Kuan's publications

Hon: Technology and Security for Lawyers and Other Professionals - the Basics and Beyond


My second solo book, published in June 2024: Technology and Security for Lawyers and Other Professionals - The Basics and Beyond (Edward Elgar), with Foreword by Phil Lee - Part I: Computing, hardware/software, data and programming, Part II Security, Part III: Communications, Part IV: Artificial intelligence and machine learning - please see the full Contents list (ElgarOnline version, scroll down)

My video presentation for EUDCN covers why I wrote the book, who it's for, etc.

(For reviews of this book, please scroll down; click this for my first solo book; or click this to see my other publications.)

Endorsements

‘Kuan’s encyclopedic knowledge of all things legal and technological never failed to impress me. I would challenge anyone to find a lawyer as conversant in technology and data privacy as Kuan. . . . If technology leaves you baffled, then don’t worry – that’s what this book is for. And if, like me, you have a greater understanding of technology, I can promise you this book will prove an invaluable reference.’
 – Phil Lee, Managing Director, Digiphile, UK

‘Once in a while, I come across a book I choose to keep as a reference. Such is the case with Dr. Hon’s book. Her aim to provide non-IT experts a grounding in IT/ICT concepts is overwhelmingly met with an exceptional breadth and depth of information that guides us through the complex world of information technology.’
 – Chantal Bernier (Wikipedia), Co-Lead, Dentons Global Privacy and Cybersecurity Group, Co-directrice, Groupe mondial sur la vie privée et la cybersécurité and former Commissioner at the Office of the Privacy Commissioner of Canada

‘Dr Kuan Hon has achieved a unique goal: she has managed to explain complicated technical notions in simple language, accessible to legal scholars at all levels, from lawyers to judges and law students. A must read for everyone interested in law and technology!’
 – Eleni Kosta, Professor of Technology Law and Human Rights, Tilburg University, the Netherlands

‘Dr W. Kuan Hon has a knack for distilling technical knowledge into simple and concise information. She has done it again in this comprehensive and accessible book on fundamental IT/ICT concepts, which even includes chapters on artificial intelligence and machine learning. This book is a valuable resource for lawyers and laypersons, as well as IT experts learning how to explain technical concepts in easily understandable language.’
 – Darren Grayson Chng, Regional Data Protection Director, APAC & MEA, Electrolux and Asia Advisory Board Member, International Association of Privacy Professionals

Reviews/Comments

'...the intended audience for this volume is busy professionals who probably have some existing exposure to technology and need to ‘get up to speed’ on some specific problem domain for a pressing matter, either a piece of research, a business negotiation, or litigation. For that purpose, the book works well... The foreword states that the author aims ‘to go one step beyond high-level’ and the book succeeds in that. Technologies are presented in sufficient detail to give the reader a little more than a basic understanding but complexities are generally acknowledged although not explored in depth. (Doing so would make the text much longer and more cumbersome.)... Overall, this is a very useful book which any busy professional who regularly finds themselves wondering how some new technology that they have just heard of but need to understand works should have to hand.'
- Rónán Kennedy, School of Law, University of Galway, in Society for Computers & Law, Dec 2024 (and I've fixed the code errors mentioned, see v1.1 of the companion PDF, mortified that I didn't spot them in the proofs!)

5-star reader review on Amazon.com, entitled 'Best resource I have found for lawyers seeking to understand technology!', and including '...other resources are often far too limited when discussing the technologies that are the subject of or affected by privacy/security/technology laws, regulations, disputes, and regulatory actions... This will help me increase the bridge of understanding I work hard to create with my IT colleagues. The AI chapters (in addition to Parts I and III) should be read also by anyone working in AI Governance. I have referred my in-house clients to this book, and I will continue to do so...'

