No matter what industry you work in, data is the big news. Whether it’s cybersecurity or complying with regulatory demands, data is the hot topic that no-one can ignore.
In the past it’s been relatively easy for general counsels to be satisfied that all the measures are robust and safe, but the evolution of various different factors is making it increasingly complex. Hacking, advances in technology and technological diversity represent equal amounts of opportunities and problems. Here’s a closer look at the problems that data security is currently presenting.
Just as you think you’ve got a handle on data protection, all of a sudden, the goalposts change. This year the Data Protection Act (DPA) gets a facelift with the introduction of the General Data Protection Regulation (GDPR) in May 2018.
Data processing standards are enhanced with this new legislation especially for EU citizens, forcing multinational corporations to introduce big changes. To become compliant with the new regulations, companies will need to take a multifaceted approach with input from a variety of areas including legal, IT and security.
It’s never been more challenging to stay one step ahead of the hackers with increasingly new and sophisticated attempts to bypass data security. Unfortunately, it only takes one breach to have catastrophic results and to seriously damage the confidence of your customers.
General counsel may not be the individuals who are heavily involved on a day to day basis, or even the process owners for each specific element, but do hold overall accountability.
Decisions often need to be made at a high level about the amount of investment in security as protecting data online isn’t cheap when done properly.
Bring Your Own Device
The complexion of the workplace has changed in recent years and it’s no longer a case of employees going to the office and using static company-owned equipment. Data sharing apps, Bring Your Own Device (BYOD), and Internet of Things (IoT) has revolutionised how, when and where individuals can work.
While this offers undeniable benefits, there’s also a huge increase in risk as the devices may have security vulnerabilities. There is also the problem of data preservation; the company may be required to store the data and if the individual hasn’t done this, a serious legislative headache can occur.
General Counsel should make sure there are robust company policies in place which deal with exactly how and where company information can be accessed and ensure that everyone has the proper training to understand the issues. Where there are any failures to follow these procedures, the policies should set out the consequences which can be enforced.
The introduction of cloud storage provides cost-effective solutions for businesses in every industry and expands capacity. However, it’s essential to properly interrogate any provider you choose to make sure they can meet your requirements. This includes being able to locate relevant documentation even when the amount of data being stored is at a high level.
An Ongoing Issue
General Counsel may not be the overarching experts in every field relating to data security, but they hold accountability. When data security goes wrong, there can be very significant repercussions so general counsel need to be satisfied that there are sufficiently secure processes in place. As technology continues to evolve, adapt and develop it will continue to be an area which presents challenges to general counsel and one which will require careful vigilance.