Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

NewsSections

The Human Side of Data Security: The Critical Role of Employee Controls

By Ryan Sulkin
October 19, 2006

As headlines continue to report data security breaches at an alarming rate, discussion often focuses on the need for enhanced technical controls, such as two-factor authentication and encryption, to protect sensitive, personally identifiable information. The role of the company employee, both as the cause of, and the first line of defense against, security breaches is often lost in the analysis. Yet developing law is increasingly requiring administrative or procedural controls, particularly those directed at employees, as a component of a legally compliant security program.

Employees can be the source of major threats to a company's data security. They need not be bad actors in order to compromise their company's data security. Often it is the innocent actions of employees (eg, losing a laptop with key data unprotected or succumbing to a third party's social engineering techniques) that leave a company facing a breach situation. At the same time, employees are key to a company's successful compliance with various legal and administrative requirements involving data security.

Read These Next
Why So Many Great Lawyers Stink at Business Development and What Law Firms Are Doing About It Image

Why is it that those who are best skilled at advocating for others are ill-equipped at advocating for their own skills and what to do about it?

Bankruptcy Sales: Finding a Diamond In the Rough Image

There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.

The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

A Lawyer's System for Active Reading Image

Active reading comprises many daily tasks lawyers engage in, including highlighting, annotating, note taking, comparing and searching texts. It demands more than flipping or turning pages.

Blockchain Domains: New Developments for Brand Owners Image

Blockchain domain names offer decentralized alternatives to traditional DNS-based domain names, promising enhanced security, privacy and censorship resistance. However, these benefits come with significant challenges, particularly for brand owners seeking to protect their trademarks in these new digital spaces.