The article addressed the legal obligations that companies face when handling personal information, both customer and employee data. The article outlined the recent state laws that have mandated encryption and other specific types of data safeguards. It addressed what these various legal (and contractual) data security obligations mean in a practical context.
The article highlighted that understanding the patchwork of federal, state, and industry data security obligations and best practices can create challenges for businesses that handle personal information. While there is not a single solution to complying with the varied requirements, a holistic evaluation of a business’s current information practices, along with application of these outlined security action items, can establish a framework that greatly reduces the company’s risks associated with data security crises.