Quick Results
Publications

Best Practices for Maximizing the Security of Sensitive Information

Share

Advancement in Internet technology has been a double-edged sword. On the one hand, it has increased the efficiency of some processes and made everyone’s life a lot easier. On the other, it has made people’s sensitive information vulnerable and subject to theft by criminals. By following a few basic steps, says Betty Steele, of counsel in Baker, Donelson, Bearman, Caldwell & Berkowitz, PC’s Nashville office, businesses can greatly mitigate the risk of loss of sensitive information that is stored or transmitted electronically.

Smart Business asked Steele about the latest legislation governing information security and what companies can do to safeguard against the loss of sensitive information.

What are the key drivers behind federal, state and international information security laws and regulations?

Worldwide laws and regulations are proliferating in response to consumer concerns about identity theft and privacy of personal financial, health and other sensitive information, investor concerns about corporate fraud and accounting irregularities, and government concerns about critical infrastructure and cyber attacks in light of terrorist attacks around the world.

These drivers are continually being reinforced as high-profile security breaches are being reported. For example, the TJX breach of data on more than46 million credit and debit cards used at TJX stores has spurred on legislation aimed at making retailers and other merchants liable to banks for the costs associated with card data breaches through such methods as consumer notification and card replacement.

How does the constant introduction of new and faster technologies impact the ability to maintain sensitive information securely?

The constant introduction of new and faster technologies means organizations, in order to be competitive from a business perspective and have appropriate information security controls, must ensure that processes are in place for change control and integration of the administrative, physical and technical aspects of information security, privacy and corporate governance.

Related Files

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept