Connect with meAmanda specialises in data protection and privacy, insurance regulation, cyber insurance, and financial lines insurance matters, and also has extensive experience in real estate transactions, advisory and disputes, and general corporate and commercial work.
Amanda is well-versed in cyber incident response as breach coach and legal counsel. She has assisted multi-national corporations, major institutions and small and medium-sized enterprises in managing high-impact cyber incidents across South East Asia, including those involving phishing, ransomware, SQL injections, and other cybersecurity vulnerabilities. She regularly supports clients in navigating complex data breach cases that are large-scale and cross-border in nature, from breach assessment to regulatory and third-party notifications and engagement, crisis management, and post-incident risk mitigation and compliance strategy.
Her work places a strong emphasis on addressing data protection and privacy risks and obligations. Amanda often speaks on panels and delivers pre-incident training to clients on cybersecurity, and data protection and privacy issues, in view of the increasing incidence of cyber-attacks and proliferation of artificial intelligence. She has also conducted seminars for insurance professionals on claims notification, and core considerations for both insureds and insurers in cyber coverage.
Amanda advises local and international insurers and reinsurers on their general insurance policies, encompassing financial lines, cyber, travel, work injury compensation, product and public liability. She provides guidance on regulatory compliance, policy wording, coverage interpretation, claims strategy, risk allocation and recovery efforts.
Cyber and Privacy Risk
- Acting in the incident response for a systemically important data intermediary in Singapore that suffered a ransomware attack. Given the volume and type of personal data (i.e. sensitive financial information) involved, there was significant public and regulatory scrutiny, necessitating intensive engagement with government authorities (including the Personal Data Protection Commission (“PDPC”), Monetary Authority of Singapore (“MAS”), Cybersecurity Agency (“CSA”)), and other key institutional stakeholders.
- Acting in the incident response for a MAS-licensed Major Payment Institution (i.e. payment service provider/ gateway) that was affected by a data breach in its role as a third-party vendor processing the data of its merchants and their customers. Responding to this incident required close coordination with the PDPC, MAS, CSA, and other payment networks/ card schemes.
- Acting in the incident response for a private healthcare provider with a strong presence in South East Asia that experienced a data breach involving the unauthorised exfiltration of patient health information. This incident required multi-jurisdictional data protection advice and notifications as well as liaison with critical business partners in particular.
- Acting in the incident response for a prominent local private medical group with a chain of clinics island-wide that was subject to a data breach which occurred due to the exploitation of cybersecurity vulnerabilities in its digital infrastructure. As sensitive medical records were amongst the data exfiltrated, notifications to both the PDPC and affected patients were required.
Financial Lines
- Advising reinsurers on a c. RM 500 million claim on a Banker’s Blanket Bond policy, arising from widespread fraudulent retention of funds by customers of one of Malaysia’s largest commercial banks.
- Advising insurers and reinsurers on Directors and Officers policy claims in Singapore and British Overseas Territories involving litigation in multiple jurisdictions on distinct matters.
- Advising insurers and reinsurers on sanctions check matters globally, with a focus on Asia, Oceania, and the Middle East.
- Advising insurers on cyber coverage claims in the Asia Pacific region.
- Cyber and Technology Risks
- Professional Liability
- Cyber, Data and Technology
- Directors and Officers Liability
- Fidelity and Crime
- Financial Institutions
- Management Liability
- Technology Liability
- Financial Institutions and Services
- Healthcare and Life Sciences
- Industrial and Commercial Property
- Professions and Business Services
- Public Sector
- Small Medium Enterprises (SMEs)
- Technology and Cyber
- Law Society of Singapore
- Singapore Academy of Law
- International Association of Privacy Professionals (IAPP)
- IAPP KnowledgeNet Chapter – Singapore
- IAPP KnowledgeNet Chapter – Malaysia
- Professional Liability Underwriting Society Singapore Chapter, Committee Member