Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Can compliance prevent data breaches?

Compliance audits are not sufficient to prevent breaches, like the one experienced by Target

The recent security breach that affected millions of Target customers was not only a huge concern for individuals whose identity and financial information may have been compromised, but a black eye for the retailer as well. Other companies, like Verizon, have also faced data breaches in recent years, which indicates that even the largest businesses do not have sufficient safeguards in place to prevent data theft. 

In many cases, these large companies have compliance programs in place that they feel are sufficient. Vijay Basani of eIQnetworks uses the term “checkbox compliance” in a piece for Basani points out that companies that merely go down a list of compliance rules, following them to the letter, are not doing enough. It’s a matter of managing risk, Basani says, and that is what companies need to keep in mind. 

He cites the separation of IT and business within most corporations. Each has its own tasks and priorities and in many cases, the two rarely meet to converse about the intersection of business and security. He also states that businesses tend to focus on the edges of IT infrastructure rather than the core. This attitude, he says, fosters a false sense of security, while the bad guys rub their palms in glee, knowing that they have a better chance to break through.

The key, Basani says, is to proactively identify common security issues and deal with them. This requires constant auditing assessment and monitoring in order to address any weaknesses before they become problems.


For more data security news, check out the following:

Your shareholders are concerned about cybersecurity

Best practices for compliance in an ever-changing regulatory landscape

Inside: Law department leadership, growing the IT relationship and data risk management as 2014 priorities

Technology: 5 reasons privacy isn’t as bad as you think

Senior Editor and Community Manager

author image

Rich Steeves

Richard P. Steeves is Senior Editor and Community Manager of InsideCounsel magazine, where he covers the intellectual property and compliance beats. Rich earned a B.A....

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.