Arium has developed an approach to modelling legal risk that can assess the potential consequences to an organisation of a law or regulation. We tested our approach in conjunction with a major law firm by building a working model of the Data Protection Act for three different jurisdictions. The model allowed users to assess the law’s impact on their business based on criteria such as: the company’s public profile; the source and destination of the data; the nature of the data being transferred; and the number of data subjects for whom the company is holding data.
The model simply and clearly assesses risks in a way that a lay person can understand, and runs a cost-benefit analysis of the various risk management techniques that could mitigate those risks. It also helps a law firm incorporate and consolidate the knowledge of individual lawyers within a single model to facilitate the consistent and expert provision of advice to clients and enable swift training of junior lawyers.