Data Security

Data security is important to CPR, as we know it is to you.  To keep us all following best practices, we provide important pointers below.  You will find information relating to communicating with CPR on case-related matters, cybersecurity in arbitration and other ADR proceedings – including information on the ICCA-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration – data protection and on the CPR online dispute resolution platform, as well as other technology tools.

CPR has been at the forefront of several pioneering initiatives in the field of cybersecurity and data protection over the past few years.  Should you or your clients or contacts confront a dispute arising out of a cybersecurity-related incident, CPR also maintains a Cyber Panel of Distinguished Neutrals which is comprised of arbitrators and mediators who are experts in data breaches and other cybersecurity issues, such as handling related insurance coverage disputes.  To access our Panels of Distinguished Neutrals, click here. (Access limited to CPR Members).


Case-Related Communications with CPR Dispute Resolution Case Management Team

For CPR matters, all documents necessary for the proceedings are directly exchanged between the arbitrators/mediators and the parties once the proceedings have commenced. CPR only receives limited information in electronic format when parties to a dispute file an administered arbitration or seek our assistance for a matter conducted pursuant to our non-administered arbitration rules, mediation or other procedures.

CPR Dispute Resolution also utilizes a secure email solution (Voltage) that encrypts data and attachments for anyone who desires to encrypt data when communicating with CPR on case-related matters.  To obtain access to the secure email connection, please email


CPR Arbitration Rules:
CPR has been at the forefront of cybersecurity in arbitration and it was the first arbitral institution to introduce a cybersecurity provision in its rules in March 2018. CPR Administered and Non-Administered Arbitration Rules, in Rule 9.3(f), provide that matters of cybersecurity should be discussed during the pre-hearing conference held for the planning and scheduling of the proceeding.

Cybersecurity Protocol:
CPR, together with ICCA and the New York City Bar Association, has developed a Protocol on Cybersecurity in International Arbitration (the “Protocol’) which can inform practitioners on matters of cybersecurity. 

Assessing reasonable security measures for individual arbitration matters: The Protocol provides a framework to determine reasonable information security measures for individual arbitration matters. The framework includes procedural and practical guidance to assess security risks and identify measures that may be implemented by the parties and the tribunal.  It also includes sample language for information security measures (see Schedules C & D), arbitration agreements (Schedule D), an Agenda of the Initial Case Management Conference or Preliminary Hearing (Schedule D), and a Post-Arbitration Dispute Resolution Clause (Schedule D).

Baseline security measures: The Protocol also provides baseline security measures that arbitration participants should consider implementing in their day-to-day use of technology in arbitration-related activities to mitigate risks (see Schedule A). Finally, Schedule E contains very helpful additional resources where you can find guidance about a number of cybersecurity issues, including guidelines for border crossings, password setting, incident response, and technology reviews and recommendations. 

Note: Although the protocol has been developed for arbitration, the baseline security measures in Schedule A can be and should be followed by all ADR practitioners and neutrals. 

Cybersecurity Training for CPR Distinguished Neutrals:

Since 2019, CPR has offered, in partnership with FTI Consulting, an annual Cybersecurity in ADR webinar training free of charge to its neutrals.  The goal of this training delivered by cybersecurity experts is to ensure that CPR Neutrals stay abreast of current cybersecurity issues to mitigate risks. The training is recorded and neutrals can access the recording at any time.  Upon completion of the training, CPR Neutrals receive a Certificate of Completion. Click here for more information.

Cyber Crimes:

For information about current cybersecurity threats and guidelines on how to protect yourself, we invite you to visit the FBI Cyber Crime website.

Data Protection

Information security and data protection issues are closely connected.  Therefore, adherence to the Cybersecurity Protocol might also help ADR practitioners comply with various data protection legal regimes.  For additional guidelines regarding data protection, we encourage ADR practitioners to consult the draft Roadmap to Data Protection in International Arbitration produced by the  ICCA-IBA Joint Task Force on Data Protection in International Arbitration Proceedings.


Online Dispute Resolution


CPR Online Dispute Resolution Platform

As part of their benefits, CPR Distinguished Neutrals can use a secured platform that allows for secure online document exchange and “chatrooms” for caucusing and general sessions in mediation and communications by a single arbitrator and parties to an arbitration.  This platform is powered by Modria, now part of Tyler Technologies.

Any neutrals wishing to use this platform should contact Helena Erickson at

Other Platforms for the secured exchange of documents and video conferencing in ADR proceedings

Note that CPR does not endorse any of the suggested tools listed below. These are options that ADR practitioners and users may want to consider in conjunction with the security guidelines laid out in the Protocol.

Exchange of documents:
    Dispute E-Filing is a pay-per-use platform that offers special discounted pricing to users conducting mediation and arbitrations under CPR Rules & Procedures. 
    For more information about Disputes E-Filing, click here.
  • CaseLines
  • Dropbox
  • TransCEND