Ashley Winton focuses his practice on global data protection and privacy, information governance and cybersecurity compliance. He has particularly in-depth knowledge of cyber breach response, cybersecurity in the context of payment systems, the lawful interception of data, and the conflict of laws in relation to corporate and government investigations and international litigation. Ashley frequently represents major corporations, trade associations, charities and government entities on a range of data privacy and cybersecurity issues and he has significant experience in advising on the impact of privacy and cybersecurity law on cloud services, health care and international data transfers.
Advising an international retailer in relation to a cyber incident which extracted credit card details from POS terminals in the UK and Canada
Advising a technology client on database security, web platform architecture and implications for compliance with the Payment Card Industry Data Security Standards and advising on the cross-border transfer of personal data
Advising a global payments processor in relation to a sophisticated brute force hacking incident that was able to compromise many accounts
Advising a global card issuer in relation to their ongoing global cybersecurity legal requirements
Advising a major payment provider in relation to their compliance with enhanced strong authentication rules required by the SecuRe Pay recommendations and the EBA Guidelines for secure internet payments
Advising a major UK bank in relation to its cybersecurity documentation for procurement contracts
Advising a leading Japanese social networking service on the legal and regulatory environment in the UK and across Europe particularly in relation to cybersecurity
Advising an middle eastern oil company in relation to the resolution of a major cybersecurity incident that caused the shut-down of an oil refinery
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.