The rapidly changing corporate climate is forcing change among the roles of board directors, investors and various stakeholders. Up until recently, the General Counsel's role hasn't changed very much. The duties of the General Counsel haven't changed despite vast changes in the economy and the corporate environment. The General Counsel role still requires providing legal support for board directors as they assess and mitigate risk, ensure compliance, manage the corporate budget and work toward achieving the organization's goals for prosperity.
What has changed is the scope of the importance of the General Counsel's responsibility, which has increased greatly. General Counsels of today are losing sleep over two big areas of concern: 1) privacy and data security, and 2) risk and crisis management.
Examining the Present-Day Role of the General Counsel
The corporate environment continually faces regulatory issues. To make matters worse, the corporate arena is increasingly litigious. These are issues that cause board directors to rely more heavily on the General Counsel for legal guidance.
The role of General Counsel is evolving from a corporate attorney to involving such responsibilities as being a department leader, legal advisor, strategic business partner, and risk and crisis manager. From an ethical standpoint, the General Counsel heads up the corporate conscience.
In their roles, General Counsels perform many varied duties. General Counsels spend their days drafting and reviewing contracts, preparing for litigation, participating in compliance audits, and completing a range of tasks from simple to complex. In addition to those tasks, General Counsels of today must work with board directors in managing crises. This duty requires them to work collaboratively with managers, as well as HR, IT and marketing departments, to develop an effective and appropriate crisis response plan.
What's Keeping General Counsels Up at Night Lately?Morrison Foerster conducted a survey of General Counsels in 2017 that highlighted their greatest concerns. The biggest worries fell into the following five categories:
- Privacy and Data Security: 87% of General Counsels reported worrying about privacy and data security, including hacking, malware, phishing and ransomware. They also had significant concerns over breaches of non-law firm vendors and mistakes by employees.
- Risk and Crisis Management: 57% of General Counsels responding said that they worried about cybersecurity threats. Similar numbers of respondents said costs and the impact to the budget concerned them, as well as government and regulatory investigations.
- Regulations and Enforcement: 65% of General Counsels cited differences in regulations across regions and changes in regulations across jurisdictions.
- Litigation: 59% of General Counsels listed labor and employment issues, particularly in the areas of costs and impact to the budget, and commercial disputes as court-related concerns.
- Intellectual Property: 67% of General Counsels said that they worried extensively about protecting the corporation's rights to intellectual property, along with trademark and copyright infringement problems.
General Counsels Expressed Distress Over Privacy and Data Security
General Counsels rejoiced right along with board directors over technologies that helped to enhance operations and promote profitability. In the earlier years of technology, board directors and legal teams often left it up to IT teams to find and destroy viruses and prevent malware attacks. As technology has become more integrated and complex, the responsibility for privacy and data security transcends the board, IT experts, company employees and the General Counsel.
Cybersecurity incidents are happening at an increasing rate and the fines for noncompliance with the new GDPR data privacy law are substantial, which places a lot of pressure on corporate legal departments. In addition to inviting more involvement from the General Counsel, many corporations are responding to the need to ramp-up privacy and data security by appointing Chief Privacy Officers.
The survey suggests that best practices over corporate cybersecurity training are evolving. About a third of corporations train their employees annually, another third conduct cybersecurity training on an as-needed basis, and the remaining third don't do training at all.
Corporations also expect General Counsels to be involved on the back end after a data breach has occurred. Some corporations insist that the General Counsel act as the company spokesperson after a data breach. The survey indicated that 65% of corporations have a cyber incident response plan ready to go. About a fourth of the respondents admitted never participating in tabletop exercises. Only 5% of corporations test their cyber incident response functionality at least quarterly.
With the May 2018 deadline for GDPR soon to arrive, many corporations are preparing for it by hiring a Privacy Data Protection Officer. Some corporations feel confident that their Data Protection Officer can work from the United States, but twice as many of them are requiring Data Protection Officers to work in European offices.
In other revelations, the survey reported that about half of the corporations are placing responsibility for privacy matters with their legal departments. About 20% of the corporations leave responsibility for privacy issues with their compliance departments and about 21% leave the responsibility to some other department. In light of data privacy and data security issues, some companies have also increased their budget allocations for legal counsel departments.
General Counsels Are Uneasy About Risk and Crisis ManagementThe issues that General Counsels worry about are valid. They can classify risks into various categories including:
- Reputational Risk: effect on the company's branding and reputation
- Corporate Risk: effect on operations and financial performance
- Behavioral Risk: effect on the corporation of employee behavior
- Informational Risk: protecting sensitive and personal data
Reputational risk is becoming a rising concern for General Counsels because data breaches are increasing. General Counsels play a stronger role in the crisis response plans for their companies.
Larger numbers of corporations are putting more effort into advance planning. The corporate environment is also starting to see an increase in testing security measures at regular intervals. These efforts may set the stage for future best practices globally.