'The intersection of law and technology demands a nuanced understanding of both domains, a challenge that Kuan Hon’s book ‘Technology and Security for Lawyers and Other Professionals: The Basics and Beyond’ adeptly addresses.
  Kuan Hon’s book serves as a beacon, illuminating the often-shadowed pathways of technology for those who possess a legal rather than technology background. It is a comprehensive foundational guide, meticulously crafted to demystify the intricacies of computing and cybersecurity.
  The book’s true brilliance lies in its ability to bridge the gap between the legal and technical realms, fostering a symbiotic understanding that empowers legal professionals to engage confidently with technology.
  The book’s structure is a testament to Kuan Hon’s pedagogical prowess, which was evident when working at Dentons. The book embarks on a journey through the core tenets of computing, commencing with an exploration of fundamental terminology, computing models and the binary language
that underpins the digital world. The subsequent chapters delve into the hardware and software that constitute the backbone of modern computing, elucidating their functions and interactions. Kuan Hon’s narrative style is akin to a seasoned mentor, patiently guiding the reader through the labyrinthine corridors of technology. Complex concepts are distilled into digestible nuggets, technical jargon is deftly deciphered and real-world examples are interwoven to anchor abstract notions in tangible reality.
  The book’s exploration of networking and the Internet is particularly noteworthy. Kuan Hon navigates the reader through the intricacies of IP addresses, networking protocols and the infrastructure that enables global communication. The chapters on the web, e-mail and mobile communications networks provide invaluable insights into the technologies that have become integral to all modern legal practices across the globe.
  The latter part of the book ventures into the burgeoning field of artificial intelligence (AI) and machine learning (ML). Kuan Hon’s exposition of AI terminology, paradigms and applications is both enlightening and thought-provoking. The chapters on data science and ML projects offer a glimpse into the future of legal practice, where AI- powered tools and technologies will play an increasingly prominent role.
  Throughout the book, Kuan Hon deftly interweaves security considerations, underscoring the importance of safeguarding data and systems in an increasingly interconnected world. The chapters on security risks, attack vectors and cryptography provide a sobering yet empowering perspective on the challenges and solutions in the realm of cybersecurity that senior practitioners, lawyers, academics, policy makers and post-graduate researchers will find invaluable.
  In a field characterised by rapid technological advancements, the book’s focus on foundational concepts ensures its relevance for years to come. By equipping legal and other professionals with a solid understanding of the underlying principles, Kuan Hon empowers them to adapt and evolve their knowledge and understanding within the ever-changing technological and security landscape.
  Moreover, the book’s emphasis on the legal principles that underpin security and technology use provides a robust framework for interpreting and applying laws and regulations across these domains. Kuan Hon’s insights into data protection, privacy, information governance and cybersecurity are particularly valuable, offering a bridge between the technical and legal dimensions of these crucial domains.
  In summary, ‘Technology and Security for Lawyers and Other Professionals: The Basics and Beyond’ is an indispensable resource for legal and other professionals seeking to gain a strong understanding of technology and security that will equip them to navigate the complexities of the digital age. Kuan Hon’s masterful blend of technical expertise, pedagogical finesse and legal acumen creates a book that is both enlightening and empowering. It’s a testament to the power of interdisciplinary understanding, a shining example of how knowledge can transcend boundaries and foster a more informed and secure future. From this perspective, the book is essential reading.'
- Ardi Kolah, Journal of Data Protection & Privacy Vol. 7, 1 114-115 (thanks to Ardi Kolah for permission to reproduce his kind review! Full disclosure: he also works at Dentons, but I've never worked with him.)

