An Overview of Data Security Legal Requirements for All Business Sectors

45 Pages Posted: 10 Oct 2015

See all articles by Thomas J. Smedinghoff

Thomas J. Smedinghoff

Law Office of Thomas J. Smedinghoff; OpenID Foundation

Date Written: October 8, 2015

Abstract

What are the data security legal obligations generally applicable to all U.S. businesses? It is well known that certain sectors of the U.S. economy are subject to extensive regulations regarding data security. But there is also no doubt that non-regulated businesses are subject to data security obligations.

The thesis of this paper is that all businesses, whether regulated or not, are generally subject to legal duties regarding the security of their corporate data. Those duties can be summarized as: (1) a duty to protect the security of their corporate data, and (2) a duty to disclose security breaches when they occur. This paper will explain the source and scope of those duties, including the legal requirement for “reasonable security.”

Keywords: data security, cybersecurity, security, law, legal standard, reasonable security

JEL Classification: k10, k12, k13, k19, k20, k22, k23, k29

Suggested Citation

Smedinghoff, Thomas J., An Overview of Data Security Legal Requirements for All Business Sectors (October 8, 2015). Available at SSRN: https://ssrn.com/abstract=2671323 or http://dx.doi.org/10.2139/ssrn.2671323

Thomas J. Smedinghoff (Contact Author)

Law Office of Thomas J. Smedinghoff ( email )

823 William St,
River Forest, IL 60305
United States

OpenID Foundation ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
1,041
Abstract Views
2,961
Rank
45,037
PlumX Metrics