.png){kind=small}
By Syed Isa Alhabshee
The legal landscape in Singapore has seen a fairly significant transformation in recent years. The onset of the COVID-19 global pandemic, with the resultant drastic restrictions in workforce mobility, has caused many companies (law firms included) to implement or fast-track their digitalisation process. That is not to say that the drive to adopt technology solutions in the legal industry is a new phenomenon. In 2017 and 2019 respectively, the Ministry of Law launched the Tech Start and Tech-celerate for Law programmes, with the aim of encouraging and helping law firms to harness and leverage on technology solutions to improve their productivity and enhance their legal offering. A further step in this direction was recently taken with the Legal Industry Digital Plan (IDP), being the first IDP to discuss Artificial Intelligence (AI) and Generative AI solutions and their potential uses by Singapore law firms.
However, with the push towards digitalisation comes the increased risk of data privacy and data governance infractions. In 2021 and 2022, a total of 49 enforcement decisions were issued by the Personal Data Protection Commission (PDPC) of Singapore against companies who had fallen short of the requirements under the Personal Data Protection Act 2012 (PDPA) and its associated regulations. The legal sector has not been left unscathed either, with enforcement action being taken against a law firm and the Law Society of Singapore in recent years.
Against this backdrop, the need for well-trained Data Protection Officers (DPO) and data governance professionals has never been more apparent. Aside from having to navigate the laws and regulations surrounding the proper handling of personal data, companies now have to contend with increasingly sophisticated cyberattacks carried out by dedicated threat actors. The meteoric rise of Generative AI in the last year or so has further compounded this issue, where the tools to create malware code, phishing emails, and convincing deepfakes have now been placed at the fingertips of the lay person. Companies, let alone law firms, must now seriously consider formulating a strategy to protect their data assets, with a DPO or data governance professional being at the core of their efforts.