Cybersecurity, New Challenge to International Arbitration?
Arbitration is the alternative dispute resolution ADR mechanism preferred by companies for international business transactions in particular when the potential for disputes is expensive and specialized. One of its characteristics is that it brings additional costs different from the ordinary justice associated with the fees of the arbitrators and the arbitration institutions (arbitration institutions like ICC, LCIA, WIPO, among others) that usually administer and control the development of the arbitral proceedings.
The Digital Transformation in companies has had as a consequence that communications with third parties, internal processes, accounting records and in general daily activities are carried out by electronic means. The raw material of the evidence in arbitration proceedings in the case of the defense of the interests of the company or of strategies to sue third parties is carried out based on electronic documents.
CYBERSECURITY AS A CRUCIAL ELEMENT OF ARBITRATION IN THE 21ST CENTURY
Cybersecurity is digital security in information systems and electronic communications and the mechanisms of authenticity and integrity of information (electronic and digital signatures, among others) are a fundamental element to achieve and maintain trust in the arbitration process.
In arbitration as a method of resolving disputes, in a usual way sensitive and confidential information is handled regarding facts, legal valuations, financial figures of companies, product formulas, technical documents, among others. This information contained in memorials and other procedural instruments as well as in hearings, most of them in the form of data messages and electronic documents circulate between the parties, the arbitration institutional framework and the arbitral tribunal and their unauthorized or unwanted disclosure can be serious for those interested and prejudice the interests of the parties in litigation either during the arbitral proceeding itself or in commercial activities and even in the reputation and good name of a company or a shareholder.
It is important that all those involved in an arbitration procedure: the parties, the arbitration institutions and the arbitral tribunal develop guidelines and protocols that allow achieving a safe and reliable ecosystem for all, at this time when the information, evidence and actions of the parties it is increasingly made using electronic means and with storage subject to the risks of vulnerability and illegal or unauthorized access.
In the event that the applicable law in the seat of the arbitration includes regulations that oblige to carry out the disclosure of a digital security breach, the arbitral tribunal, the parties or the arbitral institution may be obliged to carry out the notification to the authorities for instance the National Data Protection Authority.
Among the subjects involved in the arbitration there is a good faith obligation that would force them to disclose to the other party, the arbitral tribunal or the arbitral tribunal to the parties in the event of the breach of digital security that puts the disclosure of information at risk.
CYBERSECURITY IN THE ARBITRATION INSTITUTIONS
The arbitration Institutions have the power, competence and the faculties to incorporate in the institutional regulations of resolution of disputes the measures, means and devices that assure to the arbitration proceedings a shield regarding possible intrusions or information leaks. The parties and their attorneys must be aware of the risks of espionage and information leakage, as well as the interest that the facts in arbitration proceedings may have for unfair competitors and even for new social and political activism that seek greater transparency in information. and that they can disclose sensitive and confidential information to the public.
For arbitrators, the case management hearing as a usual stage in international arbitration is an excellent opportunity to determine the technological requirements that the arbitration procedure may require in matters of technological security.
The cybersecurity requirements can initially become an additional cost for the parties since the arbitration centers and the arbitrators themselves can transfer the equipment costs and software licensing to the parties, but over time it will be a requirement for the appointment of the arbitrators. These are committed to meet the necessary requirements of cybersecurity.
STANDARDS OF CYBERSECURITY AND ARBITRATION
The determination of digital security standards in electronic communications, as well as the proper custody in the storage of the information of the arbitration process is a duty of good faith and diligence of all parties involved.
Each of the activities related to arbitration may have different cybersecurity standards. The storage of information is different from the transmission of it that can generate unauthorized intrusions.
The integrity of the digital information is essential as the availability of the same as well as the traceability in case of any alteration or change. The standards that must be applied in the cloud for the storage of digital information are also essential to avoid risks of availability and integrity in the hosting. The incorporation in practice of the arbitration in the platforms of the arbitration institutions of decentralized information cybersecurity systems such as the databases in blockchain encryption (Blockchain) and the intelligent contracts can be elements to take into account to guarantee the attributes to confidential information characteristic of arbitration. Online arbitration requires cybersecurity standards and traditional arbitration using electronic means also requires those standards.
The International Council for Commercial Arbitration (ICCA), the International Institute for the Prevention and Resolution of Conflicts (CPR) and the Bar Association of the City of New York set up a working group on cybersecurity in arbitration.
This Working Group published in 2018 a draft Cybersecurity Protocol for International Arbitration that it submitted for public consultation until December 31, 2018. We hope that this example will be followed by international and local arbitration institutions that contribute to the creation of standards, guidelines and guidelines that allow the incorporation of cybersecurity in the operational management and management of information management in this procedure.
In Colombia there are no known projects or similar programs that are in progress in the Arbitration Centers that exist in the country. From the academy we will support any initiative regarding cybersecurity for arbitration procedures, in the main Arbitration Centers and among the arbitrators themselves.
In arbitration, valuable interests for international trade are discussed on many occasions with a high degree of confidentiality. That interest in keeping the information discussed in disputes submitted to arbitration a secret is a stimulus for hackers and Wikileaks-like researchers to try to obtain information without permission. Also unfair counterparts who want to access secret information from competitors such as financial information or industrial secrets can take advantage of the information presented in arbitration proceedings.
The incorporation in practice of the arbitration in the platforms of the arbitration institutions of digital security technologies can be elements to take into account to guarantee the attributes to confidential information characteristic of arbitration.
Arbitrators and arbitration institutions and parties involved in arbitration processes must adopt practices and policies in the handling of information, evidence and documents that are part of arbitration processes to prevent them from being subject to undue revelations.
If you need more advices about how to manage arbitration with Colombian companies , feel free to contact our lawyers.
And you can also have a look at this video about Digitalization, Cybersecurity and Internation Arbitration.
By: Daniel Peña Valenzuela