Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/786678
17 CANADIANLAWYERMAG.COM/INHOUSE MARCH 2017 MATTHEW BILLINGTON Boasting more than three billion records, LeakedSource, whose owners remain anon- ymous, describes its site as a security moni- toring tool. "We are a full disclosure site so we provide all data to the user so they can be better informed of what data (emails, passwords, etc.) have been breached," the site's FAQ page claims. Never mind that it's impossible to verify ev- erything on LeakedSource or that it might serve as a gift of sorts to other hackers: In-house counsel who have had the benefi t of keeping the full details of a security breach under wraps may now fi nd their orga- nizations fi elding diffi cult questions from customers who use such tools to take a DIY approach to protecting personal information. Meanwhile, the ongoing rise of technology to host and manage customer data, the increased sophistication and complexity of cyberat- tacks and consequences of a breach that go way beyond reputational damage have corporate legal teams look- ing at IT security much more carefully. "If you operate in the technology sector — and at my company we do — you deal with user data and em- ployee data, so you have to be concerned with that," says David Laliberte, gen- eral counsel and chief legal offi cer with Groupe Média TFO, the French-language broadcaster based in To- ronto. "You're absolutely vulnerable, so you have to have a proper policy. Just last week, we had a board meet- ing where one of the things on the agenda was to review our policy with regards to confi dential information and how we protect it." Laliberte has the advan- tage of previously working as in-house counsel at two compa- nies well known for their prowess in technology in general and security in particular: Microsoft and BlackBerry. "I would say at Microsoft and BlackBerry, this is basically their top priority: ensuring that they are not only protecting all their data but also that they are leaders in that industry, and making sure the rest of the industry follows them," he says. "We're a much smaller organization; our resourc- es are on a different scale. But there's still a lot smaller organizations can do, and one is to ensure they handle data in a way that makes sense and reduces the risk of intrusion." THE SAFE WAY TO SHARE IT SECURITY SECRETS Of course, that may be easier said than done, given the many ways organizations in- teract with customers online or offl ine and the myriad ways hackers can steal data. That's one of the reasons be- hind the launch last year of the Canadian Cyber Threat Exchange, a not-for-profi t organization formed by the Canadian Council For Chief Executives and companies such as Air Canada, RBC and CP Rail. According to Bob Gordon, CCTX's executive director, board-level interest in cybersecurity is on the rise, which means legal counsel will be expected to help educate, advise and act on areas they might have once considered outside their domain. "It's going to be interest- ing to see how the courts look at what's reasonably dili- gent," he says. "Incidents are going to be happening and that doesn't necessarily mean that because someone has breached that they were bad. It means someone was able to defeat the technology." Part of the historical challenge, of course, is that dealing with cybersecurity incidents has been a lonely business: No one wants to share the sordid details of what hree billion records, wners remain anon- as a security moni- ll disclosure site so user so they can hat data (emails, een breached," laims. Never to verify ev- rce or that it orts to other el who have ng the full ach under ir orga- cult ers ke a ing ing host ata, tion erat- s of yond have ook- much the d at you em- e to hat," gen- egal édia uage To- utely e to t last meet- ings iew to tion dvan- ing as compa- in technology in particular: Micro "I would say at this is basically t that they are no data but also t industry, and industry follo much smaller es are on a dif a lot smaller one is to ens way that ma risk of intrus THE SA IT SEC Of c said ma ter or way Th hin the Exc orga Can Exec such CP Gord direc in cy whic be e advi mi ou in lo ge go tha th br It d c de incidents has be