find the latest legal job
Senior Associate - Litigation & Dispute Resolution
Category: Litigation and Dispute Resolution | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Come work for a firm ranked in Lawyers Weekly Top 25 Attraction Firms
View details
Associate - Workplace Relations & Safety
Category: Industrial Relations and Employment Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Employer of choice · Strong team culture
View details
Freelance Lawyers
Category: Banking and Finance Law | Location: All Perth WA
· Freelance opportunities through Vario from Pinsent Masons
View details
Freelance Lawyers
Category: Other | Location: All Adelaide SA
· • Qualified lawyer with a strong academic background
View details
Freelance Lawyers
Category: Other | Location: All Melbourne VIC
· • Qualified lawyer with a strong academic background
View details
In-house lawyers fight the data breach threat

In-house lawyers fight the data breach threat

DATA BREACHES: Firms are becoming more

security aware

In talking data breaches, it’s difficult to ignore the horror stories. Millions of consumers globally have fallen victim to lost customer records – whether through malicious activity or human error – leaving their identities at the mercy of wherever the data leaked.

If recent research into the issue is anything to go by, then consumers and businesses alike have cause for concern.

According to a survey of 156 organisations with more than 100 employees by Bread and Butter Research on behalf of Symantec, more than 80 per cent had experienced some form of data breach.

It’s a problem that has progressed through the evolution of technology, and one that is being addressed through proposed privacy reform.

The changes may mean yet another piece of regulation that will need the attention of not just the executive board, but their legal, technology, risk and human resources departments.

For the in-house lawyer this process may mean some necessary bonding with IT, HR and the risk manager.

Although the risk of a data breach has increased with the evolution of technology, Andrew Walls, research director at Gartner, says the basic threat of data loss has been the focus of security efforts for hundreds of years. As such, basic business practices have naturally evolved that embed security concepts into routine work processes.

“This process may be as simple as using a locked file drawer for highly confidential papers,” he says.

It sounds simple, but for data spreading far beyond the hard copy, how does good security sense translate to protecting against hacked systems, human error, malicious activity and the portability of electronic information?

Ultimately it is up to the executive team of an organisation to ensure their business is doing as much as possible to reduce the risk of data loss. The consequences of such a loss mean the in-house lawyer, with or without representation on the board, may well find their role adapting to preparing for the potential risks, and dealing with the price of any breach, as dictated by privacy reform.

Walls believes in-house lawyers won’t necessarily be involved in the day to day management of data prevention with the proposed privacy reform, but may well find a greater role in dealing with the consequence of a leak, to manage the legal impact of disclosing – or not disclosing – the breach.

Walls says that in-house lawyers will not be able to offer effective advice to their employers if they are not conversant with, and frequently using, the technology platforms on which their organisations depend. He offers a simple solution for lawyers: take their technology counterparts out to lunch and ask them to share their darkest fears on data loss.

“This discussion will not develop in a lawyer a deep understanding of the technology involved, but it will build a basic understanding of the level of actual control that is currently in place to manage data security and the level of residual risk to which the enterprise is exposed,” he says.

According to James Moore, special counsel at Mallesons, dealing with the prevention – and any clean-up – of a data breach will be one of many issues in-house counsel will need to manage. He doesn’t believe the background and experience that ensures a successful in-house lawyer will change, but that they may find themselves working in more cross-functional teams to deal with the risk.

“Parts of the response to privacy issues may involve technical solutions,” says Moore. “However, it is not necessary to be expert in all facets of a technological solution to understand that it its part the response.”

Steve Martin, mid-market manager at Symantec, agrees that the legal department should be getting more familiar with the IT department and the breakdown of technology, to be able to effectively advise on just what data needs to be protected by their company, and what policies and processes will be defined to mitigate the risks of a breach.

“It is usually only when something goes wrong that the legal department becomes involved – which is usually too late,” says Martin.

Breaking down communication barriers between departments might be necessary, says Martin, meaning the elimination of technical jargon from the IT department, and the simplification of legalese communicated by lawyers.

Martin finds that while most people understand the risks of data loss and its consequence, few have any idea about how to alleviate such risk. “So risk managers need to leverage the expertise of lawyers, IT staff and line of business managers to discover where confidential data resides, monitor how it is being used and develop a protection strategy to best prevent the loss of this data,” he says.

In-house lawyers will play their role, but, ultimately, the effectiveness of data prevention strategies will come down to the ability of all business managers to ensure end-users take note of policies, procedures and technology. Walls says: “Data loss is minimised through good people management and minimisation of the amount and type of data being managed.”

But lawyers will still be relied upon to do what they do best: clarifying the legal obligations for data loss prevention and ensuring regulatory and contractual obligations are in line with industry standards.

>> For the latest news, views and analysis of issues affecting in-house lawyers, check out Lawyers Weekly's dedicated in-house site

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

In-house lawyers fight the data breach threat
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
High Court overturns ‘excessive’ anti-protest legislation
Bob Brown’s recent victory in the High Court over the Tasmanian government was a win for fundament...
Changes to Australian citizenship laws blocked
Attempts to beef up the requirements to obtain Australian citizenship were thwarted this week, after...
Lawyers warn against mandatory sentencing measures amid political jeers
Mandatory sentencing has become a topic for politicians on both sides of Federal Parliament to jostl...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...