Chapter 6 - Cybersecurity and the Office of the General Counsel


The General Counsel can be an important force in mitigating cyber risk. This chapter provides a roadmap for playing that important role both proactively and reactively, and for doing so in conjunction with the organization’s CISO, while helping to build support from the C-Suite and Board of Directors.

Key Ideas
  • The General Counsel and General Counsel’s Office can play an important role in addressing organizations’ cybersecurity risk, both proactively and reactively. Cyber risk is such a dynamic and complex risk area that a GC should embrace the role and see it as an important contribution to their organization.

  • This role differs from and complements the CISO’s role because the GC is consulted on many business decisions that the CISO is often not consulted on, including legal and regulatory compliance, corporate governance, investigations, mergers & acquisitions, contracts with third parties, new product reviews, engaging and terminating employees and contractors.

  • The basic functions that all GC’s Offices should own are following and driving compliance with
    1. rapidly changing legal, regulatory and contractual cybersecurity requirements (which often vary by business sector); and
    2. evolving conditions to protect sensitive information under legal privilege or attorney work legal doctrines.

  • The advanced roles that GC’s Offices should play, including
    1. playing an active role in their organization’s understanding of cyber risks it faces and voicing those risks to senior management;
    2. driving incident preparation including, improving incident response plans and helping to run tabletop exercises;
    3. co-leading incident responses with the CISO during breaches;
    4. leading post-breach assessments; and
    5. overseeing proactive cyber risk assessments.

  • By playing these roles actively, the GC and GC’s Office can significantly improve the cyber risk posture of their organizations.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.


Jim Halpert, Partner, Global Data Protection, Privacy and Security Practice, DLA Piper US

Jim Halpert, an attorney at DLA Piper, has extensive experience helping clients on the full range of data risk issues domestically and internationally and across most sectors. He is rated as a Legal 500 “Hall of Fame” practitioner, as a Tier 1 lawyer by Chambers & Partners and as a BTI “client service all-star”. He has helped draft almost all the state privacy, security and breach notice laws enacted over the past 15 years, the National Association of Corporate Directors Cyber Risk Handbook, and two major US federal privacy laws. He advises clients regarding compliance, crisis management, corporate governance, and risk management strategies relating to transnational, federal and state security and privacy regulation, industry best practices and self-regulatory initiatives. He has helped clients through more than 600 cybersecurity incidents, including several of the most high-profile breaches in the world, and has helped over a hundred clients shape their preventive cybersecurity and privacy programs.