What is your background briefly?
I am a technology and compliance lawyer. I qualified as a lawyer in the UK in 1991. I’m now a Partner at Cordery a law firm specialising in technology and compliance matters which we set up in 2014. We’ve worked on technology and compliance projects in more than 60 countries and we do that in three areas (1) prevention – trying to highlight risks and stop bad things happening (2) training people on those risks (3) providing a response when incidents (like a security breach) hit.
How did you end up doing what you do now?
It is a long story but basically as a kid I was always interested in technology and was trying to program old (but then cutting edge) machines like the ZX80, PET and BBC. I was also keen on a career in law though and by an odd chain of events the two collided. I was fortunate that I got some good clients earlier on who taught me a lot about their world.
1 min pitch for what you do / what’s a typical day like?
There is no typical day which is probably the thing that keeps you sane. We are busy at the moment in advising on GDPR and the new European data security regime but when a security breach happens the regular day goes on hold. Since October we’ve also done a lot of work on data transfer, data centre location and related issues as the European Court of Justice struck down the Safe Harbor data transfer scheme with the US. We’re also keeping a close eye on developments in Ireland given the new Schrems cases which are set to be heard in Dublin in 2017.
Congrats on being ranked on the Onalytica list for top Data Security thought leaders – where did it all go right?
Thanks for the congratulations. One of the things we are trying to do is get straightforward quick information out to our clients and friends. We are always trying to predict where trends are going and we have had some decent success with that since we started – for example predicting the issues around data transfer and the fall of Safe Harbor. We’ve also been making some short films which our audience seems to prefer to the typical legal alert. The films can be quite short – for example we’ve a film on GDPR which is less than 2 minutes – but we’ve had almost 7,000 views for those we’ve put on YouTube. Its nice to be recognised for that.
What trends are you excited / concerned about in relation to the work you do at the moment?
Probably the thing I am most concerned about is the ever increasing attacks on businesses whether from within or from outside. Some of the external threats our clients are facing have become much more sophisticated even in the last two years and large organisations in particular are really struggling to cope. Coupled with that the legal regime is tougher with fines of up to 4% of global annual turnover coming in May 2018. Perhaps the thing I am most excited about however is the fact that for many of the businesses we work for at least these higher penalties and greater threats are getting the attention of senior management and there is more willingness to do more about it as a result.
— Cordery (@CorderyUK) August 18, 2016
What advice would you give to companies and individuals in terms of managing their data securely?
It’s a continual process not a one off. We see some businesses thinking they have “done cyber security” or “done information security training” and therefore do not need to invest any more resources in it. That is a recipe for disaster.
— Cordery (@CorderyUK) August 15, 2016
Why is UK a great place for Tech?
In the main I guess it is access to skilled people (whether they be UK natives or not). There is a creative mind set but also a can do spirit and (amongst the best) a willingness to continuously improve. We have also access to great resources just nearby too including in Ireland.
Who do you follow for your inspiration and insights?
That’s a tough question as I think doing what I am doing you have to collect a lot of information from all sorts of different people, whether you agree with them or not. Twitter and LinkedIn have definitely made it more easy to follow more people from a much wider spectrum than you might have done in the past. The other source of inspiration and insight is travel. Even when we’re on short trips for business we ask all of our team to take time to understand the local customs and culture and I think this helps us advise our clients on the issues they are likely to face.
We can be online 24/7, how do you manage your work life balance?
I think that is a real struggle. From a risk point of view we sometimes see the biggest mistakes made outside of office hours. People make bad decisions when they are tired but even when they are struggling for connectivity and battery power. The Uber revelations have confirmed what we have seen for some time that even things like a red battery warning lead people to make worse decisions. I can see the questions although I don’t have any solutions!