Graham Thomson
Chief Information Security Officer, Irwin Mitchell
Dorrien Peters
Commercial Litigation Partner, Irwin Mitchell
The creation of more data and the use of Industry 4.0 technologies are providing huge opportunities for manufacturers to improve productivity and profitability – but according to a report, by law firm Irwin Mitchell, many in the sector are risking huge fines and disruption because they’re unaware of their full legal implications.
Companies must understand how collecting, and having access to, more data can increase the risk of breaking the law.
Dorrien Peters, a partner at Irwin Mitchell and Head of its national manufacturing group, says:
“According to US tech company, DOMO, over 2.5 quintillion bytes of data are created every single day.”
With more data comes more risk
“Machines in factories are increasingly being connected to, and share their data with, an enterprise system or systems. Software is being developed to interpret this data and, as a result, companies have never had so much accurate information about their operations as they do today.
“However, with volume comes risk. There are greater opportunities for example, for cyber criminals to compromise data and plant malicious code. The risk of valuable data leaking or being lost is also rising in proportion to the volume. Personal data about employees held by companies is both an asset and potential liability.”
Dorrien adds, “We need to highlight the opportunities and debunk the myths about the shift to ‘Industry 4.0’, by clarifying what it means from the level of data use and data exposure.”
Montoring staff and productivity
Another area of note, is the increasing use of technology to monitor staff and measure productivity. If this is done without their knowledge, and used to give the employer an advantage, it is a breach of the GDPR. Employers can face huge fines, and must be rigorous in their transparency to avoid this.
With the increased risk facing manufacturers when it comes to sensitive data and dealing with cyber security threats, concerns are being raised for the sector about the rising trend of cyber-attacks on Industrial Control Systems.
Cyber security and Industrial Control Systems
Graham Thomson, chief information security officer at Irwin Mitchell, says “If anyone thinks that Industrial Control Systems are immune from cyber-attack, they have not been paying attention.
“Industry 4.0 technologies are an attractive target to many adversaries, and are just as vulnerable to the very same cyber-threats as other business systems. The impact of such an attack can be devastating, even life threatening.”
Irwin Mitchell’s experts also explain the legal issues relating to how data is being valued differently, highlighting how companies that create intellectual property can both capitalise on, and be penalised by, this change.
There are also legal considerations for a manufacturer in terms of data sharing in supply chains.
Dorrien Peters adds: “Digital transformation is reshaping how organisations do business, driving them to a data-driven world. There are however, significant risks and numerous legal issues to be aware of. If the productivity gap is to be bridged, it’s imperative that manufacturers get familiar with how data can be utilised to improve their profitability, whilst acknowledging the laws and procedures that will apply as data increasingly dominates how we work.”
This article is drawn from the findings in Irwin Mitchell’s ‘Go Fourth’ study. The study aims to raise understanding about industry 4.0 technologies and help manufacturing companies who are navigating the new data-driven business world understand the legal issues involved.
Pooling the experience of a group of in-house experts, specialist lawyers and business leaders from organisations including like Siemens and Thales, the report covers a wide range of areas including employment law, personal data protection including GDPR, cyber security and intellectual property.
It examines this issues like cyber-security in depth, and provides a three-step process so that manufacturers can improve their cyber security, including the need to appoint someone with the sole responsibility for cyber security.