Data Security legal team at Pure Storage. Left to right: Ron Karr, director, CTO office; Michael Moore; director, Product Legal Services; Joe Kucera, senior IP strategy manager.

Pure Storage, based in Mountain View, is in the business of holding on to valuable customer data, so it should come as no surprise that the company’s lawyers place a significant emphasis on the safety and security of this information.

“Our customers care about this particularly in the financial and government sectors,” said Michael Moore, director, product legal services at Pure Storage.

The legal team, which includes seven in-house attorneys worldwide working under Joe FitzGerald, vice president, general counsel and secretary, has developed an ethos of cross-departmental engagement around many issues—including data security—where other legal departments might keep their work locked up in silos.

“Our philosophy as a legal team, and it comes from Joe FitzGerald, is to get out there with your clients, and don’t hide behind your desk,” Moore said.

This has meant engaging closely with Pure Storage’s architects and software security experts to come up with processes to spot and respond to security issues in open source and third-party code.

The in-house attorneys work closely with the tech side of the company to periodically scan and inventory the open source code used in Pure Storage’s products for the sake of security and compliance with licensing requirements.

The legal team also kicked off the process early of preparing for the European Union’s General Data Protection Regulation, which goes into effect in May 2018, and requires a new level of compliance for companies around the data they process.

“A lot of companies are now scrambling to be ready for it,” said Moore.

The Pure Storage lawyers have worked far in advance with other internal teams to ensure that the company has the right security, encryption and data access protections implemented, and that employees are properly trained on the impending GDPR requirements. The Pure Storage sales team, for instance, had to be trained early to answer customer questions about GDPR implementation.