CPR Appoints New Cyber Panel Ahead of Anticipated Increase in Data Security Disputes

By Kate Wilford, Hogan Lovells (London)

The International Institute for Conflict Prevention and Resolution, a New York-based organisation offering Alternative Dispute Resolution (ADR) services, has recently announced the launch of a new specialised panel of neutrals, commissioned to deal with cybersecurity disputes. The Cyber Panel is composed of experts in cyber-related areas such as data breaches and subsequent insurance claims. In a press release, Noah Hanft, President of CPR, described the new panel as guiding the “critical effort” by businesses to “prevent and/or resolve cyber-related disputes in a manner that best protects operations, customers and reputation” due to attacks now occurring with increased frequency and sophistication.

CPR’s decision to establish a specialist cyber panel addresses a perceived need for arbitrators and mediators with relevant expertise, given that data protection and security breaches are regarded as an increasingly common cause of technology, media, and telecommunications (TMT) disputes, and therefore a significant growth area for commercial dispute resolution. According to the 2016 International Dispute Resolution survey on TMT disputes conducted by the School of International Arbitration at Queen Mary University of London, respondents predicted a 191% increase in disputes related to data/system security breaches, the largest growth area identified by the survey.  Despite the fact that only 9% of respondents had encountered such disputes over the last five years, 79% of respondents thought that they were either likely or very likely to arise over the next five years. The survey also suggested that data breaches are most often caused by employee action, followed by malicious third party attacks, with both being more common than breaches caused by system failures.

Given the significant reputational and financial damage that can result from a data security breach, it is crucial to resolve subsequent disputes through the use of a reliable procedure which is tailored to the wider commercial context. This is why TMT companies are increasingly often turning to international arbitration which, as the survey shows, was respondents’ preferred mechanism for resolving disputes in the sector. Compared to the 43% of respondents who expressed a preference for arbitration, only 15% chose court litigation as their most favoured option. However, at present, litigation remains the most used mechanism in practice, used in relation to 44% of TMT disputes over the last five years. In that regard, the authors of the survey add that many of these disputes arise from contracts which were concluded long before arbitration grew in popularity and consequently, they do not include an arbitration clause. If this is true, we are likely to witness a significant increase in the number of TMT arbitrations. Indeed, 82% of respondents believed that there was likely to be a general increase in TMT arbitrations.

In general, the survey suggests that TMT companies may require more confidence in international arbitration in order to make this theoretical preference a reality. One way in which this could be addressed is by increasing the number of arbitrators with specialist knowledge of the sector and the specific issues in dispute. This approach appears to correspond with the views of the respondents to the Queen Mary University of London survey, which identified the technical expertise of the decision maker as an important aspect when deciding on a dispute resolution mechanism, as well as decision makers. In light of this conclusion, it was a logical step for CPR, which already has a series of specialist panels in other areas, to appoint a specialised Cyber Panel which may appeal to parties faced with disputes relating from data security breaches. More generally, there seems to be a wide consensus that cybersecurity-related arbitration is going to be an area of future growth.

Kate Wilford is a Senior Associate in Hogan Lovells’ London office. She represents international companies in large-scale, international commercial disputes. Her practice focuses on international arbitration (most frequently under the ICC, LCIA and UNCITRAL rules) and associated court litigation, including challenges to and enforcement of arbitral awards. Ms. Wilford’s full bio can be accessed HERE.

This post was originally published at http://www.hldataprotection.com/2017/08/articles/cybersecurity-data-breaches/cpr-appoints-new-cyber-panel-ahead-of-anticipated-increase-in-data-security-disputes – the Hogan Lovells Chronicle of Data Protection blog. It was also republished on the firm’s international arbitration blog, ARBlog and is republished here with permission.

Avoiding and Resolving Information Technology Disputes (CPR Master Guide)

By Meghna Talwar

The latest survey released by Queen Mary University of London, in collaboration with Pinsent Masons (“the Survey”), highlights the growth of ADR in Technology, Media and Telecommunications (TMT) disputes. The Survey records 67% of the total disputes which are IT related.

