Fieldfisher, a London-headquartered law firm specialising in data protection and privacy issues across Europe, has launched a data breach assessment and management tool developed in collaboration with Lawcadia, a Brisbane-based supplier of technology platform services for the legal sector.
General Data Protection Regulation (GDPR) expert Fieldfisher, which advises clients in 12 countries, wanted to give clients the ability to better log, assess and respond to data breaches.
With Information Commissioner’s Office (ICO) figures showing thousands of breach notifications monthly, almost half of which take more than the maximum 72-hours allowable under the UK and European Union (EU) GDPRs to be reported, Fieldfisher said clients had been clamouring for a way to help them manage their compliance obligations in tandem with the legal advice it already offers.
“With the Fieldfisher Data Breach Manager, we’re alleviating common pain points such as recognising when a data breach occurs, inconsistent assessment conclusions, and delays in assessing and notifying incidents,” said Fieldfisher partner Kirsten Whitfield.
“Our partnership with Lawcadia enables us to offer clients a secure, automated and streamlined solution for handling their data breach assessment needs. This will reduce the risk of adverse regulatory action.”
The service will supposedly help users in highly regulated environments increase their capacity to meet the 72-hour breach notification requirements mandated by both the UK and European Union (EU) GDPRs. Fieldfisher said it would allow for “quick, methodical assessments” and “robust, defensible conclusions”.
The cloud-based legal workflow solution will also help clients undertake initial risk assessments, track their incident response activities, and build a solid record of the process. Clients will also be able to use Fieldfisher’s incident assessment methodology, and access expert advice and guidance around the clock.
Lawcadia co-founder and CEO Warwick Walsh commented: “We are proud to partner with Fieldfisher and to be part of their commitment to delivering innovative and value-driven solutions to their clients.
“The Fieldfisher Data Breach Manager will cement Fieldfisher as a progressive law firm that utilises technology to safeguard their clients’ businesses into the future by consistently addressing newly arising issues with effective solutions.”
In related news, across the Atlantic, new regulations handed down by the Securities and Exchange Commission (SEC), governing reporting requirements for breaches at public companies, come into force today (5 September), just over 30 days after their official publication in the US Federal Register, accounting for public holidays.
The new rules, which have divided the security community, give organisations a four-day period to disclose a material security incident, counting from the point at which they determine the breach to be material. It will cover British organisations that operate in the US as Foreign Private Issuers.
Just over three months from now, on 15 December 2023, the regulations will also force organisations to start notifying investors of material breaches.
IANS Faculty member, and senior vice-president and chief security officer at Sumo Logic, George Gerchow, said many organisations were sleepwalking into the mandate entirely unprepared.
“There are still way too many unknowns at this time. We are trying to understand what a ‘material incident’ means, but it’s still too ambiguous,” said Gerchow.
“Furthermore, there is very little guidance on how companies should handle third-party attacks. Supply chain attacks are on the rise and add another layer of complexity to reporting the full nature and scope of an incident. So, how are companies going to pull in third parties and their team to handle an incident within such a short timeframe?”