Overview
Ashley Winton focuses his practice on global data protection and privacy, information governance and cybersecurity compliance. He has particularly in-depth knowledge of cyber breach response, cybersecurity in the context of payment systems, the lawful interception of data, and the conflict of laws in relation to corporate and government investigations and international litigation. Ashley frequently represents major corporations, trade associations, charities and government entities on a range of data privacy and cybersecurity issues and he has significant experience in advising on the impact of privacy and cybersecurity law on cloud services, health care and international data transfers.
Ashley is a fellow of the Ponemon Institute and current Chairman of the Data Protection Forum, the leading data protection association in the UK.
Results
- Advising a listed payment company in relation to one of the largest breaches of personal data in the UK
- Advising a FTSE 250 payments company in relation to the discovery on the dark web of a large set of personal data credentials that were stolen from a company that it had recently acquired
- Advising a regulated financial services client on implementing outsourced distributed denial of service (DDoS) protection, and responding to DDoS incidents
- Advising an international retailer in relation to a cyber incident which extracted credit card details from POS terminals in the UK and Canada
- Advising a technology client on database security, web platform architecture and implications for compliance with the Payment Card Industry Data Security Standards and advising on the cross-border transfer of personal data
- Advising a global payments processor in relation to a sophisticated brute force hacking incident that was able to compromise many accounts
- Advising a global card issuer in relation to their ongoing global cybersecurity legal requirements
- Advising a major payment provider in relation to their compliance with enhanced strong authentication rules required by the SecuRe Pay recommendations and the EBA Guidelines for secure internet payments
- Advising a major UK bank in relation to its cybersecurity documentation for procurement contracts
- Advising a leading Japanese social networking service on the legal and regulatory environment in the UK and across Europe particularly in relation to cybersecurity
- Advising an middle eastern oil company in relation to the resolution of a major cybersecurity incident that caused the shut-down of an oil refinery
Recognitions
- Chambers & Partners UK 2020, UK Data Protection & Information Law, listed annually since 2001
- Chambers & Partners UK 2020, Information Technology, listed annually since 2001
- Legal 500 UK 2018, Data Protection, listed annually since 2001
- The Best Lawyers in the United Kingdom 2021, Information Technology Law
- Who’s Who Legal: Data 2019, listed among Global Elite Thought Leaders for Data Security
Community
Credentials
Education
College of Law, 1993
City University, Law, 1992
Manchester University, BSc, (Hons), M.Eng., 1991
Admissions
England and Wales
