DATA PRIVACY AND SECURITY: MANAGEMENT LIABILITY

R&C: How would you characterise current awareness levels among organisations when it comes to safeguarding their data? What are the key risks in this area and how have they evolved in recent years?

White: Given the number of highly publicised cyber incidents, as well as the proliferation of data privacy laws both in the US and abroad, companies are more cognisant than ever of the risks facing their data. We have seen numerous companies focus their time, energy and budgets on hardening their data protection programmes. Especially considering the Securities and Exchange Commission’s (SEC’s) new cyber reporting rules, for many companies that engagement has gone all the way up to the board level. That said, more can and needs to be done. Data privacy and security threats are constantly evolving and, as a result, companies’ programmes need to as well. We continue to face more sophisticated cyber attacks, including increased usage of artificial intelligence (AI), unpredictability in ransomware attacks due to the promulgation of ransomware-as-a-service, an increasing number of attacks on vendors and supply chains, and more and more zero-day attacks. Because of these risks, companies must continue to be vigilant.

Bentz Jr: Most organisations are fairly aware of the risks associated with safeguarding their data. Some companies struggle with costs. For others, the issue is more about balancing the need to gather personally identifiable information for business purposes versus the risks associated with doing so. Many companies have attempted to mitigate their risks by using the cloud or other third-party vendors to keep their data safe. However, the biggest risk is, and has always been, human error. Hackers have become experts on ways to trick people into sharing their passwords or other information in order to gain access to the system. Safeguards such as dual factor authentication and biometric-based passwords have been helpful, but even those solutions are not foolproof.

Oct-Dec 2024 Issue

Baker Donelson

BDO USA, P.C.

Holland & Knight LLP

Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates