Sophie is an independent regulated commercial solicitor in England, with 15 years post-qualified experience combined with an earlier background in construction and telecommunication private finance.
Sophie has specialised in data, digital and technology project procurements for over 11 years with clients that have included the Ministry of Justice, Home Office, Foreign & Commonwealth Office, BEIS/Met Office, Department for Transport, Cabinet Office, Bank of England, Police, local government, transport suppliers and the Satellite Applications Catapult.
Sophie is a longstanding member of techUK, the Procurement Lawyers Association and World ITECHLaw Association. Over the past three years, she has won global recognition for her work in business and law (e.g. Technology Justice for Global 100 2024, Corporate INTL Award 2024, Leaders in Law and Advisory Excellence Awards for Data & Innovation Legal Practice).
Sophie is passionate about fighting corruption in public national and global infrastructure (which includes buildings, services, data, people, technology and money) for several reasons.
Firstly, a peaceful and just society must be built and maintained on sound governance principles (note EU Treaty as the precedent).
Secondly, the largest infrastructure contracts usually have public funding and are primary targets for criminality and abuse. The threat against a peaceful and just society is therefore very real and must be protected and upheld by a legitimate democratic government – in our case, the United Kingdom.
Sophie is a commercial law expert on the subject of critical national infrastructure projects and advises on security resilience which has many pillars.
Sophie’s first dissertation titled The Legality of Reconstruction Contracts in Post-War Iraq was published in the Electronic Law Journal 2004 setting out the importance of anti-corruption in international security and infrastructure procurement (see Electronic Law Journals – LGD 2004 (2) – Kavanagh (warwick.ac.uk). Here conclusion from this research was that the post-war security status of Iraq would be directly linked to the governance principles and procurement credibility of those reconstruction contracts.
Sophie’s second dissertation (unpublished 2005) was in response to the then New Labour Government’s proposals on processing civilian biometric identification data on the UK’s first national identification cards system. The conclusion at that time was that compared to the security status of the criminal biometric database (small in comparison), it would not be legally viable to build, store and protect a national civilian database until its security status could be guaranteed. Note that New Labour dropped the civilian biometric database proposals at that time.
Information Security
The Solicitors Regulation Authority prescribes and enforces strict rules and regulations on practising solicitors in the UK in relation to duties of care to clients. At the same time, though, law firm infrastructure and security has increasingly moved online despite the higher duty of care thresholds compared to an ordinary unregulated business. Unfortunately, the due diligence of these online systems is very limited before a contract is entered into.
Likewise, public sector organisations such as the NHS, police forces and education authorities are under statutory duties of care to people, place and economy.
Speaking from her experience of having advised on many of these information management systems, whilst the procurement process is well understood, the security requirements tend to sit within the contract obligations in model Government contracts. This means that the only due diligence on cyber history, qualifications and real-time status is the certification requirements set by GCHQ/NCSC, e.g., Cyber Essentials/Cyber Essentials Plus with the ISO Standards, all of which could be aspirational.
CNI Security & Procurement
With regards to critical national infrastructure, since 2014 Sophie has worked on the following projects as a senior commercial legal advisor:
On each of these projects, online systems and protected data processing were involved.
As part of evidence provided to Parliament on the state of cyber resilience in UK CRI, Sophie confirmed the following:
UK Government Cyber Security Strategies
It seems the Government cannot comprehend that the economy will fall if law firms, businesses, local governments and so on continue to collapse due to relentless online crime because there is no cyber resilience. Ambitions for 2025 are important, but the critical emergency is now, today, now, yesterday.
Share prices of the world’s largest companies have fallen within hours by 85% following a major cyber-attack. This is no way to run a digital economy.
Failing to include the root cause of harm and how to fix it in the national cyber guidance and certification materials, in the strategies, as well as the current discussions ongoing for new regulations, is woefully inadequate – if not a waste of taxpayers’ money entirely.
The content of what is required to fix the UK’s woeful security position is now being responded to via the Department for Science Innovation and Technology’s call for views on its recently published Cyber Governance Code of Practice: call for views – GOV.UK (www.gov.uk) for non-cyber directors. Sophie is working with TechUK and APM members to bridge this gap that has now come to light across all industries and business that there is a lot more work to do to build a more cyber resilient UK and economy.
Find the right Legal Expert for your business
Sign up for the latest advisory briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.