International arbitration continues to be a popular method for settling disputes, and that is not going to change any time soon. What is changing though is the impact that cyber and data protection risk has on the world; and international arbitration is not immune to this. This is highlighted in this article by Pierre Bienvenu and Ben Grant from Norton Rose Fulbright and in the 2018 Queen Mary International Arbitration Survey.
Any organisation is always subject to sophisticated and on-going attacks with antagonists either looking to disrupt operations or steal potential valuable assets or information. One could argue that this risk is increased through dispute proceedings given the publicity that often surrounds them and the fact that large quantities of sensitive data are often being transferred. Therefore, the data being passed to the other side and indeed to the arbitrators themselves, much be appropriately safeguarded and protected – at all stages of the dispute.
There are many standards and approaches to mitigate cyber risk, but key controls that can assist include: encryption at rest and in transit; use of secure email and/or file transfer mechanisms; employing a central & secure data repository; and ensuring timely destruction of data at the end of a matter. What is essential is that these risks are not ignored or overlooked and protocols should be agreed at the outset of a dispute in this context to help mitigate the risk.
Data protection and cyber risk are emerging as important considerations in arbitration. Although the arbitral community and the arbitral institutions are taking steps to address this concern, more needs to be done. As these issues become more common, it is hoped that consistent practices will emerge to reassure users that their data will be secure.