Data Breach Manager
Yes, it is.
When we demonstrate the Fieldfisher Data Breach Manager to clients, we will talk through the basics of the standard platform, which may suit your particular needs without further development.
If clients want a fully customised solution, then we will work with you to modify the platform, based on the risk assessment criteria and decision-making mechanisms you may already have in your system, and your preferred reporting processes.
Yes, the client can start a workflow and then call their contact at Fieldfisher if they find they need assistance. A specialist Fieldfisher data lawyer will be able to go through the form with you.
If the lawyer needs to complete part of the form on the client's behalf, this will be sent back to the you once completed and will automatically be recorded on the Fieldfisher Data Breach Manager system.
Clients can also complete a risk assessment and send it to Fieldfisher via the platform to check Fieldfisher's data specialists agree with the assessment.
Lawcadia will also provide support to clients via a chatbot and helpdesk.
It can be used to document any incident, including near misses, and help clients assess the seriousness of that incident.
All personal data breaches must be recorded and logged in a personal data breach register to comply with the GDPR.
Depending on the circumstances, a mis-sent email or a successful phishing attack on a mailbox may not qualify as a major incident, but the Fieldfisher Data Breach Manager allows clients to document and assess every potential breach, creating a full breach log.
This makes it easier to report an incident to the regulator if the need arises and helps the client's legal advisers to quickly analyse the situation and advise the client on the next steps.
By using the Data Breach Manager for all incidents, you will be able to satisfy your obligations in an accountable way, and obtain the addition benefits of having automated business intelligence (BI) reporting for your internal stakeholders.
When completing a risk assessment, clients have the option to send them to Fieldfisher via the platform to complete in the first instance, or for a second opinion.
Fieldfisher's specialist data lawyers can review the data input into the questionnaire via the platform and make any necessary amendments directly in the platform itself.
The platform allows the client to easily see what changes have been made, removing the need for clients to save down separate versions of word documents and run comparisons.
If either side (client or lawyer) notices anything that needs to be brought to the other side's (client's or lawyer's) attention urgently, the platform can be used to send an email or, depending on the workflow stage, an SMS notification that will prompt the client or lawyer to look at the platform.
Once an assessment is approved, the assessment can be easily converted to PDF and copied and pasted into other document formats required for reporting to regulators.
This is particularly useful if clients find they have to deal with an incident across multiple jurisdictions with multiple regulators to notify.
Notifications and other documents can be saved down onto the system to keep a record in a single location of documents relevant to the incident.
Fieldfisher will be engaged to provide legal advice when you need it using the platform.
As a matter of English law, given that data will be put onto the platform in anticipation of legal advice, the platform gives you a better chance of maintaining legal privilege than most clients currently have using their own internal systems.
By reducing email traffic regarding an incident, the risk of waiving privilege over key documents like forensic reports can be reduced significantly.
When there is a need to notify more than one regulator, the client can set up tasks for the date by which each regulatory needs to be notified.
The platform will organise this information into a chart to help you see which notifications you need to prioritise for each jurisdiction where notification is required.
The platform enables document sharing and communications to ensure that notifications can be made in an agreed form using the data that is ingested and recorded on the Data Breach Manager platform.
Yes, this is not just a platform for notifying regulators. Up to date personal data breach logs are important for accountability and the BI reporting is a useful tool for presentations to management, investors, and other stakeholders like cyber insurers who may want to understand what your instances of personal data breaches look like.
We find that clients often have out of data personal data breach logs or spend a lot of time on bespoke graphics and tables for management presentations, so when used consistently our Data Breach Manager will save time and money within your business.
Importantly, the communications functionality allows you to use the platform to seek other legal support from us where required, whether that be in relation to other issues that may arise from an incident, including things like sector-specific notification requirements, insurance matters or customer or vendor contractual issues.
The Data Breach Manager is made available by Lawcadia on a logically separate platform, giving you the best chance to have a system that you can use to manage an incident even if your normal systems are compromised.
When onboarding our clients, we will discuss what authentication methods you would like to use for the platform and what may give you better resilience in the event of ransomware or email compromise incidents.
Both single sign-on and SMS multi-factor authentication can be enabled.
Platform access can be set up in a way that best suits the user.
Access can be set up with either single sign-on, or two factor authentication, using email and/or SMS text messaging.
If there are multiple domains within an organisation, it is easy to obtain approval as required for different domains to ensure all users can access the platform.
As part of the implementation process, Fieldfisher and Lawcadia will go through your access requirements with you and determine the best approach.
The Fieldfisher Data Breach Manager is hosted in London, however it can be easily accessed out of jurisdiction using an AWS service.
No, the platform can accommodate unlimited users for the purpose of completing factfinding questionnaires.
On the assessor side, the platform includes up to 10 licensees (i.e. this would usually be for the legal, privacy, compliance team or other team members who will assess the incident).
Yes, you can set permissions for different users and assign levels of confidentiality to matters you enter into the platform, to control who sees what.
You can change permissions quickly and easily, if you need to bring more users in on a particular matter.
Yes, the Fieldfisher Data Breach Manager allows you to distinguish between the roles of controller and processor, and the platform will react to that status.
As a processor, your responsibilities are to let the controller(s) know about any personal data breach incident(s) you have experienced and provide them with certain information about that incident, so they can assess the nature of the breach and decide whether they need to notify regulators.
Processors may work with multiple controllers and the Fieldfisher Data Breach Manager allows processors to project manage incident reporting, keep track of changes and decisions in the same way as it allows controllers to monitor, record and manage breaches.
The Fieldfisher Data Breach Manager is simple and intuitive to use, so minimal training is required to fully upskill anyone in an organisation who needs to use it.
For a standard team training session Lawcadia advises to allow half an hour. For single user training, a 15-minute demonstration and Q&A session is generally sufficient.
The platform also has a 'help' button that will direct technical queries directly to Lawcadia
Yes the platform is available 24/7, with in-person support during UK business hours. There are also tools within the platform to request in-person assistance from Fieldfisher outside business hours in an emergency.
The platform allows users to start logging information whenever the client needs it, with overlapping support from the Fieldfisher and Lawcadia teams.