Association of Corporate Counsel |

A 2018 survey of chief legal officers conducted by the Association of Corporate Counsel found that three of the biggest concerns for chief legal officers relate to technology and data security.

Seventy percent of those polled said that potential data breaches would be an extremely or very important topic over the next year, and 68 percent said the same of information governance more broadly. An additional 59 percent said that technology developments more generally would be important in the next year.

“Everything seems to be about technology these days,” Amar Sarwal, CLO for the ACC, told LTN.

Sarwal explained that in-house counsel are increasingly pressed to develop a better general understanding of technology and data to do the core functions of their jobs. “I think you're finding that lawyers have to bone up a lot more on how the tech world works,” he said. “Just being able to navigate all that and understand where all the weak points are when you haven't necessarily had a lot of experience in that is certainly an important thing for our age.”

The ACC survey also highlighted a new reality for CLOs around breach of corporate data. The survey found that 27 percent of those polled had experienced a data breach in the past two years, a figure that jumped 4 percentage points since last year's survey.

The data shows that this bump in data breaches comes from a few specific places. Forty-one percent of Australian and New Zealand-based CLOs experienced a data breach in the last two years, 14 percent more than the average CLO. Similarly, CLOs in the education and retail sectors experienced much higher proportions of data breaches, with 45 and 41 percent of CLOs in those industries respectively reporting data breaches.

Although data breaches have been a source of concern for general counsel for a few years now, changes in the threat landscape have also shifted the calculus for companies and CLOs. Not only are breaches far more pervasive than they ever have been—cybersecurity news website DarkReading logged a record-breaking 5,207 company data breaches in 2017—but those cyber incidents can now have a much broader scope. DarkReading also found that just five large company data breaches were responsible for over 72 percent of all data records exposed last year.

These trends, Sarwal noted, have produced a sense of panic among companies that CLOs now have to navigate. “The natural dynamic, then, is to be very controlling from the top,” he said, adding that company leaders tend to want to impose strict controls on lower-tier workers to clamp down on data security risks.

“The problem is that doesn't work very well,” Sarwal noted. Many of these control policies and technologies can make it difficult to work efficiently, and younger workers tend to recoil at the idea of having to operate under such strict controls.

“There's this really awful dynamic there. There are these policies and apps, etc., that burden the efficiency of the enterprise. The corporate offices and head offices need to step back and see how can we help the bigger picture,” Sarwal said.

A lot of this same risk can instead be managed by ensuring that company employees are appropriately trained and experienced in secure data practices, and that they have some technological guardrails around them to keep data under control, Sarwal said. “If you're a modern professional worker, this a core habit you need to learn.”

Even so, there's only so much at this point CLOs can really do to prevent data breaches altogether. “You can't eliminate it. You can limit the risk,” Sarwal said.