In a world where computer hacking and data theft are commonplace, cybersecurity is a necessity. Yet companies don’t always feel the need to hire a jurist who specializes in cybersecurity. Portrait of the profession.
New technologies are intertwined in every part of our lives. While growing in importance, they bring with them more and more risks of hacking and data theft. To protect themselves from these attacks, companies can call on a jurist who specializes in cybersecurity.
He takes action first of all to prevent attacks, but also to help managers obtain reparations and take advantage of laws. For example, the Criminal Code would punish the criminal, “but not necessarily help the company”, Me Sébastien Lapointe, lawyer for the Holmested & Associates firm, points out. The Civil Code makes it possible to obtain financial compensation.
The role of the cybersecurity specialist is also to analyze a company’s vulnerability and inform it of its responsibilities, such as the criminal and civil consequences incurred. “I am always asked what’s the worst thing that can happen. With current law, the consequences are weak,” Me Lapointe explains. Canadian and Quebec laws are improving, but they do not involve significant fines for negligent companies.
Despite everything, the the laws regulating personal data are giving more and more rights and recourses to citizens. “What is most typical in the business is being involved in a class action,” explains Me Lapointe. The lawyer will be responsible for proving the extent of the harm and its connection with the security breach.
To avoid this, companies can hire a jurist to manage personal data. “Holding personal data triggers laws that the managers have to comply with,” Me Lapointe says. It’s important to help them understand and apply the regulations.
In addition, interest in personal data has been growing since the introduction of the European General Data Protection Regulation in 2018. Canadian companies with customers in Europe have to comply to avoid heavy fines.
Nevertheless, Me Lapointe explains it takes a long time to raise awareness. “This remains the prerogative of large companies with the resources to attract companies able to pay,” he says regretfully.
Smaller companies have little recourse after a cyberattack. With the current laws, managers perceive cybersecurity primarily as an additional expense. After an intrusion, they tend to manage the technical crisis with experts, but few of them call on a specialist jurist.