1. Regulatory issues will converge, while regulation of issues will fragment.
What it means: Common issues—such as data privacy, executive compensation, anti-bribery, and antitrust—are gaining importance in the eyes of regulators the world over, says Lee. But countries and states are regulating those issues in different ways, which makes it more difficult for companies—and in-house legal teams—to harmonize their policies.
2. Information will grow exponentially.
What it means: E-discovery requests are getting bigger (think terabytes, not gigabytes) and the quality of meta-data that could be subpoenaed is getting better (like someone's location, as identified by GPS technology). As more and more information comes into play, the study finds, it "will increase the premium of how companies organize and manage their information."
3. Dueling demands for corporate transparency and consumer privacy will collide.
What it means: Consumer demands for privacy will place more emphasis on data security and how companies shore up their IT infrastructure. "The end result for legal departments is that, at the very least, they're going to need to become more [technologically] literate," says Lee. And again, legal teams will also have to deal with a variable set of regulations, depending on where companies operate.
While consumers want to protect their own information, they also want to to have more information about corporations, information about executive compensation packages, private conversations between executives, and company investments.
4. The legal department's center of gravity will shift.
What it means: As companies expand into emerging markets to capitalize on growth opportunities, risks will follow. "It's going to be more important for those risks to be managed locally," Lee says. The report hypothesizes, then, that in-house legal teams will become more decentralized, decamping from corporate headquarters for local terrain. "Culture is an often-underestimated factor with regard to risk," Lee adds. Seeing as how different countries identify, report, and react to misconduct in different ways, that will also add to the need for on-site legal teams.
Another facet of this shift is that in-house lawyers will take on additional responsibilities—such as auditing and keeping an eye on corporate integrity and employee behavior.
5. The legal services market will mature.
What it means: If five to 10 years ago companies wondered which law firm to partner with, today it's not just traditional firms that are competing for the work, Lee says. Legal- and business-processes outsourcers are "very good for discrete pieces of work," such as discovery and document review, he says, and that could "rival or surpass the quality of law firms."
It started with a simple e-mail that landed in the inbox of Experi-Metal Inc.'s controller, Keith Maslowski, in January 2009. The message appeared to come from the company's bank, and Maslowski followed the directions to click on a link and enter confidential log-in data and other codes as part of routine maintenance. The details are laid out in a lawsuit that the small metal shop in Sterling Heights, Michigan, filed against Comerica. Scam artists used Maslowski's codes to initiate more than 85 wire transfers, moving $1.9 million out of the company's account to China, Estonia, Finland, Russia, and Scotland.
It took the bank only six hours to spot the unusual activity, notify the customer, and stop the transfers. But it wasn't good enough for the federal judge. Court documents show that the company had only two prior transfers in two years. On June 13 U.S. district court judge Patrick Duggan in Detroit ruled that Comerica was responsible for the $560,000 that remained unrecovered because the bank didn't act "in good faith." The judge ruled that "a bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier."
April 1: Epsilon Inc., the world's largest e-mail marketer, reveals an unauthorized entry into Epsilon's e-mail system, exposing customer names and e-mail addresses.
April 26: Sony Network Entertainment America and Sony Computer Entertainment America disclose a "carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information." The intruders stole identity data from about 77 million PlayStation Network and Qriocity customer accounts.
May 10: Citigroup Inc. discovers a breach exposing more than 360,000 customer names, account numbers, and contact information. Citigroup waits almost a month before notifying its customers, and later says $2.7 million was stolen.
May 24: The Los Angeles Times reports that a Bank of America Corporation insider leaked detailed customer data to a ring of identity thieves resulting in $10 million in losses. The bank later confirmed the loss, which occurred sometime last year but came to light only recently, when the bank began informing customers.
June 15: Automatic Data Processing Inc., the world's largest payroll processor, says personal data of one of its 550,000 corporate clients was breached. It provided no details.
Certifying your Information Security Management System against ISO/IEC 27001 can bring the following benefits to your organization:
- Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements
- Independently demonstrates that applicable laws and regulations are observed
- Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount
- Independently verifies that your organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation
- Proves your senior management’s commitment to the security of its information
- The regular assessment process helps you to continually monitor your performance and improve