The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/918234
w w w . C A N A D I A N L a w y e r m a g . c o m J A N U A R Y 2 0 1 8 49 o your clients have a plan that identifies and addresses cross-border cyber-risks in their businesses? If not, are they OK with being excluded from certain markets due to the cyber-risk they pose? In today's world, it is a question of when — not if — an orga- nization will face a cyber-incident, says Wendy Hulton, partner at Dickinson Wright LLP and chairwoman of the Canadian interdisciplinary data privacy and cybersecurity team at the firm. "The reality of business these days is it's virtually all cross-border," Hul- ton says. "Cybersecurity is inherently global — it's multi-jurisdictional even if you think you're a domestic company … so you have to take this into consid- eration when you're putting your plans in place." Hulton says subpar cybersecurity standards or practices are an issue she sees in the mergers and acquisitions world right now, where "people are pushing back from the table because when they do their due diligence on the cybersecurity, they go, 'This is going to be too much work for me. I'm going to go shop elsewhere.'" "Definitely, the cross-border issue is a live one in many situations and a difficult one to navigate — and some- times possibly a barrier," says Kather- ine Kolnhofer, partner at Bell Temple LLP who, along with associate Brenda Cuneo, works in a privacy and access to information practice group with a focus on cybersecurity and data breach management. Kolnhofer, whose group takes on the role of a risk coach or data breach coach, says most clients these days have intentions to do cross-border business, whether they're in the process of doing it or it's part of the eventual plan. She says finding out what systems vendors or other businesses with which clients are entering into contracts have in place to ensure privacy is becoming more and more standard. Kolnhofer recommends clients look into insurance for their business, which can be designed to cover them in other jurisdictions. While not man- datory at the moment, it's "definitely coming more to the forefront in terms of [being] required," she says. "Brokers are having more and more discussions with their various clientele about needing those kinds of policies," Kolnhofer says, adding many also pro- vide a consultative layer that can pro- vide the insured with legal or IT advice L E G A L R E P O RT \ C Y B E R S E C U R I T Y L AW GARY NEILL Data breaches know no bounds The pervasiveness of cross-border business and looming regulations mean all organizations need a cybersecurity plan By Mallory Hendry D