X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

When it comes to data retention practices, most companies are stuck in limbo, balancing competing needs between providing easy access to data for business and regulatory purposes and safeguarding data against leakage and breaches. The landscape 10 to 15 years ago was one of gross over-retention, with many practicing a blanket “save everything” approach. That landscape has begun to shift, as the risks associated with data security and data privacy have become paramount for many companies. While money, resources and technology can be directed to “protecting” confidential information from data breaches and data intrusions, the daunting reality is that if a company is retaining sensitive information, including personal information of employees and customers, the most effective protection is to ensure that such sensitive information is deleted when it no longer needed, or is deleted or removed from areas within the organization that do not have adequate protections in place. In sum, data privacy and data security are just one aspect of an effective information governance program.

Regulators are bolstering their efforts around cybersecurity and data risk management, and many are actively engaged in cybersecurity supervision and enforcement, requiring companies to identify data risk, manage data flows and delete data. Numerous bodies have specific fines they can impose for data mishandling, particularly that which includes sensitive customer information. Regulators are closely examining whether companies that house this type of information are managing it correctly, including implementing security controls, managing where and how it is stored and promptly deleting data once it is no longer needed. The SEC has communicated that the severity of fines for data breaches will be partially based on whether the company was storing customer information that was no longer needed.  One financial institution was fined $900,000 by FINRA for not doing enough to ensure data about customers’ trades were handled properly and for failing to protect customer privacy. The SEC hit another financial institution with a $1M fine for alleged failure to adopt written policies reasonably designed to protect customer data, and allowing an employee to access and transfer data to a personal server, which was hacked by third parties. The FTC, CFPB and state regulators are expected to be increasingly more aggressive in policing companies on managing information.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

 

Pennsylvania eDiscoveryBook

lt;pgt;The greatest challenge for attorneys dealing with eDiscovery is simply keeping up with changing rules and technologies. This handbook is designed to help attorneys...

Get More Information
 

America's Claims Executive (ACE) 2020Event

ACE Leadership Forum & Expo is the annual conference for Senior Claims Executives in Insurance organizations.

Get More Information
 

General Counsel Summit (GCS) 2020Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2020Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2020Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2020Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2020Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Conference 2020Event

General Counsel Conference addresses trends in regulatory, data protection, tech management, legal operations, and leadership.

Get More Information
 

General Counsel Conference 2020Event

General Counsel Conference addresses trends in regulatory, data protection, tech management, legal operations, and leadership.

Get More Information
 

General Counsel Conference 2020Event

General Counsel Conference addresses trends in regulatory, data protection, tech management, legal operations, and leadership.

Get More Information
 

General Counsel Conference 2020Event

General Counsel Conference addresses trends in regulatory, data protection, tech management, legal operations, and leadership.

Get More Information
 

General Counsel Conference 2020Event

General Counsel Conference addresses trends in regulatory, data protection, tech management, legal operations, and leadership.

Get More Information
 

Banking Litigation & Regulation Forum 2020Event

Delivers the key insights and practical solutions to acutely address the complex minefield of UK banking litigation & regulation.

Get More Information
 

Banking Litigation & Regulation Forum 2020Event

Delivers the key insights and practical solutions to acutely address the complex minefield of UK banking litigation & regulation.

Get More Information
 

Women, Influence & Power in Law (WIPL) 2020Event

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Get More Information
 

Women, Influence & Power in Law (WIPL) 2020Event

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Get More Information
 

Women, Influence & Power in Law (WIPL) 2020Event

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Get More Information
 

Women, Influence & Power in Law (WIPL) 2020Event

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Get More Information
 

Commercial Litigation & Arbitration Forum 2020Event

For senior dispute resolution professionals to network and engage through open debate, panels, expert speakers & breakout sessions

Get More Information
 

Women, Influence & Power in Law (WIPL.UK)Event

Women, Influence & Power in Law UK (WIPL.UK) offers an opportunity for unprecedented exchange with senior female in-house lawyers.

Get More Information
 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.