Lending Library

Data Security Handbook

By -

Lending Library Number: 89

Nearly every organization maintains files and systems filled with personally identifiable information: employee information, existing and prospective customer information, and data gathered as a product to sell to others. This information has become a tool for criminals who prey on organizations with lax safeguards to commit fraud, identity theft, and other acts injurious to consumers.

In response, regulators and industries have crafted requirements designed to protect personal information within the organization's control, and to establish an organization's obligations when it discovers that such personal information has been compromised. Unfortunately, a lack of communication and business-wide appreciation for data security has left many organizations vulnerable to data compromise, legal liability, negative publicity, and associated brand tarnishment.

The purpose of the Data Security Handbook is to provide legal practitioners and information technology specialists with a concise, practical guide that summarizes:

  • common information security vulnerabilities and how to manage them;
  • legal and industry information security safeguard requirements and recommended practices;
  • the legal obligations that apply when an organization has incurred a data breach;
  • factors that contribute to a compliant information security program; and
  • potential legal theories in actions involving the alleged misuse or compromise of personal information.

If you're looking for a comprehensive and practical guide to maintaining and preserving the security of individuals' personal information, the Data Security Handbook is for you.

Summary of Contents

  • Foreword
  • Preface
  • Chapter I—Information Security Vulnerabilities and Threats
  • Chapter II—Information Security Laws and Standards
  • Chapter III—Information Security Breach Notification Laws
  • Chapter IV—Developing an Information Security Program
  • Chapter V—Theories of Liability
  • Conclusion
  • Appendix—Relevant Data Security Statutes
  • Table of Cases