Photo of Scott Warren

Scott Warren

On December 1st, CPW’s Tokyo partner, Scott Warren, will be speaking at the 8th Annual International Arbitration & Corporate Crime Summit, hosted by LegalPlus, in Tokyo, Japan. 

In his topic “Cyber Breach Response, Regulatory Investigations and Disputes,” Scott will discuss top items in preparing for and responding to data incidents, along with effective

CPW’s Kristin BryanScott Warren, and James Brennan will be key speakers at the Global Legal ConfEx on “GRC, Data Privacy & Cyber Security” on Thursday, November 17, 2022, in San Francisco.  

Continue Reading CPW’s Kristin Bryan, Scott Warren, and James Brennan to Speak at Conference on Data Privacy, Cybersecurity, and Governance, Risk & Compliance

Join CPW’s Scott Warren at the 12th International Cybersecurity Symposium as he leads a panel of experts in a  session on “Practical Steps to Creating Real Social, Economic and National Security in Japan” in-person at Keio University in Tokyo, Japan, on October 14, 2022, at 4:00 pm JST.

Squire Patton Boggs partner and chair of

Cross-border data privacy laws have grown much more complicated due to the implementation of so many new and amended laws in jurisdictions globally.  The US and EU are now just the tip of the iceberg.

Here is an article by Allison Grande of Law360 discussing several important ones and quoting our partners Malcolm Dowden (UK)

CPW’s Scott Warren will be providing a keynote discussion on the Challenges in Handling a Multi-Jurisdictional Data Breach from 12:45 to 1:15 pm EST at the virtual Cyber Security ConfEx on Thursday, December 16th.  In addition, from 2-4 pm EST, Kristin Bryan will be providing her perspective on data privacy and cybersecurity litigation trends as

Handling digital evidence in Asia has gotten increasingly complicated in Asia over the years.  In this podcast with FTI, CPW’s Scott Warren covers this topic from a historical perspective, looking at practical, technical, logistical and legal challenges over the last 20 years.  In addition, he covers current developments and provides suggestions on how to handle

As reported in our recent post, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China passed the Personal Information Protection Law (the “PIPL”). The implementation date is set for November 1, 2021, though we await some additional detail via promulgation orders on a number of important provisions, as set forth below, from the regulatory authorities.
Continue Reading New PRC Personal Information Protection Law Passed: A Deeper Dive into the Provisions

After three rounds of revisions, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China officially passed the Personal Information Protection Law (the “PIPL”).

  • Fundamental Principle. The fundamental principles under the PIPL is that collection and processing PI should be limited only the minimum level as necessary to fulfill the specific purpose of PI processing; or the so-called “as minimum and as necessary” principle. PI processing beyond the level of minimum and necessity may be found a violation of the PIPL, even if individual consent is obtained or other formality is fulfilled. PI processing and compliance program should be set up always with the fundamental principles in mind.

Continue Reading NEW: China’s Personal Information Protection Law

Japan FlagIn the midst of revising the Japan Civil Code and the foreign attorney laws, Japan has recently passed amendments to its data privacy law, the Act on the Protection of Personal Information (“APPI”).  Some of these changes put Japan’s law closer in line with the EU’s General Data Protection Regulation “GDPR” as to which both have recognized the adequacy of each other’s data privacy regimes.  As a result, transfers of personal information from Japan to all third countries will be subject to stricter controls when the amendments become fully enforceable, which is expected to occur in 2022.
Continue Reading New Amendments Passed to Japan’s Data Privacy Law