General counsel to take on added responsibility

By Emma Ryan|09 January 2017

Originally published in Corporate Counsel, David Remnitz from Ernst & Youngs global forensic technology and discovery services practice and Timothy Ryan, an Ernst & Young principal in cyber investigations and forensic technology, said general counsel are increasingly becoming the go-to people for handling matters arising from data breaches.

“We are seeing chief legal officers and GCs involved as the nucleus, including the chief information officer, the chief risk officer in some instances, often a chief information security officer, and all the way up to the board of directors, along with outside counsel,” Mr Remnitz said.

“In breach response, like any action that carries the possibility of litigation, general counsel better be involved,” added Mr Ryan.

“I frequently say that you can either work on preparing for a breach or you can wait for one to happen, but on breach day you will be enmeshed. Unlike the old days, there is no way that a GC cannot be involved in a breach response,” he said.

Commenting on current trends in cyber security, Mr Ryan said Ernst & Young is seeing an increased awareness of “insider threats”.

“[These are] risks brought by employees, contractors and trusted partners who are misusing information or taking information through inappropriate means for inappropriate purpose,” he said.

Advertisement
Advertisement

“And we are seeing increased hacking by external groups: defacing or disabling public websites, or stealing information of value, such as medical records, intellectual property information and financial data.”

Mr Ryan noted that the company is also seeing larger breaches coming off the back of smaller, unmitigated incidents.

“There are often a series of small steps that go back months or years when the company saw something that needed fixing and it didn't get fixed,” he said.

“Regulators are constantly looking at how companies prepare for a breach.

“A breach alone is not a scarlet letter [to regulators], but failing to prepare for one is. And we're seeing that board members are increasingly concerned about not only risk to the company but also personal liability.”

General counsel to take on added responsibility
Intro image
lawyersweekly logo
Corporate Counsel

latest

Leave policies for women’s health: An undue workplace advantage, or a way to combat lost productivity?

Infrastructure Capital Group acquires Enwave Australia

President of Republic of Singapore appoints Australian international judge

Law least likely to invest in security and password protection