View from Xerox in Hong Kong: why cyber security needs in-house counsel

XeroxWhen I first started writing about the management of electronic documents, the subject was a contained one, at least from my perspective. I was then concerned solely with compliance with the eDisclosure rules in England and Wales.

Over the years, that interest has spread in two dimensions. One is jurisdictionally, meaning that I am as interested in what happens in the US or Asia Pacific as I am in the UK. The other is in terms of the subject matter – you cannot now look at litigation disclosure on its own, but must inevitably sweep up privacy, data protection, cyber security and all the wider subjects included under the umbrella called information governance.

Of the ten or so sessions which I am involved in in May and June, only two concern disclosure in England and Wales. The others are about privacy or cyber risk, including a panel whose subject is responsibility of companies, and in particular corporate counsel, for cyber risk. That will inevitably have a US focus, but cyber risk knows no frontiers.

So it is that I now find myself reading an article about cyber security in Hong Kong. Dmitri Hubbard of Xerox Legal Business Services in Hong Kong similarly gets involved in much more than ediscovery, which is the context in which I met him many years ago. For example, he and I did a panel together at Legaltech Hong Kong in February on privacy and data protection, subjects as important to Xerox’s clients as eDiscovery. Now here he is writing in Hong Kong Lawyer about cyber risk in a region which he knows well.

Dmitri Hubbard’s article is called Why cybersecurity needs in-house counsel. Many of the issues and remedies described there are of universal application in geographical terms, but there is a particular focus on Hong Kong with, for example, a summary of the guidance given by the Hong Kong Monetary Authority which draws on local data privacy rules as well as worldwide issues.

The article includes a helpful list of ten steps which should be taken by in-house counsel to protect their organisation’s data. That checklist will be useful anywhere.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Cyber security, Data privacy, Data Protection, eDiscovery and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s