Data Security Breach Implications
With all different types of companies having the potential to become victims of a cyberattack, all facets of legal practice must know how such attacks could threaten clients.
Companies must protect the information residing on their systems. It is also imperative that a client who contracts with third parties consider how they will handle a breach of their systems, as this, too, poses a risk to a client’s data. For example, a mandatory reporting clause setting forth a time frame for the client to receive notification and the level of participation the client can have in the investigative process enables the client to remain aware of the status of its data at all times.
As another example, mergers and acquisition agreements are affected because no entity wants to find itself liable for another company’s data breach incident. Requesting disclosure on a company’s digital environment, asking for information about any previous data security incidents, and discussing remediation efforts can help avoid liability for a client in the future.
It is easy to see how as more people conduct business online with a potentially global audience, the implications of a data security breach expand internationally.
Knowing that a client will have a data security incident at some point, becoming educated in the cybersecurity arena is undeniably beneficial. It is also helpful to become sufficiently familiar with the issues to spot the trouble areas (i.e., data sets, notification timelines, and referral to a specialist if needed). To that end, there are numerous certifications available to help navigate through these digital waters.
Data Privacy Certifications
Certifications on data privacy are available from organizations including the International Association of Privacy Professionals (IAPP) and the International Information System Security Certification Consortium (ISC²).
IAPP Certification Offerings
IAPP offers certifications specific to privacy laws in different areas of the world.
- CIPP/A, CIPP/C, and CIPP/E Certifications: These focus on privacy laws across Asia, Canada, and the European Union.
- CIPP/US Certification: This certification covers data breach notification laws and sector-specific privacy laws, including HIPAA and GLBA. It also touches on telecommunications laws and privacy requirements during the employment process.
- CIPM Certifications: These certifications are for individuals who manage privacy organizations in their daily work.
- CIPT Certifications: These certifications are for technical professionals taking on more privacy responsibilities.
While CIPP certifications focus more directly on privacy laws, CIPM and CIPT certifications may be appropriate for lawyers with management responsibilities at their firms.
ISC² Certification Offerings
ISC² offers CISSP, SSCP, CCSP, HCISPP certifications.
- Certified Information Systems Security Professional Certification: The CISSP certification focuses on developing, implementing, and managing cybersecurity programs.
- Systems Security Certified Practitioner Certification: The SSCP certification focuses on security administration and operations.
- Certified Cloud Security Professional Certification: The CCSP certification focuses on cloud security.
- Healthcare Information Security and Privacy Practitioner Certification: The HCISPP certification focuses on best cybersecurity practices in healthcare.
Which of these options is most appropriate for you will depend on your area of practice, professional responsibilities, and level of interest in privacy issues.
Remote Work Makes Awareness Crucial
Awareness of data privacy and cybersecurity issues has become more urgent throughout the pandemic as lawyers have increasingly relied on remote access to perform legal work. Certifications such as those listed above offer lawyers paths to educating themselves about these risks and the possible legal repercussions of breach incidents for clients.
Because law firms themselves are not immune from cyberattacks, these certifications also offer lawyers ways to arm themselves and their practices against these new modern threats to confidentiality.