• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
Background Image
Bennett Jones Logo 100 Years
  • People
  • Expertise
  • Knowledge
  • Search
  • Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Capital Projects Energy Funds & Finance Mining View all
Advisory
Crisis & Risk Management Environmental, Social & Governance (ESG) Governmental Affairs & Public Policy
Insights News Events
New Energy Economy Series COVID-19 Resource Centre Business Law Talks Podcast
Subscribe
Bennett Jones Centennial Menu
People
Practices
Industries
Advisory Services
About
Offices
News
Careers
Insights
Law Students
Events
Search
Alumni
Payments
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 

Commentary on a Reasonable Security Test

September 2020

Download PDF

     
Download the PDF Commentary on a Reasonable Security Test

The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) developed this Commentary to address what “legal test” a court or other adjudicative body should apply in a situation where a party has, or is alleged to have, a legal obligation to provide “reasonable security” for personal information, and the issue is whether the party in question has met that legal obligation.

The Commentary proposes a reasonable security test that is designed to be consistent with models for determining “reasonableness” that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks. All of these regimes use a form of risk analysis to balance cost and benefit. The proposed test provides a practical method for expressing cost/benefit analysis that can be applied in data security regulatory actions, to litigation, and to information security practitioners using their current evaluation techniques. The Commentary also explains how the analysis should apply in the data security context. Because the test is rooted in commonly held principles, the drafters believe it offers methods for deriving reasonableness that are familiar to all interested parties. But it should be noted that depending on their text, individual laws or rules that require reasonable security might require use of a different analysis.

The Commentary begins with a brief summary of the importance of having a test, the reasoning behind a cost/benefit approach for the test, and what issues the test does not address. Part I sets out the proposed test and the explanation of how it is applied. Part II provides review and analysis of existing resources that offer guidance on how “reasonable security” has been defined and applied to date and explains how they bear upon the test. It includes a summary review of statutes and regulations that require organizations to provide reasonable security with respect to personal information, decisions of courts and other administrative tribunals with respect to the same, applicable industry standards, and marketplace information. Following this discussion, the Commentary identifies those items that are not included in the proposed test (also referenced in the Introduction section) and concludes with a discussion regarding the importance of flexibility.

The full text of The Sedona Conference Commentary on a Reasonable Security Test, Public Comment Version, is available free for individual download from The Sedona Conference website.

Ruth Promislow was a contributing editor of this piece.

Key Contact

  • Ruth E. Promislow Ruth E. Promislow, Partner

Bennett Jones Marks 100 Years of Service and Trust

Related Links

  • Insights
  • Media
  • Subscribe

Related Expertise

  • Privacy & Data Protection

Recent Posts

Announcements

Lorelei Graham Joins Bennett Jones

May 17, 2022
       

Announcements

Bennett Jones Student Scholarship Featured on Canadian Lawyer

May 16, 2022
       

Articles

Are Waivers of Corporate Opportunities a Good Idea?

May 16, 2022
       

Speaking Engagements

Bennett Jones Lawyers Present Module in Pension Administration Fundamentals Certificate Program

May 16, 2022
       

Articles

Product Liability Causes of Action in 2022

May 12, 2022
       

Announcements

Bennett Jones Shines in the Benchmark 2022 Awards

May 10, 2022
       

Articles

Bennett Jones Lawyers Featured in The National Banking Law Review

May 10, 2022
       

Articles

Co-Ordination and Collaboration: Multijurisdictional Class Actions

May 09, 2022
       

In the News

Class Actions: Looking Forward 2022 in Canadian Lawyer

May 06, 2022
       
Bennett Jones Centennial Footer 100 Years
Bennett Jones Centennial Footer 100 Years
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
  • History
Offices
  • Calgary
  • Edmonton
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2022. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones