Data breaches: a crib sheet for the Channel Islands

Reports that Appleby’s office in the Isle of Man may have been hacked in the Paradise Papers scandal, in addition to the firm’s office in Bermuda, will no doubt have sent shivers down the spines of various law firms, family offices and wealth managers based in the Channel Islands. Offshore centres like Bermuda, the Cayman Islands and BVA may all be fair game when it comes to the drive for transparency of the tax affairs of multinationals and the mega-rich, but the risk of data-attack closer to home is somewhat scarier.

For any firms concerned they may be vulnerable to data-breach, it is essential not only to work with your IT advisors to ensure encryption of sensitive documents and bolster your defences, as well as to educate all staff on appropriate email and internet use, prepare IT wise but also to have a communications crisis plan in place in case the worst happens.

Bell Yard’s top communications tips for being ready for dreaded data-breach situations include:

1. Have a multi-disciplinary team of experts ready to mobilise in the event of a hack. PRs, lawyers, compliance and IT professionals will need to work in concert if a problem arises. The role of the PR expert is designed to avoid the firm hiding behind overly legalistic answers and to craft statements that will best resonate with the firm’s key audiences.

2. Be factual at the outset when confirming any attack and what is being done about it (e.g. are the police/NCA investigating?). Ensure all media and public calls are dealt with by a tight-knit team. It is best to avoid commenting on individual clients’ affairs or being drawn into speculation on the perpetrator.

3. Communicate with clients as swiftly as possible, directly and not just through the media. Website FAQs may not be the best way to go for HNW customers. Consider instead personal calls from the lead partner. It will be necessary to warn clients their financial data may end up in journalists’ hands and possibly you may need to recommend they use defamation and privacy lawyers too.

4. Don’t overplay the victim card: clients and the media will have little sympathy that IT systems weren’t sufficiently robust to keep hackers out, especially at a time when the public mood on tax transparency regards HNW financial data booty as in the public interest.

5. Have a generic statement ready about the legitimacy and strength of your business to which you can add the context of the hack.

6. Early, proactive engagement with your firm’s regulatory and professional bodies (such as the FCA, SRA and ICO) is imperative, and their breach guidelines followed. It may be appropriate to publicly demonstrate such engagement by way of demonstrating swift action and efforts to control the fall-out.

7. Keep updating your public responses, and ensure messages are consistent between recipients, as the situation evolves.

How a firm handles a crisis and re-establishes control will likely determine how quickly your reputation recovers. A defensive no-comment stance is unrealistic, even in a climate where you feel you can only be criticised. There is a tricky tightrope to walk between the right level of humility and robustness to emerge as unscathed as possible and to protect clients’ best interests. The key will be focusing on what your clients expect from you, by way of retaining their support. Clearly the risk of follow-on litigation could be present, so aim to move forward with clients on board.
Bell Yard has worked on various breach situations both in a front-line capacity and by guiding behind the scenes. We also have experience of working with clients in the Channel Islands.

Litigation PR

Litigation PR
Group Action Litigation Law firm Edwin Coe LLP, acting for a 500 strong consumer group bringing a multi-million pound class action lawsuit against timeshare...
Litigation PR
Banking Litigation Bell Yard advised the beneficial owners of two companies suing a Swiss bank at the High Court in London for breach of duty over the sal...
View more Ligitation PR Case Sudies

Reputation

Reputation Management
Cybercrime  Bell Yard advised on crisis communications for a digital retail business which was the victim of a data-hack and theft of customer data...
Reputation Management
Global 100 Law Firm Bell Yard provided public relations support to an international law firm with offices in London, Europe and the Middle East. Our brief...
View more Reputation Management Case Sudies

Campaigns

Campaigns
US/UK Extradition Campaign Since 2004 Bell Yard has driven a campaign against the UK/US extradition legislation, enacted in January 2004, which poses particular d...
Campaigns
Legal Services Commission Bell Yard was mandated to conduct a campaign on behalf of a law firm to highlight the disastrous consequences of the Legal Services Com...
View more Campaign Case Sudies

Contact us

Bell Yard Communications Limited
21 Fleet Street
London
EC4Y 1AA

Sw: +44 (0) 20 7936 2021

M: Melanie Riley: +44 (0) 7775 591244

Email: BellYard@bell-yard.com