Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Developing Effective Information Security Programs

By Kirk J. Nahra
September 20, 2005

For many years, financial institutions and other entities that collect personal information focused on privacy as an emerging legal doctrine presenting compliance challenges and an array of business implications. These issues, while still important and subject to ongoing debate and tinkering, have become, for many financial institutions, an automatic component of ongoing business activities. Now, with all of the attention focused on security of customer information driven by the recent flood of news stories concerning security breaches in numerous industries, privacy's ugly stepchild ' the security of consumer information ' has moved to the forefront of concern, both for financial institutions and the various entities that regulate and oversee them. News stories reporting security breaches are an almost daily occurrence. New legislation is being introduced almost constantly, at both the state and national level. While financial institutions already face a raft of security-related compliance obligations, including the Gramm-Leach-Bliley Act and others, financial institutions and their important business partners have been a focus of many of the most highly publicized breaches.

With this background, financial institutions (and other companies across America and globally) should be re-evaluating their information security programs. In reviewing the various legal requirements, what are the primary components of an effective security program? And what are the most difficult challenges facing companies in trying to move from a security “best practices” environment to one requiring compliance with specific legal obligations?

Understanding the Legal Landscape

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?