Lessons for In-house Counsel from Target's Former CEO
As you probably have heard, on Monday, Target fired then-CEO Gregg Steinhafel because of the massive data breach that compromised 70 million addresses and 40 million credit card accounts, resulting in a 2.5% decrease in fourth-quarter sales, reports The Boston Globe.
As general or in-house counsel, the last thing you should do is stick your head in the sand. You may think this has nothing to do with you -- but you are wrong -- this has everything to do with you. As in-house counsel's role evolves, business issues like this will more often fall in the realm of the legal department.
Top of the List: Cyber Security
While issues like cost and compliance are nearly universal top concerns for general counsel of legal departments worldwide, and while legal department operations managers make cyber security a priority, the threat of a cyber security data breach must be at the top of the list for all legal departments. If you're not convinced, we need only look a few weeks back to Heartbleed. Convinced yet?
In-House Counsel's Role
As the company's legal team, general counsel is, and always will be, the "counselor in chief." But, as in-house counsel's role evolves as legal departments look to internalize more and more projects, as a way to lower outside legal fees, you must be prepared to do more than just counsel. If you have not already, you must become comfortable thinking about, and making, business decisions.
So what do you do? Set up a game plan. Meet with the company leadership on a regular basis to get an update on situations that could have any sort of legal implications -- no matter how far removed. Steinhafel's biggest mistake was that he moved too slowly, according to The Boston Globe.
It's your job to counsel the CEO about swift action in general -- but especially in the case of a data breach. Not only that, but you should help him formulate a plan of action to deal with a breach. Failure to act can bring up a host of compliance, ethics and regulatory issues -- and if you know about them and do nothing, the legal department can be implicated as well.
If legal departments learn anything from Steinhafel's removal, these are the main takeaways: be swift, be proactive, and be decisive. This is your new role, get used to it.
- 5 Ways In-House Counsel Can Improve Vendor Cybersecurity (FindLaw's In House Blog)
- National Cyber Security Awareness Month: Resources and Tips (FindLaw's In House Blog)
- Stop the Heartbleed. What Your Company Needs to Do (FindLaw's In House Blog)