Herbies develops in-house data breach software

Will Herbert Smith Freehills be the next firm to launch its own digital services business? The UK top 10 law firm has developed software to help clients respond to data leaks quickly and reduce the financial impact of a cyber-attack, led by Andrew Moir, head of Herbert Smith Freehills’ global cybersecurity practice, who was a software engineer before becoming a solicitor.
The new software automatically analyses the leaked data to help identify what types of personal data have been breached.
Under the new General Data Protection Regulation (GDPR) rules in Europe and other international regulatory regimes, when a client finds itself victim to a data breach they have to firstly assess the risk to the individuals to determine – not only whether they need to notify the relevant data privacy regulator of the attack – but also whether it is necessary to inform the individuals to whom the data relates (the data subjects). This requires an understanding of what data has been compromised and what a malicious actor could do with it.
Leaked data falls into two categories: structured data or unstructured data. The conventional approach by many firms faced with a data breach of unstructured data is to engage in a manual review of the content of the documents to identify the type of personal data that has been leaked, and who the data subjects are. This can be a long and costly process, especially where large volumes of data are implicated.
Herbert Smith Freehills’ new software identifies personal data such as email addresses and credit card numbers, and assists in linking the information back to the data subject. It can also help to pinpoint documents that contain the most personal data and then to produce an automatic distribution list, so the client can notify the individuals – saving them time and money.  The software can also give an indication of where the individuals are located, which can assist in understanding which international regulatory regimes will apply.
Moir, who worked on the billion pound IKOS divorce case and developed a program to compare two algorithms at the centre of the case, said: “We have been saving our clients costs with this tool. Often the need for manual review of the original unstructured data can be significantly reduced, or sometimes even eliminated completely.”
BigLaw firms are increasingly developing their own niche client facing software products but are hampered by the inability of many lawyers and partners to understand and sell digital services. For this reason, Clifford Chance in the summer followed Allen & Overy in launching its own separate digital services business, called Applied Solutions, with the ambition to significantly scale it. That will include taking on the legal market in New York, where new Applied Solutions CEO Jeroen Plink will be based. See that story below.