05 April 2017

Corporate counsel develop new model for law firm cybersecurity

The Association of Corporate Counsel has issued a new set of guidelines for cybersecurity best-practice at law firms.

By Kathryn Higgins

Rancz Andrei

The organisation, which represents approximately 42,000 in-house lawyers across 85 different countries, last week issues a new set of safety guidelines for outside counsel designed to safeguard sensitive client data from hackers and cybercriminals. Entitled the ‘Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information’, the new protocol sets benchmark standards across a wide range of cybersecurity considerations, including: information retention/return destruction; data handling and encryption; data breach reporting; physical security; employee background screening; and cyber liability insurance.

Data sharing risks

‘We are increasingly hearing from ACC members, at companies of all sizes, that cybersecurity is one of their chief concerns, and there is heightened risk involved when sharing sensitive data with your outside counsel,’ said ACC vice president and chief legal strategist Amar Sarwal of the motivation behind developing the new guidelines. The recently released ACC Chief Legal Officers (CLO) 2017 Survey found that two-thirds of in-house legal leaders ranked data protection and information privacy as ‘very’ or ‘extremely’ important. The standards laid out by the Model were developed by ACC members in collaboration with law firms.

Maintaining client trust

GlaxoSmithKline associate general counsel and head of global external legal relations Brennan Torregossa, whose department participated in developing the ACC guidelines, believes that formalised best-practice models can go a long way to fostering trust and transparency between law departments and their outside counsel. ‘These model controls should be extremely valuable to ACC legal departments and law firms alike to ensure that adequate tools and processes are in place to provide cyber protection and to take agreed upon steps in the event of a breach,’ he said. ‘In a time of rapid developing risks and threats, clients and law firms need to respond in unison with speed and clarity.’

Email your news and story ideas to: news@globallegalpost.com