Page 16 - Cyber Warnings
P. 16
However, there is a potential that their informal guidance, intended to represent suggested
practices or options for mitigating risk, often in a vacuum, may eventually be cited to by
regulators and plaintiffs as expected industry norms and the prevailing legal standard of care.
We have already seen this happen in the medical industry, where the informal guidance issued
by various medical associations is frequently espoused as the general standard of care in
medical malpractice litigation.
As such it is important to be aware of this guidance and take it into account when developing a
security program, even if not legally binding on its face.
Our view is that a proactive approach may be helpful for developing policies and procedures to
address informal guidance, in order to mitigate security, regulatory and litigation risks.
We strongly suggest that you consult with experienced security professionals and counsel who
can help you navigate the web of formal and informal guidance when conducting risk
assessments, establishing policies and procedures, and responding to cybersecurity incidents.
Building a security program that seeks not only to substantively secure the organization, but
also that can be defended from a legal perspective can help companies mitigate their security,
legal and financial risks.
About The Authors
David Navetta is a US co-chair of Norton Rose Fulbright's Data Protection,
Privacy and Cybersecurity practice group. David focuses on technology, privacy,
information security and intellectual property law.
His work ranges from compliance and transactional work to breach notification,
regulatory response and litigation. David has helped hundreds of companies across multiple
industries prepare for and respond to data security breaches.
Mia Havel is an associate in Norton Rose Fulbright’s Data Protection, Privacy
and Cybersecurity practice group.
Mia regularly advises clients on best practices as well as compliance with state
and federal privacy and cybersecurity regulations
16 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
