Share these talks and lectures with your colleagues
Invite colleaguesCase study
‘Reasonable security’: A moving target
Cyber Security: A Peer-Reviewed Journal,
2
(1),
90-97
(2018)
Abstract
‘Reasonable security’ for companies charged with protecting customer and employee data has evolved over the last 20 years. Previously, financial institutions had broader latitude on how to safeguard and adequately protect personally identifiable information (PII) under federal and state data protection laws. Today, legal and regulatory requirements and expectations regarding information data security controls are not only more prescriptive but continue to evolve as technology and those who seek to gain unauthorised access to personal information become more sophisticated. The number of governmental entities involved in information security is also increasing in the US. No longer the exclusive domain of federal regulatory agencies, state legislatures and regulators and attorneys general are issuing requirements, providing guidance and enforcing state laws to ensure that companies employ ‘reasonable security’ when collecting, handling, storing, transferring and disposing PII.
Keywords: reasonable security; GLBA; FTC; safeguards; personally identifiable information; PII; specificity; cyber security; data security; information security
The full article is available to subscribers to the journal.
Author's Biography
Elizabeth E. Mcginn Partner at Buckley Sandler LLP, assists financial institutions and corporations in identifying, evaluating, and managing the risks associated with cyber security, internal privacy, and information security practices, as well as those of third-party vendors. She advises clients on the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), the Health Insurance Portability and Accountability Act (HIPAA), security breach notification laws and other US state and federal privacy requirements. She has assisted clients in addressing data security incidents as well as developing policies and procedures, records retention schedules, and training materials. Elizabeth has been listed in Legal 500 in 2013–18.
James Shreve is a partner and chair of Thompson Coburn’s Cybersecurity group serving as a trusted advisor to clients facing complex cybersecurity and privacy issues — particularly those in the country’s most highly regulated industries. A recognized thought leader in the fields of cybersecurity and privacy, he was recognized as a Next Generation Lawyer in Cyber Law (Data Protection and Privacy) in 2017 and 2018 by Legal 500 and was named ‘Associate to Watch’ in Chambers USA in 2015 and Chambers Global in 2016. Applying the law to rapidly changing technology and software capabilities, he provides clients with a profile of their potential risk, then works closely with executive leadership, legal, IT, and compliance information security teams to develop a comprehensive and practical plan for risk avoidance and responding to cyber and data-related issues.
Margo H. K. Tank is a Partner of DLA Piper, and focuses her practice on advising financial services companies, commercial enterprises and technology companies on the full spectrum of regulatory compliance matters related to the use of electronic signatures and records to enable digital transactions offered online and via mobile devices. Margo began her legal career as counsel to the US House of Representatives, Committee on Banking and Financial Services. She is currently counsel to the Electronic Signatures and Records Association, where she works to further electronic financial services policy before Congress and federal regulators. She has been recognized by Legal 500 (2014–2017) in the area of Media, Technology and Telecoms — Technology: Cyber Law (Data Protection and Privacy).
