Data security breaches, when data is released to or accessed by unauthorized individuals, have been all over the headlines. The recent crises experienced by Sony, Target, Michael's, Canada Revenue Agency, Canada's National Research Council and others are hard to ignore, as is the growing number of privacy breach class actions.
Safeguarding your information assets is about cybercrime, but not only about cybercrime. Intellectual property, commercially sensitive data, personal information and other valuable information can also be accessed or lost due to bugs, employee negligence, misinformation or lack of training, loss or theft of a device or computer hardware, or because of a natural disaster. Consequently, information security is not simply about technology. It is a comprehensive enterprise risk management problem that requires thoughtful integration of various kinds of expertise, including IT, Network Security, Physical Security, Privacy Compliance, Human Resources and Public Relations.
When it comes to information risk management, your organization needs to determine its risk appetite, in the context of its available resources, as it would for any other risk. Risks can never be totally eliminated. This article sets out practical steps that can be taken to improve the protection of your company's information assets, as well as steps to be taken to minimize the damage if a data breach occurs.
Download the full article here.
Reproduced with permission of the publisher LexisNexis Canada Inc. from Internet and E-Commerce Law in Canada, Vol. 15, No. 5, September 2014.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
