• About
  • Offices
  • Careers
  • Students
  • Alumni
Background Image
Logo Bennett Jones
  • People
  • Expertise
  • Resources
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All

FEATURED AREAS

Energy
Funds & Finance
Mining
Capital Projects
All Industries
Crisis & Risk Management
Environmental, Social & Governance
Governmental Affairs & Public Policy
All Practices
Insights
Media
Events
Subscribe
COVID-19 Resource Centre
Business Law Talks Podcast
Kickstart
New Energy Economy Series
People
Featured Areas
All Practices
All Industries
About
Offices
Careers
Insights
Events
Search
Search
 

Commentary on a Reasonable Security Test

September 2020

Download PDF

     
Download the PDF Commentary on a Reasonable Security Test

The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) developed this Commentary to address what “legal test” a court or other adjudicative body should apply in a situation where a party has, or is alleged to have, a legal obligation to provide “reasonable security” for personal information, and the issue is whether the party in question has met that legal obligation.

The Commentary proposes a reasonable security test that is designed to be consistent with models for determining “reasonableness” that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks. All of these regimes use a form of risk analysis to balance cost and benefit. The proposed test provides a practical method for expressing cost/benefit analysis that can be applied in data security regulatory actions, to litigation, and to information security practitioners using their current evaluation techniques. The Commentary also explains how the analysis should apply in the data security context. Because the test is rooted in commonly held principles, the drafters believe it offers methods for deriving reasonableness that are familiar to all interested parties. But it should be noted that depending on their text, individual laws or rules that require reasonable security might require use of a different analysis.

The Commentary begins with a brief summary of the importance of having a test, the reasoning behind a cost/benefit approach for the test, and what issues the test does not address. Part I sets out the proposed test and the explanation of how it is applied. Part II provides review and analysis of existing resources that offer guidance on how “reasonable security” has been defined and applied to date and explains how they bear upon the test. It includes a summary review of statutes and regulations that require organizations to provide reasonable security with respect to personal information, decisions of courts and other administrative tribunals with respect to the same, applicable industry standards, and marketplace information. Following this discussion, the Commentary identifies those items that are not included in the proposed test (also referenced in the Introduction section) and concludes with a discussion regarding the importance of flexibility.

The full text of The Sedona Conference Commentary on a Reasonable Security Test, Public Comment Version, is available free for individual download from The Sedona Conference website.

Ruth Promislow was a contributing editor of this piece.

Key Contact

  • Ruth E. Promislow Ruth E. Promislow, Partner

Read the Fall 2020 Economic Outlook

Related Links

  • Insights
  • Media
  • Subscribe

Related Expertise

  • Privacy & Data Protection

Recent Posts

Guides

My Future in Law: Student Recruitment Guide

January 15, 2021
       

Articles

Bennett Jones on Tax Disputes - January 2021

January 14, 2021
       

Articles

Dominique Hussey and Jeilah Chan in WTR's Trademark Litigation 2021

January 14, 2021
       

Articles

Martin Sorensen and Hennadiy Kutsenko in The Lawyer's Daily

January 14, 2021
       

Updates

Updates to Canada’s Top 10 Sources of Emergency Capital for Businesses

January 13, 2021
       

Announcements

Bennett Jones Acts for Canadian Power Deal of the Year in Cascade Power Project

January 11, 2021
       

Announcements

ESG Series: Defining and Driving ESG Within Your Organization

January 08, 2021
       

In the News

Radha Curpen on Values, Mentorship and Overcoming Barriers

January 07, 2021
       

Announcements

Bennett Jones Acts for Tundra in $99.1 Million Acquisition by Wajax

December 31, 2020
       

The firm that businesses trust with their most complex legal matters.

  • Privacy Policy
  • Disclaimer
  • Terms of Use

© Bennett Jones LLP 2021 All rights reserved. Bennett Jones refers collectively to the Canadian legal practice of Bennett Jones LLP and the international legal practices and consulting activities of various entities which are associated with Bennett Jones LLP

Logo Bennett Jones