An Overview of Data Security Legal Requirements for All Business Sectors

45 Pages Posted: 10 Oct 2015

Date Written: October 8, 2015


What are the data security legal obligations generally applicable to all U.S. businesses? It is well known that certain sectors of the U.S. economy are subject to extensive regulations regarding data security. But there is also no doubt that non-regulated businesses are subject to data security obligations.

The thesis of this paper is that all businesses, whether regulated or not, are generally subject to legal duties regarding the security of their corporate data. Those duties can be summarized as: (1) a duty to protect the security of their corporate data, and (2) a duty to disclose security breaches when they occur. This paper will explain the source and scope of those duties, including the legal requirement for “reasonable security.”

Keywords: data security, cybersecurity, security, law, legal standard, reasonable security

JEL Classification: k10, k12, k13, k19, k20, k22, k23, k29

Suggested Citation

Smedinghoff, Thomas J., An Overview of Data Security Legal Requirements for All Business Sectors (October 8, 2015). Available at SSRN: or

Thomas J. Smedinghoff (Contact Author)

Locke Lord LLP ( email )

111 S. Wacker Drive
Chicago, IL 60606
United States
+1 312-201-2021 (Phone)


Locke Lord LLP ( email )

3122012021 (Phone)
60606 (Fax)


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics