Fox Rothschild Creates Chief Privacy Officer Role

September 25, 2015 – In The News
The Legal Intelligencer

Mark G. McCreary was featured in The Legal Intelligencer article, “Fox Rothschild Creates Chief Privacy Officer Role.” Full text can be found in the September 25, 2015, issue, but a synopsis is below.

Fox Rothschild has announced that Partner Mark G. McCreary has added the role of Chief Privacy Officer to his additional duties as a member of the firm’s Corporate, Intellectual Property and Privacy and Data Security Practices.

The move appears to make Fox the first Pennsylvania firm, and possibly just the second firm in the United States, to elevate a partner to the role of Chief Privacy Officer.

In creating the role, Fox was looking to have someone not just look at the information technology component of protecting client data, but to be able to view it from a legal perspective as well.

“We are committed to taking every step possible to ensure the security and privacy of information in our possession on behalf of our clients and employees,” said Thomas D. Paradise, Fox 's general counsel.

McCreary said he views the role as a policy position that will provide a centralized place for client questions on data privacy, review of firm technology contracts and review of data privacy questions on RFPs and engagement letters.

In addition, McCreary will be in charge of reviewing firm policies on data security and educating attorneys and staff on the issue. According to McCreary, all of those were things already being handled at the firm, but “on a loose basis” between members of the technology committee.

He is also currently leading the way on Fox’s efforts to become ISO 27001 certified – a certification on information technology standards – which he hopes to have completed by spring or summer of 2016.

“It will really allow us to see if we have room to improve and show clients how serious we are,” McCreary said.

The creation of the position shows Fox’s commitment to doing an even better job of fine-tuning its data security policies and emphasizing their importance to attorneys and staff, McCreary said.

“We could all do a better job of reminding people that it is important,” McCreary said.

Another reason for the creation of the position was to provide someone who could lead the review of increasingly varied client requirements on data security.

“An attorney might not appreciate ‘you must encrypt all data,’” McCreary said. “We want to make sure there are people in place to review those quickly.”

McCreary already reviewed software agreements and technology-related RFP questions, so he expects the role to only add a couple hundred hours to his workload each year. He also noted that Fox is already well-positioned when it comes to data security/privacy.

“It's not like suddenly we are like, 'OK, what is a firewall?’” he said.

McCreary said after accepting the offer to take on the role he met with the firm’s management team.

“I couldn't have had 20 people more interested in what we are talking about and saying this is absolutely something we should invest time and resources doing,” he said.

Encryption is one of the biggest issues facing firms, McCreary said. That way, if information is stolen, thieves are unable to do anything with the data.

“It needs to be true encryption for that to work,” he said. “I think that is one of the biggest exposures companies have.”

Protecting data is a key component to McCreary, especially in an era where many view data breaches as a matter of when, not if.

“Any system, no matter how secure, can be gotten to,” McCreary said. “If you are going to take the approach that we will come up with an ironclad system with no issues at all, then you have already lost.”

Fox, for example, has measures in place such as not allowing non-encrypted thumb drives to work on firm computers.

“Things like that, that I don't know firms” are focusing on, McCreary said. “In a lot of ways, it's education. And in a lot of other ways, it's money.”

Electronic data isn’t McCreary’s only focus, however, as he said the firm’s records department is highly involved in the process as well.

“In many ways, that is the scarier stuff because...you can't upgrade the lock and the key,” McCreary said.

This article was also featured in Legaltech News, JD Supra and CEB blog.