Sonia Cheng

Sonia Cheng is a trusted leader in FTI Technology’s Information Governance, Privacy & Security practice with more than two decades of experience navigating high-stakes regulatory challenges and crisis events. Ms. Cheng possesses unique insights at the intersection of compliance and data, including data breach response, privacy, e-discovery, legacy systems, records management and the application of artificial intelligence and analytics to mitigate risk and reduce costs.

Ms. Cheng’s diverse, hands-on experience enables her to solve clients’ most pressing challenges, helping them establish trust and achieve transformation in information governance. Having led numerous complex multijurisdictional matters, she approaches every challenge with pragmatic strategies tailored to achieve impactful and lasting results. Ms. Cheng is also adept at leveraging analytics and AI to support incident response for data breaches, complex data crises and data compliance initiatives.

Prior to FTI Technology, Ms. Cheng led the IG practice at IBM, where she oversaw global transformation programmes, including the implementation of legal hold, records management, data mapping and machine-learning-based data classification and remediation solutions. She has held consulting leadership, product strategy, marketing, technical delivery and project management roles at PSS Systems, Wells Fargo, Citigroup and Morgan Stanley.

Additionally, Ms. Cheng holds a patent in IT storage optimisation and co-founded a Silicon Valley nongovernmental organisation. She is a published thought leader and a globally recognised expert, honoured as a Who’s Who Legal Digital and Data expert and recipient of Consulting Magazine’s Excellence in Client Service award.

Relevant Experience:

• Oversaw a General Data Protection Regulation assessment and implementation for a global healthcare firm to address privacy and security gaps
• Led a vast data identification and remediation exercise for a manufacturing client’s multinational acquisition; designed and implemented defensible methodologies, including the use of AI to meet merger clearance requirements set by the European Commission
• Spearheaded a high-profile breach response for a technology firm; conducted in-depth analysis to identify categories of personal and sensitive data in compliance with European Union and U.S. notification laws; designed and implemented an approach combining machine learning and managed review to meet regulatory obligations
• Led a critical life sciences industry breach response involving multiple terabytes of complex data, including Microsoft 365 and databases; leveraged AI to rapidly assess and extract personally identifiable information and personal health information, ensuring compliance with numerous laws across more than 60 jurisdictions; delivered results within an accelerated timeframe, safeguarding seamless operations and preventing disruption to a multibillion-dollar transaction