While already on many people’s minds after the recent presidential debate, Cyber Risk, Privacy and Data Protection are growing concerns for businesses and consumers alike.
Here are eight (8) suggestions for building a stronger Cyber Risk, Privacy and Data Protection foundation.
The challenge with cyber security and data privacy has always been their breadth of reach. The most pressing IT security and legal issues facing lawyers and businesses continue to come from these areas. Mindful of information overload, lawyers, law firms, and businesses should develop specific cyber security measures from an IT perspective that you can use to be more secure.
Such strategies might include
1) ensuring familiarity with U.S. privacy legislation such as HIPAA, CAN-SPAM, COPPA, FCRA, GLBA, stated privacy laws, state data breach laws,
2) ensuring familiarity with international privacy legislation including the EU, Asia, Australia, and Canada,
3) knowledge of industry standard risk assessment processes, procedures and reporting (e.g., ISO 27001 , NIST 800-53, COBIT, ISO 27001/02),
4) performing privacy and/or security gap assessments,
5) conducting due diligence with or on third parties,
6) knowledge of technologies used to collect, share, access and use personal data,
7) training employees on best practices and techniques and empowering employees to seek CIPP or equivalent certification, and
8) regular evaluation of cyber insurance policies and coverages.
A recent study published in the Journal of Cybersecurity, found that security breaches were on the upswing, and sectors with the highest number of reported hacks were finance and insurance, health care and government entities. Ccosts include investigating the causes of a breach, notifying consumers, increasing customer support, paying for identity theft insurance or credit monitoring, and dealing with legal actions. Following these 8 steps is a good place to start strengthening a Cyber Risk, Privacy and Data Protection foundation
DISCLAIMER. This is not nor is it intended to be legal advice. Each situation is unique. You should direct any questions you have about your specific situation to competent counsel.
CyberRisk Privacy Data Protection