'...We would like to highlight this invaluable resource again! This comprehensive guide demystifies technology for non-technical professionals. The Author, with her background in both law and technology, expertly addresses common challenges and explains complex concepts clearly and concisely.'
- European Data Compliance Network (EUCDN), on LinkedIn

‘...the clarity and succinctness of the language and the range of topics covered in Technology and Security for Lawyers and Other Professionals means I'll be keeping hold of my review copy as a time-saving kicking off point and explainer for a long time to come. Highly recommended.’
 – John Leonard, in Computing, June 2024

LinkedIn comments include: ‘...I use it at least twice every working hour! Amazing...’, ‘...a great resource... Good stuff!!...’, '...This is such an important book - the 'one level down' approach is exactly what the experienced tech lawyer (but non-tech person) needs!', 'Wow. 541 pages of research and pure information. What a feat. Just what I need as a lawyer in Tech', 'A must buy for sure!...', 'Please take a quick peek at Dr W Kuan Hon’s book and consider getting it for your company! I’ve worked with her and highly recommend!!!...', '...You are a star. All best wishes you make the best seller lists. It’s about time a work like yours did !', '...Great content for #Data, #Security and #AI #lawyers and #compliance professionals...', '...Recommended reading for all those legal, DPO & GRC professionals out there looking to improve their understanding of the technical side of things...', 'Your book is excellent...', 'This book has become my go-to guide for navigating the complexities of technology. From the comprehensive list of abbreviations to the clear explanations of tech concepts like encryption, web security, artificial neural networks, and many many more, it truly demystifies the tech world for me. Having it on my phone means I have this invaluable resource at my fingertips wherever I go. Highly recommended!'
Kuan Hon, Data Localization Laws and Policy,

My first solo book: Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens (Edward Elgar, 2017), with forewords by Rosemary Jay and Christopher Kuner, and including discussion of the EU General Data Protection Regulation and the EU-US Privacy Shield. Available as an ebook via e.g. Google Play (around £20), and in hardcover format (see the publisher's page for details of both).

Endorsements

‘It should be read by every data protection supervisory authority and law-maker in Europe.’
 – Rosemary Jay, Author, Data Protection Law and Practice

‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
 – Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law

‘Displaying great originality and rigour, this book makes the case that location-based personal data protection should have that “Frankenrule” replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.’
 – Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK

Reviews

Not a review as such, but I understand Roger Bickerstaff kindly mentioned my book in his SCL Annual Conference 2020 talk on data localization - thank you Roger!

'...W Kuan Hon’s Data Localization Laws and Policy represents an excellent example of how an academic title – which often goes at length on a serious topic – may maintain the balance between a remarkable degree of engagement and an objective, accurate, structural, and sometimes technical narrative... Data Localization Laws and Policy represents a significantly well-researched and highly accessible monograph that provides important and timely observations on the EU’s data localisation law and policy. Researchers, policymakers, data protection authorities and officers, and indeed anyone interested in the legal issues surrounding cross-border data flows will find the comprehensive coverage and in-depth analyses of the book significantly helpful in deciphering the complex legal and political picture.'
- Jiahong Chen, Script-ed Volume 17, Issue 1, January 2020

'...an essential guide... a fundamental resource... The author smoothly guides the reader through intellectually challenging problem areas in a way that is comprehensive without sacrificing nuance, whilst at the same time incorporating academic, business, and political issues in a manner that consistently incorporates them throughout in the context of how personal data is transferred and processed on a transnational basis... can be considered a practical accomplishment that helps to create a vital interlinkage between the legal and academic world that is not always obvious, but also, she has done it in a way that provides vision in the often foggy landscape occupied by substantive legal and technical issues that are at the forefront of the constrained debate that is data localization ...an unrivalled level of accessibility to the table, whereby explanations are technical enough to satisfy those in academia and practice, but also, are succinct enough to take it beyond the niche of specialists. It is a text which exerts a key quality often missed in books of this nature and it is refreshing to see that intellectual stimulation and practical accessibility are two compatible concepts which can coexist... It brings the most important matters to the forefront and encourages users to think beyond the present and towards the future implications of legal barriers to the free interchange of personal data globally. This book should for essential reading to anyone interested in data localization laws and policy generally, but also, those who wish to explore the technical rules and regulations on how to protect personal data that is transferred and processed on the global Internet...'
- Daniel Davenport, European Journal of Law & Technology (EJLT), Vol 10, No. 2, 2019

