CLE

CLE Center Home | FAQs |

Legal Aspects of Data Security

August 2006

Breaches in data security can be expensive and embarrassing for you and your clients. Here's a look at the emerging laws on the topic--and some practical tips for keeping computers safe from hackers.

General Credit

1.	There is no generally applicable data security principle under federal law.	True	False
2.	The Sarbanes-Oxley Act requires all business entities to adopt and report on a data security policy.	True	False
3.	The Sarbanes-Oxley Act specifies the procedures to be followed by public companies in securing their financial data.	True	False
4.	Failure to implement an effective data security policy could result in jail time for a public company's chief financial officer.	True	False
5.	The Sarbanes-Oxley Act imposes an ongoing monitoring requirement on many corporate officers involved in financial reporting.	True	False
6.	There are no protections under the federal law for personal information on children that is gathered on the Internet.	True	False
7.	California is the only state that has legislation specifically covering data security for personal information.	True	False
8.	California's law requiring reasonable security practices with respect to personal information applies whether the data is maintained in computerized or other form.	True	False
9.	California's law requiring notification to residents of any unauthorized access to their personal information applies regardless of whether the data is maintained in computerized or other form.	True	False
10.	The personal information protected by California law is any type of information that could be used to identify an individual.	True	False
11.	California's law requiring notification to residents of any unauthorized access to their personal information applies to businesses located in any state.	True	False
12.	California's law requiring notification to residents of any unauthorized access to their personal information applies to employee information.	True	False
13.	California law sets a variety of specific guidelines for implementing data security measures.	True	False
14.	A business that no longer intends to keep personal information about some of its customers is required by California law to destroy the relevant records.	True	False
15.	California law requires that a company receiving personal information about California residents from one of its business partners must adopt the same security measures as the disclosing company.	True	False
16.	California's law requiring notification to residents of any breach of data security applies only if their personal information is ultimately used for identity theft.	True	False
17.	California's law requiring notification to residents of any breach of data security requires notification by means of highly public "substitute notice" if the company lacks sufficient direct contact information.	True	False
18.	California's law requiring notification to residents of any breach of data security would not be triggered by a company's loss of a computer hard drive containing only encrypted personal information.	True	False
19.	A company's own website privacy policy can give rise to liability for breaches of data security.	True	False
20.	Under certain circumstances, a company could be found negligent for failing to prevent a security breach caused by careless employees.	True	False