The benefits of using Unmanned Aircraft Systems (UAS) for tasks from catastrophe response to infrastructure inspection to construction site monitoring, and everything in between, are great. ...19 May 2016
Hogan Lovells Article on the Legal Framework Regulating Commercial Data Security in the Maryland Bar Journal
To mitigate legal risks, the article recommends that to protect regulated information, organizations take the following steps:
- Take an inventory of regulated information. The first step to determining what risks exist is knowing what information the organization maintains, and where that information is located.
- Design and conduct regular security risk assessments. A common thread of all of the security-related legal requirements is the ongoing assessment and management of risk. While it may require an initial investment, proactive identification of and reaction to these risks is much cheaper than handling breaches after the fact. For smaller organizations without vast stores of regulated data, this does not need to be a significant undertaking; there are off-the-shelf materials and audit criteria that can help guide assessment efforts. But regardless of size, organizations should consider conducting these assessments under the direction of counsel, to preserve privilege in case the assessment reveals any risk that later leads to a breach.
- Regularly train employees on data security. While IT staff responsible for security operations should receive the most robust training, countless breaches have occurred through the actions of normal employees, from clicking on a virus in an email to losing a thumb drive containing sensitive information. Therefore, employees should be trained on the company's data security policies when they first join the organization and then on a periodic basis thereafter.
- Incorporate data security into vendor management procedures. Organizations are increasingly outsourcing data processing operations to service providers, so a key to maintaining an acceptable level of risk is conducting reasonable diligence of these providers, and including security-specific terms into contracts.
- Consider cyber risk insurance. Despite best intentions, some data security breaches cannot be avoided and may not be covered under standard Commercial General Liability policies. Therefore, companies should speak with their brokers about the availability of cyber risk insurance, which can help fill some of the gaps in coverage.
The article, available here, originally appeared in the Maryland Bar Journal and is reprinted by permission of the Maryland State Bar Association.
The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...02 May 2016