Introduction

When the COVID-19 epidemic broke out, judicial processes were obliged to undergo many legislative reforms that are now common. For law firms, arbitral institutions, and legal advisers, changing the previous framework to support remote procedures has made clear how flexibility inheritance in arbitration allows for a proper and advantageous adjustment to the digitalization process as costs derived from travel, finding suitable venues, and related expenses are eliminated. It is safe to say that such adaptations will become standard practise post-pandemic. However, as people’s reliance on electronic and digital devices grows, so do worries about cybersecurity and data security.

Multinational corporations, governments or state institutions, public celebrities, and/or non-governmental organizations are frequently involved in high-stakes international arbitrations. Furthermore, international arbitration cases frequently need proof of facts that are not available in the public domain but have the ability to affect politics and financial markets.

Furthermore, international arbitration brings together parties from a number of countries and locations. Often, cross-border legal teams or firms represent the parties. Finally, in-house attorneys, counsel, and arbitrators frequently travel to and work from numerous locations. These variables increase the chances of being hacked by technological means as well as physical data theft.

Risks Involved

Law firms, in particular, are a tempting target for cybercriminals. According to a survey by a cybersecurity consulting organization, big corporations have been targeted by hackers. Arbitrators and arbitral institutions make every effort to protect cybersecurity to the best of their abilities. However, it is not necessary that arbitrators have access to advanced information technology support.

It is inevitable that parties to international arbitrations will become targets given the rising frequency and sophistication of cyberattacks on prominent organizations and institutions. Disputes submitted to international arbitration generally require evidence of facts that are not in the public domain and may have the potential to influence politics and financial markets. It is not surprising, therefore, that arbitration has become a target for cybercriminals.

There is ample opportunity for international arbitration processes to be breached. The size and scope of proceedings may require a large number of professionals, including in-house lawyers, counsel, arbitrators, and others, to travel and work remotely in locations that may not have adequate security protocols. Lack of adequate security might pave the way for cyber offenders to hack the important data used in international arbitration.

Confidentiality in arbitration

Confidentiality refers to the non-disclosure of specific information in public. Private hearings do not necessarily impose confidentiality obligations on the parties to arbitration. Nevertheless, confidentiality is one of the primary reasons that arbitration is the preferred option for commercial dispute resolution.

The UNCITRAL Model Law on International Commercial Arbitration does not provide for any express provision dealing with confidentiality in the field of arbitration and instead allows the parties to the arbitration to incorporate a clause of confidentiality in the arbitration agreement if they wish to do so.

Confidentiality in India under the Arbitration and Conciliation Act, 1996

The Arbitration and Conciliation Act, 1996, governs arbitration confidentiality in India. On the recommendation of the Justice B.N. Srikrishna Committee, which produced a report with certain recommendations to strengthen arbitration in India, a provision relating to confidentiality was introduced to the Act. The Arbitration and Conciliation (Amendment) Act, 2019, adopted Section 42A after the recommendation was accepted.

The confidentiality of information in the arbitration is discussed in Section 42A of the Arbitration and Conciliation Act,1996. It requires the arbitrator, arbitral tribunal, and parties to the arbitration to uphold the principle of confidentiality, with the exception of the award when disclosure is required for its implementation and enforcement. As a non-obstante clause, it takes precedence over all other laws in the act.

Importance of Cyber Security

Any dispute resolution system’s validity in the age of advanced technology strongly depends on its capacity to uphold a reasonable level of data privacy. Given that confidentiality is one of the main benefits of digital procedures in arbitration, ensuring the integrity of digital proceedings is even more crucial.

The Cybersecurity Protocol advises that the information security issue be brought up right away in the process. Through an algorithmic conference, parties, arbitrators, and representatives must thoroughly review all aspects of the dispute that are pertinent to this decision, such as the type of information being processed, the risk profile (risk analysis), current information security procedures, and the effects of a breach.

Following such factors, it is necessary to strike a balance between limits such as financial and technical resources to avoid measures that are too onerous to allow the arbitration to progress properly. Prior communication with the arbitral institution in question is recommended to ensure that the suggested procedures are consistent and adequate under the institution’s norms.

A breach of confidentiality may result in financial losses, reputational harm, disclosure of private data, and hazards to the information’s validity, in addition to damage to the integrity of arbitral proceedings. Finally, having a thorough grasp of the risk profile of a specific situation necessitates analysing the repercussions of a prospective security breach.

Consequences of cyber security breaches

The mandatory laws that are applicable to that individual or in relation to the conduct or omission in question will define the legal repercussions of any cybersecurity breach that has been intentionally or negligently committed by a party, arbitrator, or other participant. These required rules may allow for fines or damage claims from parties who have been wronged.

If information has been obtained by illicit means and used as evidence in the arbitration, the consequences may vary, as the approach to this kind of problem is not the same everywhere. If information that has been obtained by illicit means outside the sphere of the arbitral tribunal concerns the secrecy of the deliberations and has enabled one of the parties to adjust its arguments and win the case, then the arbitral institution will deal with the matter according to its own rules and regulations, but the end outcome will still be unclear.