Sherman Deng

Practice Areas

SHERMAN’S PRACTICE FOCUSES ON DATA PRIVACY AND CYBERSECURITY COMPLIANCE.

Sherman is currently representing both domestic and multinational clients in bank finance, tourism, internet, manufacture industries on data governance, incident response and cross-border data transfer matters.

Career

Before joining the firm, Sherman was a VP & Senior Counsel of Marriott International. In his seven years at the company, Sherman handled several high-profile data and cybersecurity incidents. He played a leadership role in preparing and implementing the company’s cybersecurity-related compliance playbooks and policies, incident response plans, advising internal clients on MLPS, data localization and cross-border data transfer projects, setting up cross-functional cybersecurity teams, building privacy and cybersecurity baselines, and managing other aspects of privacy lifecycle in China. He also managed legal matters of Marriott’s digital partners, loyalty program and digital channels for China. He handled legal matters related to third party risk management, digital marketing, cloud computing, app security design life cycle (SDLC), e-commerce, data security and data analytics.

Before moving in-house at Marriott, Sherman had worked nearly ten years as an associate at White & Case LLP at its Shanghai and New York offices, with exposure to banking, pharmaceutical, biotech and e-commerce platform businesses.

Professional Memberships

Sherman is a director of Shanghai Information Network Security Administration Association.

Languages Spoken

-Chinese

-English

Experience

-Assisting a US-based Fortune 500 high-tech company in dealing with data breaches and law enforcement investigations related to bot attacks.

-Assisting a US-based Fortune 500 retail company in dealing with law enforcement investigations, administrative penalties and civil lawsuits related to data breaches.

-Assisting an overseas-listed Chinese private company in dealing with a data breach incident caused by a ransomware virus.

-Assisting a Japanese company in dealing with a data breach caused by APT.

-Assisted a number of foreign-invested consulting companies in dealing with cross-border data transfer issues, data localization issues and related rectifications.

-Assisted a number of international airlines in dealing with cross-border data transfer issues, data localization issues and related rectifications.

-Assisting a well-known fintech company in dealing with cross-border data transfer issues.

-Assisting a well-known US telecommunications infrastructure provider in dealing with cross-border data transfer issues, data inventory and related rectification.

-Assist several well-known international hotel chains to deal with cross-border data transfer issues, data localization issues and related rectification.

-Assisting a well-known American big device company in dealing with cross-border data transfer issues, data localization and related issues.

-Assisting a multinational energy company in Singapore in the cross-border transmission of important data.

-Assisting a well-known US media company in dealing with privacy issues related to cross-border data transfer and compliance.

-Assisting an OTA with app-related privacy issues. Assist this OTA to formulate an SOP to tackle App “name and shame” issues.

-Assisting a foreign-invested securities company in building a compliance system for the Personal Information Protection Act.

-Assisting a foreign-invested mutual fund in dealing with cross-border data legal issues.

-Assisted a leading US PC company with privacy, proprietary information and e-commerce issues.

-Assisted several multinational corporate clients with their privacy compliance programs and other e-commerce related issues.

-Represented sponsors in dealing with issues related to personal information protection and network security review on the overseas listing of a domestic EV company.

Education