Chapter 3. The General Duty to Provide Security
The basic obligation
The obligation to provide security for corporate data is, in essence, a duty to provide “reasonable” or “appropriate” physical, technical, and administrative security measures to ensure the confidentiality, integrity, and availability of corporate data.
The meaning of that obligation, and its various requirements, will be explored in Chapters 4, 5, and 6. This chapter will examine where the obligation comes from, which companies it applies to, what types of data are covered by the obligation, and who in the company is responsible for legal compliance.
Where does the obligation come from?
There is no single law, statute, or regulation that governs a company’s obligations to provide ...