CLOC: Legal Operations need to assess vendors’ cybersecurity

posted in Cybersecurity, General Counsel

Legal Operations need a standard way to assess the cyber-security of third party vendors, including law firms & technology providers, that according to CLOC. In a post-conference report by CLOC (Corporate Legal Operations Consortium), it was noted that legal operations’ knowledge of cyber-security is typically limited. They emphasised that when talking about corporate legal operations and cyber-security, it’s not only about data housed in the company […]

Creating an effective data breach management plan to reduce risk

posted in Cybersecurity, Data Privacy, General Counsel, Legal Risk Management

According to a recent ACC survey, 70% of CLOs rate protection of corporate data and managing data breaches as an extremely or very important issue to address over the next 12 months. What’s more, 27% had experienced a data breach at their organisations within the past two years, up from 23% in the previous year’s survey. Of course, with an […]

How legal counsel can help identify data breach vulnerability and limit liability

posted in Cybersecurity, Data Privacy, Legal Risk Management

As Legal Counsel, you are a key player in your company’s data protection processes. Whether you work alone or in collaboration with Compliance and Data Protection Officers, it is imperative you manage your company’s legal information to minimise legal risk created by cyber attacks and data breaches. Data breaches not only affect your company’s bottom line, but if regulators and […]

The growing role of the GC in preventing data breaches – being proactive, not reactive

posted in Cybersecurity, Data Privacy, General Counsel, Legal Risk Management

Data security is a growing focus for companies and it is no longer just an IT issue. According to a Legal Week Intelligence report, nearly 50% of General Counsel say planning for cyber-security incidents and responding to breaches is now part of their job – a figure that is likely to go up as the role of the GC expands […]

What in-house lawyers need to know about data protection impact assessments (DPIA)

posted in Compliance Management, Cybersecurity, Legal Risk Management

As the deadline for complying to GDPR looms, many in-house lawyers are asking “Do I need to conduct a DPIA?”. Art. 35 GDPR introduces the data-protection impact assessment (DPIA) as a new instrument in your data protection toolkit. A DPIA serves to identify and evaluate risks within an organizations processes and systems, in order to keep the privacy of data […]

How ineffective legal information management is leaving you burdened (and putting the business at risk!)

posted in Cloud technology, Cybersecurity, General Counsel, Legal Risk Management, Legal Technology

For legal departments large and small, effective document and information management is fundamental to their success. In-house lawyers need to be able to look up contract information, track your obligations, generate insights on risk and opportunities at the snap of a finger. Not to mention that legal department is in a unique position to set an example for the rest of the […]

Equipping your legal department for the next cyber-attack

posted in Cloud technology, Cybersecurity

As many of us returned to work today we read news of the latest global ransomware attack that has impacted computers around the world. (Latest numbers estimate as many as 200,000 companies effected in over 150 countries, and growing!) According to experts, it appears that the malicious software entered companies when employees clicked on email attachments, then spreads quickly as employees share […]

The biggest risk faced by in-house counsel today is data security

posted in Cybersecurity

In-house counsel believe their data stored more safely than it really is. Kroll Ontrack's 2016 Corporate Risk Survey of 170 in-house counsel, 76% of respondents reported that the company has effective safeguards for protection of IP and trade secrets, while 59% reported that their data breach response plan is nonexistent. What does this mean in terms of risk management?

Data Protection and Training Programs are Ineffective

posted in Cybersecurity

Despite all the reports demonstrating that sophisticated cyberattacks have reached record levels, the top threat to an organization is its own employees. Milions have been spent on training programs, which serve as the first line of defense, but they have proven to be ineffective. A report, “Managing Insider Risk Through Training & Culture” by Experian and the Ponemon Institute surveyed 601 individuals in companies that have a data protection and privacy training program (DPPT) program already in place. The report found that attention to data protection and privacy is an important piece often missing from company culture.

Organizations are Skeptical of Third Party Vendors

posted in Cybersecurity

Data breaches don’t build trust, but many companies are skeptical of the parties with which they share their data. In an independent study, the research think tank Ponemon Institute surveyed nearly 600 individuals who work U.S. organizations with a vendor data risk management program. The study revealed that many companies have difficult in mitigating, detecting, and minimizing risks from their third parties that have access to their sensitive or confidential information.