation by the Equal Opportunities Commission

Insurance Coverage

• Acted as monitoring counsel on regulatory proceedings brought by a regulator in Hong Kong against former directors of a listed company in relation to the disclosure made for a past transaction.
• Acted as monitoring counsel on litigation brought by liquidators against former directors of a listed company in relation to various transactions and failed property projects in the PRC.
• Advised a Hong Kong insurance company on a coverage dispute concerning a medical insurance policy.
• Advised an international underwriting firm regarding a dispute over the scope of coverage under a liability insurance policy in relation to crisis management fees incurred by an association.
• Advised an international engineering and construction solutions provider on the scope of coverage under its cyber insurance policy.
• Advised a cloud computing company on a strategy for recovering losses suffered as a result of a failure in one of the building’s cooling towers from its professional indemnity insurer.
• Advised the manager of a professional indemnity scheme on the indemnity coverage in relation to various claims involving alleged breach of trust, breach of contract, and negligence by the defendant solicitors.

Insurance Regulatory and Compliance

• Advised an insurer in Hong Kong on the authorisation obligation under the Insurance Ordinance (Cap. 41) in relation to a proposed business model involving an offshore entity.
• Advised an airline on potential insurance regulatory issues arising from a proposed add-on services provided to their customers.
• Advised a senior management of an insurer in Hong Kong on “fit and proper” criteria under the Insurance Ordinance (Cap. 41).
• Advised a multinational insurance company on regulatory issues surrounding policy loans offered to a selected group of its customers.
• Advised a multinational insurance company on regulatory issues surrounding the restrictions imposed by Article 186 of the Insurance Business Act in Japan, and on updating the relevant part of their underwriting guidelines for handling insurance applications in Hong Kong.
• Advised an airline on regulatory issues in a proposed arrangement for promoting certain travel insurance provided by an insurer in the PRC.

Cybersecurity & Cyber Incident Response

Acted as Breach Counsel for:

• An international non-profit organisation which suffered a ransomware attack resulting in encryption of servers and computers as well as exfiltration of data.
• An electronic payment service provider in responding to a business email compromise in one of its service accounts.
• A hospital which suffered from a ransomware attack by Lockbit resulting in the encryption of files in the shared folders and other systems.
• A pharmaceutical manufacturer which suffered from a ransomware attack by RansomHouse/Mario Ransomware resulting in the encryption of critical servers and exfiltration of data.
• A construction material and solution provider in Hong Kong to respond to a double extortion ransomware attack by Black Basta suffered by one of its holding companies.
• A quango in Hong Kong in responding to a double extortion ransomware attack.
• A marine ship management business in responding to a double extortion ransomware attack.
• A multinational insurance company on a host of legal issues arising from a cyber security breach relating to the vulnerability associated with Progress Software’s MOVEit transfer software.
• A global hospitality group in relation to a cyberattack perpetrated by an advanced persistent threat actor (APT) which involved potential exfiltration of personal data at the client’s properties around the globe.

Advised:

• Software developer on the legal requirements and restrictions in Hong Kong for selling penetration testing software, surveillance software or dual-use software.
• Advised a manufacturer in Central America in responding to an email fraud incident and assisted in the recovery of the funds that had been transferred to fraudster’s account (including application for disclosure order and injunction).*
• Advised a plant supplier to the metallurgical industry headquartered in Europe in an internal investigation relating to suspected unauthorized downloading and misuse of commercial secrets in Mainland China.*

Data protection

Advised:

• A major insurer in Asia in updating its Personal Information Collection Statement (PICS) to cater for potential cross-border transfer of personal data.
• The Receivers of a mortgaged property in Hong Kong on the transfer of personal data of licensees as part of a sale and purchase transaction and the preparation of a personal information collection statement.
• A listed multinational sport and sport-lifestyle product manufacturer on the implication of Mainland China’s Cybersecurity Law (CSL) and Personal Information Protection Law (PIPL) in relation to its adoption of a Human Resource SaaS platform based outside of Mainland China.*
• A French learning management system SaaS platform on the extraterritorial impact of the PIPL and how they impact its business model, particularly the requirements on data localization and cross-border transfer of personal information of employees of its customers located in Mainland China.*
• A Swiss financial institution in assessing the legal and regulatory requirements of storing and transferring anonymized personal data of its clients to a cloud storage located in Switzerland.*
• A Swiss luxury watch manufacturer identify the regulatory framework on electronic archiving in Hong Kong.*
• A German car manufacturer in the review of relevant data protection laws and regulations applicable to the potential implementation of HR cloud solutions.*
• A Swiss investment bank and financial services company on relevant laws for the migration and retention of archived information.*
• A UAE bank on the preparation of a data protection regulatory mapping that summarises requirements under the Personal Data (Privacy) Ordinance (PDPO) in Hong Kong and the General Data Protection Regulation (GDPR) in the EU.*

*Experience gained prior to joining the firm.