Understanding the Impact of New State Data Protection Laws

February 26, 2009

Robert Brownstone, Law & Technology Director at Fenwick & West, was quoted extensively throughout the Compliance and Governance Digest article "Understanding the Impact of New State Data Protection Laws."

States are increasing their role in regulating data security for businesses that hold sensitive data. Some states are requiring encryption of data stored on portable devices, data in transit and data at rest. Compliance is difficult with moving information, as reflected by Brownstone's metaphor of a duck that flies from pond to pond.

Brownstone helps his clients assess and calibrate their current security measures. His goal is to help each client come up with a practical, realistic approach that will enable across-the-board compliance with the many applicable statutes and regulations regarding information-security, privacy and data breaches. Given that compliance with some of the new regulatory schemes can be costly, Brownstone helps clients evaluate which measures are appropriate according to company culture and security risks.

He and his colleagues recommend that clients break down their data security compliance protocols into two categories: 1) proactive, namely managing risk and doing their best to preventing breaches; and 2) reactive, namely following incident-response procedures to notify customers of a breach and strive to prevent similar problem prospectively. A given company can decide on a wide range of security measure levels based upon its budget parameters and risk-management goals. Then, it can seek out vendors and tools accordingly.

Brownstone has found that some organizations, both large and small, are still unaware of full range of risks inherent in mobile electronically stored information. When advising about regulatory compliance, Brownstone reminds his clients that their various types of data are sensitive, including not only the company's trade secrets and intellectual property but also information about business partners, customers and employees.

Read the complete Compliance and Governance Digest article here (free registration required).