Interview with Struan Robertson, technology lawyer with Pinsent Masons.
If you have sought expert legal advice pertaining to data an technology at corporate level you may be familiar with Pinsent Masons. If you have searched Google even on a cursory level data protection information you will likely be very familiar with
out-law.com of which Struan Robertson is editor.
Our privilege in running this interview is very much to the advantage of our readers. For this we thank Struan.
Introductory detail.
Name : Struan Robertson
Company : Pinsent Masons
Position : Legal Director, Pinsent Masons and Editor, OUT-LAW.COM
Marital status, family members : Married
Education / Qualifications
I did my law degree and diploma at Strathclyde University - then somehow scraped my way through a beginner’s class in Java programming.
Pastimes / Hobbies : Running, skiing, movies
Q : What type of car do you drive?
A : Chrysler
Q : What area of law do you most enjoy?
A : Internet law. It develops far faster than other areas of law, which keeps it interesting, and for a technology enthusiast there’s nowhere else to be.
Q : Given that out-law.com was first registered over ten years ago, why is it do you think that Pinsentmasons were so far ahead of their time in seeing the benefits of investing in a legal information and discussion site distinct from their own domain?
A : We weren’t first to register the name; we bought it in 1999 for, I think, CAN$5,000. More recently we were able to buy Outlaw.com (no hyphen) for US$25,000, though we never had any plan to use it. We launched OUT-LAW in May 2000. We aimed to become the leading online legal brand and the leading brand for online legal services.
The legal profession moves forward at glacial speed, so it’s not hard to stand out from the crowd - it just takes a bit of courage. Ours is a more innovative firm than most, I think - I’ve always thought this firm has a strong entrepreneurial spirit. Working on OUT-LAW felt rather like working at a start-up, but we’d have canned it if it hadn’t worked. Fortunately, it works very well for us. We take the view that clients won’t pay for basic legal information but they will pay for legal advice. So we’re giving away the basic legal information. Clients really appreciate that and OUT-LAW helps us to win their work. We recognised that people will use Google for legal research before coming to any law firm website, including our own - so we make sure that our pages are easy to find through Google. I’m surprised that so few firms do that.
Q : What are the work achievements of which you are most proud?
A : This year we became the first law firm ever to win a Webby. That was a great accolade for us. But I suppose the thing that matters most is that we have also helped a lot of businesses over the past 8 years and we have won a lot of work directly or indirectly through OUT-LAW. Companies recognise from OUT-LAW that we know what we’re talking about and that we can communicate in plain English, not legalese. All firms claim to have those skills; we prove it.
Q : Do you believe that data compliance has become overly complicated for small business or that there is little excuse for non compliance in an era when information on compliance requirements and readiness is pervasive throughout the Internet?
A : Most businesses will experience data compliance challenges and occasional oversights. Sometimes a problem is resolved easily by following free guidance; sometimes specialist advice is needed. Businesses in the UK are covered by laws that are fairly general in nature, that can be re-interpreted as technology moves on. That’s better, in my view, than the US approach where the laws change frequently because they are technology-specific. There are also more laws to keep up with in the US, at state and federal level.
Q : What general advice would you give to business startups with regard to data protection and compliance?
A : There’s a lot of useful free guidance out there, so read that first. Do get advice from a specialist with your data collection notices, though, because if you get that wrong at the start, you can build a business on a collection of data that was unlawfully obtained. We don’t hear much about enforcement action, so people may think they can run that risk. But if you come to sell your business in the future, you can bet that the lawyers for the purchaser will hammer you down on price if they can argue that your database was built illegally.
Q : Do you believe that the traditional high street general practice legal firm is equipped to deal with compliance issues or that business owners ad managers should seek specialist advice in this area.
A : As you would expect, I’d recommend seeing the specialist. You’ll find that many high street lawyers will recommend the same thing - we often get referrals from other solicitors.
Q : Is there a compliance point beyond which a company can consider themselves to have done all they can do or is it possible for a company with good practice and intentions to suffer sanctions as a consequence of say a theft involving data?
A : The sanctions for data thefts to date have generally focused on failings in systems and controls. If you follow best practice guidance, sanctions are less likely, though clearly a data theft can still be very damaging.
Q : With all the focus on cyber criminality and corporate responsibility, what responsibilities do you believe
members of the public have on an individual level in protecting their personal data?
A : Very few. The current Banking Code, which is part of most consumers’ contracts with their banks, sets certain expectations for online banking. It says, in effect, that users must keep their anti-virus and firewall software up to date or they could be liable if their accounts are cleaned out by criminals. But if weak security on a consumer’s PC is to blame, it’s not reasonable to hold that individual liable for the
loss for failing to install the latest patch. I suspect most banks would take the same view. But if one bank does try to hold a customer liable for his or her weak security, I can’t see a court upholding that requirement. The focus has to remain on effective layers of security. Consumers must be provided with identification and authentication systems that are secure and easy to use. We’re not there yet. For as long as websites continue to ask for your mother’s maiden name, there is work to be done.
