Cybersecurity Risks in Arbitration and Mediation

Aug 2, 2017 | Blog

Ironically, as cyber mediation and arbitration grow quickly, the risks of information entrusted to those neutrals and to the parties increase in lockstep. Mediation and arbitration agreements, then, should comprise standards for secure stewardship of the digital information at the heart of the dispute.

As recently reported in Law 360  mediation panels for cyber disputes are being formed and their use in resolution of information disputes will only increase. Virtually all commercial disputes comprise digital information, as over 90% of all business documentation is in digital form, and digital information is fundamentally “slipperier” than paper: There is more of it, it can be present in many places at once, and it’s easier to lose or alter. Mediation and arbitration of disputes involving alleged theft of trade secrets, breaches of contracts that require adherence to particular information security standards (these disputes most often arise from a data breach or cyberattack), disputes between litigation support vendors and law firms, or  conflicts as to cyber risk insurance coverage of a particular event are increasing because the cost-effectiveness compared to litigation is self-evident.

Lawyers have utilized arbitration clauses in commercial contracts for many years, but recently “cooling-off and mediation” provisions have been added to the alternative dispute mix. These provisions require the parties to advise each other of a potential conflict in performance and adherence to the standards in the subject agreement and then, if no resolution is reached on the parties’ own accord, proceed to mediation.

This clear trend toward this alternative dispute resolution was further emphasized in a recent study indicating that in New York State courts, only 1.3 % of all contingency fee cases are resolved by motion or trial. Courts have struggled with how to secure the often highly sensitive information from the parties, due to outdated information system protections and sparse protocols for information protection. With dispute resolution moving to mediation and arbitration in large numbers, the stewardship of the parties’ information by individual mediators and arbitrators takes on heightened importance.

More information, then, will find its way into the hands of mediators and arbitrators. Parties should, in the interest of their ethical obligations to protect their clients’ confidences, as well as comply with federal and state laws and regulations protecting certain categories of information, include cybersecurity metrics in their arbitration and mediation agreements. These provisions could include encryption of the information at rest (in storage) and in motion, limitations on disclosure and return of the information upon completion of the proceeding. These provisions should, of course, bind the parties to the same safeguards.

For additional information on cyber mediation and arbitration, please contact Kenneth N. Rashbaum.