Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

NewsSections

The Human Side of Data Security: The Critical Role of Employee Controls

By Ryan Sulkin
October 19, 2006

As headlines continue to report data security breaches at an alarming rate, discussion often focuses on the need for enhanced technical controls, such as two-factor authentication and encryption, to protect sensitive, personally identifiable information. The role of the company employee, both as the cause of, and the first line of defense against, security breaches is often lost in the analysis. Yet developing law is increasingly requiring administrative or procedural controls, particularly those directed at employees, as a component of a legally compliant security program.

Employees can be the source of major threats to a company's data security. They need not be bad actors in order to compromise their company's data security. Often it is the innocent actions of employees (eg, losing a laptop with key data unprotected or succumbing to a third party's social engineering techniques) that leave a company facing a breach situation. At the same time, employees are key to a company's successful compliance with various legal and administrative requirements involving data security.

Read These Next
The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

The Bankruptcy Hotline Image

Recent cases of importance to your practice.

Use of Deferred Prosecution Agreements In White Collar Investigations Image

This article discusses the practical and policy reasons for the use of DPAs and NPAs in white-collar criminal investigations, and considers the NDAA's new reporting provision and its relationship with other efforts to enhance transparency in DOJ decision-making.

How AI Has Affected PR Image

When we consider how the use of AI affects legal PR and communications, we have to look at it as an industrywide global phenomenon. A recent online conference provided an overview of the latest AI trends in public relations, and specifically, the impact of AI on communications. Here are some of the key points and takeaways from several of the speakers, who provided current best practices, tips, concerns and case studies.

The DOJ's New Parameters for Evaluating Corporate Compliance Programs Image

The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations.