Chapter 3. The General Duty to Provide Security

The basic obligation

The obligation to provide security for corporate data is, in essence, a duty to provide “reasonable” or “appropriate” physical, technical, and administrative security measures to ensure the confidentiality, integrity, and availability of corporate data.

The meaning of that obligation, and its various requirements, will be explored in Chapters 4, 5, and 6. This chapter will examine where the obligation comes from, which companies it applies to, what types of data are covered by the obligation, and who in the company is responsible for legal compliance.

Where does the obligation come from?

There is no single law, statute, or regulation that governs a company’s obligations to provide ...

Get Information Security Law: The Emerging Standard for Corporate Compliance now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.