Data Privacy regulations protect data (including individual personal information) from
unauthorized and unnecessary access and disclosure. Cybersecurity strategy is an integral part of
an Information Privacy Management program and generally refers to the set of policies and
considerations designed to protect organization’s information assets from reasonably foreseeable
outside and inside threats.
An ever growing number of data breaches, the increasing costs of dealing with the breaches and
the reputational implications for businesses who do not take reasonable steps to protect their
clients’ personally identifiable information from online threats have become a major concern for
businesses. Many organizations struggle to comply with complex information security
regulations. Business entities processing Personally Identifiable Information (“PII”) should
implement adequate and reasonable information security measures to protect such information
from reasonably foreseeable threats. What is adequate and reasonable under the circumstances
depends on many factors.
If your business contracts with third party vendors to collect, use, store, analyze, and otherwise
process your clients’ data, you may be liable if that third party fails to adequately protect your
clients’ information. B&D can assist businesses in the review of contracts with third party
vendors and service providers to ensure that third party vendors are contractually obligated to
protect the PII of your clients to minimize the risk of information security incidents and your
exposure to the potential legal actions in the case PII is mishandled by the third party.