find the latest legal job
Corporate/Commercial Lawyers (2-5 years PAE)
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Specialist commercial law firm · Long-term career progression
View details
Graduate Lawyer / Up to 1.5 yr PAE Lawyer
Category: Personal Injury Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Mentoring Opportunity in Regional QLD · Personal Injury Law
View details
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Full time · Join a leading Adelaide commercial law firm
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Sydney NSW
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Melbourne VIC
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house lawyers fight the data breach threat

In-house lawyers fight the data breach threat

DATA BREACHES: Firms are becoming more

security aware

In talking data breaches, it’s difficult to ignore the horror stories. Millions of consumers globally have fallen victim to lost customer records – whether through malicious activity or human error – leaving their identities at the mercy of wherever the data leaked.

If recent research into the issue is anything to go by, then consumers and businesses alike have cause for concern.

According to a survey of 156 organisations with more than 100 employees by Bread and Butter Research on behalf of Symantec, more than 80 per cent had experienced some form of data breach.

It’s a problem that has progressed through the evolution of technology, and one that is being addressed through proposed privacy reform.

The changes may mean yet another piece of regulation that will need the attention of not just the executive board, but their legal, technology, risk and human resources departments.

For the in-house lawyer this process may mean some necessary bonding with IT, HR and the risk manager.

Although the risk of a data breach has increased with the evolution of technology, Andrew Walls, research director at Gartner, says the basic threat of data loss has been the focus of security efforts for hundreds of years. As such, basic business practices have naturally evolved that embed security concepts into routine work processes.

“This process may be as simple as using a locked file drawer for highly confidential papers,” he says.

It sounds simple, but for data spreading far beyond the hard copy, how does good security sense translate to protecting against hacked systems, human error, malicious activity and the portability of electronic information?

Ultimately it is up to the executive team of an organisation to ensure their business is doing as much as possible to reduce the risk of data loss. The consequences of such a loss mean the in-house lawyer, with or without representation on the board, may well find their role adapting to preparing for the potential risks, and dealing with the price of any breach, as dictated by privacy reform.

Walls believes in-house lawyers won’t necessarily be involved in the day to day management of data prevention with the proposed privacy reform, but may well find a greater role in dealing with the consequence of a leak, to manage the legal impact of disclosing – or not disclosing – the breach.

Walls says that in-house lawyers will not be able to offer effective advice to their employers if they are not conversant with, and frequently using, the technology platforms on which their organisations depend. He offers a simple solution for lawyers: take their technology counterparts out to lunch and ask them to share their darkest fears on data loss.

“This discussion will not develop in a lawyer a deep understanding of the technology involved, but it will build a basic understanding of the level of actual control that is currently in place to manage data security and the level of residual risk to which the enterprise is exposed,” he says.

According to James Moore, special counsel at Mallesons, dealing with the prevention – and any clean-up – of a data breach will be one of many issues in-house counsel will need to manage. He doesn’t believe the background and experience that ensures a successful in-house lawyer will change, but that they may find themselves working in more cross-functional teams to deal with the risk.

“Parts of the response to privacy issues may involve technical solutions,” says Moore. “However, it is not necessary to be expert in all facets of a technological solution to understand that it its part the response.”

Steve Martin, mid-market manager at Symantec, agrees that the legal department should be getting more familiar with the IT department and the breakdown of technology, to be able to effectively advise on just what data needs to be protected by their company, and what policies and processes will be defined to mitigate the risks of a breach.

“It is usually only when something goes wrong that the legal department becomes involved – which is usually too late,” says Martin.

Breaking down communication barriers between departments might be necessary, says Martin, meaning the elimination of technical jargon from the IT department, and the simplification of legalese communicated by lawyers.

Martin finds that while most people understand the risks of data loss and its consequence, few have any idea about how to alleviate such risk. “So risk managers need to leverage the expertise of lawyers, IT staff and line of business managers to discover where confidential data resides, monitor how it is being used and develop a protection strategy to best prevent the loss of this data,” he says.

In-house lawyers will play their role, but, ultimately, the effectiveness of data prevention strategies will come down to the ability of all business managers to ensure end-users take note of policies, procedures and technology. Walls says: “Data loss is minimised through good people management and minimisation of the amount and type of data being managed.”

But lawyers will still be relied upon to do what they do best: clarifying the legal obligations for data loss prevention and ensuring regulatory and contractual obligations are in line with industry standards.

>> For the latest news, views and analysis of issues affecting in-house lawyers, check out Lawyers Weekly's dedicated in-house site

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

In-house lawyers fight the data breach threat
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Jackie Rhodes
Dec 12 2017
Report sheds light on LGBTQI inclusion in law firms
A recent report has revealed the varying perceptions on LGBTQI diversity and inclusion in the Austra...
Women in business
Dec 12 2017
Annabel Crabb headlines Women in Business Forum
Political journalist Annabel Crabb has appeared at the Coleman Greig Lawyers Women in Business Forum...
Dec 11 2017
Warm welcome for new district court judges
Three practitioners who were appointed as district court judges in WA have been congratulated by ...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...