- Understanding the Limits Of OSHA Inspection AuthorityPosted 7 hours ago
- Congress Urges Ad Networks To Keep Ads Off On-Line Pirating SitesPosted 7 hours ago
- Muslims Sue FBI For Using No-Fly List To CoercePosted 7 hours ago
- Defendant In Federal Court Case Attacks Witness, Is Shot, KilledPosted 22 hours ago
- New GM Says ‘Old’ Company’s Bankruptcy Protects From Ignition Switch SuitsPosted 22 hours ago
- Supreme Court Inscrutable In Aereo Copyright Case HearingPosted 23 hours ago
The GC’s Best Friend
Jonah Paransky, LexisNexis CounselLink
Problems related to electronic communications and web-based interactions can have major legal implications. Therefore general counsel and chief information officers need to form close working relationships. The author cites research indicating that data security has become the number one area of concern for a large number of legal officers and corporate directors.
By virtue of the kinds of information it routinely handles, the corporate legal department has a key role in data security discussions, and in many organizations the GC is taking on increasing responsibilities for managing organizational risk. The legal group has an endless variety of documents related to matters from litigation, contract negotiations, legal holds, government investigations and comparable areas, plus items associated with corporate legal spending and the use of outside counsel, research, and other legal expenses. The fact that some of these data and documents have regulatory implications complicates data security, and the GC’s task.
Organizations that handle and store critical confidential information should maintain a formal process for managing and protecting it. With third-party vendors, look for references to SSAE 16 attestations. They encompass a number of data security best practices, maintaining formal control environments and regular internal and external audits of their effectiveness. If your internal IT organization is not certified, it should have formal documentation of policies and procedures for the management of critical and confidential information. Consider active monitoring of your electronic infrastructure. Routine third-party audits and ongoing internal testing are suggested.