KANSAS CITY, Mo., Oct. 6, 2020 /PRNewswire/ — While technology accelerates at the pace predicted by Moore’s Law, the legal industry is working judiciously to define standards to help courts and others understand it. Among the challenging issues before the courts is the legal test for what is «reasonable security,» which often surfaces during cases involving alleged data breaches. Does a Fortune 500 company have the same or greater security responsibilities than the owner of a small business?
Following two years of research and writing, the Sedona Working Group on Privacy and Data Security Liability, led by Shook Partner William Sampson, has released a Commentary which helps define «reasonable security» practices in data privacy. The Sedona Conference, a nonpartisan, nonprofit research and educational institute dedicated to the advanced study of law and policy, recently tackled the legal definition in data and privacy security law. A review in The National Law Review praised the findings of the Commentary writing, «The paper is brilliant at articulating the problems raised by trying to find a ‘reasonable’ set of standards for companies to meet for legal compliance.»
«The Sedona Conference’s charge to us was important. Every business and organization has its own challenges for protecting personal information, and they need a flexible, workable standard for determining whether their security is reasonable,» said Shook Partner William Sampson. «Our drafting team included some of the most experienced, most thoughtful, and most committed lawyers, judges, and IT consultants in the country; it was a special pleasure to be a part of it. We believe our Commentary can be important to the development of the law in this area.»
The Commentary focuses on why the legal test is necessary, the cost/benefit analysis of litigation and what the legal test does not address. The Commentary «proposes a reasonable security test that is designed to be consistent with models for determining ‘reasonableness’ that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks.»
«There is very little guidance on what qualifies as ‘reasonable’ security or how to even make that measurement,» said Al Saikali, who leads Shook’s Privacy and Data Security Group. «This paper offers an innovative and thoughtful approach.»
You can download a free copy of the Commentary here.
Public comment will be accepted on the Commentary through mid-November, and then the Sedona Conference will make any final additions that may affect the outcome.
About Shook, Hardy & Bacon
Founded in 1889, Shook, Hardy & Bacon L.L.P. has 15 offices in the United States and London, with attorneys and professional staff serving clients in the health, science and technology sectors in areas ranging from product liability defense and commercial litigation to intellectual property prosecution and litigation, environmental and toxic tort, privacy and data security and regulatory counseling.
View original content to download multimedia:http://www.prnewswire.com/news-releases/shook-partner-leads-team-defining-legal-test-in-data-security-301146900.html
SOURCE Shook, Hardy & Bacon L.L.P.