Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/841015
37 CANADIANLAWYERMAG.COM/INHOUSE JULY 2017 law firm is current on those industry practices and stan- dards for informa- tion security. "It's increasingly incumbent on firms because in - formation security is relevant to anybody but more so the larger firms that tend to be dealing with larger corporate clients, engag- ing and developing policies and procedures consistent with what's happening in the in- dustry," says Percival. "If you're entering into a [law firm] panel arrangement, you will often then enter into an engagement letter that the client would lawyer to think about the particular circumstances and say what works and what do we need to add? This is just not check the box kind of stuff. This really goes to the heart of being a lawyer — being discrete and safeguarding your clients' con - fidences," he says. Robert Percival, partner, technology and innovation at Norton Rose Fulbright Can- ada LLP, advises clients on security terms and conditions for their contracts with sup- pliers. He has seen requests to conduct se- curity assessments as one would in any large commercial transaction. "That could include doing a survey with the IT department on information security practices and procedures and technologies in place to protect confidential information and client files, network security infrastruc - ture — those kinds of things," he says. The good news is, says Percival, that there are plenty of standards around infor- mation security that larger organizations will employ. The question is whether the require of the firm — these are the terms of conditions on how you will work together." Increasingly, he says, law firm engagement letters have terms of conditions around the protection of confidential information and as lawyers they are obliged to protect the information of clients, but now clients are asking for commercial terms and conditions around information security that one tends to see in more commercial agreements — requirements around information security practices the firm is going to need to agree to and adhere to such as encryption and physical security/logical security such as password complexity, all designed to speak to better information security management practices. IH L a w D e p a r t m e n t M a n a g e m e n t That could include doing a survey with the IT department on information security practices and procedures and technologies in place to protect confidential information and client files, network security infrastructure — those kinds of things. ROBERT PERCIVAL, Norton Rose Fulbright Canada LLP CORPORATE COUNSEL Connect with Find more than 4,100 corporate counsel and over 1,500 organizations along with fresh editorial content, information on deals and links to important resources. Lexpert.ca/ccca Untitled-2 1 2017-04-04 12:01 PM