Thank you for sharing!

Your article was successfully shared with the contacts you provided.
cybersecurityOver the last couple of years, cybersecurity laws have commonly required that sensitive information be protected through the use of “reasonable security.” Business owners have likely heard that they are required to protect sensitive information, but may not understand how to specifically go about this. The term “reasonable security” often has been left ambiguous and guidance as to what is required for your specific business might be hard to find.

As a starting point, it is important to understand that what constitutes appropriate security safeguards may depend upon the type of information that you collect and the type of business that you operate. For example, if you are a medical professional, or holding information for a medical professional, you may be subject to the HIPAA Security Rule (HIPAA) (which lists specific safeguards for the protection of electronic health information), and if you are a financial institution, or holding information for a financial institution, you may need to comply with the Gramm-Leach-Bliley Act (GLBA) (which identifies specific requirements and safeguards for the protection of customer information). See 45 CFR Part 160 and Part 164, Subparts A and C (HIPPA); 15 U.S.C §6801(b) (GLBA). Administrative guidance elaborates on each of these laws by laying out certain cybersecurity safeguards that should be put in place, including but not limited to: access controls, monitoring solutions and disaster recovery procedures. See Security Rule Guidance Material, U.S. Department of Health & Human Services; 12 C.F.R. Pt. 364, App. A. Further, under both HIPAA and GLBA, if any of the regulated entity’s vendors receive protected information from that regulated entity, then the regulated entity is required to contractually bind that vendor in writing to treat the protected information in the same manner as the regulated entity. See 12 C.F.R. Pt. 364, App. A III.D.; 45 C.F.R. 164.502(e).

In addition to laws and regulations that require entities to implement appropriate safeguards, attorneys’ ethical requirements provide guidance on determining what constitutes reasonable security and read in the requirements to implement specific cybersecurity safeguards. See Formal Opinion 483, American Bar Association (Oct. 17, 2018); Formal Opinion 477R, American Bar Association (revised May 22, 2017).

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Dig Deeper

Law Firms Mentioned

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.

Legal Innovation Awards 2021Event

Celebrate outstanding achievement in law firms, chambers, in-house legal departments and alternative business structures.

Get More Information

Legalweek Leaders in Tech Awards 2021Event

Recognizing innovation in the legal technology sector for working on precedent-setting, game-changing projects and initiatives.

Get More Information

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.