Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by Law.com, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!

X

Snowden’s recent data warnings spark legal business challenges

The Snowden comments are a wake-up call for businesses about the risks of information leaks in a world of fast-flowing electronic data

In a recent interview, Edward Snowden urged legal professionals and business with sensitive digital client information to encrypt their data.

"What last year's revelations showed us was irrefutable evidence that unencrypted communications on the Internet are no longer safe. Any communications should be encrypted by default," Snowden said in the interview.

But how can businesses and law firms with huge amounts of unstructured data ensure they are protecting all the right information from a privacy breach? I recently sat down with Jamie Wodetzki, founder of contract management company Exari and Sam Liu, VP of marketing at Soonr, a provider of secure file sharing and collaboration services for business, to answer this question.

___________________________________________________________________________________________________________

FURTHER READING:

Security at the desktop: How to save your employees from malware disaster

Inside and out: defending against cyber attacks

Cyberthreats: On the board's agenda

New study on cybersecurity calls for increased awareness and protection for Canadian companies

___________________________________________________________________________________________________________

Wodetzki spoke about specific strategies, such as using sophisticated analytics and secure storage systems, for providing full internal transparency in order to identify potentially compromising language and information within complex contracts.  And, Liu shared the importance IDs, passwords and networks in the dangerous online world.

“Put simply, the risk of both snooping and leaking is rising sharply, so every business needs to think about which data is most sensitive and do more to protect that data,” said Wodetzki.

Contracts are high value documents which reveal the companies (or people or governments) with whom you deal, the nature of those dealings, the financial terms and scale of those dealings, and much more. According to Wodetzki, when leaked to a competitor, this may expose that you're working on some secret new project or product.

“If I'm a major tech company working on a secret smartphone, I don't want it made public that I just signed a multi-million dollar supply contract for scratch-proof glass; it tips my hand. Or, if I'm a corporation trying to keep a global expansion under wraps, I don't want to wake up one morning to an article commenting on 100,000 square feet of retail space I just signed up for in a specific city. The existence and terms of that lease need to stay secret,” he explained.

Keeping contracts with tight controls over who gets to see what, and secure connections for getting information in and out, will help reduce the risk of leaks. For many companies, lack of visibility into contracts and their terms is one of the main difficulties in assessing the sensitivity of contract data in the first place.

“These terms address issues such as: Have we agreed to specific secrecy measures?  Are we liable if we leak customer information?  Is that liability capped or unlimited?  Are we protected by a carve out for compulsory disclosures to governments or regulators?  Being able to answer these questions makes it much easier to properly assess and manage the risk of leaks and disclosures,” he added.

According to Liu, issues around privacy have been around for decades. First it was hackers, then identity thieves, and most recently the NSA, but the fundamental concerns haven’t changed. “It almost always comes down to two factors when trying to ensure privacy: 1) Access and 2) Content.”

Liu advises that the best prevention against a privacy breach is to start with Access  such as making it difficult for unauthorized persons to gain access to private content. In the physical world, access can be controlled with physical boundaries such as checkpoints, identification papers, and location, but in the online world, it’s about IDs, passwords and networks. 

Aside from the typical ID/password method of controlling access, another level of prevention is having data bound to jurisdictions. Next, the order of prevention against privacy breach is protecting the Content itself, which is where encryption comes in. It is important to keep the encrypted file and the key to the file separately controlled, but encryption should not stop with the storage of the file, but also while it’s being transmitted and in-session.

Contributing Author

author image

Amanda Ciccatelli

Amanda G. Ciccatelli is a Freelance Journalist for InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more. She earned a B.A....

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.