Data / Information Governance

The Practice

Our Data and Information Governance Group combines some of the most experienced lawyers in the industry, delivering extensive commercial practicality and unparalleled expertise. Our team includes partners, Rob Corbet, Greg Glynn, Andy Lenny, Eve Mulconry, Colin Rooney, Richard Willis, and Gavin Woods, and associates David Strahan and Conall O’Shaughnessy.

We have a long track-record of working on complex and time-sensitive matters. Our uniquely skilled lawyers offer the experience and expertise necessary to address the legal, regulatory and commercial risks posed by the most challenging situations.

We are commercially-minded, innovative and strategic. Our aim in every case is to manage and resolve information governance and legal issues relating to data in a practical way, with minimum disruption to our clients’ operations.

Our commitment to our clients goes beyond simply responding to any current issues they face. We proactively consider what lies ahead to ensure that our clients are prepared to meet the ever-evolving data and technology landscape.

We are proud to say that our experience has resulted in a long line of successful outcomes for our clients.

Relevant Partners:

Our Experience

Litigation Risk and GDPR

  • Advising a leading reinsurance company on the impact of GDPR to both ongoing litigation and litigation risk.
  • Advising a US multinational of the impact of GDPR to the retention and storage of sensitive personal data in the context of threatened employer liability litigation.
  • Acting for a client in relation to a data breach by a former employee, including the assessment of the activity for the purposes of reports to An Garda Síochána (the Irish police) pursuant to section 19 of the Criminal Justice Act 2011, and anti-bribery and corruption issues.
  • Advising financial institutions, insurers, employers and occupational health professionals on data protection legislation in the context of ongoing litigation / claims.
  • Advising clients including financial institutions, third level institutions, statutory bodies and corporates on data access requests under data protection legislation.
  • Acting for an IT service provider in respect of a claim arising from a suspected data breach / hack.
  • Advising a leading Irish bookmaker in relation to privacy matters arising from CCTV in its betting shops.
  • Acting for national and multinational clients in applications in respect of the provision of data and in prosecutions before the District Court in respect of data security.

Crisis Management

  • Advising a leading Irish retailer on a significant data breach, including reporting obligations to regulatory authorities and potential civil claims.
  • Advising clients on investigations and assisting at “dawn raids” carried out by regulatory bodies such as the Revenue Commissioners and the Competition and Consumer Protection Commission.

Trade Secrets & Intellectual Capital vs Internal Data Risks

  • Acting for an international financial services client in relation to a data breach and confidential information disclosure by a former employee to include the crisis management of all facets of the data recall as well as coordinating the notifications to the Central Bank of Ireland, the Data Protection Commissioner and An Garda Síochána (the Irish police).
  • Acting for a financial institution in a claim for damages by an individual for alleged theft of confidential financial information perpetrated by a former employee.
  • Acting for a client in respect of an ex parte injunction application against a former consultant arising from the unlawful misappropriation of confidential information to a competitor company.
  • Advising a successful construction business in respect of urgent action arising from discovery of breaches of the company IT policies and confidentiality agreements by employees, including the removal of commercially sensitive company data from the premises and transferring same to third parties.


  • Leading a cross firm multi-disciplinary team in the delivery of a public inquiry for the Central Bank of Ireland.
  • Advising a sporting body in relation to ticketing matters arising out of the Olympic Games in Rio de Janeiro in 2016, to include advising the Executive Committee in relation to the Moran Inquiry, appearing before the Oireachtas Committee and general governance issues.
  • Advising a leading life insurer on the management of data in the context of an investigation by the Financial Services Ombudsman.
  • Assisting in the defence of criminal proceedings brought against a telecommunications client by the Data Protection Commissioner and the Commission for Communications Regulation.


  • Acting for an Irish plc in Commercial Court injunction and plenary proceedings arising from the sale of non-core assets. The case is one of the first in Ireland in which a springboard injunction was granted.
  • Acting for a government agency in relation to civil and criminal offences in terms of breaches of the Official Secrets Act (illegal taking of data from former employer) to include coordinating the reporting of matters to An Garda Síochána (the Irish police) and securing Anton Piller and related court orders.
  • Acting for a client in securing a Norwich Pharmacal Order against a telecoms provider to ascertain the source of abusive and defamatory electronic communications.
  • Obtaining emails from Yahoo! in the Irish High Court to ascertain the source of anonymous defamatory emails about people living in the UK.
  • Acting for a company in relation to the securing of ex parte interim reliefs against the Chief Technology Officer of a company in order to protect the company’s intellectual capital.
  • Dealing with individuals in respect of Mutual Legal Assistance Treaty (MLAT) requests and search warrants for hard and soft copy documents.
  • Applying and obtaining bank account information and fraudulent documents evidencing the transfers of money from an Irish bank to Italy and the UK.
  • Advising a multinational client on the execution of an international search warrant obtained under the Criminal Justice (Mutual Assistance) Act 2008, assisting at a “dawn raid” carried out by the Revenue Commissioners on foot of that warrant and managing the production of data seized
  • Advising social media platforms on the production of user data and information in compliance with Norwich Pharmacal Orders in defamation and intellectual property proceedings, including Quinn Industrial Holdings DAC v Facebook (Ireland) Limited and Montblanc Simplo GmbH v Facebook (Ireland) Limited.