It was just an exercise, but not everyone knew that. Janine McKelvey, General Counsel Group Data Governance, Privacy and Ethics Officer at British Telecommunications (BT), recalls a tabletop drill at a previous employer involving a security breach. People started “to communicate wildly with everyone,” recalls McKelvey, often by mass emails, including to third-party vendors. Privilege and confidentiality issues went out the window. “We had to tell people it was only an exercise,” she recalls. Lessons were learned, pre-pandemic, about who was in charge of communications, and how those communications should be delivered. “The lawyer has to be the police officer on the beat,” she said, making sure lines of responsibility are clear.

The COVID-19 pandemic is not a drill. McKelvey and her co-panelist, Caroline Jan, General Counsel at Essensys, were speaking on a panel Thursday on “Data Security and Privacy During Disruption: How to Lead Your Organization Through the Storm,” part of the ALM two-day Women, Influence & Power in Law U.K. virtual event. The speakers emphasized that the pandemic’s lessons will last long after the world has been vaccinated.While it is difficult to anticipate a hack, or any emergency, communications were and will remain key during any crisis, noted Heather Nevitt, editor-in-chief of Corporate Counsel and Global Leaders in Law, who moderated the discussion. Who is on the comms task force? Who’s in charge of overall crisis management? Lawyers had better be the voice of reason in the room, the panelists agreed. Nevitt said, “Before the pandemic, in-house counsel were expected to be agile. But now the pandemic has tested that agility as never before.”