Technology: GCs must strengthen their relationships with chief information security officers
Anxiety among corporate legal teams about data security is at an all-time high.
February 15, 2013 at 06:16 AM
4 minute read
The original version of this story was published on Law.com
Anxiety among corporate legal teams about data security is at an all-time high. As shown by an August 2012 survey by Corporate Board Member and FTI Consulting, more than half of general counsel (55 percent) rate data security as a major concern, as do 48 percent of directors. This growing concern feeds upon an ever-rising tide of publicized data breaches, government sanctions against offending organizations, high-profile international policy disputes and myriad regulations. There are also the constant reminders of threats to intellectual property, high-tech financial crimes and thefts of private customer data. Yet, while working with your chief information security officer (CISO), there is much you can do much to mitigate concerns.
What CISOs Don't Need
Attorney panelists at a recent, highly anticipated conference for CISOs discussed all the hot topics of information security: cloud security, EU data privacy, data breach responses, recent case law and regulatory updates. To the CISOs' dismay, however, the discussion devolved into debates in which panelists took opposite sides and hotly advocated their personal views. Many CISOs came away disillusioned. They wanted practical guidance about compliance and best practices, but got minutiae and theory.
What CISOs Want
Of course, CISOs should understand the reasons for regulations and stay abreast of trends for information security compliance. Yet, to be able to act, they need clear guidance on practical questions that impact business decisions. Answering these questions will significantly boost both your partnership with the CISO and your company's ability to comply: What requirements apply to your industry? Are all requirements created equal? What factors matter when analyzing competing regulations? What regulations are being vigorously enforced? How does the size of your company impact obligations or enforcement? Are there varying degrees of regulatory enforcement within industries? Across industries? What are the penalties for noncompliance? How are industry peers approaching compliance? What are the root causes of noncompliance? How does one compliance approach compare with another? Can less expensive approaches be good enough?
These questions are tough, to be sure. They require sound judgment, understanding your industry, assessing risks and predicting trends. You should specify the reliability of your advice, for example, by stating your level of confidence in your answers. But answering these practical questions in plain terms will increase cooperation and give CISOs the counsel they are seeking. Working together, you can craft a compliance approach attainable and tailored to your company.
The Evolving Role of General Counsel
KPMG's recent Global General Counsel Survey highlights several trends, including:
- General counsel need to become more involved in operational details, gaining a better understanding of how the business works.
- Successful general counsel understand what the business is trying to accomplish and can offer reasonable approaches to controlling risk.
- Partnering with senior leaders to understand common challenges and contribute to an understanding of how today's investments may prepare for tomorrow's risks and regulatory challenges.
- General counsel will arrive at enterprise risk strategies jointly with specialist input from a variety of corporate knowledge domains, and will do so in simple, crisp language familiar to the stakeholders.
Each of these trends applies to information security compliance.
Getting to Know Your CISO
Avoid the tendency to feel overwhelmed by the complexities of information security. CISO and in-house counsel are both highly specialized, each commanding arsenals of knowledge, analytical tools and techniques, but pursuing a common objective: managing risk. Take the time to understand your CISO, the business problems he or she is trying to solve and the looming obstacles. By collaborating, you need not become an expert on IT, a tendency that all too often subverts the CISO-GC relationship by stepping on toes. Rather, you can wed your existing skills to those of the CISO.
CISOs must prioritize funding and staff to reduce risk, achieve compliance and defend their enterprises. CISOs desks are stacked with the latest white papers and analyses of the latest regulations. While they need plain-English interpretations of regulations, this is only the beginning. CISOs also want guidance on reasonable, acceptable and practical approaches to compliance. They need forward-looking strategists who can help them do more with less, in a reasonable and defensible way.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
What to Know About the New 'Overlapping Directorship' Antitrust Development
4 minute read
Turning Over Legal Tedium to AI Requires Lots of Unglamorous Work on Front End
6 minute read
Khan Defends FTC Tenure, Does Not Address Post-Inauguration Plans
Best Practices for Adopting and Adapting to AI: Mitigating Risk in Light of Increasing Regulatory and Shareholder Scrutiny
7 minute readTrending Stories
- 16-48. It’s Comp Time Again: How To Crush Your Comp Memo
- 2'Religious Discrimination'?: 4th Circuit Revives Challenge to Employer Vaccine Mandate
- 3Fight Over Amicus-Funding Disclosure Surfaces in Google Play Appeal
- 4The Power of Student Prior Knowledge in Legal Education
- 5Chicago Cubs' IP Claim to Continue Against Wrigley View Rooftop, Judge Rules
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
