MANAGING CYBER AND DATA RISK IN ARBITRATION
CD: Could you provide an overview of the types of cyber and data risks that you are seeing in connection with arbitration?
Kuck: International arbitration today often involves contentious, high-value, high-stakes disputes with multiple actors who are digitally interdependent. The participants in an arbitration who come into possession of sensitive information include not only the parties, their counsel and the arbitrators, but may also include arbitral institutions, witnesses, experts, court reporters and other vendors. As a result, various points of vulnerability exist. The risks extend not only to the information of the disputing parties and their counsel, but also to the internal deliberations and draft decisions of the arbitrators themselves, which can be highly sensitive.
Angles: In some respects, the cyber and data risks we are seeing are not too different from those in the world of dispute resolution, and the legal industry more generally. The exposure and exploitation of confidential or attorney-client privileged communications, including financial data and risk management assessments, is an ever-present concern across many practice areas. Yet, arbitration bears some risks and challenges unique to the field. Private commercial arbitration attracts the same corporate and institutional entities that are already being targeted by cyber criminals. Further, the advantage of confidentiality in arbitral proceedings is a double-edged sword in the context of cyber security. This reliance on confidential information in arbitral proceedings makes the data much more valuable to would-be thieves.
Apr-Jun 2019 issue
Shook, Hardy & Bacon LLP
Skadden, Arps, Slate, Meagher & Flom LLP