Nicholas is a Partner in Kennedys’ Melbourne office specialising in data privacy and cyber insurance law. He also advises on general commercial and corporate matters and technology procurement.
He is dual qualified in Australia and Hong Kong and was based in Kennedys Hong Kong office for six years until relocating to Melbourne in 2017. He continues to work with clients in Hong Kong and the APAC region and leads Kennedys’ APAC cyber risk group.
Nicholas specialises in advising on data protection law, including conducting data privacy compliance audits, advising on direct marketing practices, and responding to complaints and access requests. In particular, he has considerable experience in responding to cyber incidents and data breaches, including notifying breaches to regulators and affected individuals. He helped develop Krisis, Kennedys’ cyber incident response service.
He also advises on a wide range of general commercial transactions and corporate issues including joint ventures, corporate restructuring and shareholder agreements. He advises on insurance wordings and coverage issues, as well as insurance regulatory issues. He has prepared and advised on cyber insurance wordings for several major insurers.
Nicholas’s technology law experience includes advising on information technology projects and electronic commerce ventures of all sizes. He has advised public companies on the procurement of enterprise resource planning systems and tech startups on terms and conditions for their websites. He also provides intellectual property advice and has extensive experience advising media companies on the licensing of copyright material.
Nicholas has gained industry experience from in-house roles at MCM Entertainment, Foster’s Group, BP Australia, Linfox, the Communications Alliance and NBN Co.
- A Recommended Lawyer for ‘Data Protection and Cyber Security (Hong Kong) by Legal 500 Asia Pacific 2024.
- Recognised in Best Lawyers Australia 2024 for 'Information Technology Law' and 'Privacy & Data Security Law'.
- Our ‘TMT (Hong Kong)’ practice was ranked in Tier 3 by Legal 500 Asia Pacific 2022.
- A Recommended Lawyer for ‘TMT (Hong Kong) by Legal 500 Asia Pacific 2021.
- A Leading Individual for ‘Information Technology (China)’ by Chambers Asia Pacific 2018.
“He often provides useful suggestions and comments beyond scope of legal advice, like financial arrangements and terms to avoid future disputes.”
- Advising Cathay Pacific on its licensing and implementation of a new business-critical enterprise resource planning system. This was a complex transaction involving the issue of an RFP, assessment of responses, and detailed negotiations with the software licensor and implementation partner within a tight timeframe.
- Conducting data privacy compliance audits for Marriott International Inc. The audit process involved interviewing staff from all sections of the business to build up a comprehensive picture of the collection and handling of personal data, and then advising on areas of potential non-compliance and recommending remedial actions.
- Advising a financial services firm in relation to a data breach in which sensitive data of almost 1,000 clients were stolen and used to commit identity fraud. The response involved engaging forensic investigators, notifying the incident to the regulator and affected individuals, and dealing with a subsequent regulatory investigation.
- Advising an international insurer on its options in relation to offering insurance policies in Australia. The advice considered in depth the distinction between life and general insurance policies in Australia and the restrictions on foreign insurers offering policies in Australia.
- Advising media production company MCM Entertainment Group in relation to a range of matters including production agreements, talent agreements, content licensing, advertising sales, sponsorship agreements and brand promotions.
- Advising Giordano on data protection compliance and preparing necessary privacy notices and consents. This included providing advice on the extent to which the European Union General Data Protection Regulation affects Giordano’s online sales to European customers and on how to comply with that law.