Tag archives: Reasonable security

Do Promises To Use “Best Efforts” To Protect Data Really Require Unreasonable Action?

Group of people using mobile devices with a mixture of mobile phones and digital tablets. There are a mixture of cultural and ethnic backgrounds. Close up with shallow focus.In technology vendor contracts, the vendor’s obligations to protect the customer’s data are often hotly negotiated.  The vendor may want to spell out only the data security measures it currently employs, or—at most—agree to implement “reasonable” data security measures.  Given the stakes if sensitive data is breached, though, the customer may insist that the vendor … Continue reading

Sharing Cyber Threat Information: A Legal Perspective (ISSA Journal Article)

Data Protection Report - Norton Rose FulbrightThe ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspective, authored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission … Continue reading
LexBlog