Technology Resources for Arbitration Practitioners - Cyber security and data privacy

Maintaining the security and privacy of documents and information exchanged in international arbitration proceedings has been a major topic of discussion among arbitration practitioners over the course of the last several years. The conversations have centred mainly on protecting data as it is exchanged between and among counsel and arbitrators.

To date, no single ‘gold standard’ of cybersecurity protection has emerged. Instead, various arbitral institutions, organisations and practitioners, including the IBA, have developed protocols or guidelines intended to make practitioners aware of key security weaknesses and measures that may protect against such weaknesses. In addition, many of the categories of technology discussed above incorporate security and privacy features.

The appropriate level of security and privacy protection always depends on the nature of the arbitration, sensitivity of the data exchanged and applicable local law requirements. The general guidance that has emerged as a result of the arbitration-related protocols for cybersecurity listed below includes a consideration of the following security measures:

The following is a non-exhaustive list of guidelines and protocols that may assist in establishing cybersecurity guidelines for an arbitration:

Disclaimer: Due to the very nature and dynamics of the subject of this guide, the examples should not be considered exhaustive, and merely represent a sample of the potential applications available. There are numerous other vendors that provide similar services and products to the ones described, and the presence of any particular vendor or product in this guide does not reflect any qualitative judgment about the suitability or capability of that vendor or product. The goal is to periodically update and edit the guide to reflect new technological advances, and add new or delete obsolete, applications, programs or vendors. The IBA Arb40 Subcommittee does not endorse or recommend any particular technology, vendor, software or program listed below, nor can it vouch for the security, cost or appropriateness of any of the listed technology, which must be assessed by practitioners on a case-by-case basis. The descriptions of particular programs, software and vendors were not provided by the vendors themselves, and the IBA Arb40 Subcommittee takes no responsibility for errors in those descriptions. All technology should be thoroughly explored and vetted by the arbitration practitioner prior to use.