Many corporate lawyers know something about IT, and many IT professionals know something about the law, but do they know enough about each other's fields to adequately protect their organizations?

Information security presents a growing legal risk to companies, and IS professionals increasingly will be required to back up their decisions in a legal environment, according to David Navetta, a partner with the Information Law Group. It is no longer sufficient to deploy security technologies and processes that are secure; they also have to be legally defensible, Navetta writes. The key is to view your organization's security position the way it would be viewed by someone who is suing you, or by a regulator, judge or jury.

Integral to this position is a good relationship between the legal and security teams, and this, in Navetta's opinion, will require a slight change in the security side's mindset. The process through which security decisions are made will be vital to defending one's position, and an ad hoc approach probably won't stand up in court. 

"Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions," Navetta writes. "Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf."

One way to reduce legal risk is to make sure that data destruction obligations are fulfilled, not just by your organization, but also by third party vendors, writes Michael Overly in a post at CSO. Numerous state and federal regulations require personally identifiable information to be scrubbed under different conditions, but agreements with vendors frequently fail to include this obligation, he writes. Overly provides a template for vendor contracts and recommends including specific references to relevant laws.

For more:
- see David Navetta's post at InformationLawGroup
- see Michael Overly's post at CSO

Related Articles:
Data breach laws, e-discovery increase compliance duties
Make sure you talk to your lawyers