Understanding corporate obligations to address data security begins with a high level understanding of the legal response to security threats.

The law essentially takes a two-pronged approach to addressing the challenges posed by the extensive use of electronic information, and the potential damages that can arise when security is breached and information is compromised. First, the law declares illegal certain conduct that breaches the security of one’s data, and provides punishment for those who engage in such conduct. Second, the law imposes on those businesses that possess data an obligation to protect that data and the corresponding information systems in order to protect the various stakeholders.