Data Security

Data security is important to CPR, as we know it is to you. To keep us all following best practices, we provide important pointers below. You will find information relating to communicating with CPR on case-related matters, cybersecurity in arbitration and other ADR proceedings – including information on the ICCA-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration – data protection and on the CPR online dispute resolution platform, as well as other technology tools.

CPR has been at the forefront of several pioneering initiatives in the field of cybersecurity and data protection over the past few years. Should you or your clients or contacts confront a dispute arising out of a cybersecurity-related incident, CPR also maintains a Cyber Panel of Distinguished Neutrals which is comprised of arbitrators and mediators who are experts in data breaches and other cybersecurity issues, such as handling related insurance coverage disputes. To access our Panels of Distinguished Neutrals, click here. (Access limited to CPR Members).

Case-Related Communications with CPR Dispute Resolution Case Management Team

For CPR matters, all documents necessary for the proceedings are directly exchanged between the arbitrators/mediators and the parties once the proceedings have commenced. CPR only receives limited information in electronic format when parties to a dispute file an administered arbitration or seek our assistance for a matter conducted pursuant to our non-administered arbitration rules, mediation or other procedures.

CPR Dispute Resolution also utilizes a secure email solution (Voltage) that encrypts data and attachments for anyone who desires to encrypt data when communicating with CPR on case-related matters. To obtain access to the secure email connection, please email mlevi@cpradr.org.

Cybersecurity

CPR Arbitration Rules:
CPR has been at the forefront of cybersecurity in arbitration and it was the first arbitral institution to introduce a cybersecurity provision in its rules in March 2018. CPR Administered and Non-Administered Arbitration Rules, in Rule 9.3(f), provide that matters of cybersecurity should be discussed during the pre-hearing conference held for the planning and scheduling of the proceeding.

Cybersecurity Protocol:
CPR, together with ICCA and the New York City Bar Association, has developed a Protocol on Cybersecurity in International Arbitration (the “Protocol’) which can inform practitioners on matters of cybersecurity.

CPR has joined forces with the New York City Bar Association (NYC Bar) and ICCA to launch a Working Group on Cybersecurity in Arbitration. The Working Group has prepared a set of guidelines, which provides practical guidance for counsel, arbitrators, and institutions, and optional protocols that can be adopted by parties to an arbitration.

The Working Group launched the 2022 Edition of its Protocol at the ICCA Congress in Edinburgh on 19 September 2022.

The Protocol has been updated to reflect the maturing of the cybersecurity and data protection environment that has taken place since its launch nearly three years ago, and now includes a sample data breach protocol.

Note: Although the protocol has been developed for arbitration, the baseline security measures in Schedule A can be and should be followed by all ADR practitioners and neutrals.

Cybersecurity Training for CPR Distinguished Neutrals:

Since 2019, CPR has offered, in partnership with FTI Consulting, an annual Cybersecurity in ADR webinar training free of charge to its neutrals. The goal of this training delivered by cybersecurity experts is to ensure that CPR Neutrals stay abreast of current cybersecurity issues to mitigate risks. The training is recorded and neutrals can access the recording at any time. Upon completion of the training, CPR Neutrals receive a Certificate of Completion. Click here for more information.

Cyber Crimes:

For information about current cybersecurity threats and guidelines on how to protect yourself, we invite you to visit the FBI Cyber Crime website.

Data Protection

Information security and data protection issues are closely connected. Therefore, adherence to the Cybersecurity Protocol might also help ADR practitioners comply with various data protection legal regimes. For additional guidelines regarding data protection, we encourage ADR practitioners to consult the draft Roadmap to Data Protection in International Arbitration produced by the ICCA-IBA Joint Task Force on Data Protection in International Arbitration Proceedings.

Online Dispute Resolution

Platforms for the secured exchange of documents and video conferencing in ADR proceedings

Note that CPR does not endorse any of the suggested tools listed below. These are options that ADR practitioners and users may want to consider in conjunction with the security guidelines laid out in the Protocol.

Exchange of documents:

DisputesEfiling.com
Dispute E-Filing is a pay-per-use platform that offers special discounted pricing to users conducting mediation and arbitrations under CPR Rules & Procedures.
For more information about Disputes E-Filing, click here.
CaseLines
Dropbox
TransCEND

Videoconferencing:

Effective July 1, 2022, all references in Rules, Procedures, Protocols, Model Procedural Orders, Model Clauses and Guidelines to The International Institute for Conflict Prevention and Resolution, Inc. or CPR shall be deemed a reference to CPR Dispute Resolution Services LLC.

The information and resources on this website should not be construed as legal advice or opinion, or as a substitute for the advice of counsel.