Foreshadowing this important development, in 2005, CPR’s IT Committee released its master guide titled “Avoiding and Resolving Information Technology Disputes” which provides detailed information about resolution of IT disputes with the help of ADR mechanisms. The master guide’s 7 chapters provide different methods for addressing IT disputes from avoiding them in the first place to resolving them by arbitration. The first chapter gives companies a head start to set things in place prior to dealing with external parties. The chapter provides cues on how companies can assess, prioritize and define their goals and identify the possibility of dispute in the long run in order to plan their resolution techniques right from the beginning.

Chart 5 of the Survey states that 61% of the disputes related to IT systems are caused due to delay. The survey also mentions that such delay may be caused due to several attributing factors rather than one cause. Chapter 2 of the master guide suggests practices which companies may adopt to avoid delay. The chapter which is titled “Avoiding Disconnect Between Negotiation and Implementation” describes ways in which companies can formulate healthy negotiations with other parties thereby building a strong working relation with them. The chapter also focuses on how parties can develop a good understanding of the project as well as their own interpersonal relations which could ultimately lead to limiting the risk of contracting any disputes.

While Chapter 2 discusses building strong relations, Chapter 3 encapsulates the technique of building a strong project foundation based on strong partnerships. The chapter highlights the advantage of building partnerships at an early stage and describes methods to sustain such partnerships once they are formed. Also, the chapter offers interesting suggestions on conducting workshops with stakeholders to create synergistic relationships.

Often guidelines are limited to dos and don’ts of a process which are purely theoretical in nature. However, Chapter 4 of the master guide carries out case study of an IT dispute which enables companies to understand the practical implications of the master guide. The case study is an interesting concoction of facts and analysis with suggestions from the IT professionals who comprised the CPR IT Committee. Thus, the master guide provides a well-rounded view of IT disputes and the complications involved therein.

The Survey states that 50% of the respondents prefer mediation followed by 47% who prefer arbitration. Hence, there is an earnest intention on the part of the companies to resolve disputes without resorting to courts. However, it would be effective to resolve disputes at a preliminary level. Chapter 5 of the master guide speaks about the use of hierarchical positions to defuse disputes at an early stage. The chapter also emphasis on the need for protecting stakeholders, thereby maintaining a dispute-free atmosphere.

Chapter 6 introduces the concept of appointing a standing neutral. The chapter describes a standing neutral as someone who is appointed as a neutral in advance of any conflict. The appointment of a standing neutral could save the parties a substantial amount of time and cost in a way that the parties would get neutral assistance immediately on detecting a dispute without having to search for it when the dispute arises.

It is understandable that in certain cases it is impossible to avoid disputes despite adopting prevention mechanisms. Proliferation of social media is an example of unavoidable disputes. The Survey recorded 93% disputes arising out of social media attacks and 54% disputes arising out of traditional media attack. Chapter 7 of the master guide describes the dispute resolution program which companies may adopt if avoidance strategies do not work. The Survey points out the importance of Dispute Resolution (DR) policies which companies adopt. It stated that only 25% of the respondent companies did not have a DR policy. Thus, Chapter 7 could be helpful for companies which fall within the 25% bracket and could give the remaining 75% some tips for improvement, if required. The chapter also introduces the CPR Rules on Expedited Technology Dispute Resolution which includes rules for both arbitration and mediation proceedings.

The CPR master guide was introduced long before the introduction of the Survey. However, from the Survey it is quite evident that the issues revolving around IT disputes that were discussed in the manual remain to be a cause of concern, even today. Hence, the master guide proves to be an effective tool for addressing such problems and acts as a catalyst to innovate and introduce mechanisms for resolving IT related disputes.

Meghna Talwar is a fall intern at CPR.

To order a copy of CPR’s Master Guide, “Avoiding and Resolving Information Technology Disputes,” click HERE. And be sure to browse our many other publications in The CPR Store HERE.