Crisis Management Plans: How Will Your Legal Department React in a Crisis?

A crisis management plan ensures that your company is more likely to maintain its reputation and regular operations in the event of a crisis. A proper crisis management plan involves all levels of the company, from IT to the boardroom. The legal department also plays a key role in limiting risk for the corporation when a crisis is ongoing.

Crisis Management Plans: How Will Your Legal Department React in a Crisis?

A fictional company experiences a data breach that affects all of their customers. What do you do on Day 1? This was the scenario for a panel discussion at the 2019 Canadian Corporate Counsel Association (CCCA) Conference in Toronto.

The panel underscored the need for companies to have a crisis management plan, and the necessity for in-house legal counsel to be involved in its formulation. Domenic Marino, partner and national leader for forensics and disputes at PwC Canada said “If you don’t have a crisis plan, the organization becomes paralyzed within 24 hours.” While instigating a company-wide crisis management plan is important, in-house counsel should have its own plan developed to limit company risk when things are fast-moving and in turmoil.

What does a crisis management plan for your legal department look like?

Each crisis management plan has to be tailored for your specific industry and company. If you know what a potential crisis can look like for your business, it’s relatively simple to map out a response. The Mining Association of Canada has excellent resources for companies involved in the mining industry, and it’s worthwhile to see if your industry associations have similar resources that you can use. The American Bar Association also has some helpful tips for crisis management planning from a legal and board perspective.

At the CCCA Conference Panel, Monique Jilesen, a partner with Lenczner Slaght stated that as external counsel, she would like to know of client issues on Day 1 of a crisis, since causes of action in a lawsuit could be based on something that was done after the crisis came into play. For this reason, legal departments would be well-advised to freeze operations, or at least a portion of operations that may pertain to the crises, immediately after they are notified that a situation has arisen. But how can you throw the switch quickly? The answer is technology.

Employ Technology to Preserve and Freeze Cases and Documentation

Corporate legal governance solutions such as DiliTrust Governance can assist in helping to limit file access and show who has accessed files in the event of a crisis. Specific cases and even the entirety of the legal department’s operations can be put on restricted access by those with the proper administrative access. Consider this hypothetical situation: there is a large data breach in your company which could have exposed internal passwords. With the proper solution in place, you can freeze access to documentation by any party, or limit access to a specific set of users. In the event of a breach, this often has to be done instantly, so a crisis management plan that instigates this action on Day 1 could include such measures.

If files are stored in disparate locations on a company network rather than in one solution for the legal department, they are more vulnerable to unauthorized access which bad actors may have after a data breach. Files stored on a company network can be harder to lock down as there may be multiple vectors through which they can be accessed on a system such as a Sharepoint drive.

In addition, if you know that an account has been compromised, you can see which files have been accessed and when if you are using a corporate legal governance software solution. This enables you with the knowledge of the scope of the hack and the damage control needed to contain it with one report.

In summary, if you store files on a shared network of any kind, there are multiple penetration points that bad actors can use to access them. If you store them in a specific solution with multiple layers of security, they are less easy to access, and it is simpler to lock down that access if necessary.


If you would like to know more about DiliTrust Governance and how it can become a part of your in-house counsel’s crisis management plan, contact us today for more information.