Founder & Principal

James Patto

As Founder and Principal of Scildan Legal, James brings over a decade of experience advising on privacy, cyber, AI and complex technology matters across government and industry.

Specialisations:

Digital Law
Strategic Supply & Procurement
Privacy & Data Protection
Cybersecurity
Security of Critical Infrastructure
Artificial Intelligence and New Tech
Intellectual Property and Structuring
Tech and Data issues in M&A
General Commercial

Education:

Admitted to Practice - Victorian Supreme Court & High Court
Legal Practice Management Course, Leo Cussen
Graduate Diploma in Legal Practice, College of Law
Bachelor of Laws (First Class Honours), Monash University
Bachelor of Commerce(Finance) (Dean's commendation), Monash University

Awards/Achievements:

LinkedIn Top Voice in relation to cyber, privacy, data and IT outsourcing law

James is the Founder and Principal of Scildan Legal, and a leading adviser on privacy, cyber, AI and complex technology law. With over 12 years of experience, he has advised a broad range of clients across sectors, including established corporates, fast-growing technology companies, digital service providers, and government agencies.

Before founding Scildan, James led PwC Australia’s Digital Law team in Melbourne and was a Partner at both Hamilton Locke and Helios Salinger. He is known for combining deep technical expertise with commercial judgement to help clients navigate legal and regulatory complexity with confidence.

James works closely with in-house teams, executives and founders on issues including digital transformation, technology procurement, data governance, software licensing, and the legal aspects of product design and growth. His sector experience includes technology, health, financial services, education, defence and critical infrastructure.

He is a recognised expert in privacy, cyber security and AI regulation, advising clients on privacy-by-design, incident response, regulatory compliance (including the Privacy Act, Spam Act, SOCI Act and industry specific cyber and data regulations), and emerging governance frameworks for AI and algorithmic systems. His work regularly involves supporting internal uplift programs, managing regulator engagement, and advising on digital risk at the board and executive level.

A LinkedIn Top Voice in AI, cyber and digital law, James is also a sought-after speaker and commentator featured by ABC, ACS Information Age, MLex and Capital Brief. Through Scildan Legal, he is building a modern, values-led firm that supports clients not just to manage risk, but to lead with confidence in a complex, connected world.

‍

Key Matters

Assisted various clients in managing all aspects of cyber security incidents, including advising on regulatory obligations across multiple jurisdictions, assessing and managing contractual impacts (such as cyber insurance coverage and third-party liabilities), conducting forensic and legal analysis of affected systems and data, and coordinating legal counsel in various jurisdictions to ensure a cohesive response.
Advised critical infrastructure asset owners on compliance with the Security of Critical Infrastructure (SOCI) Act, including enterprise-wide compliance audits, stakeholder workshops to identify critical assets, and obligation mapping based on organisational roles. Work included developing strategic compliance roadmaps, assessing impacts on operational and contractual frameworks, and renegotiating outsourcing arrangements to strengthen supplier resilience and align with new governance obligations.
Advised clients across multiple sectors on privacy and cyber security risks in procurement and product development, including conducting risk assessments, identifying vulnerabilities, and providing mitigation strategies. Delivered Privacy Impact Assessments and regulatory compliance reviews aligned with Australian and international privacy laws. Also led privacy and cyber maturity assessments, offering strategic recommendations to uplift governance frameworks and address compliance gaps.
Advised on AI governance and regulatory compliance, including the development of policies for the use, development and procurement of Artificial Intelligence (AI) and Generative AI technologies. Work included strategic advice on ethical principles, risk management, and responsible deployment, as well as advising on procurement of AI solutions to ensure alignment with legal and operational requirements. This included supporting a global financial services provider on privacy, intellectual property and regulatory issues relating to AI-driven big data models and algorithmic credit assessments.
Advised a diverse range of clients, including Australian government departments, the Government of Tuvalu, Toll, Cathay Pacific, Fung Group, CPA Australia, Powercor, Medibank, and SEEK, on major outsourcing and system procurement arrangements. This included negotiating complex agreements with leading technology vendors such as GoDaddy, Salesforce, IBM, DXC, Microsoft, Oracle, SAP, Cisco, Infosys, Accenture, Dimension Data, Wipro, TCS, and Deloitte, ensuring favourable terms, risk mitigation, and alignment with regulatory and operational requirements.
Advised a range of major corporates on complex transactions involving technology, procurement, and data issues. This included supporting Telstra on its enterprise-wide restructure and procurement due diligence; advising Port of Melbourne Corporation on IT contract separation and transition during its $9.7 billion privatisation; and drafting transitional service agreements for the sale of Asaleo Care’s consumer tissue business. Also acted for Spotless on the launch of its smart metering business, including regulatory, contractual, privacy and data security advice. Conducted IT, IP, cyber and privacy due diligence for an ASX200 company acquiring a global workforce management provider, and advised clients including Accenture, Zurich, CSIRO, Jemena and others on technology, IP and privacy risks across multiple transactions.
Advised clients across the health, energy, logistics and technology sectors on complex intellectual property structuring, licensing and commercialisation. This included advising GSBN on IP arrangements for its blockchain-enabled Global Shipping Business Network; supporting Ayata IQ on international patent and copyright licensing for powertrain technology; and assisting Melbourne Health with commercialisation and go-to-market strategy for pharmaceutical software. Also advised on IP ownership and collaboration issues in web health platform development, and prepared intra-group licensing and services agreements to support global transfer pricing and brand strategies.
Acted for a range of technology suppliers on the negotiation of SaaS and enterprise technology contracts with government and corporate customers. This included advising Optus on multiple commercial arrangements, including variation of a $1 billion Global Network Service Agreement with ANZ Bank; negotiating supply contracts for Varian Medical Systems and its complex SaaS solution for Peter MacCallum Cancer Centre; and supporting Eftsure on SaaS agreements with ASX100 and government customers, including partnership and distribution arrangements. Also advised a range of start-up and scale up businesses such as LookedAfter on go-to-market strategy, privacy compliance, and documentation for SaaS offerings, and assisted Amazon Web Services in negotiating Enterprise Agreements with major public and private sector clients across the Asia-Pacific.