#DataProtection | Law Offices of Steven J. O'Neill

Boards and C-Level Executives Are Sailing in Dangerous Waters

In 2005 the ABA Business Law Section published a short book titled, Sailing in Dangerous Waters: A Director’s Guide to Data Governance. It warned in stark terms: Those Directors who defer or delegate to specialized personnel their understanding and command of data governance will be at increasing risk of incurring personal liability for failing to fulfill their fiduciary duty of care to ensure that their companies comply with rapidly emerging legal requirements concerning deficiencies in data governance.[i] To say that information is an asset to business enterprises is to recognize the obvious. Certain intellectual property such as trade secrets and customer lists are universally considered to be assets and deserving of protection. But, as enterprises have shifted to digital systems where work-flows, communications, collaboration systems, data analytics and other metrics now condition and drive business decisions, the value and integrity of these systems has become ever more fraught with risk. Consider that the Ashley Madison hacking uncovered email correspondence between executives and legal counsel. While Coca Cola might have been able to lock away a few copies of its secret formula in a steel safe a generation ago, today’s information assets, by their nature, must be widely distributed and available …

Information Governance – A Principled Framework

Gartner defines Information Governance as an accountability framework that includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to reach its goals. One of the core requirements of a legally defensible Information Governance program is a reasonable and consistently applied records & information management (RIM) system. Accountability and defensibility hinge on the ability of an organization to govern its information in all formats and on all media, and to ensure or prove that it is compliant with all legal requirements. Building an information governance framework is by necessity a cross-disciplinary effort. In a world where virtually all information is created in digital form, IT departments are commonly given the lead. However, even the most advanced and elegant technical solutions must be guided by at least two other disciplines: legal, and records management. Especially in the wake of hacking scandals like Sony Pictures, the importance of Information Governance is increasingly recognized as a board level and C-Level concern. Information is an asset and a source of risk, it must be treated with great care. Information is an asset and a source of risk, it must be treated with great care. …

Cloud computing presents innumerable opportunities and brings with it enormous security and legal challenges. While there is no single accepted definition of the “cloud,” the National Institute of Standards and Technology created a reference model in 2011. NIST defined cloud computing by describing its five essential characteristics, three service models, and four deployment models. (NIST Special Publication 800-145): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics Service Models Deployment Models 1. On demand self service 1. Software as a Service (SaaS) 1. Private Cloud 2. Broad network access 2. Platform as a Service (PaaS) 2. Community Cloud 3. Resource pooling 3. Infrastructure as a Service (IaaS) 3. Public Cloud 4. Rapid elasticity 4. Hybrid Cloud 5. Measured service NIST Cloud Computing Reference Model The rapid increase in the availability of cloud computing solutions ranging from Enterprise systems, to Office 365, to the ad hoc use of unencrypted Dropbox accounts, has profound implications for privacy, information security, eDiscovery and legally defensible document retention policies. Hardly a …

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.