Amy Bradbury is a senior associate in the Media and Information Group. She specialises in the protection and exploitation of information and advises on all legal areas relating to reputation management, including defamation, privacy, breach of confidence and confidentiality, data protection, freedom of information and harassment.
What particular threats do high-net-worth individuals and families face from cyber criminals?
Amy: Reports of cybercrime are a regular fixture in the news, and research suggests that the threat is only likely to increase. Attacks are more sophisticated, with malicious emails (such as the familiar “click here” scenario) increasingly hard to spot as cyber criminals seek to appear as known contacts or replicate the appearance of well-known technology portals and platforms.
High-net-worth-individuals and family offices are often attractive targets. They have money and assets, but also possibly social standing, influence and connections. Indeed the purpose of an attack may not always be financial gain, but reputational damage or information gathering.
It is not uncommon for wealthy individuals and families to have relatively weak or no cyber defences in place. Even where cyber attack planning has been undertaken, it will often focus on the principal individual or head of the family, and ignore younger generations or other associates who can often be used as an easy route in, especially via social media.
There is also an increasing tendency for hacked data about HNWs to be stolen from third party institutions, such as banks or law firms, and to end up in the hands of journalists seeking to use the information to publish allegations. The HNW may be collateral damage, with wider social or policy issues at play, but the consequences, especially the reputational ones, can be significant.
What can you do to protect yourself from a cyber breach, both before and after the event?
Amy: Having appropriate technological security measures in place is the first priority, but software is only part of the answer. Given that cyber criminals will often seek to exploit an individual's social or professional network (for example, by posing as known email contacts) risk awareness and behavioural changes are also important.
Individuals should be careful about what sorts of information they put in the public domain or share online, and at least gain a proper understanding of what might be out there. We often undertake digital footprint audits for our clients so that they can understand the risks and take appropriate preventative measures.
If an attack does take place, it will be necessary to take action on a number of fronts, shoring up technological security, undertaking forensic analysis to understand what information or assets may have been placed at risk and engaging legal or other professionals to help with the fallout.
What legal options are there?
Amy: When data has been stolen there are legal steps that can be taken to protect a HNW. If private and confidential information has ended up in the hands of a known entity (or in some cases, even an unknown entity), and there is a risk of disclosure, it may be possible to get an injunction preventing the dissemination of that information any wider.
Where journalists or mainstream media organisations are involved it is also possible to engage with them directly on a legal basis to try to stop the publication of private information or untrue defamatory allegations, or at least limit it. Similarly, it may be possible to have data removed from any online platforms on legal grounds.
Cyber thefts are criminal matters and so it is also possible to engage the police to investigate. If stolen data is being used to blackmail an individual then there is likely criminal culpability for the blackmail attempt alone.
It is also worth pointing out that a family office may be considered a “data controller” for the purposes of data protection legislation and so a data theft could give risk to reporting obligations to the Information Commissioner’s Office and/or any individuals affected, such as employees.
Has the digital age - where everything we do leaves some kind of trace - done away with the reasonable expectation of privacy?
Amy: The digital age has certainly increased risks, and in some senses the law hasn’t evolved at the same pace as the technological advances. That said, whilst it may be harder to protect data from a practical perspective, the legal protections for private and confidential information are actually quite strong. It would certainly be wrong to say the digital age has done away with the reasonable expectation of privacy. The fact that people are out to get your information doesn't mean you can't have privacy, you just need to be careful.
About Amy Bradbury
Amy Bradbury is a senior associate at Harbottle & Lewis, working with the Media and Information Group. Amy acts for a wide range of clients, both in and out of the public spotlight. She advises corporates and brands as well as global figures, business professionals and high net worth individuals.
About The Lede
This article was originally published in The Lede, Transmission Private’s monthly newsletter that tracks the future of reputation management. Featuring interviews with leading private client advisers from the worlds of law, finance, and accountancy, sign up today to receive the newsletter in your inbox every month.