Data Breach Manager
Yes, it is.
When we demonstrate the Fieldfisher Data Breach Manager to clients, we will talk through the basics of the standard platform, which may suit your particular needs without further development.
If clients want a fully customised solution, then we will work with you to modify the platform, based on the risk assessment criteria and decision-making mechanisms you may already have in your system, and your preferred reporting processes.
Yes, the client can start a workflow and then call their contact at Fieldfisher if they find they need assistance. A specialist Fieldfisher data lawyer will be able to go through the form with you.
If the lawyer needs to complete part of the form on the client's behalf, this will be sent back to the you once completed and will automatically be recorded on the Fieldfisher Data Breach Manager system.
Clients can also complete a risk assessment and send it to Fieldfisher via the platform to check Fieldfisher's data specialists agree with the assessment.
Lawcadia will also provide support to clients via a chatbot and helpdesk.
It can be used to document any incident and help clients assess the seriousness of that incident.
All personal data breaches must be recorded and logged in a personal data breach register to comply with the GDPR.
Depending on the circumstances, a mis-sent email or a successful phishing attack on a mailbox may not qualify as a major incident, but the Fieldfisher Data Breach Manager allows clients to document and assess every potential breach, creating a full breach log.
This makes it easier to report an incident to the regulator if the need arises and helps the client's legal advisers to quickly analyse the situation and advise the client on the next steps.
By using the Data Breach Manager for all incidents, you will be able to satisfy your obligations in an accountable way, and obtain the addition benefits of having automated business intelligence (BI) reporting for your internal stakeholders.
When completing a risk assessment, clients have the option to send them to Fieldfisher via the platform to complete in the first instance, or for a second opinion.
Fieldfisher's specialist data lawyers can review the data input into the questionnaire via the platform and make any necessary amendments directly in the platform itself.
The platform allows the client to easily see what changes have been made, removing the need for clients to save down separate versions of word documents and run comparisons.
If either side (client or lawyer) notices anything that needs to be brought to the other side's (client's or lawyer's) attention urgently, the platform can be used to send an email or, depending on the workflow stage, an SMS notification that will prompt the client or lawyer to look at the platform.
Once an assessment is approved, the assessment can be easily converted to PDF and copied and pasted into other document formats required for reporting to regulators.
This is particularly useful if clients find they have to deal with an incident across multiple jurisdictions with multiple regulators to notify.
Notifications and other documents can be saved down onto the system to keep a record in a single location of documents relevant to the incident.
Fieldfisher will be engaged to provide legal advice when you need it using the platform.
As a matter of English law, given that data will be put onto the platform in anticipation of legal advice, the platform gives you a better chance of maintaining legal privilege than most clients currently have using their own internal systems.
By reducing email traffic regarding an incident, the risk of waiving privilege over key documents like forensic reports can be reduced significantly.
When there is a need to notify more than one regulator, the client can set up tasks for the date by which each regulatory needs to be notified.
The platform will organise this information into a chart to help you see which notifications you need to prioritise for each jurisdiction where notification is required.
The platform enables document sharing and communications to ensure that notifications can be made in an agreed form using the data that is ingested and recorded on the Data Breach Manager platform.
Yes, this is not just a platform for notifying regulators. Up to date personal data breach logs are important for accountability and the BI reporting is a useful tool for presentations to management, investors, and other stakeholders like cyber insurers who may want to understand what your instances of personal data breaches look like.
We find that clients often have out of data personal data breach logs or spend a lot of time on bespoke graphics and tables for management presentations, so when used consistently our Data Breach Manager will save time and money within your business.
Importantly, the communications functionality allows you to use the platform to seek other legal support from us where required, whether that be in relation to other issues that may arise from an incident, including things like sector-specific notification requirements, insurance matters or customer or vendor contractual issues.
The Data Breach Manager is made available by Lawcadia on a logically separate platform, giving you the best chance to have a system that you can use to manage an incident even if your normal systems are compromised.
When onboarding our clients, we will discuss what authentication methods you would like to use for the platform and what may give you better resilience in the event of ransomware or email compromise incidents.
Both single sign-on and SMS multi-factor authentication can be enabled.
The Fieldfisher Data Breach Manager is simple and intuitive to use, so minimal training is required to fully upskill anyone in an organisation who needs to use it.
For a standard team training session Lawcadia advises to allow half an hour. For single user training, a 15-minute demonstration and Q&A session is generally sufficient.
The platform also has a 'help' button that will direct technical queries directly to Lawcadia
Yes the platform is available 24/7, with in-person support during UK business hours. There are also tools within the platform to request in-person assistance from Fieldfisher outside business hours in an emergency.
The platform allows users to start logging information whenever the client needs it, with overlapping support from the Fieldfisher and Lawcadia teams.