A large corporation being the target of a sophisticated cyber-attack seems to be becoming a regular occurrence. The corporate legal community, I think, is well aware of the sensitivity and value of the data they handle on a day to day basis. Fortunately, many within this community are part of some pretty large organizations with sophisticated IT policies and teams that can assist them to ensure data remains secure. Perhaps a less thought about component of the security of that data is how it is shared, specifically with outside counsel as they collaborate with their in-house counterparts.
Bank of America recently began to audit the data security policies of its vendors. I think this a trend that we will start to see more and more of, as corporate legal continues to explore more ways to collaborate and more and more data is shared. In addition to the actual review of firms’ cyber-security, the in-house team will also need to explore developing policies and requirements around cyber-security that must be followed as a cost of doing business with them. This will in turn also require some level of policy tracking, incident investigation and overall compliance monitoring. Since this is a byproduct of sharing legal data, no doubt the onus will be on the corporate legal team and the technical resources who support them to handle these additional tasks. As activity increases in the regulation of data security, litigation will inevitably occur, the implications of which can affect a company’s reputation and stock price. It is important that the legal department be proactive and aware of the security of not only its data, but the organization’s as a whole.