InsideCounsel interviewed Manatt's Deven McGraw and Donna Wilson, co-chairs of the firm's Privacy and Data Security practice, on how in-house counsel can take the lead on privacy and data security at their own organizations.
InsideCounsel reports that many lawyers are uncomfortable with cybersecurity and privacy matters because they represent technical areas with little precedent. Many in-house counsel struggle to take the lead on these matters, and this is an area where they need to step up.
"Think of it as an orchestra, where in-house counsel should play the role of conductor, with IT, risk management, the board, those in the C-suite and other stakeholders as the instruments," Wilson said. Outside counsel have their own conducting role to play, with third-party providers and others.
At many organizations, it's not clear who should conduct the work around data security and privacy. "The silo issue is a huge problem. Data security and privacy belong everywhere. It used to be the hole in donut, now it's the donut," Wilson said.
McGraw said that it may help if inside counsel think of this area as one of enterprise risk management and of information as a corporate asset. "There may be different approaches, based on type of information, whether it's trade secrets, internal policies or collecting data about customers," she said. Getting those in the C-suite to acknowledge this area as an enterprise-wide one can be very helpful, McGraw said.