Data Security: Weighing the Risks

Breaches of data security are becoming commonplace for United States companies, exposing users’ private financial information and companies’ own trade secrets to the public. The recent leak of the “Panama Papers”, purportedly by hackers[1], only highlights how easy it is for a company’s most valuable information to find its way onto anyone’s computer. The most difficult part of ensuring data security for many companies is finding a balance between enough protection for their data and too many restrictions preventing the company from functioning efficiently. In an effort to guide businesses in assessing data security, California’s attorney general has endorsed a list of security protocols that it suggests California companies follow.[2] However, it is unrealistic to expect that every small business in California can feasibly implement the latest and greatest security. Fortunately, Center for Internet Security, a national non-profit that developed the protocols,[3] advocates a scalable approach to the protocols for any size of business, as does the attorney general’s office.[4] For example, a small business might do a manual inventory of hardware, while a large company might have an automated system.[5]

Ultimately, the prevalence of data breaches today reminds us that data security is every company’s responsibility, and the consequences for a breach can be great. Looking to suggested security protocols such as those from the Center for Internet Security can provide guidance for even small companies.

— By Julia Damron, Esq., Barnes Law

Julia Damron is an associate attorney with Barnes Law, licensed to practice law in California.

The opinions expressed are those of the author and do not necessarily reflect the views of the firm, its clients, or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

[1] Gershman, Jacob, “Vast Data Leak a Teachable Moment for Founders of ‘Panama Papers’ Firm”, Wall Street Journal Law Blog, April 7, 2016, http://blogs.wsj.com/law/2016/04/07/vast-data-leak-a-teachable-moment-for-founders-of-panama-papers-firm/.

[2] “California Data Breach Report”, Office of California Attorney General, February 2016, https://oag.ca.gov/breachreport2016.

[3] “Welcome to the CIS Controls”, Center for Internet Security, https://www.cisecurity.org/critical-controls.cfm.

[4] “Recommendations” from “California Data Breach Report”, Office of California Attorney General, February 2016, https://oag.ca.gov/breachreport2016.

[5] “California Data Breach Report”, Office of California Attorney General, February 2016, https://oag.ca.gov/breachreport2016.