Steve Tan ’98: The Digital Age Tech Man

In an age where everything digital matters, Steve Tan ’98 had shown foresight in leading the charge into this new terrain. He co-founded Rajah & Tann Technologies (RTT) and Rajah & Tann Cybersecurity (RTC), and is the deputy head of the technology, media and telecommunications practice at the Singapore office of Rajah & Tann Asia (RTA). He is also an Adjunct Professor at NUS Law, teaching the course Privacy and Data Protection Law. RTA is also a co-presenter with Meta for the Metaverse Conference organised by the Centre for Technology, Robotics, Artificial Intelligence & the Law (TRAIL) on 20 September 2022.

Professor David Tan has a chat with Steve about his work, what keeps him up at night and what he does for fun.

There is a lot of talk about the metaverse today. What is your part in all of this?

The economy has significantly transformed itself over the last decade by becoming a digital economy. During this time, I have been assisting organisations in their technological transformation and providing legal services curated for the digital economy. Together with my team, I have been at the vanguard of legal work in this challenging but inspirational area of expertise. I am constantly on the lookout for the next evolution or technological development, which would require innovative application of legal skills to greenfield areas of legal work.

The metaverse brings about a new paradigm of business activities for organisations, and requires lawyers to re-think the adequacy or otherwise of existing laws. It is an exciting and challenging area for legal consideration with a whole series of issues touching property law, intellectual property, data privacy, competition law, tax, jurisdictional concerns, to name a few. I’m excited to be speaking more about this at TRAIL’s Metaverse Conference in September. Some points for analysis include rationalising the regulation of NFTs, trademark use in the metaverse, and whether an avatar should be treated as a data subject.

Hence, the metaverse does provide lots of fodder for legal assistance and consultation, and I look forward to assisting organisations in dealing with these issues, with a view to facilitating their conduct of business on various metaverse platforms.

What’s your role in the setting up of Rajah & Tann Technologies (RTT)? What does RTT do that a traditional law firm does not do?

I am a co-founder of RTT. The other co-founder is Rajesh, my fellow partner at the law firm. From my perspective, the setting up of RTT is consistent with the vision of constant innovation and seeking to provide value to our clients. The services offered by RTT help our clients navigate the digital economy as they transform themselves technologically. These services also assist lawyers and inhouse legal teams to leverage on legaltech solutions in undertaking legal work, bringing to the fore significant value and efficiencies. RTT has 4 business pillars, namely e-discovery and investigation services, cybersecurity, learning management & content development, and legal engineering & innovation labs.

Shortly after co-founding RTT, I co-founded Rajah & Tann Cybersecurity (RTC). RTC houses the cybersecurity business of RTT.

RTT and RTC are staffed by individuals who are experts in their respective areas of expertise. Some staff may come from a legal training background while others may not. For example, the cybersecurity business is staffed by technical cybersecurity experts; the e-discovery and investigation services business is in the main staffed by individuals with prior legal training. The value proposition that we can bring to our clients is immense with this combination of legal and technical expertise.

The setting up of RTT and RTC to me, is the harbinger of transformation in the legal industry. The legal industry is not immune to change and it has to embrace changes brought about by the digital economy. I am honoured and excited to be at the forefront of this paradigm shift.

What keeps you up at night?

Though there has never been a dull moment, good project management has allowed me to be able to have adequate rest, at least for most nights. That said, we cannot discount the reality of a digital economy where organisations’ key assets are likely to be digital data, much of which would be personal data. In such an environment, it is only a question of when, before an organisation suffers a data breach.

It is not uncommon for me to be activated to deal with a data breach and arising from mandatory data breach notification regimes in many countries including Singapore, plus the need to contain a data breach swiftly, it requires rapid action in handling a data breach. That means intensively dealing with the data breach during the initial 72 hours from activation, which understandably can keep one up at night. It does not help that threat actors tend to time, purposefully I must say, their attacks during periods when they know the organisation least expects it or is least on alert, which typically would be outside of office hours, or during weekends and public holidays.

Did law school prepare you for any of what you are doing now?

Apart from the usual TMT (Technology, Media and Telecommunications) work that I conduct as a practising lawyer, I undertake a lot of work revolving around data protection, data privacy and cybersecurity. During my time as a law student at the faculty more than 23 years ago, there was no module on data privacy or data protection. The economy was not a digital one as well and it would hence not to be fair to equate the lack of a subject module touching on one’s current area of work, with the law school not preparing one for one’s legal work in present day. What is comforting to see is that the law school evolves with the times and is sensitive to the realities of present day issues and developments. That explains why I am teaching the Privacy & Data Protection module at the law school at this point in time.

Competency in legal issues/topics revolving around the digital economy is partly achieved through hands on work with organisations that are providing innovative products and services relevant to the digital economy. The law school’s programme to leverage on private practice legal practitioners who handle such work in a commercial setting, to teach corresponding law modules is laudable and should continue. For example, students to the Privacy & Data Protection module that I teach will have the opportunity to obtain not only an academic download of the legal issues of the topic, but also benefit from my practice perspective and sharing during my classes.

What do you do for fun?

That’s a very subjective question and one that can evolve with my age. Fun to me is conceiving new legal services and seeing such services being appreciated and valued by clients. Fun is nurturing and growing RTT and RTC from their state of infancy, and embracing the challenges that come their way. Equally fun is being able to find some downtime to watch a good TV show or movie on one of the OTT platforms; or catching up with friends over a delectable epicurean meal. [David: And Steve loves a good hearty meal, especially when there is crispy roast pork!]