Legal Operations need a standard way to assess the cyber-security of third party vendors, including law firms & technology providers, that according to CLOC. In a post-conference report by CLOC (Corporate Legal Operations Consortium), it was noted that legal operations’ knowledge of cyber-security is typically limited. They emphasised that when talking about corporate legal operations and cyber-security, it’s not only about data housed in the company itself, but also data that travels to third parties, such as external law firms.
As Legal Counsel, you are a key player in your company’s data protection processes. Whether you work alone or in collaboration with Compliance and Data Protection Officers, it is imperative you manage your company’s legal information to minimise legal risk created by cyber attacks and data breaches. Data breaches not only affect your company’s bottom line, but if regulators and shareholders find that you breached various fiduciary duties by not mitigating known data security risks, you may also be at risk of personal liability. Therefore, GCs need a clear understanding of what makes them vulnerable so they can mitigate their risks and avoid liability.
Data security is a growing focus for companies and it is no longer just an IT issue. According to a Legal Week Intelligence report, nearly 50% of General Counsel say planning for cyber-security incidents and responding to breaches is now part of their job – a figure that is likely to go up as the role of the GC expands as risk manager and advisory to the board. In a previous post we covered how GCs are increasingly viewed as leaders in the C-suite – and with that comes added pressure to take on a more proactive leadership role.
For legal departments large and small, effective document and information management is fundamental to their success. In-house lawyers need to be able to look up contract information, track your obligations, generate insights on risk and opportunities at the snap of a finger. Not to mention that legal department is in a unique position to set an example for the rest of the organization on best practices to ensure data protection compliance and security.