General Counsel continue to face new challenges. Fears of cyberattacks and data privacy breaches continue to escalate; Dodd-Frank amendments continue to leave an expansive wake. As the environment in which General Counsel operate continues to shift and evolve, here are four things they should look out for in the coming months:
1. The Dark Cloud of Cybersecurity Looms
General Counsel should expect to see an increasingly heightened alert when it comes to cybersecurity. With recent attacks on Target, Home Depot, JP Morgan Chase, Anthem, and perhaps the most controversial yet, Sony Pictures Entertainment, cybersecurity may the biggest concern for General Counsel this year.
Leadership teams and C-level management all over the world are scrambling to protect their employees’, clients’, and customers’ data from cyber-terrorism. Rather than just articulating to employees the impacts these security measures will have, General Counsel need to go above and beyond to combat cybercrime.
One of the most important steps GCs can take is to cooperate with heads of IT and security departments to make sure a robust security program is in place. While compliance, IT, and security all work on developing a “playbook” that details precautions that should be taken to prevent an attack, General Counsel should be working on a plan for how the organization would deal with the aftermath of a breach. It may even be a good idea to hold mock exercises to simulate how leadership and other employees would respond to challenges a real attack would pose.
Keep the lines of communication open with all key departments and make sure that there is company-wide involvement.
2. Data Privacy Gets Even More Serious – The Sequel
Last year, I warned General Counsel that data privacy issues would loom large. In 2015, they will be inescapable.
The threat of leaked private data will continue to grow stronger for all businesses as hackers turn their focus to personal information that can be used for fraud. Information like social security numbers, birthdates, salaries, and healthcare information (all of which have been exposed in the latest breaches) can be accessed from company records, emails and chats.
It’s important for GCs to realize that their biggest threat when it comes to data privacy is their employees. Whether by human error or due to a malicious internal attack, the majority of data breaches start from the inside. This only furthers the argument that legal and compliance teams need to work together to ensure that they have programs in place to protect the privacy and security of their employees, investors, and any other stakeholders. While reactive measures are important, proactive ones are just as crucial.
3. Dodd-Frank’s Audio Surveillance Mandate
For General Counsel in the legal and financial sectors, Dodd-Frank has become a major concern in day-to-day activities. Among the many other regulatory requirements under Dodd-Frank, banks are now required to record any internal audio conversations, including those that occur on cell phones. General Counsel will have to spend massive amounts of compliance dollars in order to adhere to these new mandates and to fend off increasingly demanding regulators.
GCs need to develop a proper audio surveillance compliance program that matches Dodd-Franks’ guidelines. All trading transactions should be recorded, regardless of length. This means investing in a robust storage and recording system that can find and export conversations quickly enough to send to regulators in the mandated time frame.
4. Government Probes into Independent Investigations
We all know the process: an issue comes up internally, you hire outside counsel to investigate, you spend millions of compliance dollars to ensure that you’ve been thorough, and you complete your investigation. Now imagine a government agency steps in and asks you to conduct an audit of your investigation. This is becoming more and more common.
As companies perform their own internal investigations into a potential issue, GCs will have to start paying very close attention to the increased risk of government setbacks and additional probing. To ensure that internal investigations are truly “independent,” government agencies are encouraging more and more audits of completed investigations. This process will create a number of legal issues for legal departments, not the least of which is having to pay for two investigations.