'...As Dr. W. Kuan Hon convincingly argues in her book Data Localization Law and Policy, the “location fixation” is fundamentally at odds with the complex web of relationships involved in cloud computing technology... The author thus aptly calls the Restriction a “Frankenrule”, evoking the idea of a monster that has taken life on its own and may serve policy purposes going beyond that for which it had been conceived (e.g., trade protectionism)... The author should be given credit for starting a very important discussion on the responsibilities of mere infrastructure providers, though the solution offered – that those providers be qualified as neither controllers nor processors- appears less convincing from an exegetical perspective... this book provides food for thought with a valuable and comprehensive picture of data protection law and policy issues in relation to cross border data transfers.'
- Nicolo Zingales, Computer Law & Security Review, Volume 34, Issue 5, October 2018, Pages 1175-1176

First review in a French journal!:
'On signalera cet ouvrage de dimension essentiellement pratique qui couvre de très nombreux aspects de la circulation des données considérées au sens large (pas seulement les données à caractère personnel mais également l'ensemble des données protégées, y compris pour des motifs purement publics, de type «sécurité»)... L'intérêt principal de l'ouvrage est sa capacité à rendre compte des différentes facettes du phénomène selon un plan analytique...'
 – Jean-Sylvestre BERGÉ, Journal du Droit International (Clunet), Avril-Mai-Juin 2018 no 2/2018

'...she has weaved together an informative narrative that takes the reader on a journey from the legislative history behind data protection through to mechanisms and derogations, and compliance and enforcement. But it is not a heavy-going read and the advice is practical and realistic, rather than legalistically prescriptive... It's not just CIOs and the burgeoning army of data protection officers who ought to have a copy of this book displayed prominently on their shelves, but also that equally burgeoning army of lawyers working in the field... we'd advise every CIO not just to get their hands on a copy, but to make sure they get the hardback version...'
Graeme Burton, Computing, 28 Feb 2018

'...provides a thorough analysis of the law and highlights the absurdity of rules which use physical location as a shorthand for data security, while ignoring the impact of encryption, remote access, and cloud computing... Punchy, timely and opinionated.'
 – (2017) Top must-reads: the editorial team choices, Journal of Cyber Policy, 2:3, 405-407, DOI: 10.1080/23738871.2017.1406185 (published Nov 2017, open access until the end of 2017)

'...Overall this volume represents an accessible, comprehensively researched and thorough in-depth analysis which focuses on what has become an extremely important, but perhaps to date under-studied, aspect of the European data protection framework. It is a title in an area of law that, at the time of writing, is lacking in high-quality legal scholarship, which will be of course be highly pertinent to both students and researchers of data protection law, but is likely also to pique the curiosity of those interested in IT law, international commercial law, computer science and regulation more broadly.'
 – Henry Pearce, Computer and Telecommunications Law Review, (2017) 23 C.T.L.R., Issue 7, p.185-186

'...To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review...one of the strengths of the book is the balance which is found in dealing with the (old) Data Protection Directive (which is not dead yet and will have a considerable after-life) and the incoming GDPR...' See full review.
Laurence Eastham, Society for Computers & Law, July 2017

'...This book which is partly a legalistic discussion about terms and concepts is however very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.' See full review (PDF).
 – Laura Linkomies, Privacy Law & Business International Report, issue 147, June 2017


For my blog, please see Kuan0's blog; for other books, see the right sidebar.  Also see my blogs/articles on LinkedIn and my papers on SSRN.

Go direct to numbered provisions of:
  • GDPR - gdprinfo.info (precede with a for article, r for recital, c for chapter e.g. a28.3, r26)
  • EU AI Act - bit.ly/eu-aiact (use number only for article, precede with r for recital, a for annex, c for chapter)


Selected recent or forthcoming publications are listed below: