Our lawyers can assist you on legal issues relating to cybersecurity.
Some years ago, the French National Agency for Information Systems Security identified the risk of cyber-attacks against national infrastructures as one of the likeliest major threats over the next fifteen years.
In 2016, 164 million login credentials for LinkedIn were obtained fraudulently, as were 360 million login credentials for MySpace, 40 million login credentials for Fling, and 65 million login credentials for Tumblr. Given the risk of a data security breach, it is essential to protect oneself using the relevant legal tools, accompanied by suitable technical tools. For example, some cyber-attacks could be avoided if the users of information systems followed certain simple rules regarding password choice, frequency of password change, opening of emails, consulting websites, etc., or paid attention to whether monitoring or filtering solutions had been put in place.
Implementing specific tools and measures for cybersecurity
Our firm offers legal assistance in implementing these tools and measures by preparing adapted contractual documents, such as an Information systems administration charter, Charter for the use of the company social network, Charter for the use of information systems, and also relevant User Guides. The firm also assists its clients in implementing these tools and measures within the company concerned.
The implementation of certain user control measures and tools of can, depending on the case, necessitate the fulfilment of preliminary formalities with the CNIL and the preparation of a notice on this subject intended for the user of your company’s computers and means of electronic communication. The firm can assist you with these CNIL formalities and draw up legal notices to submit to the user, in order to bring you into line with the applicable requirements for personal data protection.
Cybersecurity and attacks on automated data processing systems
Attacks on automated data processing systems can take many forms (fraudulent access, retrieval, copying of data, etc.). An initial challenge is being able to detect whether a cyber-attack has taken place. Our lawyers can advise you by making recommendations to enable you, in certain cases, to identify an attack on your company’s data processing system.
If necessary, we can assist you during criminal proceedings concerning attacks on data processing systems. To this end, we can draw up a criminal complaint, request investigative proceedings, draft your conclusions, ensure a hearing, and assist you with the execution of the judgment handed down.
If a cyber-attack was made possible because you did not comply with your data security and confidentiality obligations (as imposed by the Data Protection Act), your company is at risk of penalties, especially financial ones, which may be handed down by the CNIL. We can assist you in your exchanges with the CNIL on these matters and help you to reduce the risk of upstream penalties by preparing adapted contracts on personal data processing to be put in place with your subcontractors.
Cybersecurity and infringement
Aside from cyber-attacks targeting data (including personal data), these goal of these acts may be to gain fraudulent access to the source codes of websites or apps. This is why it is recommended to ensure that one’s source codes are legally protected. In this area, our lawyers can advise you by making recommendations on copyright protection. Following these recommendations will allow you, for example, to have proof of ownership of your copyrights, which could be the basis for infringement action by a third party concerning the codes.