How legal works with information security is discussed at nearly every cybersecurity conference that I attend. I suppose that I have begun to take it for granted that legal departments and information security organizations understand the importance of forming an alliance to jointly protect their company.
Unfortunately, I recently learned of a situation where no alliance exists. The company’s Information Security Officer recommended a particular attorney who practices in the area of cybersecurity to discuss assisting the company with its technology procurement and vendor management activities. The attorney mentioned that it may be appropriate to engage the Information Security Officer into the conversation to discuss what is specifically needed to accomplish the ultimate goal of mitigating potentially devastating data breaches and the volume and complexity of the agreements. The response from the legal department was that the Information Security Officer would NOT be involved in the decision of which counsel to engage for the information security projects!
Cybersecurity law, technology law, and privacy law are all complex practice areas with quickly changing issues. Whether utilizing in-house counsel or external counsel to address cybersecurity risks, companies lucky enough to employ experienced information security personnel can benefit greatly by leveraging such expertise in forming strong alliances between legal and information security organizations to protect their companies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.