Technology: Is there any real incentive for safeguarding data in the information age?

Why companies should internalize the externality of protecting individual privacy

The best way to protect personal information is never to disclose it. But that’s impossible in today’s information age. We give personal information to businesses and governments in any number of transactions. Each time, we are forced to trust those who receive our information to safeguard it. Is this trust justified? Can we reasonably expect the custodians of our data to take the steps necessary to safeguard our information? Or is that hope a pipe dream?

The problem of externalities

To be sure, the U.S. is not yet like Europe, the British Commonwealth and certain countries in South America, where virtually all personally identifiable information is protected by comprehensive regulation. The statutory and regulatory environment in the U.S. is a complex, industry-specific and context-sensitive patchwork of laws. Even a corporate director’s oversight duties are breached only where there is “a sustained or systematic failure of the board” to ensure data privacy. (See In Re Caremark Int'l, )

But the lack of comprehensive regulations can lull companies into a deceptive sense of ease. For all the following reasons, legal counsel should advise companies to make the necessary investment to ensure data privacy:

Contributing Author

author image

Matt Sorensen

Matt Sorensen CISSP, CIPP, CEDS is an attorney advising clients on security and privacy compliance, information governance, e-discovery and forensic investigations. He can be reached...

Bio and more articles

Contributing Author

author image

Matthew Richards

Matthew K. Richards provides general counsel services to clients, advising them on regulatory compliance, electronic discovery and records management, historical preservation and contract management. He...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.